ProgrammeVitam · GiooDev · Nov 30, 2023 · Nov 22, 2023 · Nov 22, 2023 · Nov 22, 2023
diff --git a/deployment/ansible-vitamui/mongo.yml b/deployment/ansible-vitamui/mongo.yml
@@ -1,6 +1,7 @@
 ---
 
 - hosts: hosts_vitamui_mongod
+  any_errors_fatal: true
   roles:
     - mongo_common
     - mongo

diff --git a/deployment/environments/hosts-ui.example b/deployment/environments/hosts-ui.example
@@ -149,14 +149,19 @@ hosts_vitamui_mongod
 
 [hosts_vitamui_mongod]
 # EDIT: Mandatory
-# Mandatory params
-#  - mongo_rs_bootstrap=true (default: false)
 # Optional params
+#  - mongo_rs_bootstrap=true (default: false); mandatory for 1 node of the shard, some init commands will be executed on it
 #  - mongo_cluster_name=mongo-vitamui (default: mongo-vitamui)
 #  - mongo_shard_id=0 (default: 0)
+#  - mongo_arbiter=true ; the node will be only an arbiter, it will not store data ; do not add this parameter on a mongo_rs_bootstrap node, maximum 1 node per shard
+#  - mongod_memory=x (default: unset); this will force the wiredtiger cache size to x (unit is GB)
+#  - is_small=true (default: false); this will force the priority for this server to be lower when electing master ; hardware can be downgraded for this machine
 #  - mongo_express_enabled=true to deploy mongo_express (default: false)
-# Example:
-# vm-mongo-ui mongo_rs_bootstrap=true mongo_express_enabled=true
+# Recommended practice in production: use 3 instances per shard
+# Example for a PSSmin deployment:
+# vm1-mongo-ui mongo_rs_bootstrap=true mongo_express_enabled=true
+# vm2-mongo-ui
+# vm3-mongo-ui mongod_memory=1 is_small=true
 
 
 ################################################################################

diff --git a/deployment/environments/hosts.local b/deployment/environments/hosts.local
@@ -165,16 +165,20 @@ hosts_vitamui_mongod
 
 [hosts_vitamui_mongod]
 # EDIT: Mandatory
-# WARNING: put only one server for this service, not more !
-# Mandatory params
-#  - mongo_rs_bootstrap=true (default: false)
 # Optional params
+#  - mongo_rs_bootstrap=true (default: false); mandatory for 1 node of the shard, some init commands will be executed on it
 #  - mongo_cluster_name=mongo-vitamui (default: mongo-vitamui)
 #  - mongo_shard_id=0 (default: 0)
-#  - mongo_express=true to deploy mongo_express (default: false)
-# Example:
-# vm-mongo-ui mongo_rs_bootstrap=true mongo_express=true
-localhost mongo_rs_bootstrap=true mongo_express=true
+#  - mongo_arbiter=true ; the node will be only an arbiter, it will not store data ; do not add this parameter on a mongo_rs_bootstrap node, maximum 1 node per shard
+#  - mongod_memory=x (default: unset); this will force the wiredtiger cache size to x (unit is GB)
+#  - is_small=true (default: false); this will force the priority for this server to be lower when electing master ; hardware can be downgraded for this machine
+#  - mongo_express_enabled=true to deploy mongo_express (default: false)
+# Recommended practice in production: use 3 instances per shard
+# Example for a PSSmin deployment:
+# vm1-mongo-ui mongo_rs_bootstrap=true mongo_express_enabled=true
+# vm2-mongo-ui
+# vm3-mongo-ui mongod_memory=1 is_small=true
+localhost mongo_rs_bootstrap=true mongo_express_enabled=true
 
 ################################################################################
 # ZONE INFRA

diff --git a/deployment/roles/mongo/tasks/check_auth.yml b/deployment/roles/mongo/tasks/check_auth.yml
@@ -5,29 +5,21 @@
   register: mongo_authent_enabled
   failed_when: false
   no_log: "{{ hide_passwords_during_deploy }}"
-  tags:
-    - update_mongodb_configuration
-
-# Set mongo_no_auth facts
-
-- name: Set default mongo facts
-  set_fact:
-    mongo_credentials: ""
-    mongo_no_auth: false
-  tags:
-    - update_mongodb_configuration
+  tags: update_mongodb_configuration
 
 - name: Set mongo_no_auth fact to true
   set_fact:
+    mongo_credentials: ""
     mongo_no_auth: true
   when: "mongo_authent_enabled.rc != 0"
-  tags:
-    - update_mongodb_configuration
+  tags: update_mongodb_configuration
 
 # When authentication is required, we set mongodb admin credentials
 - name: Set mongodb authentication credentials
   set_fact:
     mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}"
+    mongo_no_auth: false
   when: "mongo_authent_enabled.rc == 0"
   no_log: "{{ hide_passwords_during_deploy }}"
+  tags: update_mongodb_configuration
 
diff --git a/deployment/roles/mongo/tasks/main.yml b/deployment/roles/mongo/tasks/main.yml
@@ -145,15 +145,18 @@
 
 - block:
 
+    - fail:
+        msg: "ERROR: mongo_rs_bootstrap node can't be mongo_arbiter !"
+      when: mongo_arbiter | default(false) | bool == true
+
     - name: Wait for the service port to be open on all members of the replica
       wait_for:
         host: "{{ hostvars[item]['ip_service'] }}"
         port: "{{ mongodb.mongod_port }}"
         timeout: "{{ vitamui_defaults.services.start_timeout }}"
       with_items:
         - "{{ groups['hosts_vitamui_mongod'] }}"
-      tags:
-        - update_mongodb_configuration
+      tags: update_mongodb_configuration
 
     - name: Copy the script which initiate the replica set
       template:
@@ -162,23 +165,11 @@
         owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}"
         group: "{{ vitamui_defaults.users.group | default('vitamui') }}"
         mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}"
-      tags:
-        - update_mongodb_configuration
-
-    # - name: Copy script that restore configuration of mongod sharded cluster
-    #   template:
-    #     src: "restore-mongod.js.j2"
-    #     dest: "{{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/restore-mongod.js"
-    #     owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}"
-    #     group: "{{ vitamui_defaults.users.group | default('vitamui') }}"
-    #     mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}"
-    #   tags:
-    #     - update_mongodb_configuration
+      tags: update_mongodb_configuration
 
     - name: Initiate the replica set
       command: "mongosh --host {{ ip_service }} --port {{ mongodb.mongod_port }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/init-replica.js"
-      tags:
-        - update_mongodb_configuration
+      tags: update_mongodb_configuration
 
     - import_tasks: check_auth.yml
 
@@ -190,12 +181,10 @@
         owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}"
         group: "{{ vitamui_defaults.users.group | default('vitamui') }}"
         mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}"
-      tags:
-        - update_mongodb_configuration
+      tags: update_mongodb_configuration
 
     - name: Create the local shard user
       command: "mongosh --host {{ ip_service }} --port {{ mongodb.mongod_port }} {{ mongo_credentials }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/local-user.js"
-      tags:
-        - update_mongodb_configuration
+      tags: update_mongodb_configuration
 
-  when: mongo_rs_bootstrap is defined and mongo_rs_bootstrap|lower == "true"
+  when: mongo_rs_bootstrap | default(false) | bool == true
diff --git a/deployment/roles/mongo/templates/init-replica.js.j2 b/deployment/roles/mongo/templates/init-replica.js.j2
@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: True
 /*
  * IMPORTANT :
  * - This script creates mongod replica set on first Vitam installation.
@@ -8,7 +9,7 @@
  */
 
 function checkExistingReplicaSet() {
-
+    print("INFO: checkExistingReplicaSet");
     try {
         var rsStatus = rs.status();
 
@@ -32,6 +33,7 @@ function checkExistingReplicaSet() {
 }
 
 function checkExistingReplicaSetMembers() {
+    print("INFO: checkExistingReplicaSetMembers");
     try {
         var rsConfig = rs.config();
 
@@ -59,21 +61,25 @@ function checkExistingReplicaSetMembers() {
 }
 
 function buildTargetReplicaSetMemberConfiguration() {
+    print("INFO: buildTargetReplicaSetMemberConfiguration");
     var idCpt = 0;
-    let members = [ { _id: idCpt++, host: "{{ ip_service }}:{{ mongodb.mongod_port }}" } ];
+    let members = [];
 {% for host in groups['hosts_vitamui_mongod'] %}
-    {% if hostvars[host]['mongo_rs_bootstrap'] is not defined or hostvars[host]['mongo_rs_bootstrap'] | lower != "true" %}
     members.push({
         _id: idCpt++,
-        host: "{{ hostvars[host]['ip_service'] }}:{{ mongodb.mongod_port }}"
+        host: "{{ hostvars[host]['ip_service'] }}:{{ mongodb.mongod_port }}",
+        {% if (hostvars[host]['mongo_rs_bootstrap'] | default(false) | bool != true) and (hostvars[host]['mongo_arbiter'] | default(false) | bool == true) %}
+        arbiterOnly: true
+        {% else %}
+        priority: {{ '1' if (hostvars[host]['is_small'] | default(false) | bool == true) else '10' }}
+        {% endif %}
     });
-    {% endif %}
 {% endfor %}
     return members;
 }
 
 function initReplicaSetPrimary() {
-
+    print("INFO: initReplicaSetPrimary");
     let members = buildTargetReplicaSetMemberConfiguration();
 
     let rsInit = rs.initiate(
@@ -90,7 +96,7 @@ function initReplicaSetPrimary() {
 }
 
 function waitForReplicaSetPrimaryElection() {
-
+    print("INFO: waitForReplicaSetPrimaryElection");
     var status;
     for (let i = 0; i < 60; i++) {
 
@@ -101,7 +107,7 @@ function waitForReplicaSetPrimaryElection() {
             throw "ERROR : Cannot get mongod replica set status";
         }
 
-        if (status.myState === 1) {
+        if (status.members.find(member => member.stateStr === 'PRIMARY')) {
             print("OK : mongod replica set elected primary node");
             return;
         }
@@ -115,7 +121,7 @@ function waitForReplicaSetPrimaryElection() {
 }
 
 function waitForWritablePrimary() {
-
+    print("INFO: waitForWritablePrimary");
     var instanceStatus;
     for (let i = 0; i < 60; i++) {
 
@@ -127,7 +133,7 @@ function waitForWritablePrimary() {
         }
 
         if (instanceStatus.isWritablePrimary) {
-            print("OK : Primary node is writable");
+            print("OK : Primary node " + instanceStatus.primary + " is writable");
             return;
         }
 

diff --git a/deployment/roles/mongo_init/tasks/check_auth.yml b/deployment/roles/mongo_init/tasks/check_auth.yml
@@ -7,7 +7,7 @@
 
 - block:
     - name: Check if authent is enabled
-      command: "mongosh --host \"mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }}\" -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
+      command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'"
       register: mongo_authent_enabled
       failed_when: false
       no_log: "{{ hide_passwords_during_deploy }}"
@@ -20,7 +20,7 @@
 
 - block:
     - name: Load script in database (docker)
-      shell: "docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh --host mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'\""
+      shell: "docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'\""
 
       failed_when: false
       register: mongo_authent_enabled