-
-
Notifications
You must be signed in to change notification settings - Fork 451
/
mongodb.rb
161 lines (131 loc) · 4.59 KB
/
mongodb.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# frozen_string_literal: true
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..'))
require 'puppet/util/mongodb_output'
require 'yaml'
require 'json'
class Puppet::Provider::Mongodb < Puppet::Provider
# Without initvars commands won't work.
initvars
commands mongosh: 'mongosh'
# Optional defaults file
def self.mongoshrc_file
"load('#{Facter.value(:root_home)}/.mongoshrc.js'); " if File.file?("#{Facter.value(:root_home)}/.mongoshrc.js")
end
def mongoshrc_file
self.class.mongoshrc_file
end
def self.mongod_conf_file
'/etc/mongod.conf'
end
def self.mongo_conf
config = YAML.load_file(mongod_conf_file) || {}
{
'bindip' => config['net.bindIp'] || config.fetch('net', {}).fetch('bindIp', nil),
'port' => config['net.port'] || config.fetch('net', {}).fetch('port', nil),
'ipv6' => config['net.ipv6'] || config.fetch('net', {}).fetch('ipv6', nil),
'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'] || config.fetch('net', {}).fetch('tls', {}).fetch('allowInvalidHostnames', nil),
'tls' => config['net.tls.mode'] || config.fetch('net', {}).fetch('tls', {}).fetch('mode', nil),
'tlscert' => config['net.tls.certificateKeyFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('certificateKeyFile', nil),
'tlsca' => config['net.tls.CAFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('CAFile', nil),
'auth' => config['security.authorization'] || config.fetch('security', {}).fetch('authorization', nil),
'clusterRole' => config['sharding.clusterRole'] || config.fetch('sharding', {}).fetch('clusterRole', nil),
}
end
def self.ipv6_is_enabled(config = nil)
config ||= mongo_conf
config['ipv6']
end
def self.tls_is_enabled(config = nil)
config ||= mongo_conf
tls_mode = config.fetch('tls')
!tls_mode.nil? && tls_mode != 'disabled'
end
def self.tls_invalid_hostnames(config = nil)
config ||= mongo_conf
config['tlsallowInvalidHostnames']
end
def self.tls_invalid_certificates(config = nil)
config ||= mongo_conf
config['tlsallowInvalidCertificates']
end
def self.mongosh_cmd(db, host, cmd)
config = mongo_conf
host = conn_string if host.nil? || host.split(':')[0] == Facter.value(:fqdn) || host == '127.0.0.1'
args = [db, '--quiet', '--host', host]
args.push('--ipv6') if ipv6_is_enabled(config)
if tls_is_enabled(config)
args.push('--tls')
args += ['--tlsCertificateKeyFile', config['tlscert']]
tls_ca = config['tlsca']
args += ['--tlsCAFile', tls_ca] unless tls_ca.nil?
args.push('--tlsAllowInvalidHostnames') if tls_invalid_hostnames(config)
args.push('--tlsAllowInvalidCertificates') if tls_invalid_certificates(config)
end
args += ['--eval', cmd]
mongosh(args)
end
def self.conn_string
config = mongo_conf
bindip = config.fetch('bindip')
if bindip
first_ip_in_list = bindip.split(',').first
ip_real = case first_ip_in_list
when '0.0.0.0'
'127.0.0.1'
when %r{\[?::0\]?}
'::1'
else
first_ip_in_list
end
end
port = config.fetch('port')
cluster_role = config.fetch('clusterRole')
port_real = if port
port
elsif cluster_role.eql?('configsvr')
27_019
elsif cluster_role.eql?('shardsvr')
27_018
else
27_017
end
"#{ip_real}:#{port_real}"
end
def conn_string
self.class.conn_string
end
def self.db_ismaster
cmd_ismaster = 'db.isMaster().ismaster'
db = 'admin'
res = mongosh_cmd(db, conn_string, cmd_ismaster).to_s.split(%r{\n}).last.chomp
res.eql?('true')
end
def db_ismaster
self.class.db_ismaster
end
def self.auth_enabled(config = nil)
config ||= mongo_conf
config['auth'] && config['auth'] != 'disabled'
end
# Mongo Command Wrapper
def self.mongo_eval(cmd, db = 'admin', host = nil)
cmd = mongoshrc_file + cmd if mongoshrc_file
out = nil
begin
out = mongosh_cmd(db, host, cmd)
rescue StandardError => e
raise Puppet::ExecutionFailure, "Could not evaluate MongoDB shell command: #{cmd}, with: #{e.message}"
end
Puppet::Util::MongodbOutput.sanitize(out)
end
def mongo_eval(cmd, db = 'admin', host = nil)
self.class.mongo_eval(cmd, db, host)
end
# Mongo Version checker
def self.mongo_version
@mongo_version ||= mongo_eval('db.version()')
end
def mongo_version
self.class.mongo_version
end
end