Commit 77d54170 by Kevin Falcone Committed by GitHub

Merge pull request #3644 from mrgnr/mrgnr/mongo-auth

Enable Mongo auth
parents dec8ff69 0f5f179c
...@@ -200,10 +200,14 @@ ...@@ -200,10 +200,14 @@
- Changed SECURITY_UPGRADE_ON_ANSIBLE to only apply security updates. If you want to retain the behavior of running safe-upgrade, - Changed SECURITY_UPGRADE_ON_ANSIBLE to only apply security updates. If you want to retain the behavior of running safe-upgrade,
you should switch to using SAFE_UPGRADE_ON_ANSIBLE. you should switch to using SAFE_UPGRADE_ON_ANSIBLE.
- Role: mongo_2_6
- Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.
- Role: mongo_3_0 - Role: mongo_3_0
- Changed MONGO_STORAGE_ENGINE to default to wiredTiger which is the default in 3.2 and 3.4 and what edX suggests be used even on 3.0. - Changed MONGO_STORAGE_ENGINE to default to wiredTiger which is the default in 3.2 and 3.4 and what edX suggests be used even on 3.0.
If you have a mmapv1 3.0 install, override MONGO_STORAGE_ENGINE to be mmapv1 which was the old default. If you have a mmapv1 3.0 install, override MONGO_STORAGE_ENGINE to be mmapv1 which was the old default.
- Support parsing the replset JSON in 3.2 and 3.0 - Support parsing the replset JSON in 3.2 and 3.0
- Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.
- Role: xqueue - Role: xqueue
- Added `EDXAPP_CELERY_BROKER_USE_SSL` to allow configuring celery to use TLS. - Added `EDXAPP_CELERY_BROKER_USE_SSL` to allow configuring celery to use TLS.
......
...@@ -31,6 +31,7 @@ MONGO_USERS: ...@@ -31,6 +31,7 @@ MONGO_USERS:
MONGO_CLUSTERED: false MONGO_CLUSTERED: false
MONGO_BIND_IP: 127.0.0.1 MONGO_BIND_IP: 127.0.0.1
MONGO_AUTH: true
MONGO_USE_SMALLFILES: true MONGO_USE_SMALLFILES: true
......
...@@ -38,9 +38,8 @@ replSet = {{ mongo_repl_set }} ...@@ -38,9 +38,8 @@ replSet = {{ mongo_repl_set }}
# Enables periodic logging of CPU utilization and I/O wait # Enables periodic logging of CPU utilization and I/O wait
#cpu = true #cpu = true
# Turn on/off security. Off is currently the default # Turn on/off security. On is currently the default
#noauth = true auth = {{ MONGO_AUTH | ternary("true", "false") }}
#auth = true
# Verbose logging output. # Verbose logging output.
#verbose = true #verbose = true
......
...@@ -42,6 +42,7 @@ MONGO_USERS: ...@@ -42,6 +42,7 @@ MONGO_USERS:
MONGO_CLUSTERED: false MONGO_CLUSTERED: false
MONGO_BIND_IP: 127.0.0.1 MONGO_BIND_IP: 127.0.0.1
MONGO_REPL_SET: "rs0" MONGO_REPL_SET: "rs0"
MONGO_AUTH: true
# Cluster member configuration # Cluster member configuration
# Fed directly into mongodb_replica_set module # Fed directly into mongodb_replica_set module
......
...@@ -34,6 +34,7 @@ replication: ...@@ -34,6 +34,7 @@ replication:
replSetName: {{ MONGO_REPL_SET }} replSetName: {{ MONGO_REPL_SET }}
security: security:
authorization: {{ MONGO_AUTH | ternary("enabled", "disabled") }}
keyFile: {{ mongo_key_file }} keyFile: {{ mongo_key_file }}
{% endif %} {% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment