Ansible Role mongodb

This role installs and configures a MongoDB server, and configures daily database dumps. Optionally, it allows setting up a replica set across multiple members.

Important: When setting up a replica set across members, make sure that there is no data being written on any member until all members have joined the replica set. Else you need to manually prepare the data files on the to-be-added secondary before joining.

Runs on

RHEL 8 (and compatible)
RHEL 9 (and compatible)
Debian 11

This role is only compatible with the following MongoDB versions:

4.2 (only tested on RHEL 8)
4.4 (only tested on RHEL 8)
6.0

Mandatory Requirements

Enable the official MongoDB repository. This can be done using the linuxfabrik.lfops.repo_mongodb role.

Tags

Tag	What it does
`mongodb`	Installs and configures MongoDB
`mongodb:dump`	Configures the database dumping (backups)
`mongodb:state`	Manages the state of the mongod service
`mongodb:user`	Manages the MongoDB users

Recommended Role Variables

Variable

Description

Default Value

mongodb__admin_user

The main user account for the database administrator. This is required when authorization is enabled by mongodb__conf_security_authorization. To create additional ones, use the mongodb__users__*_var variables. Subkeys:

username: Username
password: Password

unset

mongodb__conf_security_authorization

mongodb.com

false

mongodb__dump_user

The MongoDB user for dumping the database when Role-Based Access Control is enabled (mongodb__conf_security_authorization). Subkeys:
* auth_database: Optional, string. Database to authenticate against. Defaults to 'admin'.
* username: Required, string.
* password: Required, string.

unset

# recommended
mongodb__admin_user:
  username: 'mongodb-admin'
  password: 'linuxfabrik'
mongodb__conf_security_authorization: true
mongodb__dump_user:
  username: 'mongodb-dump'
  password: 'linuxfabrik'

Optional Role Variables

Variable	Description	Default Value
`mongodb__conf_net_bind_ip`	List of the IPs on which MongoDB should be available. Make sure that the first address in the list is reachable by the server itself, and to set the first address to `'localhost'` if you need to use the localhost exception to create the first DBA. Have a look at mongodb.com.	`'localhost'`
`mongodb__conf_net_port`	The port on which MongoDB should be available.	`27017`
`mongodb__conf_replication_oplog_size_mb`	mongodb.com	unset
`mongodb__conf_replication_repl_set_name__host_var` / `mongodb__conf_replication_repl_set_name__group_var`	Set this to enable replication. Have a look at https://www.mongodb.com/docs/manual/reference/configuration-options/#mongodb-setting-replication.replSetName. Will be initiated automatically (have a look at `mongodb__repl_set_skip_init`). For the usage in `host_vars` / `group_vars` (can only be used in one group at a time).	unset
`mongodb__conf_storage_directory_per_db`	mongodb.com	`true`
`mongodb__conf_storage_engine_raw`	mongodb.com	unset
`mongodb__conf_storage_journal_commit_interval_ms`	mongodb.com	`100`
`mongodb__conf_storage_journal_enabled`	Enable or disable the durability journal to ensure data files remain valid and recoverable.	`true`
`mongodb__dump_method_file_based_backup_dir`	Where to store the file-based backup.	`'/backup/var-lib-mongo'`
`mongodb__dump_method_file_based`	Use this to create file based backups by locking the instance and copying `/var/lib/mongo`. This is recommended when using `mongodb__dump_method_mongodump` is too slow.	`false`
`mongodb__dump_method_mongodump_backup_dir`	Where to store the `mongodump`-based backup.	`'/backup/mongodb-dump'`
`mongodb__dump_method_mongodump`	Use `mongodump` to create database dumps. This is recommended since it allows the most flexible restores.	`true`
`mongodb__dump_on_calendar`	The `OnCalendar` definition for the systemd timer. Have a look at `man systemd.time(7)` for the format.	`‘--* 21:{{ 59
`mongodb__dump_only_if_hidden`	Use this to only run the backup if the instance is hidden. This is useful in a MongoDB cluster setupp.	`false`
`mongodb__dump_use_oplog`	Use this to capture incoming write operations during the dump operation to ensure that the backups reflect a consistent data state. Note that this only works on cluster setups or with replica sets.	`false`
`mongodb__repl_set_skip_init`	Set this to skip the initiation of the replica set. Note: Set this on all secondaries when setting up a replica set across members.	`false`
`mongodb__service_enabled`	Enables or disables the service, analogous to `systemctl enable/disable`.	`true`
`mongodb__service_state`	Changes the state of the service, analogous to `systemctl start/stop/restart/reload`. Possible options: * `started` * `stopped` * `restarted` * `reloaded`	`'started'`
`mongodb__users__group_var` / `mongodb__users__host_var`	List of dictionaries of users to create (this is NOT used for the first DBA user - here, use `mongodb__admin_user`). Subkeys: `username`: Mandatory, string. Username. `password`: Mandatory, string. Password. `database`: Mandatory, string. Database in which the user should be. `roles`: Optional, string or list. Either name of one of the built-in roles, or list of dictionaries with `db` and `role`. `state`: Optional, string. State of the user. Possible options: `present`, `absent`. Defaults to `present`. For the usage in `host_vars` / `group_vars` (can only be used in one group at a time).	`[]`

Example:

