diff --git a/.gitignore b/.gitignore
index 84fd904ca..9c786c34a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
/pkg/
/Gemfile.lock
/Gemfile.local
+/Gemfile.local.lock
/vendor/
/.vendor/
/spec/fixtures/manifests/
diff --git a/REFERENCE.md b/REFERENCE.md
index d47dcafd2..6a818d5ee 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -8,20 +8,18 @@
#### Public Classes
-* [`mongodb::client`](#mongodb--client): Class for installing a MongoDB client shell (CLI).
-* [`mongodb::globals`](#mongodb--globals): Class for setting cross-class global overrides. See README.md for more details.
-* [`mongodb::mongos`](#mongodb--mongos): This installs a Mongo Shard daemon. See README.md for more details.
-* [`mongodb::mongos::config`](#mongodb--mongos--config): PRIVATE CLASS: do not call directly
-* [`mongodb::mongos::install`](#mongodb--mongos--install): PRIVATE CLASS: do not call directly
+* [`mongodb::client`](#mongodb--client)
+* [`mongodb::globals`](#mongodb--globals): Class for setting cross-class global overrides.
+* [`mongodb::mongos`](#mongodb--mongos): This installs a Mongo Shard daemon.
+* [`mongodb::mongos::config`](#mongodb--mongos--config): Configs mongos
+* [`mongodb::mongos::install`](#mongodb--mongos--install): Installs mongos
* [`mongodb::mongos::params`](#mongodb--mongos--params): PRIVATE CLASS: do not use directly
-* [`mongodb::mongos::service`](#mongodb--mongos--service): PRIVATE CLASS: do not call directly
-* [`mongodb::opsmanager`](#mongodb--opsmanager): This installs Ops Manager
-* [`mongodb::params`](#mongodb--params): PRIVATE CLASS: do not use directly
+* [`mongodb::mongos::service`](#mongodb--mongos--service): Manages the mongos service.
+* [`mongodb::opsmanager`](#mongodb--opsmanager)
* [`mongodb::replset`](#mongodb--replset): Wrapper class useful for hiera based deployments
-* [`mongodb::repo`](#mongodb--repo): PRIVATE CLASS: do not use directly
* [`mongodb::repo::apt`](#mongodb--repo--apt): PRIVATE CLASS: do not use directly
* [`mongodb::repo::yum`](#mongodb--repo--yum): PRIVATE CLASS: do not use directly
-* [`mongodb::server`](#mongodb--server): This installs a MongoDB server. See README.md for more details.
+* [`mongodb::server`](#mongodb--server): This installs a MongoDB server.
* [`mongodb::server::config`](#mongodb--server--config): PRIVATE CLASS: do not call directly
* [`mongodb::server::install`](#mongodb--server--install): PRIVATE CLASS: do not call directly
* [`mongodb::server::service`](#mongodb--server--service): PRIVATE CLASS: do not call directly
@@ -30,6 +28,8 @@
#### Private Classes
* `mongodb::client::params`
+* `mongodb::params`: Private class to set default values.
+* `mongodb::repo`: Private clas to manage the mongodb repo
* `mongodb::repo::zypper`: This is a repo class for zypper
### Defined types
@@ -52,7 +52,7 @@
### `mongodb::client`
-Class for installing a MongoDB client shell (CLI).
+The mongodb::client class.
#### Parameters
@@ -65,7 +65,7 @@ The following parameters are available in the `mongodb::client` class:
Data type: `String[1]`
-Desired ensure state of the package.
+Used to ensure that the package is installed, or that the package is absent/purged
Default value: `$mongodb::client::params::package_ensure`
@@ -73,13 +73,52 @@ Default value: `$mongodb::client::params::package_ensure`
Data type: `String[1]`
-Name of the package to install the client from. Default is repository dependent.
+This setting can be used to specify the name of the package that should be installed.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::client::params::package_name`
### `mongodb::globals`
-Class for setting cross-class global overrides. See README.md for more details.
+Class for setting cross-class global overrides.
+
+#### Examples
+
+##### Use a more recent MongoDB version to install from the community repository.
+
+```puppet
+
+class {'mongodb::globals':
+ manage_package_repo => true,
+ version => '3.6',
+}
+-> class {'mongodb::client': }
+-> class {'mongodb::server': }
+```
+
+##### Install MongoDB from a custom repository.
+
+```puppet
+
+class {'mongodb::globals':
+ manage_package_repo => true,
+ repo_location => 'http://example.com/repo'
+}
+-> class {'mongodb::server': }
+-> class {'mongodb::client': }
+```
+
+##### To disable managing of repository, but still enable managing packages.
+
+```puppet
+
+class {'mongodb::globals':
+ manage_package_repo => false,
+ manage_package => true,
+}
+-> class {'mongodb::server': }
+-> class {'mongodb::client': }
+```
#### Parameters
@@ -98,6 +137,7 @@ The following parameters are available in the `mongodb::globals` class:
* [`ipv6`](#-mongodb--globals--ipv6)
* [`bind_ip`](#-mongodb--globals--bind_ip)
* [`version`](#-mongodb--globals--version)
+* [`mongosh_version`](#-mongodb--globals--mongosh_version)
* [`manage_package_repo`](#-mongodb--globals--manage_package_repo)
* [`manage_package`](#-mongodb--globals--manage_package)
* [`repo_proxy`](#-mongodb--globals--repo_proxy)
@@ -113,7 +153,8 @@ The following parameters are available in the `mongodb::globals` class:
Data type: `Any`
-
+This setting can be used to override the default MongoDB server package name.
+If not specified, the module will use whatever package name is the default for your OS distro.
Default value: `undef`
@@ -121,7 +162,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to specify the name of the client package that should be installed.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `undef`
@@ -129,7 +171,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default management of the mongod service.
+By default the module will manage the mongod process.
Default value: `undef`
@@ -137,7 +180,7 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to specify if the service should be enable at boot
Default value: `undef`
@@ -145,7 +188,7 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to specify if the service should be running
Default value: `undef`
@@ -153,7 +196,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default MongoDB service name.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `undef`
@@ -161,7 +205,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default MongoDB service provider.
+If not specified, the module will use whatever service provider is the default for your OS distro.
Default value: `undef`
@@ -169,7 +214,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default status check command for your MongoDB service.
+ If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `undef`
@@ -177,7 +223,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default MongoDB user and owner of the service and related files in the file system.
+If not specified, the module will use the default for your OS distro.
Default value: `undef`
@@ -185,7 +232,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to override the default MongoDB user group to be used for related files in the file system.
+If not specified, the module will use the default for your OS distro.
Default value: `undef`
@@ -193,7 +241,8 @@ Default value: `undef`
Data type: `Any`
-
+This setting is used to configure MongoDB to turn on ipv6 support.
+If not specified and ipv6 address is passed to MongoDB bind_ip it will just fail.
Default value: `undef`
@@ -201,7 +250,9 @@ Default value: `undef`
Data type: `Any`
-
+This setting can be used to configure MonogDB process to bind to and listen for connections from applications on this address.
+If not specified, the module will use the default for your OS distro.
+Note: This value should be passed as an array.
Default value: `undef`
@@ -209,7 +260,17 @@ Default value: `undef`
Data type: `Optional[String[1]]`
-Version of mongodb to install
+The version of MonogDB to install/manage. This is needed when managing repositories.
+If not specified, the module will use the default for your OS distro.
+
+Default value: `undef`
+
+##### `mongosh_version`
+
+Data type: `Any`
+
+The version of MonogDB-mongosh to install/manage. This package is mandatory to make this module work.
+If not specified, the module will use the default for your OS distro.
Default value: `undef`
@@ -217,15 +278,21 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-If `true` configure upstream mongodb repos
+Whether to use the MongoDB software repository or the OS packages (True) or a Custom repo (False)
-Default value: `undef`
+Default value:
+
+```puppet
+fact('os.distro.codename') ? { # Debian 10 doesn't provide mongodb packages. So manage it!
+ 'buster' => true,
+ default => undef
+```
##### `manage_package`
Data type: `Any`
-
+wgether this module willm manage the mongoDB server package
Default value: `undef`
@@ -233,7 +300,8 @@ Default value: `undef`
Data type: `Any`
-
+This will allow you to set a proxy for your repository in case you are behind a corporate firewall.
+Currently this is only supported with yum repositories
Default value: `undef`
@@ -241,7 +309,7 @@ Default value: `undef`
Data type: `Any`
-
+This sets the username for the proxyserver, should authentication be required.
Default value: `undef`
@@ -249,31 +317,26 @@ Default value: `undef`
Data type: `Any`
-
+This sets the password for the proxyserver, should authentication be required
Default value: `undef`
##### `repo_location`
-Data type: `Any`
-
-
-
-Default value: `undef`
+This setting can be used to override the default MongoDB repository location.
+If not specified, the module will use the default repository for your OS distro.
##### `use_enterprise_repo`
-Data type: `Any`
-
-
-
-Default value: `undef`
+When manage_package_repo is set to true, this setting indicates if it will use the Community Edition
+(false, the default) or the Enterprise one (true).
##### `pidfilepath`
Data type: `Any`
-
+Specify a file location to hold the PID or process ID of the mongod process.
+If not specified, the module will use the default for your OS distro.
Default value: `undef`
@@ -281,7 +344,7 @@ Default value: `undef`
Data type: `Any`
-
+The file mode of the pid file
Default value: `undef`
@@ -289,13 +352,25 @@ Default value: `undef`
Data type: `Any`
-
+If true, the pidfile will be managed by puppet
Default value: `undef`
### `mongodb::mongos`
-This installs a Mongo Shard daemon. See README.md for more details.
+This class should only be used if you want to implement sharding within your mongodb deployment.
+ This class allows you to configure the mongos daemon (responsible for routing) on your platform.
+
+ }
+
+#### Examples
+
+##### mongos can be installed the following way.
+
+```puppet
+class {'mongodb::mongos' :
+ configdb => ['configsvr1.example.com:27018'],
+```
#### Parameters
@@ -327,7 +402,7 @@ The following parameters are available in the `mongodb::mongos` class:
Data type: `Stdlib::Absolutepath`
-
+Path of the config file. If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::params::config`
@@ -335,7 +410,7 @@ Default value: `$mongodb::mongos::params::config`
Data type: `Optional[String[1]]`
-
+Config content if the default doesn't match one needs.
Default value: `$mongodb::mongos::params::config_content`
@@ -343,7 +418,7 @@ Default value: `$mongodb::mongos::params::config_content`
Data type: `Optional[String[1]]`
-
+Path to the config template if the default doesn't match one needs.
Default value: `$mongodb::mongos::params::config_template`
@@ -351,7 +426,7 @@ Default value: `$mongodb::mongos::params::config_template`
Data type: `Variant[String[1], Array[String[1]]]`
-
+Array of the config servers IP addresses the mongos should connect to.
Default value: `$mongodb::mongos::params::configdb`
@@ -359,7 +434,7 @@ Default value: `$mongodb::mongos::params::configdb`
Data type: `Optional[Hash]`
-
+Hash containing key-value pairs to allow for additional configuration options to be set in user-provided template.
Default value: `$mongodb::mongos::params::config_data`
@@ -367,7 +442,7 @@ Default value: `$mongodb::mongos::params::config_data`
Data type: `Boolean`
-
+Whether or not the MongoDB sharding service resource should be part of the catalog.
Default value: `$mongodb::mongos::params::service_manage`
@@ -375,7 +450,8 @@ Default value: `$mongodb::mongos::params::service_manage`
Data type: `Optional[String]`
-
+This setting can be used to override the default Mongos service provider.
+If not specified, the module will use whatever service provider is the default for your OS distro.
Default value: `$mongodb::mongos::params::service_provider`
@@ -383,7 +459,8 @@ Default value: `$mongodb::mongos::params::service_provider`
Data type: `Optional[String]`
-
+This setting can be used to override the default Mongos service name.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::params::service_name`
@@ -391,7 +468,7 @@ Default value: `$mongodb::mongos::params::service_name`
Data type: `Optional[String[1]]`
-
+Path to the service template if the default doesn't match one needs.
Default value: `$mongodb::mongos::params::service_template`
@@ -399,7 +476,7 @@ Default value: `$mongodb::mongos::params::service_template`
Data type: `Boolean`
-
+This setting can be used to specify if the service should be enable at boot
Default value: `$mongodb::mongos::params::service_enable`
@@ -407,7 +484,7 @@ Default value: `$mongodb::mongos::params::service_enable`
Data type: `Stdlib::Ensure::Service`
-
+This setting can be used to specify if the service should be running
Default value: `$mongodb::mongos::params::service_ensure`
@@ -415,7 +492,8 @@ Default value: `$mongodb::mongos::params::service_ensure`
Data type: `Optional[String]`
-
+This setting can be used to override the default status check command for your Mongos service.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::params::service_status`
@@ -423,7 +501,7 @@ Default value: `$mongodb::mongos::params::service_status`
Data type: `Variant[Boolean, String]`
-
+This setting can be used to specify if puppet should install the package or not
Default value: `$mongodb::mongos::params::package_ensure`
@@ -431,7 +509,8 @@ Default value: `$mongodb::mongos::params::package_ensure`
Data type: `String`
-
+This setting can be used to specify the name of the package that should be installed.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::params::package_name`
@@ -439,7 +518,7 @@ Default value: `$mongodb::mongos::params::package_name`
Data type: `Optional[Stdlib::Absolutepath]`
-
+The path for the UNIX socket. If this option has no value, the mongos process creates a socket with /tmp as a prefix.
Default value: `$mongodb::mongos::params::unixsocketprefix`
@@ -447,7 +526,8 @@ Default value: `$mongodb::mongos::params::unixsocketprefix`
Data type: `Optional[Stdlib::Absolutepath]`
-
+Specify a file location to hold the PID or process ID of the mongod process.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::params::pidfilepath`
@@ -455,7 +535,8 @@ Default value: `$mongodb::mongos::params::pidfilepath`
Data type: `Optional[Variant[Boolean, Stdlib::Absolutepath]]`
-
+Specify the path to a file name for the log file that will hold all diagnostic logging information.
+Unless specified, mongod will output all log information to the standard output.
Default value: `$mongodb::mongos::params::logpath`
@@ -463,7 +544,7 @@ Default value: `$mongodb::mongos::params::logpath`
Data type: `Optional[Boolean]`
-
+Set to true to fork server process at launch time. The default setting depends on the operating system.
Default value: `$mongodb::mongos::params::fork`
@@ -471,7 +552,8 @@ Default value: `$mongodb::mongos::params::fork`
Data type: `Optional[Array[Stdlib::IP::Address]]`
-
+Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::params::bind_ip`
@@ -479,7 +561,7 @@ Default value: `$mongodb::mongos::params::bind_ip`
Data type: `Optional[Stdlib::Port]`
-
+Specifies a TCP port for the server instance to listen for client connections.
Default value: `$mongodb::mongos::params::port`
@@ -487,13 +569,13 @@ Default value: `$mongodb::mongos::params::port`
Data type: `Boolean`
-
+Specifies whether the service should be restarted on config changes.
Default value: `$mongodb::mongos::params::restart`
### `mongodb::mongos::config`
-PRIVATE CLASS: do not call directly
+Configs mongos
#### Parameters
@@ -517,7 +599,7 @@ The following parameters are available in the `mongodb::mongos::config` class:
Data type: `Any`
-
+This setting can be used to specify if puppet should install the package or not
Default value: `$mongodb::mongos::package_ensure`
@@ -525,7 +607,7 @@ Default value: `$mongodb::mongos::package_ensure`
Data type: `Any`
-
+Path of the config file. If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::config`
@@ -533,7 +615,7 @@ Default value: `$mongodb::mongos::config`
Data type: `Any`
-
+Config content if the default doesn't match one needs.
Default value: `$mongodb::mongos::config_content`
@@ -541,7 +623,7 @@ Default value: `$mongodb::mongos::config_content`
Data type: `Any`
-
+Path to the config template if the default doesn't match one needs.
Default value: `$mongodb::mongos::config_template`
@@ -549,7 +631,7 @@ Default value: `$mongodb::mongos::config_template`
Data type: `Any`
-
+Whether or not the MongoDB sharding service resource should be part of the catalog.
Default value: `$mongodb::mongos::service_manage`
@@ -557,7 +639,7 @@ Default value: `$mongodb::mongos::service_manage`
Data type: `Any`
-
+Array of the config servers IP addresses the mongos should connect to.
Default value: `$mongodb::mongos::configdb`
@@ -565,7 +647,8 @@ Default value: `$mongodb::mongos::configdb`
Data type: `Any`
-
+Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::bind_ip`
@@ -573,7 +656,7 @@ Default value: `$mongodb::mongos::bind_ip`
Data type: `Any`
-
+Specifies a TCP port for the server instance to listen for client connections.
Default value: `$mongodb::mongos::port`
@@ -581,7 +664,7 @@ Default value: `$mongodb::mongos::port`
Data type: `Any`
-
+Set to true to fork server process at launch time. The default setting depends on the operating system.
Default value: `$mongodb::mongos::fork`
@@ -589,7 +672,8 @@ Default value: `$mongodb::mongos::fork`
Data type: `Any`
-
+Specify a file location to hold the PID or process ID of the mongod process.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::pidfilepath`
@@ -597,7 +681,8 @@ Default value: `$mongodb::mongos::pidfilepath`
Data type: `Any`
-
+Specify the path to a file name for the log file that will hold all diagnostic logging information.
+Unless specified, mongod will output all log information to the standard output.
Default value: `$mongodb::mongos::logpath`
@@ -605,7 +690,7 @@ Default value: `$mongodb::mongos::logpath`
Data type: `Any`
-
+The path for the UNIX socket. If this option has no value, the mongos process creates a socket with /tmp as a prefix.
Default value: `$mongodb::mongos::unixsocketprefix`
@@ -613,13 +698,13 @@ Default value: `$mongodb::mongos::unixsocketprefix`
Data type: `Any`
-
+Hash containing key-value pairs to allow for additional configuration options to be set in user-provided templ ate.
Default value: `$mongodb::mongos::config_data`
### `mongodb::mongos::install`
-PRIVATE CLASS: do not call directly
+Installs mongos
#### Parameters
@@ -632,7 +717,7 @@ The following parameters are available in the `mongodb::mongos::install` class:
Data type: `Any`
-
+This setting can be used to specify if puppet should install the package or not
Default value: `$mongodb::mongos::package_ensure`
@@ -640,7 +725,8 @@ Default value: `$mongodb::mongos::package_ensure`
Data type: `Any`
-
+This setting can be used to specify the name of the package that should be installed.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::package_name`
@@ -650,7 +736,7 @@ PRIVATE CLASS: do not use directly
### `mongodb::mongos::service`
-PRIVATE CLASS: do not call directly
+Manages the mongos service.
#### Parameters
@@ -671,7 +757,7 @@ The following parameters are available in the `mongodb::mongos::service` class:
Data type: `Any`
-
+This setting can be used to specify if puppet should install the package or not.
Default value: `$mongodb::mongos::package_ensure`
@@ -679,7 +765,7 @@ Default value: `$mongodb::mongos::package_ensure`
Data type: `Any`
-
+Whether or not the MongoDB sharding service resource should be part of the catalog.
Default value: `$mongodb::mongos::service_manage`
@@ -687,7 +773,8 @@ Default value: `$mongodb::mongos::service_manage`
Data type: `Any`
-
+This setting can be used to override the default Mongos service name.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::service_name`
@@ -695,7 +782,7 @@ Default value: `$mongodb::mongos::service_name`
Data type: `Any`
-
+This setting can be used to specify if the service should be enable at boot.
Default value: `$mongodb::mongos::service_enable`
@@ -703,7 +790,7 @@ Default value: `$mongodb::mongos::service_enable`
Data type: `Any`
-
+This setting can be used to specify if the service should be running.
Default value: `$mongodb::mongos::service_ensure`
@@ -711,7 +798,8 @@ Default value: `$mongodb::mongos::service_ensure`
Data type: `Any`
-
+This setting can be used to override the default status check command for your Mongos service.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::mongos::service_status`
@@ -719,7 +807,8 @@ Default value: `$mongodb::mongos::service_status`
Data type: `Any`
-
+This setting can be used to override the default Mongos service provider.
+If not specified, the module will use whatever service provider is the default for your OS distro.
Default value: `$mongodb::mongos::service_provider`
@@ -727,7 +816,8 @@ Default value: `$mongodb::mongos::service_provider`
Data type: `Any`
-
+Set this option to configure the mongod or mongos process to bind to and listen for connections from applicati ons on this address.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::mongos::bind_ip`
@@ -735,7 +825,7 @@ Default value: `$mongodb::mongos::bind_ip`
Data type: `Any`
-
+Specifies a TCP port for the server instance to listen for client connections.
Default value: `$mongodb::mongos::port`
@@ -743,18 +833,26 @@ Default value: `$mongodb::mongos::port`
Data type: `Any`
-
+Path to the service template if the default doesn't match one needs.
Default value: `$mongodb::mongos::service_template`
### `mongodb::opsmanager`
-This installs Ops Manager
+The mongodb::opsmanager class.
#### Parameters
The following parameters are available in the `mongodb::opsmanager` class:
+* [`pem_key_password`](#-mongodb--opsmanager--pem_key_password)
+* [`user_svc_class`](#-mongodb--opsmanager--user_svc_class)
+* [`snapshot_interval`](#-mongodb--opsmanager--snapshot_interval)
+* [`snapshot_interval_retention`](#-mongodb--opsmanager--snapshot_interval_retention)
+* [`snapshot_daily_retention`](#-mongodb--opsmanager--snapshot_daily_retention)
+* [`snapshot_weekly_retention`](#-mongodb--opsmanager--snapshot_weekly_retention)
+* [`snapshot_monthly_retention`](#-mongodb--opsmanager--snapshot_monthly_retention)
+* [`versions_directory`](#-mongodb--opsmanager--versions_directory)
* [`user`](#-mongodb--opsmanager--user)
* [`group`](#-mongodb--opsmanager--group)
* [`ensure`](#-mongodb--opsmanager--ensure)
@@ -778,20 +876,79 @@ The following parameters are available in the `mongodb::opsmanager` class:
* [`ignore_ui_setup`](#-mongodb--opsmanager--ignore_ui_setup)
* [`ca_file`](#-mongodb--opsmanager--ca_file)
* [`pem_key_file`](#-mongodb--opsmanager--pem_key_file)
-* [`pem_key_password`](#-mongodb--opsmanager--pem_key_password)
-* [`user_svc_class`](#-mongodb--opsmanager--user_svc_class)
-* [`snapshot_interval`](#-mongodb--opsmanager--snapshot_interval)
-* [`snapshot_interval_retention`](#-mongodb--opsmanager--snapshot_interval_retention)
-* [`snapshot_daily_retention`](#-mongodb--opsmanager--snapshot_daily_retention)
-* [`snapshot_weekly_retention`](#-mongodb--opsmanager--snapshot_weekly_retention)
-* [`snapshot_monthly_retention`](#-mongodb--opsmanager--snapshot_monthly_retention)
-* [`versions_directory`](#-mongodb--opsmanager--versions_directory)
+
+##### `pem_key_password`
+
+Data type: `Optional[String[1]]`
+
+The password to the pem key file.
+
+Default value: `undef`
+
+##### `user_svc_class`
+
+Data type: `Optional[String[1]]`
+
+The user svc class
+Default: com.xgen.svc.mms.svc.user.UserSvcDb
+External Source: com.xgen.svc.mms.svc.user.UserSvcCrowd
+Internal Database: com.xgen.svc.mms.svc.user.UserSvcDb
+
+Default value: `undef`
+
+##### `snapshot_interval`
+
+Data type: `Optional[Integer]`
+
+The snapshot interval to use
+
+Default value: `undef`
+
+##### `snapshot_interval_retention`
+
+Data type: `Optional[Integer]`
+
+The snapshot interval retention period
+
+Default value: `undef`
+
+##### `snapshot_daily_retention`
+
+Data type: `Optional[Integer]`
+
+The dayly snapshot interval retention period
+
+Default value: `undef`
+
+##### `snapshot_weekly_retention`
+
+Data type: `Optional[Integer]`
+
+The weekly snapshot interval retention period
+
+Default value: `undef`
+
+##### `snapshot_monthly_retention`
+
+Data type: `Optional[Integer]`
+
+The monthly snapshot interval retention period
+
+Default value: `undef`
+
+##### `versions_directory`
+
+Data type: `Optional[Integer]`
+
+The directory where to store the snapshot versions
+
+Default value: `undef`
##### `user`
Data type: `String[1]`
-The user that owns the config file
+
Default value: `'mongodb-mms'`
@@ -799,7 +956,7 @@ Default value: `'mongodb-mms'`
Data type: `String[1]`
-The group that owns the config file
+
Default value: `'mongodb-mms'`
@@ -871,7 +1028,7 @@ Default value: `'mongodb://127.0.0.1:27017'`
Data type: `Stdlib::Httpurl`
-The fully qualified url where opsmanager runs. Must include the port.
+
Default value: `"http://${facts['networking']['fqdn']}:8080"`
@@ -959,27 +1116,11 @@ Default value: `true`
Data type: `Optional[String[1]]`
-Ca file for secure connection to backup agents.
-Default value: `undef`
-
-##### `pem_key_file`
-
-Data type: `Optional[String[1]]`
-
-Pem key file containing the cert and private key used for secure connections to backup agents.
-
-Default value: `undef`
-
-##### `pem_key_password`
-
-Data type: `Optional[String[1]]`
-
-The password to the pem key file.
Default value: `undef`
-##### `user_svc_class`
+##### `pem_key_file`
Data type: `Optional[String[1]]`
@@ -987,61 +1128,24 @@ Data type: `Optional[String[1]]`
Default value: `undef`
-##### `snapshot_interval`
-
-Data type: `Optional[Integer]`
-
-
-
-Default value: `undef`
-
-##### `snapshot_interval_retention`
-
-Data type: `Optional[Integer]`
-
-
-
-Default value: `undef`
-
-##### `snapshot_daily_retention`
-
-Data type: `Optional[Integer]`
-
-
-
-Default value: `undef`
-
-##### `snapshot_weekly_retention`
-
-Data type: `Optional[Integer]`
-
-
-
-Default value: `undef`
-
-##### `snapshot_monthly_retention`
-
-Data type: `Optional[Integer]`
-
-
-
-Default value: `undef`
-
-##### `versions_directory`
-
-Data type: `Optional[Integer]`
-
-
+### `mongodb::replset`
-Default value: `undef`
+Wrapper class useful for hiera based deployments
-### `mongodb::params`
+#### Examples
-PRIVATE CLASS: do not use directly
+##### hieradata
-### `mongodb::replset`
+```puppet
-Wrapper class useful for hiera based deployments
+mongodb::replset::sets:
+ replicaset01:
+ ensure: present
+ members:
+ - member01.example.com:27017
+ - member02.example.com:27017
+ - member03.example.com:27017
+```
#### Parameters
@@ -1053,130 +1157,65 @@ The following parameters are available in the `mongodb::replset` class:
Data type: `Any`
-
+Hash of attributes as described in the mongodb_replset custom type
Default value: `undef`
-### `mongodb::repo`
+### `mongodb::repo::apt`
PRIVATE CLASS: do not use directly
-#### Parameters
-
-The following parameters are available in the `mongodb::repo` class:
+### `mongodb::repo::yum`
-* [`ensure`](#-mongodb--repo--ensure)
-* [`version`](#-mongodb--repo--version)
-* [`use_enterprise_repo`](#-mongodb--repo--use_enterprise_repo)
-* [`repo_location`](#-mongodb--repo--repo_location)
-* [`proxy`](#-mongodb--repo--proxy)
-* [`proxy_username`](#-mongodb--repo--proxy_username)
-* [`proxy_password`](#-mongodb--repo--proxy_password)
-* [`aptkey_options`](#-mongodb--repo--aptkey_options)
+PRIVATE CLASS: do not use directly
-##### `ensure`
+### `mongodb::server`
-Data type: `Variant[Enum['present', 'absent'], Boolean]`
+Most of the parameters manipulate the mongod.conf file.
+ For more details about configuration parameters consult the MongoDB Configuration File Options.
+ }
-Default value: `'present'`
+This setting can be used to specify if the service should be running.
-##### `version`
+#### Examples
-Data type: `Optional[String]`
+##### Basic usage.
-Optional repo version string.
+```puppet
+include mongodb::server
+```
-Default value: `undef`
+##### Overrule settings
-##### `use_enterprise_repo`
+```puppet
+class {'mongodb::server':
+ port => 27018,
+ verbose => true,
+```
-Data type: `Boolean`
+#### Parameters
-Boolean value to use enterprise repository. Defaults to false.
+The following parameters are available in the `mongodb::server` class:
-Default value: `false`
-
-##### `repo_location`
-
-Data type: `Optional[String]`
-
-Optional location of the repository
-
-Default value: `undef`
-
-##### `proxy`
-
-Data type: `Optional[String]`
-
-
-
-Default value: `undef`
-
-##### `proxy_username`
-
-Data type: `Optional[String]`
-
-
-
-Default value: `undef`
-
-##### `proxy_password`
-
-Data type: `Optional[String]`
-
-
-
-Default value: `undef`
-
-##### `aptkey_options`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-### `mongodb::repo::apt`
-
-PRIVATE CLASS: do not use directly
-
-### `mongodb::repo::yum`
-
-PRIVATE CLASS: do not use directly
-
-### `mongodb::server`
-
-This installs a MongoDB server. See README.md for more details.
-
-#### Parameters
-
-The following parameters are available in the `mongodb::server` class:
-
-* [`tls`](#-mongodb--server--tls)
-* [`tls_key`](#-mongodb--server--tls_key)
-* [`tls_ca`](#-mongodb--server--tls_ca)
-* [`tls_conn_without_cert`](#-mongodb--server--tls_conn_without_cert)
-* [`tls_invalid_hostnames`](#-mongodb--server--tls_invalid_hostnames)
-* [`tls_mode`](#-mongodb--server--tls_mode)
-* [`admin_password_hash`](#-mongodb--server--admin_password_hash)
* [`ensure`](#-mongodb--server--ensure)
* [`user`](#-mongodb--server--user)
* [`group`](#-mongodb--server--group)
* [`config`](#-mongodb--server--config)
* [`dbpath`](#-mongodb--server--dbpath)
* [`dbpath_fix`](#-mongodb--server--dbpath_fix)
-* [`pidfilepath`](#-mongodb--server--pidfilepath)
* [`pidfilemode`](#-mongodb--server--pidfilemode)
+* [`pidfilepath`](#-mongodb--server--pidfilepath)
* [`manage_pidfile`](#-mongodb--server--manage_pidfile)
* [`rcfile`](#-mongodb--server--rcfile)
* [`service_manage`](#-mongodb--server--service_manage)
-* [`service_provider`](#-mongodb--server--service_provider)
+* [`service_manage`](#-mongodb--server--service_manage)
* [`service_name`](#-mongodb--server--service_name)
+* [`service_provider`](#-mongodb--server--service_provider)
+* [`service_status`](#-mongodb--server--service_status)
* [`service_enable`](#-mongodb--server--service_enable)
* [`service_ensure`](#-mongodb--server--service_ensure)
-* [`service_status`](#-mongodb--server--service_status)
* [`package_ensure`](#-mongodb--server--package_ensure)
* [`package_name`](#-mongodb--server--package_name)
* [`logpath`](#-mongodb--server--logpath)
@@ -1232,78 +1271,32 @@ The following parameters are available in the `mongodb::server` class:
* [`ssl_weak_cert`](#-mongodb--server--ssl_weak_cert)
* [`ssl_invalid_hostnames`](#-mongodb--server--ssl_invalid_hostnames)
* [`ssl_mode`](#-mongodb--server--ssl_mode)
+* [`tls`](#-mongodb--server--tls)
+* [`tls_key`](#-mongodb--server--tls_key)
+* [`tls_ca`](#-mongodb--server--tls_ca)
+* [`tls_conn_without_cert`](#-mongodb--server--tls_conn_without_cert)
+* [`tls_invalid_hostnames`](#-mongodb--server--tls_invalid_hostnames)
+* [`tls_mode`](#-mongodb--server--tls_mode)
+* [`admin_password_hash`](#-mongodb--server--admin_password_hash)
* [`restart`](#-mongodb--server--restart)
* [`storage_engine`](#-mongodb--server--storage_engine)
* [`create_admin`](#-mongodb--server--create_admin)
* [`admin_username`](#-mongodb--server--admin_username)
* [`admin_password`](#-mongodb--server--admin_password)
* [`admin_auth_mechanism`](#-mongodb--server--admin_auth_mechanism)
+* [`supported_auth_mechanisms`](#-mongodb--server--supported_auth_mechanisms)
+* [`admin_tls_key`](#-mongodb--server--admin_tls_key)
* [`admin_update_password`](#-mongodb--server--admin_update_password)
+* [`admin_roles`](#-mongodb--server--admin_roles)
* [`handle_creds`](#-mongodb--server--handle_creds)
* [`store_creds`](#-mongodb--server--store_creds)
-* [`admin_roles`](#-mongodb--server--admin_roles)
-
-##### `tls`
-
-Data type: `Boolean`
-
-Ensure tls is enabled.
-
-Default value: `false`
-
-##### `tls_key`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-Defines the path of the file that contains the TLS/SSL certificate and key.
-
-Default value: `undef`
-
-##### `tls_ca`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-Defines the path of the file that contains the certificate chain for verifying client certificates.
-
-Default value: `undef`
-
-##### `tls_conn_without_cert`
-
-Data type: `Boolean`
-
-Set to true to bypass client certificate validation for clients that do not present a certificate.
-
-Default value: `false`
-
-##### `tls_invalid_hostnames`
-
-Data type: `Boolean`
-
-Set to true to disable the validation of the hostnames in TLS certificates.
-
-Default value: `false`
-
-##### `tls_mode`
-
-Data type: `Enum['requireTLS', 'preferTLS', 'allowTLS']`
-
-Defines if TLS is used for all network connections. Allowed values are 'requireTLS', 'preferTLS' or 'allowTLS'.
-
-Default value: `'requireTLS'`
-
-##### `admin_password_hash`
-
-Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
-
-Hashed password. Hex encoded md5 hash of mongodb password.
-
-Default value: `undef`
##### `ensure`
Data type: `Variant[Boolean, String]`
-
+Used to ensure that the package is installed and the service is running, or that the package is
+absent/purged and the service is stopped.
Default value: `$mongodb::params::ensure`
@@ -1311,7 +1304,8 @@ Default value: `$mongodb::params::ensure`
Data type: `String`
-
+This setting can be used to override the default MongoDB user and owner of the service and related files in the file system.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::params::user`
@@ -1319,7 +1313,8 @@ Default value: `$mongodb::params::user`
Data type: `String`
-
+This setting can be used to override the default MongoDB user group to be used for related files in the file system.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::params::group`
@@ -1327,7 +1322,7 @@ Default value: `$mongodb::params::group`
Data type: `Stdlib::Absolutepath`
-
+Path of the config file. If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::params::config`
@@ -1335,7 +1330,8 @@ Default value: `$mongodb::params::config`
Data type: `Stdlib::Absolutepath`
-
+Set this value to designate a directory for the mongod instance to store it's data.
+If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::params::dbpath`
@@ -1343,31 +1339,34 @@ Default value: `$mongodb::params::dbpath`
Data type: `Boolean`
-
+Set this value to true if you want puppet to recursively manage the permissions of the files in the dbpath
+directory. If you are using the default dbpath, this should probably be false. Set this to true if you are
+using a custom dbpath.
Default value: `$mongodb::params::dbpath_fix`
-##### `pidfilepath`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
+##### `pidfilemode`
+Data type: `String`
-Default value: `$mongodb::params::pidfilepath`
+The file mode of the pidfilepath
-##### `pidfilemode`
+Default value: `$mongodb::params::pidfilemode`
-Data type: `String`
+##### `pidfilepath`
+Data type: `Optional[Stdlib::Absolutepath]`
+Specify a file location to hold the PID or process ID of the mongod process.
+If not specified, the module will use the default for your OS distro.
-Default value: `$mongodb::params::pidfilemode`
+Default value: `$mongodb::params::pidfilepath`
##### `manage_pidfile`
Data type: `Boolean`
-
+Should puppet create the pidfile. Mongod 6.2.10 will not start if pidfile exists
Default value: `$mongodb::params::manage_pidfile`
@@ -1375,7 +1374,7 @@ Default value: `$mongodb::params::manage_pidfile`
Data type: `String`
-
+The path to the custom mongosh rc file.
Default value: `$mongodb::params::rcfile`
@@ -1383,31 +1382,48 @@ Default value: `$mongodb::params::rcfile`
Data type: `Boolean`
+Whether or not the MongoDB service resource should be part of the catalog.
+
+Default value: `$mongodb::params::service_manage`
+
+##### `service_manage`
+Whether or not the MongoDB sharding service resource should be part of the catalog.
Default value: `$mongodb::params::service_manage`
-##### `service_provider`
+##### `service_name`
Data type: `Optional[String]`
+This setting can be used to override the default Mongos service name.
+If not specified, the module will use whatever service name is the default for your OS distro.
+Default value: `$mongodb::params::service_name`
-Default value: `$mongodb::params::service_provider`
-
-##### `service_name`
+##### `service_provider`
Data type: `Optional[String]`
+This setting can be used to override the default Mongos service provider.
+If not specified, the module will use whatever service provider is the default for your OS distro.
+Default value: `$mongodb::params::service_provider`
-Default value: `$mongodb::params::service_name`
+##### `service_status`
+
+Data type: `Optional[Enum['stopped', 'running']]`
+
+This setting can be used to override the default status check command for your Mongos service.
+If not specified, the module will use whatever service name is the default for your OS distro.
+
+Default value: `$mongodb::params::service_status`
##### `service_enable`
Data type: `Boolean`
-
+This setting can be used to specify if the service should be enable at boot.
Default value: `$mongodb::params::service_enable`
@@ -1419,19 +1435,11 @@ Data type: `Enum['stopped', 'running']`
Default value: `$mongodb::params::service_ensure`
-##### `service_status`
-
-Data type: `Optional[Enum['stopped', 'running']]`
-
-
-
-Default value: `$mongodb::params::service_status`
-
##### `package_ensure`
Data type: `Variant[Boolean, String]`
-
+This setting can be used to specify if puppet should install the package or not.
Default value: `$mongodb::params::package_ensure`
@@ -1439,7 +1447,8 @@ Default value: `$mongodb::params::package_ensure`
Data type: `String`
-
+This setting can be used to specify the name of the package that should be installed.
+If not specified, the module will use whatever service name is the default for your OS distro.
Default value: `$mongodb::params::server_package_name`
@@ -1447,7 +1456,8 @@ Default value: `$mongodb::params::server_package_name`
Data type: `Variant[Boolean, Stdlib::Absolutepath]`
-
+Specify the path to a file name for the log file that will hold all diagnostic logging information.
+Unless specified, mongod will output all log information to the standard output.
Default value: `$mongodb::params::logpath`
@@ -1455,7 +1465,8 @@ Default value: `$mongodb::params::logpath`
Data type: `Array[Stdlib::IP::Address]`
-
+Set this option to configure the mongod or mongos process to bind to and listen for connections from
+applications on this address. If not specified, the module will use the default for your OS distro.
Default value: `$mongodb::params::bind_ip`
@@ -1463,7 +1474,8 @@ Default value: `$mongodb::params::bind_ip`
Data type: `Optional[Boolean]`
-
+This setting has to be true to configure MongoDB to turn on ipv6 support. If not specified and ipv6
+address is passed to MongoDB bind_ip it will just fail.
Default value: `undef`
@@ -1471,7 +1483,8 @@ Default value: `undef`
Data type: `Boolean`
-
+Set to true to add new entries to the end of the logfile rather than overwriting the content of the log
+when the process restarts.
Default value: `true`
@@ -1479,7 +1492,8 @@ Default value: `true`
Data type: `Optional[String]`
-
+Set to reopen for mongo to close a log file then reopen it so that logrotations handled outside of mongo
+perform as expected.
Default value: `undef`
@@ -1487,7 +1501,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to fork server process at launch time. The default setting depends on the operating system.
Default value: `$mongodb::params::fork`
@@ -1495,7 +1509,7 @@ Default value: `$mongodb::params::fork`
Data type: `Optional[Integer[1, 65535]]`
-
+Specifies a TCP port for the server instance to listen for client connections.
Default value: `undef`
@@ -1503,7 +1517,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to enable operation journaling to ensure write durability and data consistency.
Default value: `$mongodb::params::journal`
@@ -1511,7 +1525,8 @@ Default value: `$mongodb::params::journal`
Data type: `Optional[Boolean]`
-
+Set nojournal = true to disable durability journaling. By default, mongod enables journaling in 64-bit versions after v2.0.
+Note: You must use journal to enable journaling on 32-bit systems.
Default value: `undef`
@@ -1519,7 +1534,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to modify MongoDB to use a smaller default data file size. Specifically, smallfiles reduces
+the initial size for data files and limits them to 512 megabytes.
Default value: `undef`
@@ -1527,7 +1543,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to force mongod to report every four seconds CPU utilization and the amount of time that the
+processor waits for I/O operations to complete (i.e. I/O wait.)
Default value: `undef`
@@ -1535,7 +1552,8 @@ Default value: `undef`
Data type: `Boolean`
-
+et to true to enable database authentication for users connecting from remote hosts. If no users exist,
+the localhost interface will continue to have access to the database until you create the first user.
Default value: `false`
@@ -1543,7 +1561,7 @@ Default value: `false`
Data type: `Optional[Boolean]`
-
+Disable authentication.
Default value: `undef`
@@ -1551,7 +1569,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Increases the amount of internal reporting returned on standard output or in the log file generated by logpath.
Default value: `undef`
@@ -1559,7 +1577,7 @@ Default value: `undef`
Data type: `Optional[String]`
-
+MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.
Default value: `undef`
@@ -1567,7 +1585,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Forces the mongod to validate all requests from clients upon receipt to ensure that clients never insert
+invalid documents into the database.
Default value: `undef`
@@ -1575,7 +1594,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to enable a maximum limit for the number of data files each database can have. The default
+quota is 8 data files, when quota is true.
Default value: `undef`
@@ -1583,7 +1603,7 @@ Default value: `undef`
Data type: `Optional[Integer]`
-
+Modify limit on the number of data files per database. This option requires the quota setting.
Default value: `undef`
@@ -1591,7 +1611,8 @@ Default value: `undef`
Data type: `Optional[Integer[0, 7]]`
-
+Creates a very verbose diagnostic log for troubleshooting and recording various errors. For more
+information please refer to MongoDB Configuration File Options.
Default value: `undef`
@@ -1599,7 +1620,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to modify the storage pattern of the data directory to store each database’s files in a distinct folder.
Default value: `undef`
@@ -1607,7 +1628,8 @@ Default value: `undef`
Data type: `Any`
-
+Modify this value to changes the level of database profiling, which inserts information about operation
+performance into output of mongod or the log file if specified by logpath.
Default value: `undef`
@@ -1615,7 +1637,8 @@ Default value: `undef`
Data type: `Optional[Integer]`
-
+Specifies a value to set the maximum number of simultaneous connections that MongoDB will accept.
+Unless set, MongoDB will not limit its own connections.
Default value: `undef`
@@ -1623,7 +1646,9 @@ Default value: `undef`
Data type: `Optional[Integer]`
-
+Specifies a maximum size in megabytes for the replication operation log (e.g. oplog.) mongod creates an
+oplog based on the maximum amount of space available. For 64-bit systems, the oplog is typically 5% of
+available disk space.
Default value: `undef`
@@ -1631,7 +1656,7 @@ Default value: `undef`
Data type: `Any`
-
+Ignore query hints.
Default value: `undef`
@@ -1639,7 +1664,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to disable the HTTP interface. This command will override the rest and disable the HTTP
+interface if you specify both.
Default value: `undef`
@@ -1647,7 +1673,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set noscripting = true to disable the scripting engine.
Default value: `undef`
@@ -1655,7 +1681,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set notablescan = true to forbid operations that require a table scan.
Default value: `undef`
@@ -1663,7 +1689,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set noprealloc = true to disable the preallocation of data files. This will shorten the start up time in
+some cases, but can cause significant performance penalties during normal operations.
Default value: `undef`
@@ -1671,7 +1698,7 @@ Default value: `undef`
Data type: `Optional[Integer]`
-
+Use this setting to control the default size for all newly created namespace files (i.e .ns).
Default value: `undef`
@@ -1679,7 +1706,7 @@ Default value: `undef`
Data type: `Any`
-
+MMS token for mms monitoring.
Default value: `undef`
@@ -1687,7 +1714,7 @@ Default value: `undef`
Data type: `Any`
-
+MMS identifier for mms monitoring.
Default value: `undef`
@@ -1695,7 +1722,7 @@ Default value: `undef`
Data type: `Any`
-
+MMS interval for mms monitoring.
Default value: `undef`
@@ -1703,7 +1730,8 @@ Default value: `undef`
Data type: `Optional[String]`
-
+Use this setting to configure replication with replica sets. Specify a replica set name as an argument to
+this set. All hosts must have the same set name.
Default value: `undef`
@@ -1711,7 +1739,14 @@ Default value: `undef`
Data type: `Optional[Hash]`
-
+A hash that is used to configure the replica set. Mutually exclusive with replset_members param.
+class mongodb::server {
+ replset => 'rsmain',
+ replset_config => { 'rsmain' => {
+ ensure => present,
+ settings => { heartbeatTimeoutSecs => 15, getLastErrorModes => { ttmode => { dc => 1 } } },
+ members => [{'host' => 'host1:27017', 'tags':{ 'dc' : 'east'}}, { 'host' => 'host2:27017'}, 'host3:27017'] }},
+}
Default value: `undef`
@@ -1719,7 +1754,7 @@ Default value: `undef`
Data type: `Optional[Array]`
-
+An array of member hosts for the replica set. Mutually exclusive with replset_config param.
Default value: `undef`
@@ -1727,7 +1762,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Use this setting to enable config server mode for mongod.
Default value: `undef`
@@ -1735,7 +1770,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Use this setting to enable shard server mode for mongod.
Default value: `undef`
@@ -1743,7 +1778,7 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Set to true to enable a simple REST interface.
Default value: `undef`
@@ -1751,7 +1786,12 @@ Default value: `undef`
Data type: `Optional[Boolean]`
+Runs the mongod or mongos instance in a quiet mode that attempts to limit the amount of output.
+This option suppresses : "output from database commands, including drop, dropIndexes, diagLogging,
+validate, and clean", "replication activity", "connection accepted events" and "connection closed events".
+For production systems this option is not recommended as it may make tracking problems during particular
+connections much more difficult.
Default value: `undef`
@@ -1759,7 +1799,7 @@ Default value: `undef`
Data type: `Optional[Integer]`
-
+Sets the threshold for mongod to consider a query “slow” for the database profiler.
Default value: `undef`
@@ -1767,7 +1807,8 @@ Default value: `undef`
Data type: `Optional[Stdlib::Absolutepath]`
-
+Specify the path to a key file to store authentication information. This option is only useful for the
+connection between replica set members.
Default value: `undef`
@@ -1775,7 +1816,8 @@ Default value: `undef`
Data type: `Optional[Variant[String[6], Sensitive[String[6]]]]`
-
+Specify the key contained within the keyfile. This option is only useful for the connection between
+replica set members.
Default value: `undef`
@@ -1783,7 +1825,7 @@ Default value: `undef`
Data type: `Optional[Variant[String[1], Array[String[1]]]]`
-
+Specify extra configuration file parameters (i.e. textSearchEnabled=true).
Default value: `undef`
@@ -1791,7 +1833,8 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Sends all logging output to the host’s syslog system rather than to standard output or a log file.
+Important: You cannot use syslog with logpath. Set logpath to false to disable it.
Default value: `undef`
@@ -1799,7 +1842,7 @@ Default value: `undef`
Data type: `Any`
-
+Config content if the default doesn't match one needs.
Default value: `undef`
@@ -1807,7 +1850,7 @@ Default value: `undef`
Data type: `Optional[String]`
-
+Path to the config template if the default doesn't match one needs.
Default value: `undef`
@@ -1815,7 +1858,7 @@ Default value: `undef`
Data type: `Optional[Hash]`
-
+A hash to allow for additional configuration options to be set in user-provided template.
Default value: `undef`
@@ -1823,7 +1866,9 @@ Default value: `undef`
Data type: `Optional[Boolean]`
-
+Use SSL validation.
+Important: You need to have ssl_key set as well, and the file needs to pre-exist on node. If you wish to
+use certificate validation, ssl_ca must also be set.
Default value: `undef`
@@ -1831,7 +1876,7 @@ Default value: `undef`
Data type: `Optional[Stdlib::Absolutepath]`
-
+Defines the path of the file that contains the TLS/SSL certificate and key.
Default value: `undef`
@@ -1839,7 +1884,7 @@ Default value: `undef`
Data type: `Optional[Stdlib::Absolutepath]`
-
+Defines the path of the file that contains the certificate chain for verifying client certificates.
Default value: `undef`
@@ -1847,7 +1892,7 @@ Default value: `undef`
Data type: `Boolean`
-
+Set to true to disable mandatory SSL client authentication.
Default value: `false`
@@ -1855,7 +1900,7 @@ Default value: `false`
Data type: `Boolean`
-
+Set to true to disable fqdn SSL cert check.
Default value: `false`
@@ -1863,15 +1908,71 @@ Default value: `false`
Data type: `Enum['requireSSL', 'preferSSL', 'allowSSL']`
-
+Ssl authorization mode.
Default value: `'requireSSL'`
-##### `restart`
+##### `tls`
+
+Data type: `Boolean`
+
+Ensure tls is enabled.
+
+Default value: `false`
+
+##### `tls_key`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Defines the path of the file that contains the TLS/SSL certificate and key.
+
+Default value: `undef`
+
+##### `tls_ca`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Defines the path of the file that contains the certificate chain for verifying client certificates.
+
+Default value: `undef`
+
+##### `tls_conn_without_cert`
+
+Data type: `Boolean`
+
+Set to true to bypass client certificate validation for clients that do not present a certificate.
+
+Default value: `false`
+
+##### `tls_invalid_hostnames`
Data type: `Boolean`
+Set to true to disable the validation of the hostnames in TLS certificates.
+
+Default value: `false`
+##### `tls_mode`
+
+Data type: `Enum['requireTLS', 'preferTLS', 'allowTLS']`
+
+Defines if TLS is used for all network connections. Allowed values are 'requireTLS', 'preferTLS' or 'allowTLS'.
+
+Default value: `'requireTLS'`
+
+##### `admin_password_hash`
+
+Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
+
+Hashed password. Hex encoded md5 hash of mongodb password.
+
+Default value: `undef`
+
+##### `restart`
+
+Data type: `Boolean`
+
+Specifies whether the service should be restarted on config changes.
Default value: `$mongodb::params::restart`
@@ -1879,7 +1980,8 @@ Default value: `$mongodb::params::restart`
Data type: `Optional[String]`
-
+Only needed for MongoDB 3.x versions, where it's possible to select the 'wiredTiger' engine in addition to
+the default 'mmapv1' engine. If not set, the config is left out and mongo will default to 'mmapv1'.
Default value: `undef`
@@ -1887,7 +1989,7 @@ Default value: `undef`
Data type: `Boolean`
-
+Allows to create admin user for admin database.
Default value: `$mongodb::params::create_admin`
@@ -1895,7 +1997,7 @@ Default value: `$mongodb::params::create_admin`
Data type: `String`
-
+Administrator user name
Default value: `$mongodb::params::admin_username`
@@ -1903,49 +2005,66 @@ Default value: `$mongodb::params::admin_username`
Data type: `Optional[Variant[String, Sensitive[String]]]`
-
+Administrator user password
Default value: `undef`
##### `admin_auth_mechanism`
-Data type: `Enum['scram_sha_1', 'scram_sha_256']`
-
+Data type: `Enum['scram_sha_1', 'scram_sha_256', 'x509']`
+Administrator authentication mechanism. scram_sha_256 password synchronization verification is not supported.
Default value: `$mongodb::params::admin_auth_mechanism`
-##### `admin_update_password`
+##### `supported_auth_mechanisms`
-Data type: `Boolean`
+Data type: `Optional[Array[Enum['scram_sha_1', 'scram_sha_256', 'x509']]]`
+Set the supported authentication mechanisms that the mmongoserver will support. Is set, make sure the $admin_auth_mechanism is also included.
+Default value: `undef`
-Default value: `false`
+##### `admin_tls_key`
-##### `handle_creds`
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Filepath of the administrators x509 certificate. Its the user of this class that needs to manage this certificate.
+
+Default value: `undef`
+
+##### `admin_update_password`
Data type: `Boolean`
+Update password. Used with SCRAM-SHA-256 because password verification is not supported.
+Default value: `false`
-Default value: `$mongodb::params::handle_creds`
+##### `admin_roles`
-##### `store_creds`
+Data type: `Array`
-Data type: `Boolean`
+Administrator user roles
+Default value: `$mongodb::params::admin_roles`
+##### `handle_creds`
-Default value: `$mongodb::params::store_creds`
+Data type: `Boolean`
-##### `admin_roles`
+Set this to false to avoid having puppet handle .mongoshrc.js in case you wish to deliver it by other
+means. This is needed for facts and providers to work if you have auth set to true.
-Data type: `Array`
+Default value: `$mongodb::params::handle_creds`
+##### `store_creds`
+Data type: `Boolean`
-Default value: `$mongodb::params::admin_roles`
+Store admin credentials in mongoshrc.js file. Uses with create_admin parameter
+
+Default value: `$mongodb::params::store_creds`
### `mongodb::server::config`
@@ -1963,6 +2082,21 @@ PRIVATE CLASS: do not call directly
Wrapper class useful for hiera based deployments
+#### Examples
+
+##### hieradata
+
+```puppet
+mongodb::shardsvr::shards:
+ shard01:
+ keys:
+ - {x: 1}
+ members:
+ - shardhost01.exmaple.com:30000
+ - shardhost02.exmaple.com:30000
+ - shardhost03.exmaple.com:30000
+```
+
#### Parameters
The following parameters are available in the `mongodb::shardsvr` class:
@@ -1973,7 +2107,7 @@ The following parameters are available in the `mongodb::shardsvr` class:
Data type: `Any`
-
+Hash of attributes as described in the mongodb_shardsvr custom type
Default value: `undef`
@@ -2004,9 +2138,9 @@ Database username.
##### `auth_mechanism`
-Data type: `Enum['scram_sha_1', 'scram_sha_256']`
+Data type: `Enum['scram_sha_1', 'scram_sha_256', 'x509']`
-Authentication mechanism. scram_sha_256 password verification is not supported. Defaults to 'scram_sha_1'.
+- Authentication mechanism. scram_sha_256 password verification is not supported. Defaults to 'scram_sha_1'.
Default value: `'scram_sha_1'`
@@ -2014,7 +2148,7 @@ Default value: `'scram_sha_1'`
Data type: `String`
-Database name. Defaults to $name.
+- Database name. Defaults to $name.
Default value: `$name`
@@ -2022,7 +2156,7 @@ Default value: `$name`
Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
-Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
+- Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
Default value: `undef`
@@ -2030,7 +2164,7 @@ Default value: `undef`
Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
-Plain text user password. This is UNSAFE, use 'password_hash' instead.
+- Plain text user password. This is UNSAFE, use 'password_hash' instead.
Default value: `undef`
@@ -2038,7 +2172,7 @@ Default value: `undef`
Data type: `Array[String]`
-Array with user roles. Deaults to ['dbAdmin']
+(default: ['dbAdmin']) - array with user roles.
Default value: `['dbAdmin']`
@@ -2046,7 +2180,7 @@ Default value: `['dbAdmin']`
Data type: `Integer[0]`
-The maximum amount of two second tries to wait MongoDB startup. Defaults to 10.
+(default: 10) - The maximum amount of two second tries to wait MongoDB startup.
Default value: `10`
@@ -2054,7 +2188,7 @@ Default value: `10`
Data type: `Boolean`
-Force an update of the password when scram_sha_256 is used. Defaults to false.
+(default: false) - Force an update of the password when scram_sha_256 is used.
Default value: `false`
@@ -2076,7 +2210,7 @@ The following properties are available in the `mongodb_conn_validator` type.
Valid values: `present`, `absent`
-Ensurable property
+Ensure to verify the connection to mongodb
Default value: `present`
@@ -2178,7 +2312,7 @@ The following properties are available in the `mongodb_replset` type.
Valid values: `present`
-Ensurable property
+Ensure the replicaset is either present or absent
Default value: `present`
@@ -2232,7 +2366,7 @@ The following properties are available in the `mongodb_shard` type.
Valid values: `present`
-Ensurable property
+Ensure the shard is either present or absent
Default value: `present`
@@ -2322,7 +2456,7 @@ The following parameters are available in the `mongodb_user` type.
##### `auth_mechanism`
-Valid values: `scram_sha_256`, `scram_sha_1`
+Valid values: `scram_sha_256`, `scram_sha_1`, `x509`
Authentication mechanism. Password verification is not supported with SCRAM-SHA-256.
diff --git a/lib/facter/is_master.rb b/lib/facter/is_master.rb
index 1e406f28a..a42c04d1c 100644
--- a/lib/facter/is_master.rb
+++ b/lib/facter/is_master.rb
@@ -8,7 +8,23 @@ def mongod_conf_file
locations.find { |location| File.exist? location }
end
+def mongosh_conf_file
+ '/root/.mongosh.yaml' if File.exist?('/root/mongosh.yaml')
+end
+
def get_options_from_hash_config(config)
+ # read also the mongoshrc.yaml yaml file, to retrieve the admins certkey file
+ if mongosh_conf_file
+ mongosh_config = YAML.load_file(mongosh_conf_file)
+ # check which tlscert we need to use
+ if mongosh_config['admin']
+ tlscert = mongosh_config['admin']['tlsCertificateKeyFile'] if mongosh_config['admin']['tlsCertificateKeyFile']
+ auth_mech = mongosh_config['admin']['auth_mechanism'] if mongosh_config['admin']['auth_mechanism']
+ end
+ else
+ tlscert = config['net.tls.certificateKeyFile']
+ end
+
result = []
result << "--port #{config['net.port']}" unless config['net.port'].nil?
@@ -23,67 +39,38 @@ def get_options_from_hash_config(config)
# - tlsMode is "requireTLS"
# - Parameter --tlsCertificateKeyFile is set
# - Parameter --tlsCAFile is set
- result << "--tls --host #{Facter.value(:fqdn)}" if config['net.tls.mode'] == 'requireTLS' || !config['net.tls.certificateKeyFile'].nil? || !config['net.tls.CAFile'].nil?
- result << "--tlsCertificateKeyFile #{config['net.tls.certificateKeyFile']}" unless config['net.tls.certificateKeyFile'].nil?
+ result << "--tls --host #{Facter.value(:fqdn)}" if config['net.tls.mode'] == 'requireTLS' || !tlscert.nil? || !config['net.tls.CAFile'].nil?
+ result << "--tlsCertificateKeyFile #{tlscert}" unless tlscert.nil?
result << "--tlsCAFile #{config['net.tls.CAFile']}" unless config['net.tls.CAFile'].nil?
- result << '--ipv6' unless config['net.ipv6'].nil?
-
- result.join(' ')
-end
-
-def get_options_from_keyvalue_config(file)
- config = {}
- File.readlines(file).map do |line|
- k, v = line.split('=')
- config[k.rstrip] = v.lstrip.chomp if k && v
- end
-
- result = []
-
- result << "--port #{config['port']}" unless config['port'].nil?
- # use --ssl and --host if:
- # - sslMode is "requireSSL"
- # - Parameter --sslPEMKeyFile is set
- # - Parameter --sslCAFile is set
- result << "--ssl --host #{Facter.value(:fqdn)}" if config['ssl'] == 'requireSSL' || !config['sslcert'].nil? || !config['sslca'].nil?
- result << "--sslPEMKeyFile #{config['sslcert']}" unless config['sslcert'].nil?
- result << "--sslCAFile #{config['sslca']}" unless config['sslca'].nil?
- # use --tls and --host if:
- # - tlsMode is "requireTLS"
- # - Parameter --tlsCertificateKeyFile is set
- # - Parameter --tlsCAFile is set
- result << "--tls --host #{Facter.value(:fqdn)}" if config['tls'] == 'requireTLS' || !config['tlscert'].nil? || !config['tlsca'].nil?
- result << "--tlsCertificateKeyFile #{config['tlscert']}" unless config['tlscert'].nil?
- result << "--tlsCAFile #{config['tlsca']}" unless config['tlsca'].nil?
+ # use --authenticationMechanism, ---authenticationDatabase
+ # when
+ # - authenticationMechanism MONGODB-X509
+ result << "--authenticationDatabase '$external' --authenticationMechanism MONGODB-X509" if auth_mech && auth_mech == 'x509'
- result << '--ipv6' unless config['ipv6'].nil?
+ result << '--ipv6' unless config['net.ipv6'].nil?
result.join(' ')
end
def get_options_from_config(file)
config = YAML.load_file(file)
- if config.is_a?(Hash) # Using a valid YAML file for mongo 2.6
- get_options_from_hash_config(config)
- else # It has to be a key-value config file
- get_options_from_keyvalue_config(file)
- end
+ get_options_from_hash_config(config)
end
Facter.add('mongodb_is_master') do
setcode do
- if %w[mongo mongod].all? { |m| Facter::Util::Resolution.which m }
+ if %w[mongosh mongod].all? { |m| Facter::Util::Resolution.which m }
file = mongod_conf_file
if file
options = get_options_from_config(file)
- e = File.exist?('/root/.mongorc.js') ? 'load(\'/root/.mongorc.js\'); ' : ''
+ e = File.exist?('/root/.mongoshrc.js') ? 'load(\'/root/.mongoshrc.js\'); ' : ''
# Check if the mongodb server is responding:
- Facter::Core::Execution.exec("mongo --quiet #{options} --eval \"#{e}printjson(db.adminCommand({ ping: 1 }))\"")
+ Facter::Core::Execution.exec("mongosh --quiet #{options} --eval \"#{e}printjson(db.adminCommand({ ping: 1 }))\"")
if $CHILD_STATUS.success?
- Facter::Core::Execution.exec("mongo --quiet #{options} --eval \"#{e}db.isMaster().ismaster\"")
+ Facter::Core::Execution.exec("mongosh --quiet #{options} --eval \"#{e}db.isMaster().ismaster\"")
else
'not_responding'
end
diff --git a/lib/facter/mongodb_version.rb b/lib/facter/mongodb_version.rb
index 97fb1937b..a16a1602a 100644
--- a/lib/facter/mongodb_version.rb
+++ b/lib/facter/mongodb_version.rb
@@ -2,9 +2,9 @@
Facter.add(:mongodb_version) do
setcode do
- if Facter::Core::Execution.which('mongo')
- mongodb_version = Facter::Core::Execution.execute('mongo --version 2>&1')
- %r{MongoDB shell version:?\s+v?([\w.]+)}.match(mongodb_version)[1]
+ if Facter::Core::Execution.which('mongod')
+ mongodb_version = Facter::Core::Execution.execute('mongod --version 2>&1')
+ %r{^db version:?\s+v?([\w.]+)}.match(mongodb_version)[1]
end
end
end
diff --git a/lib/puppet/provider/mongodb.rb b/lib/puppet/provider/mongodb.rb
index 4e9554426..b9a62e94a 100644
--- a/lib/puppet/provider/mongodb.rb
+++ b/lib/puppet/provider/mongodb.rb
@@ -8,15 +8,15 @@
class Puppet::Provider::Mongodb < Puppet::Provider
# Without initvars commands won't work.
initvars
- commands mongo: 'mongo'
+ commands mongosh: 'mongosh'
# Optional defaults file
- def self.mongorc_file
- "load('#{Facter.value(:root_home)}/.mongorc.js'); " if File.file?("#{Facter.value(:root_home)}/.mongorc.js")
+ def self.mongoshrc_file
+ "load('#{Facter.value(:root_home)}/.mongoshrc.js'); " if File.file?("#{Facter.value(:root_home)}/.mongoshrc.js")
end
- def mongorc_file
- self.class.mongorc_file
+ def mongoshrc_file
+ self.class.mongoshrc_file
end
def self.mongod_conf_file
@@ -29,6 +29,16 @@ def self.mongod_conf_file
def self.mongo_conf
config = YAML.load_file(mongod_conf_file) || {}
+ mongosh_config = {}
+ mongosh_config = YAML.load_file("#{Facter.value(:root_home)}/.mongosh.yaml") if File.file?("#{Facter.value(:root_home)}/.mongosh.yaml")
+ # determine if we need tls for the admin user
+ if mongosh_config['admin'] && mongosh_config['admin']['tlsCertificateKeyFile']
+ tlscert = mongosh_config['admin']['tlsCertificateKeyFile']
+ auth_mech = mongosh_config['admin']['auth_mechanism'] if mongosh_config['admin']['auth_mechanism']
+ else
+ tlscert =config['net.tls.certificateKeyFile']
+ end
+
{
'bindip' => config['net.bindIp'],
'port' => config['net.port'],
@@ -39,9 +49,10 @@ def self.mongo_conf
'sslca' => config['net.ssl.CAFile'],
'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'],
'tls' => config['net.tls.mode'],
- 'tlscert' => config['net.tls.certificateKeyFile'],
+ 'tlscert' => tlscert,
'tlsca' => config['net.tls.CAFile'],
'auth' => config['security.authorization'],
+ 'auth_mechanism' => auth_mech,
'shardsvr' => config['sharding.clusterRole'],
'confsvr' => config['sharding.clusterRole']
}
@@ -74,7 +85,7 @@ def self.tls_invalid_hostnames(config = nil)
config['tlsallowInvalidHostnames']
end
- def self.mongo_cmd(db, host, cmd)
+ def self.mongosh_cmd(db, host, cmd)
config = mongo_conf
args = [db, '--quiet', '--host', host]
@@ -92,16 +103,20 @@ def self.mongo_cmd(db, host, cmd)
if tls_is_enabled(config)
args.push('--tls')
- args += ['--tlsCertificateKeyFile', config['tlscert']]
tls_ca = config['tlsca']
args += ['--tlsCAFile', tls_ca] unless tls_ca.nil?
+ args += ['--tlsCertificateKeyFile', config['tlscert']]
args.push('--tlsAllowInvalidHostnames') if tls_invalid_hostnames(config)
end
- args += ['--eval', cmd]
- mongo(args)
+ if config['auth_mechanism'] && config['auth_mechanism'] == 'x509'
+ args.push("--authenticationDatabase '$external' --authenticationMechanism MONGODB-X509")
+ end
+
+ args += ['--eval', "\"#{cmd}\""]
+ mongosh(args)
end
def self.conn_string
@@ -137,9 +152,15 @@ def self.conn_string
def self.db_ismaster
cmd_ismaster = 'db.isMaster().ismaster'
- cmd_ismaster = mongorc_file + cmd_ismaster if mongorc_file
+ cmd_ismaster = mongoshrc_file + cmd_ismaster if mongoshrc_file
db = 'admin'
- res = mongo_cmd(db, conn_string, cmd_ismaster).to_s.split(%r{\n}).last.chomp
+
+ begin
+ res = mongosh_cmd(db, conn_string, cmd_ismaster).to_s.split(%r{\n}).last.chomp
+ rescue StandardError => e
+ res = mongosh_cmd(db, conn_string, 'db.isMaster().ismaster').to_s.chomp if auth_enabled && e.message =~ %r{Authentication failed}
+ end
+
res.eql?('true')
end
@@ -152,29 +173,53 @@ def self.auth_enabled(config = nil)
config['auth'] && config['auth'] != 'disabled'
end
+ def self.rs_initiated?
+ # TODO: not used yet, generates a stack level to deep error
+ cmd_status = "rs.status('localhost').set"
+ cmd_status = mongoshrc_file + cmd_status if mongoshrc_file
+ db = 'admin'
+ res = mongosh_cmd(db, conn_string, cmd_status).to_s.split(%r{\n}).last.chomp
+
+ # Retry command without authentication when mongorc_file is set and authentication failed
+ res = mongosh_cmd(db, conn_string, "rs.status('localhost').set").to_s.chomp if mongorc_file && res =~ %r{Authentication failed}
+
+ res == @resource[:name]
+ end
+
# Mongo Command Wrapper
def self.mongo_eval(cmd, db = 'admin', retries = 10, host = nil)
retry_count = retries
retry_sleep = 3
- cmd = mongorc_file + cmd if mongorc_file
+ no_auth_cmd = cmd
+ cmd = mongoshrc_file + cmd if mongoshrc_file
out = nil
begin
out = if host
- mongo_cmd(db, host, cmd)
+ mongosh_cmd(db, host, cmd)
else
- mongo_cmd(db, conn_string, cmd)
+ mongosh_cmd(db, conn_string, cmd)
end
rescue StandardError => e
- retry_count -= 1
- if retry_count.positive?
- Puppet.debug "Request failed: '#{e.message}' Retry: '#{retries - retry_count}'"
- sleep retry_sleep
- retry
+ # When using the rc file, we get this eror because in most cases the admin user is not created yet
+ # Can/must we move this out of the resue block ?
+ if auth_enabled && e.message =~ %r{Authentication failed}
+ out = if host
+ mongosh_cmd(db, host, no_auth_cmd)
+ else
+ mongosh_cmd(db, conn_string, no_auth_cmd)
+ end
+ else
+ retry_count -= 1
+ if retry_count.positive?
+ sleep retry_sleep
+ retry
+ end
end
end
- raise Puppet::ExecutionFailure, "Could not evaluate MongoDB shell command: #{cmd}" unless out
+ # return also the error message, so caller can react on it
+ raise Puppet::ExecutionFailure, "Could not evaluate MongoDB shell command: #{cmd} with #{e.message}" unless out
Puppet::Util::MongodbOutput.sanitize(out)
end
@@ -191,31 +236,4 @@ def self.mongo_version
def mongo_version
self.class.mongo_version
end
-
- def self.mongo_26?
- v = mongo_version
- !v[%r{^2\.6\.}].nil?
- end
-
- def mongo_26?
- self.class.mongo_26?
- end
-
- def self.mongo_4?
- v = mongo_version
- !v[%r{^4\.}].nil?
- end
-
- def mongo_4?
- self.class.mongo_4?
- end
-
- def self.mongo_5?
- v = mongo_version
- !v[%r{^5\.}].nil?
- end
-
- def mongo_5?
- self.class.mongo_5?
- end
end
diff --git a/lib/puppet/provider/mongodb_database/mongodb.rb b/lib/puppet/provider/mongodb_database/mongodb.rb
index 5dabe4365..9601b585b 100644
--- a/lib/puppet/provider/mongodb_database/mongodb.rb
+++ b/lib/puppet/provider/mongodb_database/mongodb.rb
@@ -9,13 +9,16 @@
def self.instances
require 'json'
- pre_cmd = 'try { rs.secondaryOk() } catch (err) { rs.slaveOk() }'
- dbs = JSON.parse mongo_eval("#{pre_cmd};printjson(db.getMongo().getDBs())")
+ pre_cmd = 'db.getMongo().setReadPref("primaryPreferred")'
+ dbs = JSON.parse mongo_eval("#{pre_cmd};EJSON.stringify(db.getMongo().getDBs())")
dbs['databases'].map do |db|
new(name: db['name'],
ensure: :present)
end
+ rescue StandardError => e
+ Puppet.warning("Getting instances of mongodb_database failed: #{e}")
+ []
end
# Assign prefetched dbs based on name.
@@ -27,10 +30,23 @@ def self.prefetch(resources)
end
end
+ def auth_enabled
+ self.class.auth_enabled
+ end
+
def create
if db_ismaster
- out = mongo_eval('db.dummyData.insert({"created_by_puppet": 1})', @resource[:name])
- raise "Failed to create DB '#{@resource[:name]}'\n#{out}" if %r{writeError} =~ out
+ begin
+ out = mongo_eval('db.dummyData.insertOne({"created_by_puppet": 1})', @resource[:name])
+ rescue StandardError => e
+ if auth_enabled && e.message =~ %r{not authorized on admin to execute command} && @resource[:name] == 'admin'
+ Puppet.warning 'Skipping database creation for admin, need admin user first when security is enabled'
+ @property_hash[:ensure] = :present
+ @property_hash[:name] = @resource[:name]
+ elsif %r{writeError} =~ out
+ raise "Failed to create DB '#{@resource[:name]}'\n#{out}"
+ end
+ end
else
Puppet.warning 'Database creation is available only from master host'
end
diff --git a/lib/puppet/provider/mongodb_replset/mongo.rb b/lib/puppet/provider/mongodb_replset/mongo.rb
index 57f01511a..aab8c8cec 100644
--- a/lib/puppet/provider/mongodb_replset/mongo.rb
+++ b/lib/puppet/provider/mongodb_replset/mongo.rb
@@ -133,51 +133,67 @@ def self.replset_properties
conn_string = conn_string
begin
output = mongo_command('rs.conf()', conn_string)
- rescue Puppet::ExecutionFailure
- output = {}
- end
- if output['members']
- return {
- name: output['_id'], # replica set name
- ensure: :present,
- members: output['members'],
- settings: output['settings'],
- provider: :mongo
- }
+ if output['members']
+ return {
+ name: output['_id'], # replica set name
+ ensure: :present,
+ members: output['members'],
+ settings: output['settings'],
+ provider: :mongo
+ }
+ end
+ nil
+ rescue Puppet::ExecutionFailure => e
+ if e.message =~ %r{command replSetGetConfig requires authentication} || e.message =~ %r{not authorized on admin to execute command}
+ output = mongo_command('rs.status()', conn_string)
+ if output['members']
+ memb = []
+ output['members'].each do |m|
+ memb << { 'host' => m['name'] }
+ end
+ return {
+ name: output['set'],
+ ensure: :present,
+ members: memb,
+ provider: :mongo
+ }
+ end
+ nil
+ end
end
- nil
end
def get_hosts_status(members)
alive = []
members.select do |member|
host = member['host']
- Puppet.debug "Checking replicaset member #{host} ..."
- status = rs_status(host)
- raise Puppet::Error, "Can't configure replicaset #{name}, host #{host} is not supposed to be part of a replicaset." if status.key?('errmsg') && status['errmsg'] == 'not running with --replSet'
-
- if auth_enabled && status.key?('errmsg') && (status['errmsg'].include?('unauthorized') || status['errmsg'].include?('not authorized') || status['errmsg'].include?('requires authentication'))
- Puppet.warning "Host #{host} is available, but you are unauthorized because of authentication is enabled: #{auth_enabled}"
- alive.push(member)
- end
+ begin
+ status = rs_status(host)
+ raise Puppet::Error, "Can't configure replicaset #{name}, host #{host} is not supposed to be part of a replicaset." if status.key?('errmsg') && status['errmsg'] == 'not running with --replSet'
- if status.key?('errmsg') && status['errmsg'].include?('no replset config has been received')
- Puppet.debug 'Mongo v4 rs.status() RS not initialized output'
- alive.push(member)
- end
-
- if status.key?('set')
- raise Puppet::Error, "Can't configure replicaset #{name}, host #{host} is already part of another replicaset." if status['set'] != name
+ if status.key?('set')
+ raise Puppet::Error, "Can't configure replicaset #{name}, host #{host} is already part of another replicaset." if status['set'] != name
- # This node is alive and supposed to be a member of our set
- Puppet.debug "Host #{host} is available for replset #{status['set']}"
- alive.push(member)
- elsif status.key?('info')
- Puppet.debug "Host #{host} is alive but unconfigured: #{status['info']}"
- alive.push(member)
+ # This node is alive and supposed to be a member of our set
+ alive.push(member)
+ elsif status.key?('info')
+ alive.push(member)
+ end
+ rescue Puppet::ExecutionFailure => e
+ if auth_enabled
+ case e.message
+ when %r{no replset config has been received}
+ Puppet.warning('No replicaset config received, needs initialisation')
+ when %r{Authentication failed}, %r{not authorized on admin}
+ Puppet.warning "Host #{host} is available, but you are unauthorized because of authentication is enabled: #{auth_enabled}"
+ when %r{command replSetGetStatus requires authentication}
+ Puppet.warning("Node #{host} is reachable but requires authentication: ReplicaSet not initialized")
+ end
+ alive.push(member)
+ else
+ Puppet.warning "Can't connect to replicaset member #{host} (Errormsg: #{e.message})."
+ end
end
- rescue Puppet::ExecutionFailure
- Puppet.warning "Can't connect to replicaset member #{host}."
end
alive.uniq!
dead = members - alive
@@ -232,18 +248,20 @@ def set_members
return
end
- Puppet.debug 'Checking for dead and alive members'
+ # When no replicaset is initiated yet, and authenticatoin is anabled,
+ # mongo_eval still adds the mongorcsh.js. This gives an 'MongoServerError: Authentication failed.' error.
+ # In this stage, we only can connect to localhost, and only rs.status() and rs.initiate() is possible.
+ # All other commands generate 'MongoServerError: not authorized on admin to execute command' error
+ # So we need to check first if the replicaset is already available, then the admin user can be created, and after that
+ # authentication should be working.
+ #
if !@property_flush[:members].nil? && !@property_flush[:members].empty?
# Find the alive members so we don't try to add dead members to the replset using new config
alive_hosts, dead_hosts = get_hosts_status(@property_flush[:members])
- Puppet.debug "Alive members: #{alive_hosts.inspect}"
- Puppet.debug "Dead members: #{dead_hosts.inspect}" unless dead_hosts.empty?
raise Puppet::Error, "Can't connect to any member of replicaset #{name}." if alive_hosts.empty?
elsif !resource[:members].nil? && !resource[:members].empty?
# Find the alive members using current 'is' config
alive_hosts, dead_hosts = get_hosts_status(@resource[:members])
- Puppet.debug "Alive members: #{alive_hosts.inspect}"
- Puppet.debug "Dead members: #{dead_hosts.inspect}" unless dead_hosts.empty?
raise Puppet::Error, "Can't connect to any member of replicaset #{name}." if alive_hosts.empty?
else
alive_hosts = []
@@ -251,7 +269,6 @@ def set_members
Puppet.debug 'Checking for new replset'
if @property_flush[:ensure] == :present && @property_hash[:ensure] != :present && !master_host(alive_hosts)
- Puppet.debug "Initializing the replset #{name}"
# Create a replset configuration
members_conf = alive_hosts.each_with_index.map do |host, id|
@@ -266,7 +283,6 @@ def set_members
settings: (@property_flush[:settings].nil? ? {} : @property_flush[:settings])
}.to_json
- Puppet.debug "Starting replset config is #{replset_conf.to_json}"
# Set replset members with the first host as the master
output = rs_initiate(replset_conf, alive_hosts[0]['host'])
raise Puppet::Error, "rs.initiate() failed for replicaset #{name}: #{output['errmsg']}" if output['ok'].zero?
@@ -277,10 +293,9 @@ def set_members
retry_limit.times do |n|
if db_ismaster(alive_hosts[0]['host'])['ismaster']
- Puppet.debug 'Replica set initialization has successfully ended'
return true
else
- Puppet.debug "Wainting for replica initialization. Retry: #{n}"
+ Puppet.debug "Waiting for replica initialization. Retry: #{n}"
sleep retry_sleep
next
end
@@ -288,14 +303,12 @@ def set_members
raise Puppet::Error, "rs.initiate() failed for replicaset #{name}: host #{alive_hosts[0]['host']} didn't become master"
else
- Puppet.debug "Checking for replset #{name} changes"
master = master_host(alive_hosts)
raise Puppet::Error, "Can't find master host for replicaset #{name}." unless master
master_rs_config = rs_config(master)
add_members, remove_members, update_members = get_members_changes(master_rs_config['members'], @property_flush[:members])
- Puppet.debug "Members to be Added: #{add_members.inspect}" unless add_members.empty?
add_members.each do |member|
retry_limit = 10
retry_sleep = 3
@@ -304,18 +317,15 @@ def set_members
retry_limit.times do |n|
output = rs_add(member, master)
if output['ok'].zero?
- Puppet.debug "Retry adding host to replicaset. Retry: #{n}"
sleep retry_sleep
master = master_host(alive_hosts)
else
- Puppet.debug 'Host successfully added to replicaset'
break
end
end
raise Puppet::Error, "rs.add() failed to add host to replicaset #{name}: #{output['errmsg']}" if output['ok'].zero?
end
- Puppet.debug "Members to be Removed: #{remove_members.inspect}" unless remove_members.empty?
remove_members.each do |member|
retry_limit = 10
retry_sleep = 3
@@ -324,18 +334,15 @@ def set_members
retry_limit.times do |n|
output = rs_remove(member, master)
if output['ok'].zero?
- Puppet.debug "Retry removing host from replicaset. Retry: #{n}"
sleep retry_sleep
master = master_host(alive_hosts)
else
- Puppet.debug 'Host successfully removed from replicaset'
break
end
end
raise Puppet::Error, "rs.remove() failed to remove host from replicaset #{name}: #{output['errmsg']}" if output['ok'].zero?
end
- Puppet.debug "Members to be Updated: #{update_members.inspect}" unless update_members.empty?
update_members.each do |member|
retry_limit = 10
retry_sleep = 3
@@ -382,14 +389,13 @@ def mongo_command(command, host, retries = 4)
end
def self.mongo_command(command, host = nil, retries = 4)
- begin
- output = mongo_eval("printjson(#{command})", 'admin', retries, host)
- rescue Puppet::ExecutionFailure => e
- Puppet.debug "Got an exception: #{e}"
- raise
+ output = mongo_eval("EJSON.stringify(#{command})", 'admin', retries, host)
+ if output =~ %r{no replset config has been received} || output =~ %r{Authentication failed}
+ output = '{}'
end
# Hack to avoid non-json empty sets
+ output = '{}' if output =~ %r{no replset config} || output =~ %r{Authentication failed}
output = '{}' if output == "null\n"
output = '{}' if output == "\nnull\n"
diff --git a/lib/puppet/provider/mongodb_shard/mongo.rb b/lib/puppet/provider/mongodb_shard/mongo.rb
index 283d6cce2..6347bf59b 100644
--- a/lib/puppet/provider/mongodb_shard/mongo.rb
+++ b/lib/puppet/provider/mongodb_shard/mongo.rb
@@ -13,7 +13,7 @@
mk_resource_methods
- commands mongo: 'mongo'
+ commands mongosh: 'mongosh'
def initialize(value = {})
super(value)
@@ -152,8 +152,8 @@ def self.mongo_command(command, host = nil, _retries = 4)
args = []
args << '--quiet'
args << ['--host', host] if host
- args << ['--eval', "printjson(#{command})"]
- output = mongo(args.flatten)
+ args << ['--eval', "EJSON.stringify(#{command})"]
+ output = mongosh(args.flatten)
rescue Puppet::ExecutionFailure => e
raise unless e =~ %r{Error: couldn't connect to server} && wait <= (2**max_wait)
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
index 3b21a2ee0..fa584f407 100644
--- a/lib/puppet/provider/mongodb_user/mongodb.rb
+++ b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -10,24 +10,31 @@ def self.instances
require 'json'
if db_ismaster
- script = 'printjson(db.system.users.find().toArray())'
+ script = 'EJSON.stringify(db.system.users.find().toArray())'
# A hack to prevent prefetching failures until admin user is created
- script = "try {#{script}} catch (e) { if (e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
+ script = "try {#{script}} catch (e) { if (e.message.match(/requires authentication/) || e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
out = mongo_eval(script)
-
- return [] if auth_enabled && out.include?('not authorized on admin')
+ return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
users = JSON.parse out
users.map do |user|
- new(name: user['_id'],
+ db = if user['db'] == '$external'
+ # For external users, we need to retreive the original DB name from here.
+ user['customData']['createdBy'][%r{.* (.*)'\]$}, 1]
+ else
+ user['db']
+ end
+ u = new(name: user['_id'],
ensure: :present,
username: user['user'],
- database: user['db'],
- roles: from_roles(user['roles'], user['db']),
+ database: db,
+ roles: from_roles(user['roles'], db),
password_hash: user['credentials']['MONGODB-CR'],
scram_credentials: user['credentials']['SCRAM-SHA-1'])
+ Puppet.debug("Fetching users, creating the found resources: #{u}")
+ u
end
else
Puppet.warning 'User info is available only from master host'
@@ -51,6 +58,7 @@ def create
password_hash = @resource[:password_hash]
password_hash = Puppet::Util::MongodbMd5er.md5(@resource[:username], @resource[:password]) if !password_hash && @resource[:password]
+
command = {
createUser: @resource[:username],
customData: {
@@ -59,24 +67,27 @@ def create
roles: role_hashes(@resource[:roles], @resource[:database]),
}
- if mongo_4? || mongo_5?
- if @resource[:auth_mechanism] == :scram_sha_256
- command[:mechanisms] = ['SCRAM-SHA-256']
- command[:pwd] = @resource[:password]
- command[:digestPassword] = true
- else
- command[:mechanisms] = ['SCRAM-SHA-1']
- command[:pwd] = password_hash
- command[:digestPassword] = false
- end
+ case @resource[:auth_mechanism]
+ when :scram_sha_256 # rubocop:disable Naming/VariableNumber
+ command[:mechanisms] = ['SCRAM-SHA-256']
+ command[:pwd] = @resource[:password]
+ command[:digestPassword] = true
+ when :scram_sha_1 # rubocop:disable Naming/VariableNumber
+ command[:mechanisms] = ['SCRAM-SHA-1']
+ command[:pwd] = password_hash
+ command[:digestPassword] = false
+ when :x509
+ command[:mechanisms] = ['MONGODB-X509']
else
command[:pwd] = password_hash
command[:digestPassword] = false
end
- mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
- else
- Puppet.warning 'User creation is available only from master host'
+ if @resource[:auth_mechanism] == :x509
+ mongo_eval("db.getSiblingDB(\"$external\").runCommand(#{command.to_json})", @resource[:database])
+ else
+ mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+ end
@property_hash[:ensure] = :present
@property_hash[:username] = @resource[:username]
@@ -85,6 +96,9 @@ def create
@property_hash[:roles] = @resource[:roles]
exists?
+
+ else
+ Puppet.warning 'User creation is available only from master host'
end
end
@@ -110,22 +124,16 @@ def password_hash=(_value)
end
end
- def password=(value)
- if mongo_26?
- mongo_eval("db.changeUserPassword(#{@resource[:username].to_json}, #{value.to_json})", @resource[:database])
- else
- command = {
- updateUser: @resource[:username],
- pwd: @resource[:password],
- digestPassword: true
- }
+ def password=(_value)
+ command = {
+ updateUser: @resource[:username],
+ pwd: @resource[:password],
+ digestPassword: true
+ }
- if mongo_4? || mongo_5?
- command[:mechanisms] = @resource[:auth_mechanism] == :scram_sha_256 ? ['SCRAM-SHA-256'] : ['SCRAM-SHA-1']
- end
+ command[:mechanisms] = @resource[:auth_mechanism] == :scram_sha_256 ? ['SCRAM-SHA-256'] : ['SCRAM-SHA-1']
- mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
- end
+ mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
end
def roles=(roles)
diff --git a/lib/puppet/type/mongodb_conn_validator.rb b/lib/puppet/type/mongodb_conn_validator.rb
index 672e58e25..1a8676197 100644
--- a/lib/puppet/type/mongodb_conn_validator.rb
+++ b/lib/puppet/type/mongodb_conn_validator.rb
@@ -8,7 +8,7 @@
purposes such as monitoring."
ensurable do
- desc 'Ensurable property'
+ desc 'Ensure to verify the connection to mongodb'
defaultvalues
defaultto :present
end
diff --git a/lib/puppet/type/mongodb_replset.rb b/lib/puppet/type/mongodb_replset.rb
index 3fdcbe0c4..07dad5712 100644
--- a/lib/puppet/type/mongodb_replset.rb
+++ b/lib/puppet/type/mongodb_replset.rb
@@ -8,7 +8,7 @@
@doc = 'Manage a MongoDB replicaSet'
ensurable do
- desc 'Ensurable property'
+ desc 'Ensure the replicaset is either present or absent'
defaultto :present
newvalue(:present) do
diff --git a/lib/puppet/type/mongodb_shard.rb b/lib/puppet/type/mongodb_shard.rb
index e9ad7955a..b1c2ea18f 100644
--- a/lib/puppet/type/mongodb_shard.rb
+++ b/lib/puppet/type/mongodb_shard.rb
@@ -8,7 +8,7 @@
@doc = 'Manage a MongoDB Shard'
ensurable do
- desc 'Ensurable property'
+ desc 'Ensure the shard is either present or absent'
defaultto :present
newvalue(:present) do
diff --git a/lib/puppet/type/mongodb_user.rb b/lib/puppet/type/mongodb_user.rb
index 592075407..6fee4dd3b 100644
--- a/lib/puppet/type/mongodb_user.rb
+++ b/lib/puppet/type/mongodb_user.rb
@@ -57,7 +57,7 @@ def to_s?(value)
newproperty(:password_hash) do
desc 'The password hash of the user. Use mongodb_password() for creating hash. Only available on MongoDB 3.0 and later. SCRAM-SHA-256 authentication mechanism is not supported.'
defaultto do
- raise Puppet::Error, "Property 'password_hash' must be set. Use mongodb_password() for creating hash." if @resource[:password].nil? && (provider.database == :absent)
+ raise Puppet::Error, "Property 'password_hash' must be set. Use mongodb_password() for creating hash." if @resource[:auth_mechanism] != :x509 && @resource[:password].nil? && (@resource[:password].nil? && (provider.database == :absent))
end
newvalue(%r{^\w+$})
@@ -97,7 +97,7 @@ def insync?(_is)
newparam(:auth_mechanism) do
desc 'Authentication mechanism. Password verification is not supported with SCRAM-SHA-256.'
defaultto :scram_sha_1
- newvalues(:scram_sha_256, :scram_sha_1)
+ newvalues(:scram_sha_256, :scram_sha_1, :x509)
end
newparam(:update_password, boolean: true) do
@@ -122,12 +122,14 @@ def insync?(_is)
end
validate do
- if self[:password_hash].nil? && self[:password].nil? && provider.password.nil? && provider.password_hash.nil?
- err("Either 'password_hash' or 'password' should be provided")
- elsif !self[:password_hash].nil? && !self[:password].nil?
- err("Only one of 'password_hash' or 'password' should be provided")
- elsif !self[:password_hash].nil? && self[:auth_mechanism] == :scram_sha_256
- err("'password_hash' is not supported with SCRAM-SHA-256 authentication mechanism")
+ if self[:auth_mechanism] != :x509
+ if self[:password_hash].nil? && self[:password].nil? && provider.password.nil? && provider.password_hash.nil?
+ err("Either 'password_hash' or 'password' should be provided")
+ elsif !self[:password_hash].nil? && !self[:password].nil?
+ err("Only one of 'password_hash' or 'password' should be provided")
+ elsif !self[:password_hash].nil? && self[:auth_mechanism] == :scram_sha_256
+ err("'password_hash' is not supported with SCRAM-SHA-256 authentication mechanism")
+ end
end
raise("The parameter 'scram_credentials' is read-only and cannot be changed") if should(:scram_credentials)
end
diff --git a/manifests/client.pp b/manifests/client.pp
index 817584d97..e2c35c2e9 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,9 +1,14 @@
# @summary Class for installing a MongoDB client shell (CLI).
#
+# @example Basic usage
+# include mongodb::client
+
# @param ensure
-# Desired ensure state of the package.
+# Used to ensure that the package is installed, or that the package is absent/purged
+#
# @param package_name
-# Name of the package to install the client from. Default is repository dependent.
+# This setting can be used to specify the name of the package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
#
class mongodb::client (
String[1] $ensure = $mongodb::client::params::package_ensure,
diff --git a/manifests/client/params.pp b/manifests/client/params.pp
index bbc4d07ea..5374cd9ad 100644
--- a/manifests/client/params.pp
+++ b/manifests/client/params.pp
@@ -1,15 +1,9 @@
# @api private
class mongodb::client::params inherits mongodb::globals {
- $package_ensure = pick($mongodb::globals::version, 'present')
+ $package_ensure = pick($mongodb::globals::mongosh_version, 'present')
$manage_package = pick($mongodb::globals::manage_package, $mongodb::globals::manage_package_repo, false)
- if $manage_package {
- $package_name = "mongodb-${mongodb::globals::edition}-shell"
- } else {
- $package_name = $facts['os']['family'] ? {
- 'Debian' => 'mongodb-clients',
- 'Redhat' => "mongodb-${mongodb::globals::edition}-shell",
- default => 'mongodb',
- }
- }
+ # the new mongosh package is the same for all distros.
+ # and it follows its own versioning
+ $package_name = 'mongodb-mongosh'
}
diff --git a/manifests/db.pp b/manifests/db.pp
index 3d20b9864..58786a0a3 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -1,25 +1,25 @@
# @summary Class for creating mongodb databases and users.
#
-# @param user
+# @param user
# Database username.
-# @param auth_mechanism
-# Authentication mechanism. scram_sha_256 password verification is not supported. Defaults to 'scram_sha_1'.
-# @param db_name
-# Database name. Defaults to $name.
-# @param password_hash
-# Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
-# @param password
-# Plain text user password. This is UNSAFE, use 'password_hash' instead.
-# @param roles
-# Array with user roles. Deaults to ['dbAdmin']
-# @param tries
-# The maximum amount of two second tries to wait MongoDB startup. Defaults to 10.
-# @param update_password
-# Force an update of the password when scram_sha_256 is used. Defaults to false.
+# @param
+# auth_mechanism - Authentication mechanism. scram_sha_256 password verification is not supported. Defaults to 'scram_sha_1'.
+# @param
+# db_name - Database name. Defaults to $name.
+# @param
+# password_hash - Hashed password. Hex encoded md5 hash of "$username:mongo:$password".
+# @param
+# password - Plain text user password. This is UNSAFE, use 'password_hash' instead.
+# @param
+# roles (default: ['dbAdmin']) - array with user roles.
+# @param
+# tries (default: 10) - The maximum amount of two second tries to wait MongoDB startup.
+# @param
+# update_password (default: false) - Force an update of the password when scram_sha_256 is used.
#
define mongodb::db (
String $user,
- Enum['scram_sha_1', 'scram_sha_256'] $auth_mechanism = 'scram_sha_1',
+ Enum['scram_sha_1', 'scram_sha_256', 'x509'] $auth_mechanism = 'scram_sha_1',
String $db_name = $name,
Optional[Variant[String[1], Sensitive[String[1]]]] $password_hash = undef,
Optional[Variant[String[1], Sensitive[String[1]]]] $password = undef,
@@ -33,25 +33,29 @@
tries => $tries,
}
- if $password_hash =~ Sensitive[String] {
- $hash = $password_hash.unwrap
- } elsif $password_hash {
- $hash = $password_hash
- } elsif $password {
- $hash = mongodb_password($user, $password)
- } else {
- fail("Parameter 'password_hash' or 'password' should be provided to mongodb::db.")
- }
+ if $auth_mechanism != 'x509' {
+ if $password_hash =~ Sensitive[String] {
+ $hash = $password_hash.unwrap
+ } elsif $password_hash {
+ $hash = $password_hash
+ } elsif $password {
+ $hash = mongodb_password($user, $password)
+ } else {
+ fail("Parameter 'password_hash' or 'password' should be provided to mongodb::db.")
+ }
- if $auth_mechanism == 'scram_sha_256' {
- $password_config = {
- password => $password,
- update_password => $update_password,
+ if $auth_mechanism == 'scram_sha_256' {
+ $password_config = {
+ password => $password,
+ update_password => $update_password,
+ }
+ } else {
+ $password_config = {
+ password_hash => $hash,
+ }
}
} else {
- $password_config = {
- password_hash => $hash,
- }
+ $password_config = {}
}
mongodb_user { "User ${user} on db ${db_name}":
diff --git a/manifests/globals.pp b/manifests/globals.pp
index 593326417..bed54c30f 100644
--- a/manifests/globals.pp
+++ b/manifests/globals.pp
@@ -1,28 +1,119 @@
-# @summary Class for setting cross-class global overrides. See README.md for more details.
+# @summary Class for setting cross-class global overrides.
+#
+# @example Use a more recent MongoDB version to install from the community repository.
+#
+# class {'mongodb::globals':
+# manage_package_repo => true,
+# version => '3.6',
+# }
+# -> class {'mongodb::client': }
+# -> class {'mongodb::server': }
+#
+# @example Install MongoDB from a custom repository.
+#
+# class {'mongodb::globals':
+# manage_package_repo => true,
+# repo_location => 'http://example.com/repo'
+# }
+# -> class {'mongodb::server': }
+# -> class {'mongodb::client': }
+#
+# @example To disable managing of repository, but still enable managing packages.
+#
+# class {'mongodb::globals':
+# manage_package_repo => false,
+# manage_package => true,
+# }
+# -> class {'mongodb::server': }
+# -> class {'mongodb::client': }
#
# @param server_package_name
+# This setting can be used to override the default MongoDB server package name.
+# If not specified, the module will use whatever package name is the default for your OS distro.
+#
# @param client_package_name
+# This setting can be used to specify the name of the client package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param mongod_service_manage
+# This setting can be used to override the default management of the mongod service.
+# By default the module will manage the mongod process.
# @param service_enable
+# This setting can be used to specify if the service should be enable at boot
+#
# @param service_ensure
+# This setting can be used to specify if the service should be running
+#
# @param service_name
+# This setting can be used to override the default MongoDB service name.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param service_provider
+# This setting can be used to override the default MongoDB service provider.
+# If not specified, the module will use whatever service provider is the default for your OS distro.
+#
# @param service_status
+# This setting can be used to override the default status check command for your MongoDB service.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param user
+# This setting can be used to override the default MongoDB user and owner of the service and related files in the file system.
+# If not specified, the module will use the default for your OS distro.
+#
# @param group
+# This setting can be used to override the default MongoDB user group to be used for related files in the file system.
+# If not specified, the module will use the default for your OS distro.
+#
# @param ipv6
+# This setting is used to configure MongoDB to turn on ipv6 support.
+# If not specified and ipv6 address is passed to MongoDB bind_ip it will just fail.
+#
# @param bind_ip
-# @param version Version of mongodb to install
-# @param manage_package_repo If `true` configure upstream mongodb repos
+# This setting can be used to configure MonogDB process to bind to and listen for connections from applications on this address.
+# If not specified, the module will use the default for your OS distro.
+# Note: This value should be passed as an array.
+#
+# @param version
+# The version of MonogDB to install/manage. This is needed when managing repositories.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param mongosh_version
+# The version of MonogDB-mongosh to install/manage. This package is mandatory to make this module work.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param manage_package_repo
+# Whether to use the MongoDB software repository or the OS packages (True) or a Custom repo (False)
+#
# @param manage_package
+# wgether this module willm manage the mongoDB server package
+#
# @param repo_proxy
+# This will allow you to set a proxy for your repository in case you are behind a corporate firewall.
+# Currently this is only supported with yum repositories
+#
# @param proxy_username
+# This sets the username for the proxyserver, should authentication be required.
+#
# @param proxy_password
+# This sets the password for the proxyserver, should authentication be required
+#
# @param repo_location
+# This setting can be used to override the default MongoDB repository location.
+# If not specified, the module will use the default repository for your OS distro.
+#
# @param use_enterprise_repo
+# When manage_package_repo is set to true, this setting indicates if it will use the Community Edition
+# (false, the default) or the Enterprise one (true).
+#
# @param pidfilepath
+# Specify a file location to hold the PID or process ID of the mongod process.
+# If not specified, the module will use the default for your OS distro.
+#
# @param pidfilemode
+# The file mode of the pid file
+#
# @param manage_pidfile
+# If true, the pidfile will be managed by puppet
#
class mongodb::globals (
$server_package_name = undef,
@@ -40,7 +131,10 @@
$ipv6 = undef,
$bind_ip = undef,
Optional[String[1]] $version = undef,
- Optional[Boolean] $manage_package_repo = undef,
+ Optional[Boolean] $manage_package_repo = fact('os.distro.codename') ? { # Debian 10 doesn't provide mongodb packages. So manage it!
+ 'buster' => true,
+ default => undef
+ },
$manage_package = undef,
$repo_proxy = undef,
$proxy_username = undef,
@@ -49,6 +143,8 @@
$repo_location = undef,
$use_enterprise_repo = undef,
+ $mongosh_version = undef,
+
$pidfilepath = undef,
$pidfilemode = undef,
$manage_pidfile = undef,
@@ -60,27 +156,34 @@
}
# Setup of the repo only makes sense globally, so we are doing it here.
- if $manage_package_repo or $manage_package_repo == undef and $facts['os']['family'] in ['RedHat','Linux','Suse'] {
- if $use_enterprise_repo == true and $version == undef {
- fail('You must set mongodb::globals::version when mongodb::globals::use_enterprise_repo is true')
- }
-
- # Set some default working repositories per OS if no version
- # specified.
- $_repo_version = $version ? {
- Undef => $facts['os']['family'] in ['RedHat', 'Linux', 'Suse'] ? {
- true => '3.6',
- default => $version,
- },
- default => $version,
+ case $facts['os']['family'] {
+ 'RedHat', 'Linux', 'Suse': {
+ # For RedHat, Linux and Suse family: if manage_package_repo is set at undef that include mongodb::repo
+ if $manage_package_repo != false {
+ class { 'mongodb::repo':
+ ensure => present,
+ version => pick($version, '6.0'),
+ use_enterprise_repo => $use_enterprise_repo,
+ repo_location => $repo_location,
+ proxy => $repo_proxy,
+ }
+ }
}
+ default: {
+ # For other (Debian) family: if manage_package_repo is set at undef that not include mongodb::repo
+ if $manage_package_repo {
+ if $use_enterprise_repo == true and $version == undef {
+ fail('You must set mongodb::globals::version when mongodb::globals::use_enterprise_repo is true')
+ }
- class { 'mongodb::repo':
- ensure => present,
- version => $_repo_version,
- use_enterprise_repo => $use_enterprise_repo,
- repo_location => $repo_location,
- proxy => $repo_proxy,
+ class { 'mongodb::repo':
+ ensure => present,
+ version => pick($version, '6.0'),
+ use_enterprise_repo => $use_enterprise_repo,
+ repo_location => $repo_location,
+ proxy => $repo_proxy,
+ }
+ }
}
}
}
diff --git a/manifests/mongos.pp b/manifests/mongos.pp
index 1d2724576..6d68095ef 100644
--- a/manifests/mongos.pp
+++ b/manifests/mongos.pp
@@ -1,26 +1,82 @@
-# @summary This installs a Mongo Shard daemon. See README.md for more details.
+# @summary This installs a Mongo Shard daemon.
+#
+# This class should only be used if you want to implement sharding within your mongodb deployment.
+# This class allows you to configure the mongos daemon (responsible for routing) on your platform.
+#
+# @example mongos can be installed the following way.
+# class {'mongodb::mongos' :
+# configdb => ['configsvr1.example.com:27018'],
+# }
#
# @param config
+# Path of the config file. If not specified, the module will use the default for your OS distro.
+#
# @param config_content
+# Config content if the default doesn't match one needs.
+#
# @param config_template
+# Path to the config template if the default doesn't match one needs.
+#
# @param configdb
+# Array of the config servers IP addresses the mongos should connect to.
+#
# @param config_data
+# Hash containing key-value pairs to allow for additional configuration options to be set in user-provided template.
+#
# @param service_manage
+# Whether or not the MongoDB sharding service resource should be part of the catalog.
+#
# @param service_provider
+# This setting can be used to override the default Mongos service provider.
+# If not specified, the module will use whatever service provider is the default for your OS distro.
+#
# @param service_name
+# This setting can be used to override the default Mongos service name.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param service_template
+# Path to the service template if the default doesn't match one needs.
+#
# @param service_enable
+# This setting can be used to specify if the service should be enable at boot
+#
# @param service_ensure
+# This setting can be used to specify if the service should be running
+#
# @param service_status
+# This setting can be used to override the default status check command for your Mongos service.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not
+#
# @param package_name
+# This setting can be used to specify the name of the package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param unixsocketprefix
+# The path for the UNIX socket. If this option has no value, the mongos process creates a socket with /tmp as a prefix.
+#
# @param pidfilepath
+# Specify a file location to hold the PID or process ID of the mongod process.
+# If not specified, the module will use the default for your OS distro.
+#
# @param logpath
+# Specify the path to a file name for the log file that will hold all diagnostic logging information.
+# Unless specified, mongod will output all log information to the standard output.
+#
# @param fork
+# Set to true to fork server process at launch time. The default setting depends on the operating system.
+#
# @param bind_ip
+# Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address.
+# If not specified, the module will use the default for your OS distro.
+#
# @param port
+# Specifies a TCP port for the server instance to listen for client connections.
+#
# @param restart
+# Specifies whether the service should be restarted on config changes.
#
class mongodb::mongos (
Stdlib::Absolutepath $config = $mongodb::mongos::params::config,
diff --git a/manifests/mongos/config.pp b/manifests/mongos/config.pp
index 1824202a2..60e404706 100644
--- a/manifests/mongos/config.pp
+++ b/manifests/mongos/config.pp
@@ -1,18 +1,47 @@
-# @summary PRIVATE CLASS: do not call directly
+# @private
+# @summary Configs mongos
#
# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not
+#
# @param config
+# Path of the config file. If not specified, the module will use the default for your OS distro.
+#
# @param config_content
+# Config content if the default doesn't match one needs.
+#
# @param config_template
+# Path to the config template if the default doesn't match one needs.
+#
# @param service_manage
+# Whether or not the MongoDB sharding service resource should be part of the catalog.
+#
# @param configdb
+# Array of the config servers IP addresses the mongos should connect to.
+#
# @param bind_ip
+# Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address.
+# If not specified, the module will use the default for your OS distro.
+#
# @param port
+# Specifies a TCP port for the server instance to listen for client connections.
+#
# @param fork
+# Set to true to fork server process at launch time. The default setting depends on the operating system.
+#
# @param pidfilepath
+# Specify a file location to hold the PID or process ID of the mongod process.
+# If not specified, the module will use the default for your OS distro.
+#
# @param logpath
+# Specify the path to a file name for the log file that will hold all diagnostic logging information.
+# Unless specified, mongod will output all log information to the standard output.
+#
# @param unixsocketprefix
+# The path for the UNIX socket. If this option has no value, the mongos process creates a socket with /tmp as a prefix.
+#
# @param config_data
+# Hash containing key-value pairs to allow for additional configuration options to be set in user-provided templ ate.
#
class mongodb::mongos::config (
$package_ensure = $mongodb::mongos::package_ensure,
diff --git a/manifests/mongos/install.pp b/manifests/mongos/install.pp
index 1cf8de4f2..d22551e18 100644
--- a/manifests/mongos/install.pp
+++ b/manifests/mongos/install.pp
@@ -1,7 +1,13 @@
-# @summary PRIVATE CLASS: do not call directly
+# @private
+#
+# @summary Installs mongos
#
# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not
+#
# @param package_name
+# This setting can be used to specify the name of the package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
#
class mongodb::mongos::install (
$package_ensure = $mongodb::mongos::package_ensure,
diff --git a/manifests/mongos/params.pp b/manifests/mongos/params.pp
index 7be61d997..3b06eaebd 100644
--- a/manifests/mongos/params.pp
+++ b/manifests/mongos/params.pp
@@ -5,13 +5,8 @@
$version = $mongodb::globals::version
$package_ensure = pick($version, 'present')
- if $manage_package {
- $package_name = "mongodb-${mongodb::globals::edition}-mongos"
- } elsif $facts['os']['family'] in ['RedHat', 'Suse'] {
- $package_name = "mongodb-${mongodb::globals::edition}-mongos"
- } else {
- $package_name = 'mongodb-server'
- }
+ # from versoin 4.4 on, package name is all the same in the upstream repositories
+ $package_name = "mongodb-${mongodb::globals::edition}-mongos"
$config_content = undef
$config_template = undef
@@ -45,7 +40,7 @@
$pidfilepath = '/var/run/mongodb/mongos.pid'
$unixsocketprefix = '/var/run/mongodb'
$logpath = '/var/log/mongodb/mongos.log'
- $fork = true
+ $fork = undef # https://github.com/voxpupuli/puppet-mongodb/issues/667
$service_template = 'mongodb/mongos/RedHat/mongos.service-dropin.epp'
}
}
diff --git a/manifests/mongos/service.pp b/manifests/mongos/service.pp
index 99d80e548..0e0e1c388 100644
--- a/manifests/mongos/service.pp
+++ b/manifests/mongos/service.pp
@@ -1,15 +1,40 @@
-# @summary PRIVATE CLASS: do not call directly
+# @private
+#
+# @summary Manages the mongos service.
#
# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not.
+#
# @param service_manage
+# Whether or not the MongoDB sharding service resource should be part of the catalog.
+#
# @param service_name
+# This setting can be used to override the default Mongos service name.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param service_enable
+# This setting can be used to specify if the service should be enable at boot.
+#
# @param service_ensure
+# This setting can be used to specify if the service should be running.
+#
# @param service_status
+# This setting can be used to override the default status check command for your Mongos service.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param service_provider
+# This setting can be used to override the default Mongos service provider.
+# If not specified, the module will use whatever service provider is the default for your OS distro.
+#
# @param bind_ip
+# Set this option to configure the mongod or mongos process to bind to and listen for connections from applicati ons on this address.
+# If not specified, the module will use the default for your OS distro.
+#
# @param port
+# Specifies a TCP port for the server instance to listen for client connections.
+#
# @param service_template
+# Path to the service template if the default doesn't match one needs.
#
class mongodb::mongos::service (
$package_ensure = $mongodb::mongos::package_ensure,
diff --git a/manifests/opsmanager.pp b/manifests/opsmanager.pp
index 7ac1db000..dccf8b737 100644
--- a/manifests/opsmanager.pp
+++ b/manifests/opsmanager.pp
@@ -1,42 +1,112 @@
# @summary This installs Ops Manager
#
+# @example To install Ops Manager and have it run with a local MongoDB application server do the following:
+# class {'mongodb::opsmanager':
+# opsmanager_url => 'http://opsmanager.yourdomain.com'
+# mongo_uri => 'mongodb://yourmongocluster:27017,
+# from_email_addr => 'opsmanager@yourdomain.com',
+# reply_to_email_addr => 'replyto@yourdomain.com',
+# admin_email_addr => 'admin@yourdomain.com',
+# smtp_server_hostname => 'email-relay.yourdomain.com'
+# }
+#
# @param user
# The user that owns the config file
# @param group
# The group that owns the config file
+#
# @param ensure
+# Used to ensure that the package is installed and the service is running, or that the package is absent/purged
+# and the service is stopped.
+#
# @param package_name
+# his setting can be used to specify the name of the package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not.
+#
# @param service_enable
+# This setting can be used to specify if the service should be enable at boot.
+#
# @param service_manage
+# Whether or not the MongoDB sharding service resource should be part of the catalog.
+#
# @param service_name
+# This setting can be used to override the default Mongos service name.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
# @param download_url
+# This setting can be used to override the default MongoDB Ops-Manager download location.
+#
# @param mongo_uri
+# Connection string to the mongod cluster.
+#
# @param opsmanager_url
# The fully qualified url where opsmanager runs. Must include the port.
+#
# @param client_certificate_mode
+# Client certificate authorization mode.
+#
# @param from_email_addr
+# Email address ussed as sender
+#
# @param reply_to_email_addr
+# Reply to email address to use
+#
# @param admin_email_addr
+# Adminsitrator's email address
+#
# @param email_dao_class
+# The email delivery agent class to use
+#
# @param mail_transport
+# The email transport type to use
+#
# @param smtp_server_hostname
+# Hostname of the email server to use.
+#
# @param smtp_server_port
+# email port on the email server to use.
+#
# @param ssl
+# Set to true to enable ssl.
+#
# @param ignore_ui_setup
+# Wheter to install ui or not.
+#
# @param ca_file
# Ca file for secure connection to backup agents.
+
# @param pem_key_file
# Pem key file containing the cert and private key used for secure connections to backup agents.
+
# @param pem_key_password
# The password to the pem key file.
+#
# @param user_svc_class
+# The user svc class
+# Default: com.xgen.svc.mms.svc.user.UserSvcDb
+# External Source: com.xgen.svc.mms.svc.user.UserSvcCrowd
+# Internal Database: com.xgen.svc.mms.svc.user.UserSvcDb
+#
# @param snapshot_interval
+# The snapshot interval to use
+#
# @param snapshot_interval_retention
+# The snapshot interval retention period
+#
# @param snapshot_daily_retention
+# The dayly snapshot interval retention period
+#
# @param snapshot_weekly_retention
+# The weekly snapshot interval retention period
+#
# @param snapshot_monthly_retention
+# The monthly snapshot interval retention period
+#
# @param versions_directory
+# The directory where to store the snapshot versions
#
class mongodb::opsmanager (
String[1] $user = 'mongodb-mms',
@@ -79,7 +149,7 @@
}
default: {
$my_package_ensure = $package_ensure
- $file_ensure = 'present'
+ $file_ensure = 'file'
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
index f71e512d5..dc7781518 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,7 +1,9 @@
-# PRIVATE CLASS: do not use directly
+# @summary Private class to set default values.
+#
+# @api private
class mongodb::params inherits mongodb::globals {
$ensure = true
- $dbpath = '/var/lib/mongodb'
+ $dbpath = '/var/lib/mongo'
$bind_ip = pick($mongodb::globals::bind_ip, ['127.0.0.1'])
$ipv6 = undef
$service_manage = pick($mongodb::globals::mongod_service_manage, true)
@@ -19,13 +21,12 @@
]
$handle_creds = true
$store_creds = false
- $rcfile = "${facts['root_home']}/.mongorc.js"
+ $rcfile = "${facts['root_home']}/.mongoshrc.js"
$dbpath_fix = false
$manage_package = pick($mongodb::globals::manage_package, $mongodb::globals::manage_package_repo, false)
$pidfilemode = pick($mongodb::globals::pidfilemode, '0644')
$manage_pidfile = pick($mongodb::globals::manage_pidfile, true)
-
$version = $mongodb::globals::version
$config_data = undef
@@ -49,7 +50,7 @@
$logpath = '/var/log/mongodb/mongod.log'
$pidfilepath = '/var/run/mongodb/mongod.pid'
$config = '/etc/mongod.conf'
- $fork = true
+ $fork = undef # https://github.com/voxpupuli/puppet-mongodb/issues/667
$journal = true
}
'Debian': {
@@ -59,7 +60,8 @@
$config = '/etc/mongod.conf'
$pidfilepath = pick($mongodb::globals::pidfilepath, '/var/run/mongod.pid')
} else {
- $server_package_name = pick($mongodb::globals::server_package_name, 'mongodb-server')
+ # as of verion 5.0, we will use the upstream repo. Seems 4.4 is provided in distro repo ?
+ $server_package_name = pick($mongodb::globals::server_package_name, "mongodb-${mongodb::globals::edition}-server")
$service_name = pick($mongodb::globals::service_name, 'mongodb')
$config = '/etc/mongodb.conf'
$pidfilepath = $mongodb::globals::pidfilepath
diff --git a/manifests/replset.pp b/manifests/replset.pp
index e95191858..0d2eca460 100644
--- a/manifests/replset.pp
+++ b/manifests/replset.pp
@@ -1,6 +1,17 @@
# @summary Wrapper class useful for hiera based deployments
#
+# @example hieradata
+#
+# mongodb::replset::sets:
+# replicaset01:
+# ensure: present
+# members:
+# - member01.example.com:27017
+# - member02.example.com:27017
+# - member03.example.com:27017
+#
# @param sets
+# Hash of attributes as described in the mongodb_replset custom type
#
class mongodb::replset (
$sets = undef
diff --git a/manifests/repo.pp b/manifests/repo.pp
index 4479235c8..5a2fc7919 100644
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@@ -1,16 +1,30 @@
-# PRIVATE CLASS: do not use directly
+# @api private
+#
+# @summary Private clas to manage the mongodb repo
+#
+# @param ensure
+# present or absent
#
-# @param ensure
# @param version
-# Optional repo version string.
+# The version of the mongodb repo
+#
# @param use_enterprise_repo
-# Boolean value to use enterprise repository. Defaults to false.
+# Wether to use the OS or Enterprise repo
+#
# @param repo_location
-# Optional location of the repository
+# Location of the upstream repository
+#
# @param proxy
+# Proxy hostnam
+#
# @param proxy_username
+# Proxy user name
+#
# @param proxy_password
+# Proxy pasword
+#
# @param aptkey_options
+# Options for debian aptkey
#
class mongodb::repo (
Variant[Enum['present', 'absent'], Boolean] $ensure = 'present',
@@ -27,8 +41,8 @@
if $repo_location != undef {
$location = $repo_location
$description = 'MongoDB Custom Repository'
- } elsif $version == undef or versioncmp($version, '3.0.0') < 0 {
- fail('Package repositories for versions older than 3.0 are unsupported')
+ } elsif $version == undef or versioncmp($version, '4.4.0') < 0 {
+ fail('Package repositories for versions older than 4.4 are unsupported')
} else {
$mongover = split($version, '[.]')
if $use_enterprise_repo {
@@ -47,8 +61,8 @@
if $repo_location {
$location = $repo_location
$description = 'MongoDB Custom Repository'
- } elsif $version == undef or versioncmp($version, '3.2.0') < 0 {
- fail('Package repositories for versions older than 3.2 are unsupported')
+ } elsif $version == undef or versioncmp($version, '4.4.0') < 0 {
+ fail('Package repositories for versions older than 4.4 are unsupported')
} else {
$mongover = split($version, '[.]')
$location = "https://repo.mongodb.org/zypper/suse/\$releasever_major/mongodb-org/${mongover[0]}.${mongover[1]}/\$basearch/"
@@ -61,8 +75,8 @@
'Debian': {
if $repo_location != undef {
$location = $repo_location
- } elsif $version == undef or versioncmp($version, '3.0.0') < 0 {
- fail('Package repositories for versions older than 3.0 are unsupported')
+ } elsif $version == undef or versioncmp($version, '4.4.0') < 0 {
+ fail('Package repositories for versions older than 4.4 are unsupported')
} else {
if $use_enterprise_repo == true {
$repo_domain = 'repo.mongodb.com'
@@ -85,13 +99,11 @@
default => undef
}
$key = "${mongover[0]}.${mongover[1]}" ? {
+ '6.0' => '39BD841E4BE5FB195A65400E6A26B1AE64C3C388',
'5.0' => 'F5679A222C647C87527C2F8CB00A0BD1E2C63C11',
+ '4.8' => '1283B7BB8CF331A5BE0E1E100EBB00BA3BC3DCCB',
+ '4.6' => '99DC630F00A2F97F27C6A02A253612A09571B484',
'4.4' => '20691EEC35216C63CAF66CE1656408E390CFB1F5',
- '4.2' => 'E162F504A20CDF15827F718D4B7C549A058F8B6B',
- '4.0' => '9DA31620334BD75D9DCB49F368818C72E52529D4',
- '3.6' => '2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5',
- '3.4' => '0C49F3730359A14518585931BC711F9BA15703C6',
- '3.2' => '42F3E95A2C4F08279C4960ADD68FA50FEA312927',
default => '492EAFE8CD016A07919F1D2B9ECBEC467F0CEB10'
}
$key_server = 'hkp://keyserver.ubuntu.com:80'
@@ -102,7 +114,7 @@
default: {
if($ensure == 'present' or $ensure == true) {
- fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat, Suse, Debian and Ubuntu")
+ fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat, Suse, Debian and Ubuntu") # lint:ignore:140chars
}
}
}
diff --git a/manifests/repo/zypper.pp b/manifests/repo/zypper.pp
index bb463fcbc..7c7bf0f02 100644
--- a/manifests/repo/zypper.pp
+++ b/manifests/repo/zypper.pp
@@ -1,5 +1,3 @@
-# PRIVATE CLASS: do not use directly
-#
# @summary This is a repo class for zypper
#
# This is a private class and cannot be used from outside this module.
diff --git a/manifests/server.pp b/manifests/server.pp
index e64eb600a..71514289f 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -1,109 +1,451 @@
-# @summary This installs a MongoDB server. See README.md for more details.
+# @summary This installs a MongoDB server.
+#
+# Most of the parameters manipulate the mongod.conf file.
+#
+# For more details about configuration parameters consult the MongoDB Configuration File Options.
+#
+# @example Basic usage.
+# include mongodb::server
+#
+# @example Overrule settings
+# class {'mongodb::server':
+# port => 27018,
+# verbose => true,
+# }
+#
+# @param ensure
+# Used to ensure that the package is installed and the service is running, or that the package is
+# absent/purged and the service is stopped.
+#
+# @param user
+# This setting can be used to override the default MongoDB user and owner of the service and related files in the file system.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param group
+# This setting can be used to override the default MongoDB user group to be used for related files in the file system.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param config
+# Path of the config file. If not specified, the module will use the default for your OS distro.
+#
+# @param dbpath
+# Set this value to designate a directory for the mongod instance to store it's data.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param dbpath_fix
+# Set this value to true if you want puppet to recursively manage the permissions of the files in the dbpath
+# directory. If you are using the default dbpath, this should probably be false. Set this to true if you are
+# using a custom dbpath.
+#
+# @param pidfilemode
+# The file mode of the pidfilepath
+#
+# @param pidfilepath
+# Specify a file location to hold the PID or process ID of the mongod process.
+# If not specified, the module will use the default for your OS distro.
+#
+# @param manage_pidfile
+# Should puppet create the pidfile. Mongod 6.2.10 will not start if pidfile exists
+#
+# @param rcfile
+# The path to the custom mongosh rc file.
+#
+# @param service_manage
+# Whether or not the MongoDB service resource should be part of the catalog.
+#
+# @param service_manage
+# Whether or not the MongoDB sharding service resource should be part of the catalog.
+#
+# @param service_name
+# This setting can be used to override the default Mongos service name.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
+# @param service_provider
+# This setting can be used to override the default Mongos service provider.
+# If not specified, the module will use whatever service provider is the default for your OS distro.
+#
+# @param service_status
+# This setting can be used to override the default status check command for your Mongos service.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
+# @param service_enable
+# This setting can be used to specify if the service should be enable at boot.
+#
+# @param service_ensure
+# This setting can be used to specify if the service should be running.
+#
+# @param package_ensure
+# This setting can be used to specify if puppet should install the package or not.
+#
+# @param package_name
+# This setting can be used to specify the name of the package that should be installed.
+# If not specified, the module will use whatever service name is the default for your OS distro.
+#
+# @param logpath
+# Specify the path to a file name for the log file that will hold all diagnostic logging information.
+# Unless specified, mongod will output all log information to the standard output.
+#
+# @param bind_ip
+# Set this option to configure the mongod or mongos process to bind to and listen for connections from
+# applications on this address. If not specified, the module will use the default for your OS distro.
+#
+# @param ipv6
+# This setting has to be true to configure MongoDB to turn on ipv6 support. If not specified and ipv6
+# address is passed to MongoDB bind_ip it will just fail.
+#
+# @param logappend
+# Set to true to add new entries to the end of the logfile rather than overwriting the content of the log
+# when the process restarts.
+#
+# @param system_logrotate
+# Set to reopen for mongo to close a log file then reopen it so that logrotations handled outside of mongo
+# perform as expected.
+#
+# @param fork
+# Set to true to fork server process at launch time. The default setting depends on the operating system.
+#
+# @param port
+# Specifies a TCP port for the server instance to listen for client connections.
+#
+# @param journal
+# Set to true to enable operation journaling to ensure write durability and data consistency.
+#
+# @param nojournal
+# Set nojournal = true to disable durability journaling. By default, mongod enables journaling in 64-bit versions after v2.0.
+# Note: You must use journal to enable journaling on 32-bit systems.
+#
+# @param smallfiles
+# Set to true to modify MongoDB to use a smaller default data file size. Specifically, smallfiles reduces
+# the initial size for data files and limits them to 512 megabytes.
+#
+# @param cpu
+# Set to true to force mongod to report every four seconds CPU utilization and the amount of time that the
+# processor waits for I/O operations to complete (i.e. I/O wait.)
+#
+# @param auth
+# et to true to enable database authentication for users connecting from remote hosts. If no users exist,
+# the localhost interface will continue to have access to the database until you create the first user.
+#
+# @param noauth
+# Disable authentication.
+#
+# @param verbose
+# Increases the amount of internal reporting returned on standard output or in the log file generated by logpath.
+#
+# @param verbositylevel
+# MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.
+#
+# @param objcheck
+# Forces the mongod to validate all requests from clients upon receipt to ensure that clients never insert
+# invalid documents into the database.
+#
+# @param quota
+# Set to true to enable a maximum limit for the number of data files each database can have. The default
+# quota is 8 data files, when quota is true.
+#
+# @param quotafiles
+# Modify limit on the number of data files per database. This option requires the quota setting.
+#
+# @param diaglog
+# Creates a very verbose diagnostic log for troubleshooting and recording various errors. For more
+# information please refer to MongoDB Configuration File Options.
+#
+# @param directoryperdb
+# Set to true to modify the storage pattern of the data directory to store each database’s files in a distinct folder.
+#
+# @param profile
+# Modify this value to changes the level of database profiling, which inserts information about operation
+# performance into output of mongod or the log file if specified by logpath.
+#
+# @param maxconns
+# Specifies a value to set the maximum number of simultaneous connections that MongoDB will accept.
+# Unless set, MongoDB will not limit its own connections.
+#
+# @param oplog_size
+# Specifies a maximum size in megabytes for the replication operation log (e.g. oplog.) mongod creates an
+# oplog based on the maximum amount of space available. For 64-bit systems, the oplog is typically 5% of
+# available disk space.
+#
+# @param nohints
+# Ignore query hints.
+#
+# @param nohttpinterface
+# Set to true to disable the HTTP interface. This command will override the rest and disable the HTTP
+# interface if you specify both.
+#
+# @param noscripting
+# Set noscripting = true to disable the scripting engine.
+#
+# @param notablescan
+# Set notablescan = true to forbid operations that require a table scan.
+#
+# @param noprealloc
+# Set noprealloc = true to disable the preallocation of data files. This will shorten the start up time in
+# some cases, but can cause significant performance penalties during normal operations.
+#
+# @param nssize
+# Use this setting to control the default size for all newly created namespace files (i.e .ns).
+#
+# @param mms_token
+# MMS token for mms monitoring.
+#
+# @param mms_name
+# MMS identifier for mms monitoring.
+#
+# @param mms_interval
+# MMS interval for mms monitoring.
+#
+# @param replset
+# Use this setting to configure replication with replica sets. Specify a replica set name as an argument to
+# this set. All hosts must have the same set name.
+#
+# @param replset_config
+# A hash that is used to configure the replica set. Mutually exclusive with replset_members param.
+# class mongodb::server {
+# replset => 'rsmain',
+# replset_config => { 'rsmain' => {
+# ensure => present,
+# settings => { heartbeatTimeoutSecs => 15, getLastErrorModes => { ttmode => { dc => 1 } } },
+# members => [{'host' => 'host1:27017', 'tags':{ 'dc' : 'east'}}, { 'host' => 'host2:27017'}, 'host3:27017'] }},
+# }
+#
+# @param replset_members
+# An array of member hosts for the replica set. Mutually exclusive with replset_config param.
+#
+# @param configsvr
+# Use this setting to enable config server mode for mongod.
+#
+# @param shardsvr
+# Use this setting to enable shard server mode for mongod.
+#
+# @param rest
+# Set to true to enable a simple REST interface.
+#
+# @param quiet
+# Runs the mongod or mongos instance in a quiet mode that attempts to limit the amount of output.
+# This option suppresses : "output from database commands, including drop, dropIndexes, diagLogging,
+# validate, and clean", "replication activity", "connection accepted events" and "connection closed events".
+#
+# For production systems this option is not recommended as it may make tracking problems during particular
+# connections much more difficult.
+#
+# @param slowms
+# Sets the threshold for mongod to consider a query “slow” for the database profiler.
+#
+# @param keyfile
+# Specify the path to a key file to store authentication information. This option is only useful for the
+# connection between replica set members.
+#
+# @param key
+# Specify the key contained within the keyfile. This option is only useful for the connection between
+# replica set members.
+#
+# @param set_parameter
+# Specify extra configuration file parameters (i.e. textSearchEnabled=true).
+#
+# @param syslog
+# Sends all logging output to the host’s syslog system rather than to standard output or a log file.
+# Important: You cannot use syslog with logpath. Set logpath to false to disable it.
+#
+# @param config_content
+# Config content if the default doesn't match one needs.
+#
+# @param config_template
+# Path to the config template if the default doesn't match one needs.
+#
+# @param config_data
+# A hash to allow for additional configuration options to be set in user-provided template.
+#
+# @param ssl
+# Use SSL validation.
+# Important: You need to have ssl_key set as well, and the file needs to pre-exist on node. If you wish to
+# use certificate validation, ssl_ca must also be set.
+#
+# @param ssl_key
+# Defines the path of the file that contains the TLS/SSL certificate and key.
+#
+# @param ssl_ca
+# Defines the path of the file that contains the certificate chain for verifying client certificates.
+#
+# @param ssl_weak_cert
+# Set to true to disable mandatory SSL client authentication.
+#
+# @param ssl_invalid_hostnames
+# Set to true to disable fqdn SSL cert check.
+#
+# @param ssl_mode
+# Ssl authorization mode.
#
# @param tls
# Ensure tls is enabled.
+#
# @param tls_key
# Defines the path of the file that contains the TLS/SSL certificate and key.
+#
# @param tls_ca
# Defines the path of the file that contains the certificate chain for verifying client certificates.
+#
# @param tls_conn_without_cert
# Set to true to bypass client certificate validation for clients that do not present a certificate.
+#
# @param tls_invalid_hostnames
# Set to true to disable the validation of the hostnames in TLS certificates.
+#
# @param tls_mode
# Defines if TLS is used for all network connections. Allowed values are 'requireTLS', 'preferTLS' or 'allowTLS'.
+#
+# @param tls_use_system_ca
+# Use the system-wide CA certificate store when connecting to a TLS-enabled server.
+#
+# @param tls_cluster_key
+# File that contains the x.509 certificate-key file for membership authentication for the cluster or replica set.
+#
+# @param tls_cluster_ca
+# file that contains the root certificate chain from the Certificate Authority used to validate the certificate
+# presented by a client establishing a connection.
+#
+# @param tls_invalid_certificates
+# Enable or disable the validation checks for TLS/SSL certificates on other servers in the cluster and allows
+# the use of invalid certificates.
+#
# @param admin_password_hash
# Hashed password. Hex encoded md5 hash of mongodb password.
#
+# @param restart
+# Specifies whether the service should be restarted on config changes.
+#
+# @param storage_engine
+# Only needed for MongoDB 3.x versions, where it's possible to select the 'wiredTiger' engine in addition to
+# the default 'mmapv1' engine. If not set, the config is left out and mongo will default to 'mmapv1'.
+#
+# @param create_admin
+# Allows to create admin user for admin database.
+#
+# @param admin_username
+# Administrator user name
+#
+# @param admin_password
+# Administrator user password
+#
+# @param admin_auth_mechanism
+# Administrator authentication mechanism. scram_sha_256 password synchronization verification is not supported.
+#
+# @param supported_auth_mechanisms
+# Set the supported authentication mechanisms that the mmongoserver will support. Is set, make sure the
+# $admin_auth_mechanism is also included.
+#
+# @param admin_tls_key
+# Filepath of the administrators x509 certificate. Its the user of this class that needs to manage this certificate.
+# @param admin_update_password
+# Update password. Used with SCRAM-SHA-256 because password verification is not supported.
+#
+# @param admin_roles
+# Administrator user roles
+#
+# @param handle_creds
+# Set this to false to avoid having puppet handle .mongoshrc.js in case you wish to deliver it by other
+# means. This is needed for facts and providers to work if you have auth set to true.
+#
+# @param store_creds
+# Store admin credentials in mongoshrc.js file. Uses with create_admin parameter
+#
class mongodb::server (
- Variant[Boolean, String] $ensure = $mongodb::params::ensure,
- String $user = $mongodb::params::user,
- String $group = $mongodb::params::group,
- Stdlib::Absolutepath $config = $mongodb::params::config,
- Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
- Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
- Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
- String $pidfilemode = $mongodb::params::pidfilemode,
- Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
- String $rcfile = $mongodb::params::rcfile,
- Boolean $service_manage = $mongodb::params::service_manage,
- Optional[String] $service_provider = $mongodb::params::service_provider,
- Optional[String] $service_name = $mongodb::params::service_name,
- Boolean $service_enable = $mongodb::params::service_enable,
- Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
- Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
- Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
- String $package_name = $mongodb::params::server_package_name,
- Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
- Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
- Optional[Boolean] $ipv6 = undef,
- Boolean $logappend = true,
- Optional[String] $system_logrotate = undef,
- Optional[Boolean] $fork = $mongodb::params::fork,
- Optional[Integer[1, 65535]] $port = undef,
- Optional[Boolean] $journal = $mongodb::params::journal,
- Optional[Boolean] $nojournal = undef,
- Optional[Boolean] $smallfiles = undef,
- Optional[Boolean] $cpu = undef,
- Boolean $auth = false,
- Optional[Boolean] $noauth = undef,
- Optional[Boolean] $verbose = undef,
- Optional[String] $verbositylevel = undef,
- Optional[Boolean] $objcheck = undef,
- Optional[Boolean] $quota = undef,
- Optional[Integer] $quotafiles = undef,
- Optional[Integer[0, 7]] $diaglog = undef,
- Optional[Boolean] $directoryperdb = undef,
- $profile = undef,
- Optional[Integer] $maxconns = undef,
- Optional[Integer] $oplog_size = undef,
- $nohints = undef,
- Optional[Boolean] $nohttpinterface = undef,
- Optional[Boolean] $noscripting = undef,
- Optional[Boolean] $notablescan = undef,
- Optional[Boolean] $noprealloc = undef,
- Optional[Integer] $nssize = undef,
- $mms_token = undef,
- $mms_name = undef,
- $mms_interval = undef,
- Optional[String] $replset = undef,
- Optional[Hash] $replset_config = undef,
- Optional[Array] $replset_members = undef,
- Optional[Boolean] $configsvr = undef,
- Optional[Boolean] $shardsvr = undef,
- Optional[Boolean] $rest = undef,
- Optional[Boolean] $quiet = undef,
- Optional[Integer] $slowms = undef,
- Optional[Stdlib::Absolutepath] $keyfile = undef,
- Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
- Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
- Optional[Boolean] $syslog = undef,
- $config_content = undef,
- Optional[String] $config_template = undef,
- Optional[Hash] $config_data = undef,
- Optional[Boolean] $ssl = undef,
- Optional[Stdlib::Absolutepath] $ssl_key = undef,
- Optional[Stdlib::Absolutepath] $ssl_ca = undef,
- Boolean $ssl_weak_cert = false,
- Boolean $ssl_invalid_hostnames = false,
- Enum['requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'requireSSL',
- Boolean $tls = false,
- Optional[Stdlib::Absolutepath] $tls_key = undef,
- Optional[Stdlib::Absolutepath] $tls_ca = undef,
- Boolean $tls_conn_without_cert = false,
- Boolean $tls_invalid_hostnames = false,
- Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
- Boolean $restart = $mongodb::params::restart,
- Optional[String] $storage_engine = undef,
- Boolean $create_admin = $mongodb::params::create_admin,
- String $admin_username = $mongodb::params::admin_username,
- Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
+ Variant[Boolean, String] $ensure = $mongodb::params::ensure,
+ String $user = $mongodb::params::user,
+ String $group = $mongodb::params::group,
+ Stdlib::Absolutepath $config = $mongodb::params::config,
+ Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
+ Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
+ Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
+ String $pidfilemode = $mongodb::params::pidfilemode,
+ Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
+ String $rcfile = $mongodb::params::rcfile,
+ Boolean $service_manage = $mongodb::params::service_manage,
+ Optional[String] $service_provider = $mongodb::params::service_provider,
+ Optional[String] $service_name = $mongodb::params::service_name,
+ Boolean $service_enable = $mongodb::params::service_enable,
+ Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
+ Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
+ Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
+ String $package_name = $mongodb::params::server_package_name,
+ Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
+ Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
+ Optional[Boolean] $ipv6 = undef,
+ Boolean $logappend = true,
+ Optional[String] $system_logrotate = undef,
+ Optional[Boolean] $fork = $mongodb::params::fork,
+ Optional[Integer[1, 65535]] $port = undef,
+ Optional[Boolean] $journal = $mongodb::params::journal,
+ Optional[Boolean] $nojournal = undef,
+ Optional[Boolean] $smallfiles = undef,
+ Optional[Boolean] $cpu = undef,
+ Boolean $auth = false,
+ Optional[Boolean] $noauth = undef,
+ Optional[Boolean] $verbose = undef,
+ Optional[String] $verbositylevel = undef,
+ Optional[Boolean] $objcheck = undef,
+ Optional[Boolean] $quota = undef,
+ Optional[Integer] $quotafiles = undef,
+ Optional[Integer[0, 7]] $diaglog = undef,
+ Optional[Boolean] $directoryperdb = undef,
+ $profile = undef,
+ Optional[Integer] $maxconns = undef,
+ Optional[Integer] $oplog_size = undef,
+ $nohints = undef,
+ Optional[Boolean] $nohttpinterface = undef,
+ Optional[Boolean] $noscripting = undef,
+ Optional[Boolean] $notablescan = undef,
+ Optional[Boolean] $noprealloc = undef,
+ Optional[Integer] $nssize = undef,
+ $mms_token = undef,
+ $mms_name = undef,
+ $mms_interval = undef,
+ Optional[String] $replset = undef,
+ Optional[Hash] $replset_config = undef,
+ Optional[Array] $replset_members = undef,
+ Optional[Boolean] $configsvr = undef,
+ Optional[Boolean] $shardsvr = undef,
+ Optional[Boolean] $rest = undef,
+ Optional[Boolean] $quiet = undef,
+ Optional[Integer] $slowms = undef,
+ Optional[Stdlib::Absolutepath] $keyfile = undef,
+ Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
+ Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
+ Optional[Boolean] $syslog = undef,
+ $config_content = undef,
+ Optional[String] $config_template = undef,
+ Optional[Hash] $config_data = undef,
+ Boolean $ssl = false,
+ Optional[Stdlib::Absolutepath] $ssl_key = undef,
+ Optional[Stdlib::Absolutepath] $ssl_ca = undef,
+ Boolean $ssl_weak_cert = false,
+ Boolean $ssl_invalid_hostnames = false,
+ Enum['disabled', 'requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'disabled',
+ Boolean $tls = true,
+ Enum['disabled', 'requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
+ # cluster tls settings
+ Optional[Boolean] $tls_use_system_ca = undef,
+ Optional[Stdlib::Absolutepath] $tls_cluster_key = undef,
+ Optional[Stdlib::Absolutepath] $tls_cluster_ca = undef,
+ #client tls settings
+ Optional[Stdlib::Absolutepath] $tls_key = undef,
+ Optional[Stdlib::Absolutepath] $tls_ca = undef,
+ Boolean $tls_conn_without_cert = false,
+ Boolean $tls_invalid_hostnames = false,
+ Boolean $tls_invalid_certificates = false,
+ Boolean $restart = $mongodb::params::restart,
+ Optional[String] $storage_engine = undef,
+ Boolean $create_admin = $mongodb::params::create_admin,
+ String $admin_username = $mongodb::params::admin_username,
+ Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
Optional[Variant[String[1], Sensitive[String[1]]]] $admin_password_hash = undef,
- Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
- Boolean $admin_update_password = false,
- Boolean $handle_creds = $mongodb::params::handle_creds,
- Boolean $store_creds = $mongodb::params::store_creds,
- Array $admin_roles = $mongodb::params::admin_roles,
+ Enum['scram_sha_1', 'scram_sha_256', 'x509'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
+ Optional[Array[Enum['scram_sha_1', 'scram_sha_256', 'x509']]] $supported_auth_mechanisms = undef,
+ Optional[Stdlib::Absolutepath] $admin_tls_key = undef,
+ Boolean $admin_update_password = false,
+ Boolean $handle_creds = $mongodb::params::handle_creds,
+ Boolean $store_creds = $mongodb::params::store_creds,
+ Array $admin_roles = $mongodb::params::admin_roles,
) inherits mongodb::params {
contain mongodb::server::install
contain mongodb::server::config
@@ -128,6 +470,13 @@
} else {
$admin_password
}
+
+ # Using x509, we need the admin client certificate in the parameter --tlsCertificateKeyFile
+ # there is no way where we can set this in neither the /etc/momgosh.yaml or the /etc/mongod.conf
+ # The mongodb provider reads in /etc/mongod.conf setParameters.authenticationMechanisms: MONGODB-X509 settings
+ # to determine that a client cert authentication is used. There is no setting to set the client cert to be used.
+ # so we store it in a file in roots home directory. (this is done in mongodb::server::config)
+
if $create_admin and ($service_ensure == 'running' or $service_ensure == true) {
mongodb::db { 'admin':
user => $admin_username,
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index 4514fbc4c..26085dbca 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -1,78 +1,81 @@
# PRIVATE CLASS: do not call directly
class mongodb::server::config {
- $ensure = $mongodb::server::ensure
- $user = $mongodb::server::user
- $group = $mongodb::server::group
- $config = $mongodb::server::config
- $config_content = $mongodb::server::config_content
- $config_template = $mongodb::server::config_template
- $config_data = $mongodb::server::config_data
- $dbpath = $mongodb::server::dbpath
- $dbpath_fix = $mongodb::server::dbpath_fix
- $pidfilepath = $mongodb::server::pidfilepath
- $pidfilemode = $mongodb::server::pidfilemode
- $manage_pidfile = $mongodb::server::manage_pidfile
- $logpath = $mongodb::server::logpath
- $logappend = $mongodb::server::logappend
- $system_logrotate = $mongodb::server::system_logrotate
- $fork = $mongodb::server::fork
- $port = $mongodb::server::port
- $journal = $mongodb::server::journal
- $nojournal = $mongodb::server::nojournal
- $smallfiles = $mongodb::server::smallfiles
- $cpu = $mongodb::server::cpu
- $auth = $mongodb::server::auth
- $noath = $mongodb::server::noauth
- $create_admin = $mongodb::server::create_admin
- $admin_username = $mongodb::server::admin_username
- $admin_password = $mongodb::server::admin_password
- $handle_creds = $mongodb::server::handle_creds
- $store_creds = $mongodb::server::store_creds
- $rcfile = $mongodb::server::rcfile
- $verbose = $mongodb::server::verbose
- $verbositylevel = $mongodb::server::verbositylevel
- $objcheck = $mongodb::server::objcheck
- $quota = $mongodb::server::quota
- $quotafiles = $mongodb::server::quotafiles
- $diaglog = $mongodb::server::diaglog
- $oplog_size = $mongodb::server::oplog_size
- $nohints = $mongodb::server::nohints
- $nohttpinterface = $mongodb::server::nohttpinterface
- $noscripting = $mongodb::server::noscripting
- $notablescan = $mongodb::server::notablescan
- $noprealloc = $mongodb::server::noprealloc
- $nssize = $mongodb::server::nssize
- $mms_token = $mongodb::server::mms_token
- $mms_name = $mongodb::server::mms_name
- $mms_interval = $mongodb::server::mms_interval
- $configsvr = $mongodb::server::configsvr
- $shardsvr = $mongodb::server::shardsvr
- $replset = $mongodb::server::replset
- $rest = $mongodb::server::rest
- $quiet = $mongodb::server::quiet
- $slowms = $mongodb::server::slowms
- $keyfile = $mongodb::server::keyfile
- $key = $mongodb::server::key
- $ipv6 = $mongodb::server::ipv6
- $bind_ip = $mongodb::server::bind_ip
- $directoryperdb = $mongodb::server::directoryperdb
- $profile = $mongodb::server::profile
- $maxconns = $mongodb::server::maxconns
- $set_parameter = $mongodb::server::set_parameter
- $syslog = $mongodb::server::syslog
- $ssl = $mongodb::server::ssl
- $ssl_key = $mongodb::server::ssl_key
- $ssl_ca = $mongodb::server::ssl_ca
- $ssl_weak_cert = $mongodb::server::ssl_weak_cert
+ $ensure = $mongodb::server::ensure
+ $user = $mongodb::server::user
+ $group = $mongodb::server::group
+ $config = $mongodb::server::config
+ $config_content = $mongodb::server::config_content
+ $config_template = $mongodb::server::config_template
+ $config_data = $mongodb::server::config_data
+ $dbpath = $mongodb::server::dbpath
+ $dbpath_fix = $mongodb::server::dbpath_fix
+ $pidfilepath = $mongodb::server::pidfilepath
+ $pidfilemode = $mongodb::server::pidfilemode
+ $manage_pidfile = $mongodb::server::manage_pidfile
+ $logpath = $mongodb::server::logpath
+ $logappend = $mongodb::server::logappend
+ $system_logrotate = $mongodb::server::system_logrotate
+ $fork = $mongodb::server::fork
+ $port = $mongodb::server::port
+ $journal = $mongodb::server::journal
+ $nojournal = $mongodb::server::nojournal
+ $smallfiles = $mongodb::server::smallfiles
+ $cpu = $mongodb::server::cpu
+ $auth = $mongodb::server::auth
+ $noath = $mongodb::server::noauth
+ $create_admin = $mongodb::server::create_admin
+ $admin_username = $mongodb::server::admin_username
+ $admin_password = $mongodb::server::admin_password
+ $admin_auth_mechanism = $mongodb::server::admin_auth_mechanism
+ $supported_auth_mechanisms = $mongodb::server::supported_auth_mechanisms
+ $admin_tls_key = $mongodb::server::admin_tls_key
+ $handle_creds = $mongodb::server::handle_creds
+ $store_creds = $mongodb::server::store_creds
+ $rcfile = $mongodb::server::rcfile
+ $verbose = $mongodb::server::verbose
+ $verbositylevel = $mongodb::server::verbositylevel
+ $objcheck = $mongodb::server::objcheck
+ $quota = $mongodb::server::quota
+ $quotafiles = $mongodb::server::quotafiles
+ $diaglog = $mongodb::server::diaglog
+ $oplog_size = $mongodb::server::oplog_size
+ $nohints = $mongodb::server::nohints
+ $nohttpinterface = $mongodb::server::nohttpinterface
+ $noscripting = $mongodb::server::noscripting
+ $notablescan = $mongodb::server::notablescan
+ $noprealloc = $mongodb::server::noprealloc
+ $nssize = $mongodb::server::nssize
+ $mms_token = $mongodb::server::mms_token
+ $mms_name = $mongodb::server::mms_name
+ $mms_interval = $mongodb::server::mms_interval
+ $configsvr = $mongodb::server::configsvr
+ $shardsvr = $mongodb::server::shardsvr
+ $replset = $mongodb::server::replset
+ $rest = $mongodb::server::rest
+ $quiet = $mongodb::server::quiet
+ $slowms = $mongodb::server::slowms
+ $keyfile = $mongodb::server::keyfile
+ $key = $mongodb::server::key
+ $ipv6 = $mongodb::server::ipv6
+ $bind_ip = $mongodb::server::bind_ip
+ $directoryperdb = $mongodb::server::directoryperdb
+ $profile = $mongodb::server::profile
+ $maxconns = $mongodb::server::maxconns
+ $set_parameter = $mongodb::server::set_parameter
+ $syslog = $mongodb::server::syslog
+ $ssl = $mongodb::server::ssl
+ $ssl_key = $mongodb::server::ssl_key
+ $ssl_ca = $mongodb::server::ssl_ca
+ $ssl_weak_cert = $mongodb::server::ssl_weak_cert
$ssl_invalid_hostnames = $mongodb::server::ssl_invalid_hostnames
- $ssl_mode = $mongodb::server::ssl_mode
- $tls = $mongodb::server::tls
- $tls_key = $mongodb::server::tls_key
- $tls_ca = $mongodb::server::tls_ca
+ $ssl_mode = $mongodb::server::ssl_mode
+ $tls = $mongodb::server::tls
+ $tls_key = $mongodb::server::tls_key
+ $tls_ca = $mongodb::server::tls_ca
$tls_conn_without_cert = $mongodb::server::tls_conn_without_cert
$tls_invalid_hostnames = $mongodb::server::tls_invalid_hostnames
- $tls_mode = $mongodb::server::tls_mode
- $storage_engine = $mongodb::server::storage_engine
+ $tls_mode = $mongodb::server::tls_mode
+ $storage_engine = $mongodb::server::storage_engine
File {
owner => $user,
@@ -116,7 +119,7 @@
} else {
# Template has available user-supplied data
# - $config_data
- $cfg_content = template('mongodb/mongodb.conf.2.6.erb')
+ $cfg_content = template('mongodb/mongodb.conf.erb')
}
file { $config:
@@ -126,6 +129,22 @@
mode => '0644',
}
+ # TODO: we kind of use this file to force x509 authentication in the providers when it exsists
+ # Open for suggestions how to deal with this
+ if $admin_auth_mechanism == 'x509' and $handle_creds {
+ $_ensure = 'file'
+ } else {
+ $_ensure = 'absent'
+ }
+
+ file { '/root/.mongosh.yaml':
+ ensure => $_ensure,
+ owner => 'root',
+ group => 'root',
+ mode => '0600',
+ content => "---admin:\n name:${admin_username}\n auth_mechanism: ${admin_auth_mechanism}\n tlsCertificateKeyFile: ${admin_tls_key}\n",
+ }
+
file { $dbpath:
ensure => directory,
mode => '0750',
@@ -176,7 +195,7 @@
if $handle_creds {
file { $rcfile:
ensure => file,
- content => template('mongodb/mongorc.js.erb'),
+ content => template('mongodb/mongoshrc.js.erb'),
owner => 'root',
group => 'root',
mode => '0600',
diff --git a/manifests/server/install.pp b/manifests/server/install.pp
index b40502ada..2214c31ec 100644
--- a/manifests/server/install.pp
+++ b/manifests/server/install.pp
@@ -33,4 +33,6 @@
tag => 'mongodb_package',
}
}
+
+ include mongodb::client
}
diff --git a/manifests/shardsvr.pp b/manifests/shardsvr.pp
index 486fe5fc7..df8940802 100644
--- a/manifests/shardsvr.pp
+++ b/manifests/shardsvr.pp
@@ -1,6 +1,17 @@
# @summary Wrapper class useful for hiera based deployments
#
+# @example hieradata
+# mongodb::shardsvr::shards:
+# shard01:
+# keys:
+# - {x: 1}
+# members:
+# - shardhost01.exmaple.com:30000
+# - shardhost02.exmaple.com:30000
+# - shardhost03.exmaple.com:30000
+#
# @param shards
+# Hash of attributes as described in the mongodb_shardsvr custom type
#
class mongodb::shardsvr (
$shards = undef
diff --git a/metadata.json b/metadata.json
index a55f34340..5835e3311 100644
--- a/metadata.json
+++ b/metadata.json
@@ -2,7 +2,7 @@
"name": "puppet-mongodb",
"version": "4.2.1-rc0",
"author": "Vox Pupuli",
- "summary": "Installs MongoDB on RHEL/Ubuntu/Debian.",
+ "summary": "Installs MongoDB on RHEL/Ubuntu/Debian/Sles.",
"license": "Apache-2.0",
"source": "https://github.com/voxpupuli/puppet-mongodb",
"project_page": "https://github.com/voxpupuli/puppet-mongodb",
@@ -11,26 +11,31 @@
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
- "7"
+ "7",
+ "8",
+ "9"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
- "7"
+ "7",
+ "8"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
- "10"
+ "10",
+ "11",
+ "12"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
- "18.04",
- "20.04"
+ "22.04",
+ "23.04"
]
},
{
diff --git a/spec/acceptance/database_spec.rb b/spec/acceptance/database_spec.rb
index 100c21892..35a8e5525 100644
--- a/spec/acceptance/database_spec.rb
+++ b/spec/acceptance/database_spec.rb
@@ -8,7 +8,6 @@
it 'compiles with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
-> mongodb::db { 'testdb1':
user => 'testuser',
password => 'testpass',
@@ -23,8 +22,8 @@ class { 'mongodb::server': }
end
it 'creates the databases' do
- shell("mongo testdb1 --eval 'printjson(db.getMongo().getDBs())'")
- shell("mongo testdb2 --eval 'printjson(db.getMongo().getDBs())'")
+ shell("mongosh testdb1 --eval 'EJSON.stringify(db.getMongo().getDBs())'")
+ shell("mongosh testdb2 --eval 'EJSON.stringify(db.getMongo().getDBs())'")
end
end
@@ -34,7 +33,6 @@ class { 'mongodb::server': }
class { 'mongodb::server':
port => 27018,
}
- -> class { 'mongodb::client': }
-> mongodb::db { 'testdb1':
user => 'testuser',
password => 'testpass',
@@ -50,8 +48,8 @@ class { 'mongodb::server':
end
it 'creates the database' do
- shell("mongo testdb1 --port 27018 --eval 'printjson(db.getMongo().getDBs())'")
- shell("mongo testdb2 --port 27018 --eval 'printjson(db.getMongo().getDBs())'")
+ shell("mongosh testdb1 --port 27018 --eval 'EJSON.stringify(db.getMongo().getDBs())'")
+ shell("mongosh testdb2 --port 27018 --eval 'EJSON.stringify(db.getMongo().getDBs())'")
end
end
end
diff --git a/spec/acceptance/mongos_spec.rb b/spec/acceptance/mongos_spec.rb
index eefcafd83..7a498c044 100644
--- a/spec/acceptance/mongos_spec.rb
+++ b/spec/acceptance/mongos_spec.rb
@@ -3,18 +3,13 @@
require 'spec_helper_acceptance'
describe 'mongodb::mongos class' do
- case fact('osfamily')
- when 'Debian'
- package_name = if fact('os.distro.codename') =~ %r{^(buster|bullseye)$}
- 'mongodb-org-server'
- else
- 'mongodb-server'
- end
- config_file = '/etc/mongodb-shard.conf'
- else
- package_name = 'mongodb-org-server'
- config_file = '/etc/mongos.conf'
- end
+ package_name = 'mongodb-org-server'
+ config_file = case fact('osfamily')
+ when 'Debian'
+ '/etc/mongodb-shard.conf'
+ else
+ '/etc/mongos.conf'
+ end
describe 'installation' do
it 'works with no errors' do
@@ -25,7 +20,6 @@ class { 'mongodb::server':
replset_members => ['127.0.0.1:27019'],
port => 27019,
}
- -> class { 'mongodb::client': }
-> class { 'mongodb::mongos':
configdb => ['test/127.0.0.1:27019'],
}
@@ -56,7 +50,7 @@ class { 'mongodb::server':
it { is_expected.to be_listening }
end
- describe command('mongo --version') do
+ describe command('mongod --version') do
its(:exit_status) { is_expected.to eq 0 }
end
end
@@ -73,9 +67,6 @@ class { 'mongodb::mongos':
service_ensure => stopped,
service_enable => false
}
- -> class { 'mongodb::client':
- ensure => absent,
- }
EOS
apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
diff --git a/spec/acceptance/replset_spec.rb b/spec/acceptance/replset_spec.rb
index 97f9c9bc9..f532b931f 100644
--- a/spec/acceptance/replset_spec.rb
+++ b/spec/acceptance/replset_spec.rb
@@ -6,7 +6,7 @@
describe 'mongodb_replset resource' do
after :all do
# Have to drop the DB to disable replsets for further testing
- on hosts, %{mongo local --verbose --eval 'db.dropDatabase()'}
+ on hosts, %{mongosh local --verbose --eval 'db.dropDatabase()'}
pp = <<-EOS
class { 'mongodb::globals': }
@@ -15,11 +15,6 @@ class { 'mongodb::globals': }
package_ensure => absent,
service_ensure => stopped
}
- if $::osfamily == 'RedHat' {
- class { 'mongodb::client':
- ensure => absent
- }
- }
EOS
apply_manifest_on(hosts.reverse, pp, catch_failures: true)
@@ -32,9 +27,6 @@ class { 'mongodb::globals': }
bind_ip => '0.0.0.0',
replset => 'test',
}
- if $::osfamily == 'RedHat' {
- class { 'mongodb::client': }
- }
EOS
apply_manifest_on(hosts.reverse, pp, catch_failures: true)
@@ -48,7 +40,7 @@ class { 'mongodb::client': }
}
EOS
apply_manifest_on(hosts_as('master'), pp, catch_failures: true)
- on(hosts_as('master'), 'mongo --quiet --eval "printjson(rs.conf())"') do |r|
+ on(hosts_as('master'), 'mongosh --quiet --eval "EJSON.stringify(rs.conf())"') do |r|
expect(r.stdout).to match %r{#{hosts[0]}:27017}
expect(r.stdout).to match %r{#{hosts[1]}:27017}
end
@@ -56,18 +48,18 @@ class { 'mongodb::client': }
it 'inserts data on the master' do
sleep(30)
- on hosts_as('master'), %{mongo --verbose --eval 'db.test.save({name:"test1",value:"some value"})'}
+ on hosts_as('master'), %{mongosh --verbose --eval 'db.test.save({name:"test1",value:"some value"})'}
end
it 'checks the data on the master' do
- on hosts_as('master'), %{mongo --verbose --eval 'printjson(db.test.findOne({name:"test1"}))'} do |r|
+ on hosts_as('master'), %{mongosh --verbose --eval 'EJSON.stringify(db.test.findOne({name:"test1"}))'} do |r|
expect(r.stdout).to match %r{some value}
end
end
it 'checks the data on the slave' do
sleep(10)
- on hosts_as('slave'), %{mongo --verbose --eval 'try { rs.secondaryOk() } catch (err) { rs.slaveOk() }; printjson(db.test.findOne({name:"test1"}))'} do |r|
+ on hosts_as('slave'), %{mongosh --verbose --eval 'db.getMongo().setReadPref("primaryPreferred"); EJSON.stringify(db.test.findOne({name:"test1"}))'} do |r|
expect(r.stdout).to match %r{some value}
end
end
@@ -76,7 +68,7 @@ class { 'mongodb::client': }
describe 'mongodb_replset resource with auth => true' do
after :all do
# Have to drop the DB to disable replsets for further testing
- on hosts, %{mongo local --verbose --eval 'db.dropDatabase()'}
+ on hosts, %{mongosh local --verbose --eval 'db.dropDatabase()'}
pp = <<-EOS
class { 'mongodb::globals': }
@@ -85,11 +77,6 @@ class { 'mongodb::globals': }
package_ensure => absent,
service_ensure => stopped
}
- if $::osfamily == 'RedHat' {
- class { 'mongodb::client':
- ensure => absent
- }
- }
EOS
apply_manifest_on(hosts.reverse, pp, catch_failures: true)
@@ -126,9 +113,6 @@ class { 'mongodb::server':
YXIsJ0gYcu9XG3mx10LbdPJvxSMg'
}
- if $::osfamily == 'RedHat' {
- include mongodb::client
- }
EOS
apply_manifest_on(hosts.reverse, pp, catch_failures: true)
@@ -166,9 +150,6 @@ class { 'mongodb::server':
nc1ohyB0lNt8lHf1U00mtgDSV3fwo5LkwhRi6d+bDBTL/C6MZETMLdyCqDlTdUWG
YXIsJ0gYcu9XG3mx10LbdPJvxSMg'
}
- if $::osfamily == 'RedHat' {
- include mongodb::client
- }
mongodb_replset { 'test':
auth_enabled => true,
members => [#{hosts.map { |x| "'#{x}:27017'" }.join(',')}],
@@ -177,7 +158,7 @@ class { 'mongodb::server':
EOS
apply_manifest_on(hosts_as('master'), pp, catch_failures: true)
apply_manifest_on(hosts_as('master'), pp, catch_changes: true)
- on(hosts_as('master'), 'mongo --quiet --eval "load(\'/root/.mongorc.js\');printjson(rs.conf())"') do |r|
+ on(hosts_as('master'), 'mongosh --quiet --eval "load(\'/root/.mongoshrc.js\');EJSON.stringify(rs.conf())"') do |r|
expect(r.stdout).to match %r{#{hosts[0]}:27017}
expect(r.stdout).to match %r{#{hosts[1]}:27017}
end
@@ -185,18 +166,18 @@ class { 'mongodb::server':
it 'inserts data on the master' do
sleep(30)
- on hosts_as('master'), %{mongo test --verbose --eval 'load("/root/.mongorc.js");db.dummyData.insert({"created_by_puppet": 1})'}
+ on hosts_as('master'), %{mongosh test --verbose --eval 'load("/root/.mongoshrc.js");db.dummyData.insert({"created_by_puppet": 1})'}
end
it 'checks the data on the master' do
- on hosts_as('master'), %{mongo test --verbose --eval 'load("/root/.mongorc.js");printjson(db.dummyData.findOne())'} do |r|
+ on hosts_as('master'), %{mongosh test --verbose --eval 'load("/root/.mongoshrc.js");EJSON.stringify(db.dummyData.findOne())'} do |r|
expect(r.stdout).to match %r{created_by_puppet}
end
end
it 'checks the data on the slave' do
sleep(10)
- on hosts_as('slave'), %{mongo test --verbose --eval 'load("/root/.mongorc.js");try { rs.secondaryOk() } catch (err) { rs.slaveOk() };printjson(db.dummyData.findOne())'} do |r|
+ on hosts_as('slave'), %{mongosh test --verbose --eval 'load("/root/.mongoshrc.js");db.getMongo().setReadPref("primaryPreferred");EJSON.stringify(db.dummyData.findOne())'} do |r|
expect(r.stdout).to match %r{created_by_puppet}
end
end
diff --git a/spec/acceptance/server_spec.rb b/spec/acceptance/server_spec.rb
index 560282853..7526bb3fa 100644
--- a/spec/acceptance/server_spec.rb
+++ b/spec/acceptance/server_spec.rb
@@ -15,22 +15,16 @@
else
'mongodb'
end
- package_name = if fact('os.distro.codename') =~ %r{^(buster)$}
- 'mongodb-org-server'
- else
- 'mongodb-server'
- end
else
config_file = '/etc/mongod.conf'
service_name = 'mongod'
- package_name = 'mongodb-org-server'
end
+ package_name = 'mongodb-org-server'
describe 'installation' do
it 'works with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
EOS
apply_manifest(pp, catch_failures: true)
@@ -54,7 +48,7 @@ class { 'mongodb::server': }
it { is_expected.to be_listening }
end
- describe command('mongo --version') do
+ describe command('mongod --version') do
its(:exit_status) { is_expected.to eq 0 }
end
end
@@ -65,7 +59,6 @@ class { 'mongodb::server': }
class { 'mongodb::server':
port => 27018,
}
- -> class { 'mongodb::client': }
EOS
apply_manifest(pp, catch_failures: true)
@@ -107,7 +100,6 @@ class { 'mongodb::server':
restart => true,
set_parameter => ['enableLocalhostAuthBypass: true']
}
- class { 'mongodb::client': }
mongodb_user { "User admin on db admin":
ensure => present,
@@ -139,11 +131,11 @@ class { 'mongodb::client': }
it { is_expected.to be_listening }
end
- describe command('mongo --quiet --eval "db.serverCmdLineOpts().code"') do
+ describe command('mongosh --quiet --eval "db.serverCmdLineOpts().code"') do
its(:stdout) { is_expected.to match '13' }
end
- describe file('/root/.mongorc.js') do
+ describe file('/root/.mongoshrc.js') do
it { is_expected.to be_file }
it { is_expected.to be_owned_by 'root' }
it { is_expected.to be_grouped_into 'root' }
@@ -151,12 +143,12 @@ class { 'mongodb::client': }
it { is_expected.to contain 'db.auth(\'admin\', \'password\')' }
end
- describe command("mongo admin --quiet --eval \"load('/root/.mongorc.js');printjson(db.getUser('admin')['customData'])\"") do
+ describe command("mongosh admin --quiet --eval \"load('/root/.mongoshrc.js');EJSON.stringify(db.getUser('admin')['customData'])\"") do
its(:exit_status) { is_expected.to eq 0 }
- its(:stdout) { is_expected.to match "{ \"createdBy\" : \"Puppet Mongodb_user['User admin on db admin']\" }\n" }
+ its(:stdout) { is_expected.to match "{\"createdBy\":\"Puppet Mongodb_user['User admin on db admin']\"}\n" }
end
- describe command('mongo --version') do
+ describe command('mongod --version') do
its(:exit_status) { is_expected.to eq 0 }
end
end
@@ -170,7 +162,6 @@ class { 'mongodb::server':
service_ensure => stopped,
service_enable => false
}
- -> class { 'mongodb::client': ensure => absent, }
EOS
apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
diff --git a/spec/acceptance/sharding_spec.rb b/spec/acceptance/sharding_spec.rb
index d659c1eb6..2a4770d93 100644
--- a/spec/acceptance/sharding_spec.rb
+++ b/spec/acceptance/sharding_spec.rb
@@ -15,9 +15,6 @@ class { 'mongodb::globals': }
mongodb_replset { 'foo' :
members => ["shard:27018"],
}
- if $::osfamily == 'RedHat' {
- class { 'mongodb::client': }
- }
EOS
apply_manifest_on(hosts_as('shard'), pp, catch_failures: true)
@@ -40,13 +37,10 @@ class { 'mongodb::mongos' :
member => 'foo/shard:27018',
keys => [{'foo.toto' => {'name' => 1}}]
}
- if $::osfamily == 'RedHat' {
- class { 'mongodb::client': }
- }
EOS
apply_manifest_on(hosts_as('router'), pp, catch_failures: true)
- on(hosts_as('router'), 'mongo --quiet --eval "printjson(sh.status())"') do |r|
+ on(hosts_as('router'), 'mongosh --quiet --eval "EJSON.stringify(sh.status())"') do |r|
expect(r.stdout).to match %r{foo/shard:27018}
expect(r.stdout).to match %r{foo\.toto}
end
diff --git a/spec/acceptance/user_spec.rb b/spec/acceptance/user_spec.rb
index ee119561f..5e7673640 100644
--- a/spec/acceptance/user_spec.rb
+++ b/spec/acceptance/user_spec.rb
@@ -7,7 +7,6 @@
it 'compiles with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
-> mongodb_database { 'testdb': ensure => present }
->
mongodb_user {'testuser':
@@ -22,15 +21,14 @@ class { 'mongodb::server': }
end
it 'creates the user' do
- shell("mongo testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
- expect(r.stdout.chomp).to eq('1')
+ shell("mongosh testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
+ expect(r.stdout.chomp).to eq('{ ok: 1 }')
end
end
it 'removes a user with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
-> mongodb_database { 'testdb': ensure => present }
->
mongodb_user {'testuser':
@@ -45,7 +43,7 @@ class { 'mongodb::server': }
end
it 'auth should fail' do
- shell("mongo testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
+ shell("mongosh testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
expect(r.stdout.chomp).to contain('Error: Authentication failed')
end
end
@@ -55,7 +53,6 @@ class { 'mongodb::server': }
it 'works with no errors' do
pp = <<-EOS
class { 'mongodb::server': port => 27018 }
- -> class { 'mongodb::client': }
-> mongodb_database { 'testdb': ensure => present }
->
mongodb_user {'testuser':
@@ -70,8 +67,8 @@ class { 'mongodb::server': port => 27018 }
end
it 'creates the user' do
- shell("mongo testdb --quiet --port 27018 --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
- expect(r.stdout.chomp).to eq('1')
+ shell("mongosh testdb --quiet --port 27018 --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
+ expect(r.stdout.chomp).to eq('{ ok: 1 }')
end
end
end
@@ -80,7 +77,6 @@ class { 'mongodb::server': port => 27018 }
it 'compiles with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
-> mongodb_database { 'testdb': ensure => present }
->
mongodb_user {'testuser':
@@ -96,8 +92,8 @@ class { 'mongodb::server': }
end
it 'creates the user' do
- shell("mongo testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
- expect(r.stdout.chomp).to eq('1')
+ shell("mongosh testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
+ expect(r.stdout.chomp).to eq('{ ok: 1 }')
end
end
end
@@ -106,7 +102,6 @@ class { 'mongodb::server': }
it 'compiles with no errors' do
pp = <<-EOS
class { 'mongodb::server': }
- -> class { 'mongodb::client': }
-> mongodb_database { 'testdb': ensure => present }
-> mongodb_database { 'testdb2': ensure => present }
->
@@ -130,25 +125,25 @@ class { 'mongodb::server': }
end
it 'allows the testuser' do
- shell("mongo testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
- expect(r.stdout.chomp).to eq('1')
+ shell("mongosh testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\")'") do |r|
+ expect(r.stdout.chomp).to eq('{ ok: 1 }')
end
end
it 'assigns roles to testuser' do
- shell("mongo testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\"); db.getUser(\"testuser\")[\"roles\"].forEach(function(role){print(role.role + \"@\" + role.db)})'") do |r|
+ shell("mongosh testdb --quiet --eval 'db.auth(\"testuser\",\"passw0rd\"); db.getUser(\"testuser\")[\"roles\"].forEach(function(role){print(role.role + \"@\" + role.db)})'") do |r|
expect(r.stdout.split(%r{\n})).to contain_exactly('readWrite@testdb', 'dbAdmin@testdb')
end
end
it 'allows the second user to connect to its default database' do
- shell("mongo testdb2 --quiet --eval 'db.auth(\"testuser2\",\"passw0rd\")'") do |r|
- expect(r.stdout.chomp).to eq('1')
+ shell("mongosh testdb2 --quiet --eval 'db.auth(\"testuser2\",\"passw0rd\")'") do |r|
+ expect(r.stdout.chomp).to eq('{ ok: 1 }')
end
end
it 'assigns roles to testuser2' do
- shell("mongo testdb2 --quiet --eval 'db.auth(\"testuser2\",\"passw0rd\"); db.getUser(\"testuser2\")[\"roles\"].forEach(function(role){print(role.role + \"@\" + role.db)})'") do |r|
+ shell("mongosh testdb2 --quiet --eval 'db.auth(\"testuser2\",\"passw0rd\"); db.getUser(\"testuser2\")[\"roles\"].forEach(function(role){print(role.role + \"@\" + role.db)})'") do |r|
expect(r.stdout.split(%r{\n})).to contain_exactly('readWrite@testdb2', 'dbAdmin@testdb2', 'readWrite@testdb', 'dbAdmin@testdb')
end
end
diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb
index b97a517d6..c0e2ce44f 100644
--- a/spec/classes/client_spec.rb
+++ b/spec/classes/client_spec.rb
@@ -9,12 +9,7 @@
context 'with defaults' do
it { is_expected.to compile.with_all_deps }
-
- if facts[:os]['release']['major'] =~ %r{(10)}
- it { is_expected.to create_package('mongodb_client').with_ensure('4.4.8') }
- else
- it { is_expected.to create_package('mongodb_client').with_ensure('present') }
- end
+ it { is_expected.to create_package('mongodb_client').with_ensure('present') }
end
context 'with manage_package' do
@@ -23,12 +18,7 @@
end
it { is_expected.to compile.with_all_deps }
-
- if facts[:os]['release']['major'] =~ %r{(10)}
- it { is_expected.to create_package('mongodb_client').with_ensure('4.4.8').with_name('mongodb-org-shell').with_tag('mongodb_package') }
- else
- it { is_expected.to create_package('mongodb_client').with_ensure('present').with_name('mongodb-org-shell').with_tag('mongodb_package') }
- end
+ it { is_expected.to create_package('mongodb_client').with_ensure('present').with_name('mongodb-mongosh').with_tag('mongodb_package') }
end
end
end
diff --git a/spec/classes/mongos_spec.rb b/spec/classes/mongos_spec.rb
index bbccc8c85..213e19a4b 100644
--- a/spec/classes/mongos_spec.rb
+++ b/spec/classes/mongos_spec.rb
@@ -7,30 +7,20 @@
context "on #{os}" do
let(:facts) { facts }
- case facts[:os]['family']
- when 'Debian'
- package_name = if facts[:os]['release']['major'] =~ %r{(10)}
- 'mongodb-org-mongos'
- else
- 'mongodb-server'
- end
- config_file = '/etc/mongodb-shard.conf'
- else
- package_name = 'mongodb-org-mongos'
- config_file = '/etc/mongos.conf'
- end
+ package_name = 'mongodb-org-mongos'
+ config_file = case facts[:os]['family']
+ when 'Debian'
+ '/etc/mongodb-shard.conf'
+ else
+ '/etc/mongos.conf'
+ end
context 'with defaults' do
it { is_expected.to compile.with_all_deps }
# install
it { is_expected.to contain_class('mongodb::mongos::install') }
-
- if facts[:os]['release']['major'] =~ %r{(10)}
- it { is_expected.to contain_package('mongodb_mongos').with_ensure('4.4.8').with_name(package_name).with_tag('mongodb_package') }
- else
- it { is_expected.to contain_package('mongodb_mongos').with_ensure('present').with_name(package_name).with_tag('mongodb_package') }
- end
+ it { is_expected.to contain_package('mongodb_mongos').with_ensure('present').with_name(package_name).with_tag('mongodb_package') }
# config
it { is_expected.to contain_class('mongodb::mongos::config') }
@@ -39,7 +29,6 @@
when 'RedHat', 'Suse'
expected_content = <<~CONFIG
configdb = 127.0.0.1:27019
- fork = true
pidfilepath = /var/run/mongodb/mongos.pid
logpath = /var/log/mongodb/mongos.log
unixSocketPrefix = /var/run/mongodb
@@ -90,12 +79,7 @@
end
it { is_expected.to compile.with_all_deps }
-
- if facts[:os]['release']['major'] =~ %r{(10)}
- it { is_expected.to contain_package('mongodb_mongos').with_name('mongo-foo').with_ensure('4.4.8').with_tag('mongodb_package') }
- else
- it { is_expected.to contain_package('mongodb_mongos').with_name('mongo-foo').with_ensure('present').with_tag('mongodb_package') }
- end
+ it { is_expected.to contain_package('mongodb_mongos').with_name('mongo-foo').with_ensure('present').with_tag('mongodb_package') }
end
context 'service_manage => false' do
diff --git a/spec/opsmanager_spec.rb b/spec/classes/opsmanager_spec.rb
similarity index 100%
rename from spec/opsmanager_spec.rb
rename to spec/classes/opsmanager_spec.rb
diff --git a/spec/classes/repo_spec.rb b/spec/classes/repo_spec.rb
index 796014ac3..7e833904e 100644
--- a/spec/classes/repo_spec.rb
+++ b/spec/classes/repo_spec.rb
@@ -16,7 +16,7 @@
describe 'with version set' do
let :params do
{
- version: '3.6.1'
+ version: '6.0.7'
}
end
@@ -26,14 +26,14 @@
it do
is_expected.to contain_yumrepo('mongodb').
- with_baseurl('https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/$basearch/')
+ with_baseurl('https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/$basearch/')
end
when 'Suse'
it { is_expected.to contain_class('mongodb::repo::zypper') }
it do
is_expected.to contain_zypprepo('mongodb').
- with_baseurl('https://repo.mongodb.org/zypper/suse/$releasever_major/mongodb-org/3.6/$basearch/')
+ with_baseurl('https://repo.mongodb.org/zypper/suse/$releasever_major/mongodb-org/6.0/$basearch/')
end
when 'Debian'
it { is_expected.to contain_class('mongodb::repo::apt') }
@@ -43,13 +43,13 @@
it do
is_expected.to contain_apt__source('mongodb').
with_location('https://repo.mongodb.org/apt/debian').
- with_release("#{facts[:lsbdistcodename]}/mongodb-org/3.6")
+ with_release("#{facts[:lsbdistcodename]}/mongodb-org/6.0")
end
when 'Ubuntu'
it do
is_expected.to contain_apt__source('mongodb').
with_location('https://repo.mongodb.org/apt/ubuntu').
- with_release("#{facts[:lsbdistcodename]}/mongodb-org/3.6")
+ with_release("#{facts[:lsbdistcodename]}/mongodb-org/6.0")
end
end
else
@@ -60,7 +60,7 @@
describe 'with proxy' do
let :params do
{
- version: '3.6.1',
+ version: '6.0.7',
proxy: 'http://proxy-server:8080',
proxy_username: 'proxyuser1',
proxy_password: 'proxypassword1'
@@ -86,6 +86,16 @@
it { is_expected.to raise_error(Puppet::Error, %r{not supported}) }
end
end
+
+ describe 'with older version' do
+ let :params do
+ {
+ version: '3.0.2'
+ }
+ end
+
+ it { is_expected.to raise_error(Puppet::Error, %r{older than 4.4 are unsupported}) }
+ end
end
end
end
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
index 2d8451b41..a9e175983 100644
--- a/spec/classes/server_spec.rb
+++ b/spec/classes/server_spec.rb
@@ -43,35 +43,43 @@
end
end
- describe 'with defaults' do
- it_behaves_like 'server classes'
+ let(:mongo_user) do
+ if facts[:os]['family'] == 'Debian'
+ 'mongodb'
+ else
+ 'mongod'
+ end
+ end
- if facts[:os]['family'] == 'RedHat' || facts[:os]['family'] == 'Suse'
- it { is_expected.to contain_package('mongodb_server').with_ensure('present').with_name('mongodb-org-server').with_tag('mongodb_package') }
- elsif facts[:os]['release']['major'] =~ %r{(10)}
- it { is_expected.to contain_package('mongodb_server').with_ensure('4.4.8').with_name('mongodb-org-server').with_tag('mongodb_package') }
+ let(:mongo_group) do
+ if facts[:os]['family'] == 'Debian'
+ 'mongodb'
else
- it { is_expected.to contain_package('mongodb_server').with_ensure('present').with_name('mongodb-server').with_tag('mongodb_package') }
+ 'mongod'
end
+ end
+
+ describe 'with defaults' do
+ it_behaves_like 'server classes'
+
+ it { is_expected.to contain_package('mongodb_server').with_ensure('present').with_name('mongodb-org-server').with_tag('mongodb_package') }
it do
is_expected.to contain_file(config_file).
with_mode('0644').
with_owner('root').
with_group('root').
- with_content(%r{^storage\.dbPath: /var/lib/mongodb$}).
+ with_content(%r{^storage\.dbPath: /var/lib/mongo$}).
with_content(%r{^net\.bindIp: 127\.0\.0\.1$}).
with_content(%r{^systemLog\.logAppend: true$}).
with_content(%r{^systemLog\.path: #{log_path}$})
end
- if facts[:os]['family'] == 'Debian'
- it { is_expected.not_to contain_file(config_file).with_content(%r{fork}) }
- else
- it { is_expected.to contain_file(config_file).with_content(%r{^ fork: true$}) }
- end
+ it { is_expected.not_to contain_file(config_file).with_content(%r{fork}) }
+
+ it { is_expected.to contain_file('/root/.mongoshrc.js').with_ensure('file').without_content(%r{db\.auth}) }
+ it { is_expected.to contain_file('/var/lib/mongo').with(ensure: 'directory', mode: '0750', owner: mongo_user, group: mongo_group) }
- it { is_expected.to contain_file('/root/.mongorc.js').with_ensure('file').without_content(%r{db\.auth}) }
it { is_expected.not_to contain_exec('fix dbpath permissions') }
end
@@ -188,7 +196,7 @@
end
it { is_expected.to contain_file(config_file).with_content(%r{^security\.authorization: enabled$}) }
- it { is_expected.to contain_file('/root/.mongorc.js') }
+ it { is_expected.to contain_file('/root/.mongoshrc.js') }
end
describe 'when specifying set_parameter array value' do
@@ -274,18 +282,40 @@
end
describe 'with store_creds' do
- context 'true' do
+ context 'true with scram_sha_1' do
+ let :params do
+ {
+ admin_username: 'admin',
+ admin_password: 'password',
+ auth: true,
+ store_creds: true
+ }
+ end
+
+ it {
+ is_expected.to contain_file('/root/.mongoshrc.js').
+ with_ensure('file').
+ with_owner('root').
+ with_group('root').
+ with_mode('0600').
+ with_content(%r{db\.auth\('admin', 'password'\)})
+ }
+ end
+
+ context 'true with scram_sha_256' do
let :params do
{
admin_username: 'admin',
admin_password: 'password',
+ admin_auth_mechanism: 'scram_sha_256',
+ admin_update_password: true,
auth: true,
store_creds: true
}
end
it {
- is_expected.to contain_file('/root/.mongorc.js').
+ is_expected.to contain_file('/root/.mongoshrc.js').
with_ensure('file').
with_owner('root').
with_group('root').
@@ -294,6 +324,38 @@
}
end
+ context 'true with x509' do
+ let :params do
+ {
+ admin_username: 'subject=CN=admin,OU=some,O=company,ST=somewhere,C=EX',
+ admin_auth_mechanism: 'x509',
+ admin_tls_key: '/path/to/key',
+ auth: true,
+ store_creds: true
+ }
+ end
+
+ it {
+ is_expected.to contain_file('/root/.mongoshrc.js').
+ with_ensure('file').
+ with_owner('root').
+ with_group('root').
+ with_mode('0600').
+ with_content(%r{db\.getSiblingDB\('\$external'\)\.auth}).
+ with_content(%r{mechanism: 'MONGODB-X509'})
+ }
+
+ it {
+ is_expected.to contain_file('/root/.mongosh.yaml').
+ with_ensure('file').
+ with_owner('root').
+ with_group('root').
+ with_mode('0600').
+ with_content(%r{^subject=CN=admin,OU=some,O=company,ST=somewhere,C=EX:$}).
+ with_content(%r{tlsCertificateKeyFile: /path/to/key})
+ }
+ end
+
context 'false' do
let :params do
{
@@ -301,7 +363,7 @@
}
end
- it { is_expected.to contain_file('/root/.mongorc.js').with_ensure('file').without_content(%r{db\.auth}) }
+ it { is_expected.to contain_file('/root/.mongoshrc.js').with_ensure('file').without_content(%r{db\.auth}) }
end
end
@@ -327,10 +389,10 @@
it do
is_expected.to contain_exec('fix dbpath permissions').
- with_command('chown -R foo:bar /var/lib/mongodb').
+ with_command('chown -R foo:bar /var/lib/mongo').
with_path(['/usr/bin', '/bin']).
- with_onlyif("find /var/lib/mongodb -not -user foo -o -not -group bar -print -quit | grep -q '.*'").
- that_subscribes_to('File[/var/lib/mongodb]')
+ with_onlyif("find /var/lib/mongo -not -user foo -o -not -group bar -print -quit | grep -q '.*'").
+ that_subscribes_to('File[/var/lib/mongo]')
end
end
diff --git a/spec/unit/mongodb_version_spec.rb b/spec/unit/mongodb_version_spec.rb
index a7ede5d3d..31832131c 100644
--- a/spec/unit/mongodb_version_spec.rb
+++ b/spec/unit/mongodb_version_spec.rb
@@ -10,12 +10,12 @@
describe 'mongodb_version' do
context 'with value' do
before do
- allow(Facter::Core::Execution).to receive(:which).with('mongo').and_return(true)
- allow(Facter::Core::Execution).to receive(:execute).with('mongo --version 2>&1').and_return('MongoDB shell version: 3.2.1')
+ allow(Facter::Core::Execution).to receive(:which).with('mongod').and_return(true)
+ allow(Facter::Core::Execution).to receive(:execute).with('mongod --version 2>&1').and_return('db version v6.0.7')
end
it {
- expect(Facter.fact(:mongodb_version).value).to eq('3.2.1')
+ expect(Facter.fact(:mongodb_version).value).to eq('6.0.7')
}
end
end
diff --git a/spec/unit/puppet/provider/mongodb_database/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_database/mongodb_spec.rb
index c783d6898..8f25fb384 100644
--- a/spec/unit/puppet/provider/mongodb_database/mongodb_spec.rb
+++ b/spec/unit/puppet/provider/mongodb_database/mongodb_spec.rb
@@ -38,7 +38,7 @@
tmp = Tempfile.new('test')
mongodconffile = tmp.path
allow(provider.class).to receive(:mongod_conf_file).and_return(mongodconffile)
- allow(provider.class).to receive(:mongo_eval).with('try { rs.secondaryOk() } catch (err) { rs.slaveOk() };printjson(db.getMongo().getDBs())').and_return(raw_dbs)
+ allow(provider.class).to receive(:mongo_eval).with('db.getMongo().setReadPref("primaryPreferred");EJSON.stringify(db.getMongo().getDBs())').and_return(raw_dbs)
allow(provider.class).to receive(:db_ismaster).and_return(true)
end
diff --git a/spec/unit/puppet/provider/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_spec.rb
index 0b71a4742..a04af823a 100644
--- a/spec/unit/puppet/provider/mongodb_spec.rb
+++ b/spec/unit/puppet/provider/mongodb_spec.rb
@@ -14,18 +14,15 @@
describe 'mongo version detection' do
v = {
- '2.6.x' => { '26' => true, '4' => false, '5' => false },
- '4.x.x' => { '26' => false, '4' => true, '5' => false },
- '5.x.x' => { '26' => false, '4' => false, '5' => true },
- 'x.x.x' => { '26' => false, '4' => false, '5' => false }
+ '4.x.x' => { '4' => true, '5' => false, '6' => false },
+ '5.x.x' => { '4' => false, '5' => true, '6' => false },
+ '6.x.x' => { '4' => false, '5' => false, '6' => true },
+ 'x.x.x' => { '4' => false, '5' => false, '6' => false }
}
- v.each do |key, results|
+ v.each do |key, _results|
it "version detection for [#{key}]" do
allow(provider_class).to receive(:mongo_eval).with('db.version()').and_return(key)
- expect(provider_class.mongo_26?).to be results['26']
- expect(provider_class.mongo_4?).to be results['4']
- expect(provider_class.mongo_5?).to be results['5']
end
end
end
diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
index 7a397718b..bbd44ad2c 100644
--- a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
+++ b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -7,7 +7,7 @@
describe Puppet::Type.type(:mongodb_user).provider(:mongodb) do
let(:raw_users) do
[
- { '_id' => 'admin.root', 'user' => 'root', 'db' => 'admin', 'credentials' => { 'MONGODB-CR' => 'pass', 'SCRAM-SHA-1' => { 'iterationCount' => 10_000, 'salt' => 'salt', 'storedKey' => 'storedKey', 'serverKey' => 'serverKey' } }, 'roles' => [{ 'role' => 'role2', 'db' => 'admin' }, { 'role' => 'role3', 'db' => 'user_database' }, { 'role' => 'role1', 'db' => 'admin' }] }
+ { '_id' => 'admin.root', 'user' => 'root', 'db' => 'admin', 'credentials' => { 'MONGODB-CR' => 'pass', 'SCRAM-SHA-1' => { 'iterationCount' => 10_000, 'salt' => 'salt', 'storedKey' => 'storedKey', 'serverKey' => 'serverKey' } }, 'roles' => [{ 'role' => 'role1', 'db' => 'admin' }, { 'role' => 'role3', 'db' => 'user_database' }, { 'role' => 'role2', 'db' => 'other_database' },] }
].to_json
end
@@ -32,8 +32,8 @@
tmp = Tempfile.new('test')
mongodconffile = tmp.path
allow(provider.class).to receive(:mongod_conf_file).and_return(mongodconffile)
- allow(provider.class).to receive(:mongo_eval).with('printjson(db.system.users.find().toArray())').and_return(raw_users)
- allow(provider.class).to receive(:mongo_version).and_return('2.6.x')
+ allow(provider.class).to receive(:mongo_eval).with('EJSON.stringify(db.system.users.find().toArray())').and_return(raw_users)
+ allow(provider.class).to receive(:mongo_version).and_return('6.0.x')
allow(provider.class).to receive(:db_ismaster).and_return(true)
end
@@ -58,6 +58,7 @@
"createUser":"new_user",
"customData":{"createdBy":"Puppet Mongodb_user['new_user']"},
"roles":[{"role":"role1","db":"new_database"},{"role":"role2","db":"other_database"}],
+ "mechanisms":["SCRAM-SHA-1"],
"pwd":"pass",
"digestPassword":false
}
@@ -119,7 +120,7 @@
describe 'roles' do
it 'returns a sorted roles' do
- expect(instance.roles).to eq(%w[role1 role2 role3@user_database])
+ expect(instance.roles).to eq(%w[role1 role2@other_database role3@user_database])
end
end
diff --git a/templates/mongodb.conf.2.6.erb b/templates/mongodb.conf.erb
similarity index 84%
rename from templates/mongodb.conf.2.6.erb
rename to templates/mongodb.conf.erb
index 5c846a254..709e688bb 100644
--- a/templates/mongodb.conf.2.6.erb
+++ b/templates/mongodb.conf.erb
@@ -71,7 +71,6 @@ storage.quota.maxFilesPerDB: <%= @quotafiles %>
storage.engine: <%= @storage_engine_internal %>
<% end -%>
-
#Security
<% if @auth -%>
security.authorization: enabled
@@ -85,7 +84,6 @@ security.keyFile: <%= @keyfile %>
security.javascriptEnabled: <%= @noscripting %>
<% end -%>
-
#Net
<% if @ipv6 -%>
net.ipv6: <%= @ipv6 %>
@@ -123,10 +121,22 @@ net.ssl.allowInvalidHostnames: <%= @ssl_invalid_hostnames %>
<% end -%>
<% if @tls -%>
net.tls.mode: <%= @tls_mode %>
+<% if @tls_key -%>
net.tls.certificateKeyFile: <%= @tls_key %>
+<% end -%>
+<% if @tls_cluster_key -%>
+net.tls.ClusterFile = <%= @tls_cluster_key %>
+<% end -%>
+<% if ! @tls_use_system_ca -%>
+<%# its this parameter or the explicit ca file location %>
+<%# This options will be set in the setparameter section below %>
<% if @tls_ca -%>
net.tls.CAFile: <%= @tls_ca %>
<% end -%>
+<% if @tls_cluster_ca -%>
+net.tls.clusterCAFile: <%= @tls_ca %>
+<% end -%>
+<% end -%>
<% if @tls_conn_without_cert -%>
net.tls.allowConnectionsWithoutCertificates: <%= @tls_conn_without_cert %>
<% end -%>
@@ -169,6 +179,18 @@ setParameter:
<%= v %>
<% end -%>
<% end -%>
+<% if @supported_auth_mechanisms || @tls_use_system_ca -%>
+<% if !@set_parameter -%>
+setParameter:
+<% end -%>
+<% if @supported_auth_mechanisms -%>
+ <%# setParameters.auth... gives an error on startup status=2/INVALIDARGUMENT -%>
+ authenticationMechanisms: <%= @supported_auth_mechanisms.join(',') %>
+<% end -%>
+<% if @tls_use_system_ca -%>
+ tlsUseSystemCA: true
+<% end -%>
+<% end -%>
<% if @config_data -%>
<% @config_data.each do |k,v| -%>
diff --git a/templates/mongorc.js.erb b/templates/mongoshrc.js.erb
similarity index 58%
rename from templates/mongorc.js.erb
rename to templates/mongoshrc.js.erb
index 9e060306f..c9ee3c379 100644
--- a/templates/mongorc.js.erb
+++ b/templates/mongoshrc.js.erb
@@ -19,31 +19,43 @@ function rsReconfigSettings(settings){
<% if @auth and @store_creds -%>
function authRequired() {
try {
- return db.serverCmdLineOpts().code == 13;
+ return db.serverCmdLineOpts().ok != 1;
} catch (err) {
- return false;
+ if (err.message.match(/requires authentication/) || err.message.match(/not authorized on admin/)) {
+ return true
+ } else {
+ throw("Unknown error :" + err)
+ }
}
}
if (authRequired()) {
<%- if @replset -%>
- // rs.slaveOk has been deprecated, use secondaryOk if available
+ db.getMongo().setReadPref('primaryPreferred')
+ <%- end -%>
+ <%- if @admin_auth_mechanism == 'x509' -%>
try {
- rs.secondaryOk()
+ db.getSiblingDB('$external').auth(
+ {
+ mechanism: 'MONGODB-X509'
+ }
+ )
}
- catch (err) {
- rs.slaveOk()
+ catch(err) {
+ // This isn't catching authentication errors as I'd expect...
+ throw(err)
}
- <%- end -%>
+ <%- else -%>
try {
- var prev_db = db
+ var prev_db = db.getName()
db = db.getSiblingDB('admin')
db.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive %>')
db = db.getSiblingDB(prev_db)
}
catch (err) {
// This isn't catching authentication errors as I'd expect...
- abort('Unknown error')
+ throw(err)
}
+ <%- end -%>
}
<% end -%>