Ansible role to install and configure a MongoDB object/document-oriented database.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- mongodb_admin_update_password
- mongodb_backup_addition_script
- mongodb_backup_cron
- mongodb_backup_enabled
- mongodb_backup_formatting
- mongodb_backup_ignore
- mongodb_backup_path
- mongodb_backup_retention
- mongodb_cloud_monitoring_free_state
- mongodb_exporter_args
- mongodb_exporter_collect_collection
- mongodb_exporter_collect_database
- mongodb_exporter_collect_indexusage
- mongodb_exporter_collect_replicaset
- mongodb_exporter_collect_topmetrics
- mongodb_exporter_connection
- mongodb_exporter_download
- mongodb_exporter_enabled
- mongodb_exporter_password
- mongodb_exporter_username
- mongodb_exporter_version
- mongodb_extra_users
- mongodb_general_users
- mongodb_group
- mongodb_keyfile_content
- mongodb_keyfile_path
- mongodb_keyring
- mongodb_limit_files
- mongodb_limit_procs
- mongodb_logrotate_retention
- mongodb_master_node
- mongodb_metrics_password
- mongodb_metrics_update_password
- mongodb_metrics_username
- mongodb_net_bindip
- mongodb_net_http_enabled
- mongodb_net_ipv6
- mongodb_net_maxconns
- mongodb_net_port
- mongodb_numa_enabled
- mongodb_operation_profiling_mode
- mongodb_operation_profiling_slow_op_threshold_ms
- mongodb_oplog_users
- mongodb_packages
- mongodb_pidfile_path
- mongodb_pymongo_version
- mongodb_recursive_enforce_owner
- mongodb_replication_enable_majority_read_concern
- mongodb_replication_oplogsize
- mongodb_replication_params
- mongodb_replication_replindexprefetch
- mongodb_replication_replset
- mongodb_root_admin_password
- mongodb_root_admin_username
- mongodb_root_update_password
- mongodb_security_authorization
- mongodb_security_javascript_enabled
- mongodb_server_version
- mongodb_set_parameters
- mongodb_storage_dirperdb
- mongodb_storage_engine
- mongodb_storage_journal_enabled
- mongodb_storage_path
- mongodb_storage_quota_enforced
- mongodb_storage_quota_maxfiles
- mongodb_storage_smallfiles
- mongodb_systemlog_logappend
- mongodb_systemlog_logrotate
- mongodb_systemlog_path
- mongodb_user
- mongodb_user_admin_password
- mongodb_user_admin_username
- mongodb_user_update_password
- mongodb_volumes
- mongodb_wirdtiger_config_string
- mongodb_wiredtiger_cache_size
- mongodb_wiredtiger_config_string
- mongodb_wiredtiger_directory_for_indexes
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Define when root admin password should be changed
mongodb_admin_update_password: alwaysAdditional commands at the end of the script
mongodb_backup_addition_script:A simple cron timing definition like hourly, daily or weekly
mongodb_backup_cron: dailyEnable or disable the backup script
mongodb_backup_enabled: falseDate format for the backup folder name
mongodb_backup_formatting: '%F'Ignoring this filter via grep on database selection
mongodb_backup_ignore: (admin|local)Path to store the backups
mongodb_backup_path: '{{ mongodb_storage_path }}/_backup'Retention period to keep backups
mongodb_backup_retention: 7Define parameters for mongod config
mongodb_cloud_monitoring_free_state: offList of arguments joined for the executable
mongodb_exporter_args: []Enable collector for collections
mongodb_exporter_collect_collection: falseEnable collector for databases
mongodb_exporter_collect_database: trueEnable collector for index usage
mongodb_exporter_collect_indexusage: falsemongodb_exporter_collect_replicaset: trueEnable collector for top metrics
mongodb_exporter_collect_topmetrics: trueConnection URI to access the MongoDB
mongodb_exporter_connection: mongodb://{% if mongodb_security_authorization == 'enabled'
%}{{ mongodb_metrics_username }}:{{ mongodb_metrics_password }}@{% endif %}localhost:27017mongodb_exporter_connection: mongodb://localhost:27017URL to the archive of the release to install
mongodb_exporter_download: https://github.com/percona/mongodb_exporter/releases/download/v{{
mongodb_exporter_version }}/mongodb_exporter-{{ mongodb_exporter_version }}.linux-amd64.tar.gzEnable the mongodb exporter
mongodb_exporter_enabled: truemongodb_exporter_password:Password to secure the metrics endpoint
mongodb_exporter_username:Version of the release to install
mongodb_exporter_version: 0.42.0List of extra users to create
mongodb_extra_users: []mongodb_extra_users:
- username: username1
password: p455w0rd
roles: userAdminAnyDatabase
- username: username2
password: p455w0rd
roles:
- db: cool-app
role: read
update_password: on_createList of general users to create
mongodb_general_users: []mongodb_general_users:
- username: username1
password: p455w0rd
roles: userAdminAnyDatabase
- username: username2
password: p455w0rd
roles:
- db: cool-app
role: read
update_password: on_createName of the group owning MongoDB
mongodb_group: mongodbKey for inter-process auth, generate it with "openssl rand -base64 741"
mongodb_keyfile_content: |
dtHmRo7L02cY5WnMl/mrn6mjLkXpepzV39VQzulNJyglcYu9XW+tph8uI/dku082
IPf0tGttUb9KiogspyOyzVk+T1r3apLIGktu6YycdyHMqAzVrsS08cb7VecbcUKW
aODcxfRUYUGWCYjjVl8jm2x25hR4otakdHhxYi/B3eFEu2zWxvX3zgq78U0djQbl
qp9I7uyCsireT5SNj/A0H5QoCN6zMb7stNveas8W0N6+HfFVBD5brvVXGf5Td9Bz
EZ6e/69c7OtaNvbxEZP2SpkyZb7m0Q5vWs+YZyFWw7u9SBGXkUwTPVmVl0JLgHxA
ADOS2lYUdQCWTS1WT3D4nqfFn6xGikC6HK9SYVp5RG0EkRGRDJ9YiFa7lYRQmzJC
D+y2QECYXGT3pjl0u8B4AW8YgBkzcPCdD86PaZFxbycg6bvgSiwTJ/VfROnQ8crA
tBuYdy0r5fqshT7VOPw7dezhYjFiUYv2IspVGTB87ZkQxJ4GhKQIZB/31Rz216X7
944M6o7priJwWy9rJGk9YwSA18RoTlYNTXCdXQiUNmQl6Qd/zIVNDJ+cu1c7CwgF
zv//L5yDdTeP5YYEPf0DHW7gX2OGfdLjgkvXibpPPll3D6p5kwvRIcyOvVaCapSH
XJwrLJOidIjGC3UDS3+e17lNHHrw+/0ppYqh/0kfAMyZ2Si77T4jL5U3vSl3xAou
FFCMWXCyNE5/sngFIn5PDWZssQbel7mI5x9i4EZxreaSry0BUJK2ZUbPLGdW6F+I
tZiel1zZrVHPce+BAJCsjOIxB8jlnEd3FTjhgm8fDIrWCuRCdQ6hBL7KluqZBU/g
6tp4/YjUC98GNQK4w52+8BzU07b/OM54JB6Q+fPhQc1VK9S4sUnG5YoB+NN426ji
Hj5YyWm1PLtbeXqSATUEuUR47KGnJxt5YZn0wnOPhEvTWZw+X0EfDahOj5HllSli
Y9dhyzeXLgAay/bKLUNaudEMNQYhPath to store the keyfile content
mongodb_keyfile_path: /etc/mongod.keyPath for the repository keyring
mongodb_keyring: /usr/share/keyrings/mongodb-{{ mongodb_server_version }}-archive-keyring.gpgLimit for open files for the mongod service
mongodb_limit_files: 1048576Limit for processes for the mongod service
mongodb_limit_procs: 524288Retention for log rotation
mongodb_logrotate_retention: 14Define the inventory name of the master node, used for users and replset init
mongodb_master_node:Password used for metrics exports
mongodb_metrics_password: p455w0rdDefine when metrics user password should be changed
mongodb_metrics_update_password: alwaysUsername used for metrics exports
mongodb_metrics_username: metricsmongodb_net_bindip: 127.0.0.1Enable HTTP interface
mongodb_net_http_enabled: falseEnable IPv6 support
mongodb_net_ipv6: falseMax number of simultaneous connections
mongodb_net_maxconns: 51200mongodb_net_port: 27017Enable if the system supports NUMA policies
mongodb_numa_enabled: trueMode for operation profiling
mongodb_operation_profiling_mode: offProfiling slow operations threshold in ms
mongodb_operation_profiling_slow_op_threshold_ms: 100List of oplog users to create
mongodb_oplog_users: []mongodb_oplog_users:
- username: oplog1
password: p455w0rd
- username: oplog2
password: p455w0rd
update_password: on_createList of packages to install for mongodb
mongodb_packages:
- mongodb-org
- numactl
- python3-pip
- python3-pymongoPath to the pid file
mongodb_pidfile_path: /run/mongodb/mongod.pidmongodb_pymongo_version: falseEnforce recursively data ownership
mongodb_recursive_enforce_owner: falseEnable or disable majority read concern, should be false for PSA
mongodb_replication_enable_majority_read_concern: trueSpecifies a maximum size in megabytes for the replication operation log
mongodb_replication_oplogsize: 1024Replication host configuration or parameters
mongodb_replication_params:mongodb_replication_params:
- host_name: mongo-01,
host_port: "{{ mongodb_net_port }}"
host_type: replica
- host_name: mongo-02
host_port: "{{ mongodb_net_port }}"
host_type: replica
- host_name: mongo-03
host_port: "{{ mongodb_net_port }}"
host_type: replicaSpecify index prefetching behavior if secondary like none, _id_only, all
mongodb_replication_replindexprefetch: allEnable replication in the form of [/]
mongodb_replication_replset:mongodb_root_admin_password: p455w0rdmongodb_root_admin_username: rootDefine when root admin password should be changed
mongodb_root_update_password: alwaysDisable or enable security
mongodb_security_authorization: disabledEnable javascript integration
mongodb_security_javascript_enabled: falseSpecify the port number to listen to
mongodb_server_version: '8.0'mongodb_set_parameters: {}mongodb_set_parameters:
enableLocalhostAuthBypass: "true"
authenticationMechanisms: SCRAM-SHA-1,MONGODB-CRUse one directory per database
mongodb_storage_dirperdb: falsemongodb_storage_engine: wiredTigerEnable journaling
mongodb_storage_journal_enabled: truemongodb_storage_path: /var/lib/mongodbLimit each database to a certain number of files
mongodb_storage_quota_enforced: falseNumber of quota files per database
mongodb_storage_quota_maxfiles: 8Very useful for non-data nodes
mongodb_storage_smallfiles: falseAppend to the logging file
mongodb_systemlog_logappend: trueDefine the used storage engine
mongodb_systemlog_logrotate: reopenPath to the logging file
mongodb_systemlog_path: /var/log/mongodb/mongod.logName of the user owning MongoDB
mongodb_user: mongodbmongodb_user_admin_password: p455w0rdmongodb_user_admin_username: siteUserAdminDefine when user admin password should be changed
mongodb_user_update_password: on_createList of volumes/disks used to store the data tweaked by blockdev
mongodb_volumes: []Config String for the wiredtiger engine
Cache size for wiredtiger cache size
mongodb_wiredtiger_cache_size:mongodb_wiredtiger_config_string:Directory per index for wiredtiger engine
mongodb_wiredtiger_directory_for_indexes: truemongodb
mongodb-exporter
Apache-2.0