# optional
mongodb__conf_net_bind_ip:
  - '127.0.0.1'
mongodb__conf_net_port: 27017
mongodb__conf_replication_oplog_size_mb: 50
mongodb__conf_replication_repl_set_name__host_var: 'replSet1'
mongodb__conf_storage_directory_per_db: true
mongodb__conf_storage_engine_raw: |-
  engine: "wiredTiger"
    wiredTiger:
      engineConfig:
        cacheSizeGB: 1
        journalCompressor: none
        directoryForIndexes: false
      collectionConfig:
        blockCompressor: none
      indexConfig:
        prefixCompression: false
mongodb__conf_storage_journal_commit_interval_ms: 100
mongodb__conf_storage_journal_enabled: true
mongodb__dump_method_file_based: false
mongodb__dump_method_file_based_backup_dir: '/backup/var-lib-mongo'
mongodb__dump_method_mongodump: true
mongodb__dump_method_mongodump_backup_dir: '/backup/mongodb-dump'
mongodb__dump_on_calendar: ''
mongodb__dump_only_if_hidden: false
mongodb__dump_use_oplog: true
mongodb__service_enabled: true
mongodb__service_state: 'started'
mongodb__repl_set_skip_init: false

Replica Set across with multiple Members

Important: When setting up a replica set across members, make sure that there is no data being written on any member until all members have joined the replica set. Else you need to manually prepare the data files on the to-be-added secondary before joining.

To setup a replica set from scratch:

Choose a name via the mongodb__conf_replication_repl_set_name__*_var (needs to be the same for all members).
Make sure that the cluster members can reach each other by setting mongodb__conf_net_bind_ip accordingly.
For production use, also make sure that mongodb__conf_security_authorization is enabled and mongodb__keyfile_content is set for all members.
Set mongodb__repl_set_skip_init for all the secondaries.
Rollout against the secondaries.
Set mongodb__repl_set_members on the primary (see below).
Rollout against the primary to initiate the replica set with the given members.
Check the state of the cluster by using mongosh --username mongodb-admin --password linuxfabrik --eval 'rs.status()' on any member.

Variable

Description

Default Value

mongodb__keyfile_content

The content of the MongoDB keyfile which is used for internal authentication between the members. Setting this automatically adjusts the MongoDB config to use the keyfile. The content can be generated using openssl rand -base64 756.

unset

mongodb__repl_set_members

List of dictionaries of all the members (including the primary) which should be part of the replica set. Subkeys:

host: Mandatory, string. Hostname and optionally, the port number, of the set member.
Any other Replica Set Configuration Field.

unset

Example:

# replica set
mongodb__keyfile_content: |-
  5Ku/Zd0QhNCiWICdejkGEPOKhhI08mYNJAKY1RBec8OiEmcNFIWMgiMcKaLLYFmY
  sD2WteR5ebZltlsp2wFuQ6V29iwnZ3m7MALDH6nQZ72cHbgaicaEL7fz8epPr9N+
  Xfdn5gt9AyTQIspTBa2l6fjAC2kGBhpf0qTHOpCZw/IWQJcnEBp80ymAjEub5MnS
  yn5dG+QJ0c28jHRnEdQbK2Ss1In21qAPEvlwa/3btB+fOxFMR3COlt/55I+10izx
  ABuUlwHMj4j4snh7JFOd7qbEsN5XE8zFvcnUlw1CxWtg6RvGJ5tCkliW1UcLZ0NF
  MXX3b6pbee5d5SgpyzXVgenLvaXO3CIi1mY2G2+8+8fcLd4D4c9phAnzARsMLdUR
  ACYv+0qs7A6JdvItnmNKDbF2pTsJMGa92+c/zSbay2bHiv0Gx9kX/HbLdMbSsFCn
  TCFN0OwhakRIhGOf1utYu2l03mE007bu+8kDzr+ZnDu6ih4NGt28OzWxzgZU8qlT
  vz7UOeNz4S9TCsx3exqwhKssOEfTmuUckkKINeXYvCzO9RdxTpznApth8DihdLg8
  8Nb4CajaahCmyQ4yYKYIh5N8hQ3CioFWe9ZC+fq/0Rz/UTXbET7Y453CdEHa6TBe
  tjJlBcMFbDgvemKcGW7JPCC5EdfGIQIlcOhgpWKgduevXr2+07YG2LxuN7pw/pGV
  oeC/Dm1WMHqb81jjrjnf2gENDRPtniHr/GyXQmNnB9e+WqBgwkqYzrMEu/jqbo7e
  SErBq6Nd1BdhveaPnTanQjDaEHnC6s5LS+vDBZcJue+kx/OqIbVHmxbm0DziOTM9
  2q1LXXSUxOVPlFmlM0xf45qLHtZ6d1i2Ejz1JOOPvzpbF61s0S7NslUh5RL+411p
  S4W8KlvezgcANfLzsADMez5tdGsgHoZ3Jn0aUql/5fGKLGg/aQO3ah5JGrXfWt5X
  n4HrWwbzWW5Nw2pRC6kcjgwfTWsjoVrNtGTViPZ156x3vYt5
mongodb__repl_set_members:
  - host: 'node1.example.com'
  - host: 'node2.example.com:27018'
  - host: 'node3.example.com'

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich