Merge pull request #3644 from mrgnr/mrgnr/mongo-auth

Enable Mongo auth

Merge pull request #3644 from mrgnr/mrgnr/mongo-auth
Enable Mongo auth
77d54170 · Kevin Falcone · GitHub · dec8ff69 · 0f5f179c · 77d54170
Commit 77d54170 authored Feb 22, 2017 by Kevin Falcone Committed by GitHub Feb 22, 2017
5 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -200,10 +200,14 @@
  - Changed SECURITY_UPGRADE_ON_ANSIBLE to only apply security updates.  If you want to retain the behavior of running safe-upgrade,
    you should switch to using SAFE_UPGRADE_ON_ANSIBLE.

+- Role: mongo_2_6
+  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.
+
 - Role: mongo_3_0
  - Changed MONGO_STORAGE_ENGINE to default to wiredTiger which is the default in 3.2 and 3.4 and what edX suggests be used even on 3.0.
    If you have a mmapv1 3.0 install, override MONGO_STORAGE_ENGINE to be mmapv1 which was the old default.
  - Support parsing the replset JSON in 3.2 and 3.0
+  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.

 - Role: xqueue
  - Added `EDXAPP_CELERY_BROKER_USE_SSL` to allow configuring celery to use TLS.

--- a/playbooks/roles/mongo_2_6/defaults/main.yml
+++ b/playbooks/roles/mongo_2_6/defaults/main.yml
@@ -31,6 +31,7 @@ MONGO_USERS:

 MONGO_CLUSTERED: false
 MONGO_BIND_IP: 127.0.0.1
+MONGO_AUTH: true

 MONGO_USE_SMALLFILES: true


--- a/playbooks/roles/mongo_2_6/templates/mongodb.conf.j2
+++ b/playbooks/roles/mongo_2_6/templates/mongodb.conf.j2
@@ -38,9 +38,8 @@ replSet = {{ mongo_repl_set }}
 # Enables periodic logging of CPU utilization and I/O wait
 #cpu = true

-# Turn on/off security.  Off is currently the default
-#noauth = true
-#auth = true
+# Turn on/off security.  On is currently the default
+auth = {{ MONGO_AUTH | ternary("true", "false") }}

 # Verbose logging output.
 #verbose = true

--- a/playbooks/roles/mongo_3_0/defaults/main.yml
+++ b/playbooks/roles/mongo_3_0/defaults/main.yml
@@ -42,6 +42,7 @@ MONGO_USERS:
 MONGO_CLUSTERED: false
 MONGO_BIND_IP: 127.0.0.1
 MONGO_REPL_SET: "rs0"
+MONGO_AUTH: true

 # Cluster member configuration
 # Fed directly into mongodb_replica_set module

--- a/playbooks/roles/mongo_3_0/templates/mongod.conf.j2
+++ b/playbooks/roles/mongo_3_0/templates/mongod.conf.j2
@@ -34,6 +34,7 @@ replication:
  replSetName: {{ MONGO_REPL_SET }}

 security:
+  authorization: {{ MONGO_AUTH | ternary("enabled", "disabled") }}
  keyFile: {{ mongo_key_file }}

 {% endif %}