Use the mongosh command instead of the old mongo command #703
Conversation
stevenpost
force-pushed
the
mongosh
branch
11 times, most recently
from
d69facb
to
4538088
Compare
stevenpost
force-pushed
the
mongosh
branch
9 times, most recently
from
2bf404c
to
6ee156d
Compare
|
Good news, everyone! I'm down to a single failing acceptance test. Once I get that one figured out, I just need to clean up my branch to get it ready for review and properly describe my changes (into the commit message). And do some additional testing to make sure things behave as expected. The failing unit tests are because of additional debug info, which is going to be removed during branch cleanup. |
|
Nice work @stevenpost |
manifests/client/params.pp
Outdated
| } | ||
| # the new mongosh package is the same for all distros. | ||
| # and it follows its own versioning | ||
| $package_name = 'mongodb-mongosh' |
There was a problem hiding this comment.
If users have local scripts or puppet code using shell this change will break that...
I think we should make the client class install both both in the beginning.
There was a problem hiding this comment.
I tend to agree for versions < 6.0
There was a problem hiding this comment.
I discussed this with @witjoh (he's currently sitting right across me) and he has a point. Let's not bother with this, we already indicate we have breaking changes.
There was a problem hiding this comment.
I honestly don't understand why you want to push such a break.
The mongo command was deprecated in 5.0 and is a valid command for another 7 months.
The only thing we have to do is add 10 lines of code to install the package.
We don't have to support the command in providers as that is internal module code.
There was a problem hiding this comment.
Users can still add a package resource themselves. If we wouldn't have any other breaking changes, I'd agree, but since we already do, what's the point of adding deprecated commands to new installations?
There was a problem hiding this comment.
See your point. I'm not going to hold back on approval because of this even if I don't agree.
There was a problem hiding this comment.
FYI for anyone who does need to support both mongo < 4.4 and > 5.0 ( sadly that's me ) then you can always add a simple mongo version check to the respective mongodb.rb files and have an IF ELSE statement with both the old code and the new :-) ( yes....it's not ideal....but hey it works )
|
Could we have a little talk about c16c54f ? I wonder if this could be caused by config being read in a class method and not an instance method or something like that. Provider reads config in prefetch |
Change in the commit: no, it really needs to be silently ignored and has nothing to do with the provider itself. I'll expand on this in the proper commit. The issue you referenced: at first glance it is because the provider doesn't properly handle reading the yaml file. Although the config is valid yaml, the provider expects this rather weird structure with the dots, at least from a first glance. I'll see if I can tackle this in a follow-up PR. |
stevenpost
force-pushed
the
mongosh
branch
4 times, most recently
from
2843038
to
e230c29
Compare
The provider previously used the external IP to connect instead of the loopback. When using the loopback, the option `enableLocalhostAuthBypass` (true by default) allows to bypass authentication when a user doesn't yet exists. Which is exactly what would prevent us from executing administrative tasks (like setting up the replicaset) when auth is enabled, but not yet set up. We can only connect to localhost when MongoDB is listening on either the 'bind all' address (0.0.0.0 or ::0) or the local loopback address (127.0.0.1 or ::1).
The `db.serverCmdLineOpts()` method always requires authentication when auth is enabled. It doesn't take the `enableLocalAuthBypass` parameter into account, the subsequent authentication attempt always fails if a user doesn't exists. This commit switches to the `rs.status()` method, as that method does take the `enableLocalAuthBypass` parameter into account and allows us to obtain a shell before with authentication enabled, but before the user exists.
> Deprecated mongosh Method > This method is deprecated in mongosh. For alternative methods, see > Compatibility Changes with Legacy mongo Shell. > https://www.mongodb.com/docs/mongodb-shell/reference/compatibility/#std-label-compatibility See https://www.mongodb.com/docs/manual/reference/method/db.collection.insert/
Databases in MongoDB are created lazy, meaning there is no `create` command. Thus if a record is inserted the DB is created. When auth is enabled, any attempt to insert data is denied because of missing auth. However the `db.createUser()` function works because of the config option `enableBypassLocalAuth`. For an overview see https://www.mongodb.com/docs/manual/tutorial/deploy-replica-set-with-keyfile-access-control/
|
Hi all, A summary of what's in this PR, most in the provider, one in the associated type:
|
|
A note about backwards-compatibility. Existing client code may need a few changes:
Apart from the tests already in this module, this code was tested in 2 scenario's:
The nodes used for these tests were running RHEL 8 and I tested against MongoDB 4.4.27. Please give it a whirl :) |
|
Testing update: seems to work fine using RHEL 8 and MongoDB 6.0.12 as well. |
A curly brace was not placed properly.
|
Update: I found an issue with the authentication script, but fixing that is causing failures again during roll-out. Investigating. |
All errors not related to authentication mean that auth is not required.
Fixed, it was another exception thrown by the |
|
@stevenpost as an end user I can confirm the module can now create the initial admin user and db when auth is enabled which ( for us ) was the major issue with this module...so thanks very much for your work on this. |
This PR builds on the work @witjoh in #677, the focus here is on getting the minimal set of needed changes and cleaning up his branch. I'll try to move any real cleanup code and other features he was working on into separate PRs for an easy review.
Fixes #648