Refactoring to repair user creation

bootstrap admin creation removing debug flag new local module rename Changing to string from list porting Carson's upgrade removing create user flag refactoring handling of 2.4 removing to another pr making autograde gated by cluster status pulling in Carsons changes Carsons changes to cluster rename Carsons changes Adding template for root user Updating vars Removing colon whitespace whitespace module name restore missing code, whitespace, update vars. * playbooks/roles/mongo/templates/repset_init.js.j2: restore whitespace typo adding replica set, needs testing on sandbox updating vars One more var sigh Removing auth, unsure this is needed

Refactoring to repair user creation
bootstrap admin creation removing debug flag new local module rename Changing to string from list porting Carson's upgrade removing create user flag refactoring handling of 2.4 removing to another pr making autograde gated by cluster status pulling in Carsons changes Carsons changes to cluster rename Carsons changes Adding template for root user Updating vars Removing colon whitespace whitespace module name restore missing code, whitespace, update vars. * playbooks/roles/mongo/templates/repset_init.js.j2: restore whitespace typo adding replica set, needs testing on sandbox updating vars One more var sigh Removing auth, unsure this is needed
edbd944f · Edward Zarecor · 44f6e1c3 · edbd944f · edbd944f · edbd944f
Commit edbd944f authored Nov 11, 2014 by Edward Zarecor
5 changed files
--- a/playbooks/roles/mongo/defaults/main.yml
+++ b/playbooks/roles/mongo/defaults/main.yml
 mongo_logappend: true
-mongo_version: 2.6.4
+mongo_version: 2.6.5
 mongo_port: "27017"
 mongo_extra_conf: ''
 mongo_key_file: '/etc/mongodb_key'
 mongo_repl_set: rs0
 mongo_cluster_members: []
+pymongo_version: 2.7.2

 mongo_data_dir: "{{ COMMON_DATA_DIR }}/mongo"
 mongo_log_dir: "{{ COMMON_LOG_DIR }}/mongo"
@@ -14,13 +15,17 @@ MONGODB_APT_KEY: "http://docs.mongodb.org/10gen-gpg-key.asc"
 MONGODB_REPO: "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen"

 # Vars Meant to be overridden
+MONGO_ADMIN_USER: 'admin'
+MONGO_ADMIN_PASSWORD: 'password'
 MONGO_USERS:
  - user: cs_comments_service
    password: password
    database: cs_comments_service
+    roles: readWrite
  - user: edxapp
    password: password
    database: edxapp
+    roles: readWrite

 MONGO_CLUSTERED: !!null
 MONGO_BIND_IP: 127.0.0.1
@@ -30,10 +35,6 @@ MONGO_BIND_IP: 127.0.0.1
 mongo_logpath: "{{ mongo_log_dir }}/mongodb.log"
 mongo_dbpath: "{{ mongo_data_dir }}/mongodb"

-# Have to use this conditional instead of ignore errors
-# because the mongo_user module fails and doesn't ignore errors.
-mongo_create_users: true
-
 # If the system is running out of an Amazon Web Services
 # cloudformation stack, this group name can used to pull out
 # the name of the stack the mongo server resides in.

--- a/playbooks/roles/mongo/tasks/main.yml
+++ b/playbooks/roles/mongo/tasks/main.yml
-
 ---
- name: check to see that MongoDB 2.4 isn't installed
+- name: check to see that MongoDB 2.4 is not installed
  stat: path=/etc/init.d/mongodb
  register: mongodb_needs_upgrade

 - name: verify 2.4 not installed
-  fail: msg="MongoDB 2.4 is currently installed. If on a stand alone host (devstack), apt-get remove mongodb-10gen and re-run ansible. if on a cluster, read http://docs.mongodb.org/manual/release-notes/2.6-upgrade/#upgrade-considerations and upgrade to 2.6."
-  when: mongodb_needs_upgrade.stat.exists 
-
-
+  fail: msg="MongoDB 2.4 is currently installed and cannot be safely upgraded in a clustered configuration.  Please read http://docs.mongodb.org/manual/release-notes/2.6-upgrade/#upgrade-considerations and upgrade to 2.6."
+  when: mongodb_needs_upgrade.stat.exists and MONGO_CLUSTERED
+  
+- name: remove mongo 2.4 if present
+  apt: >
+    pkg=mongodb-10gen
+    state=absent purge=yes
+    force=yes
+  when: mongodb_needs_upgrade.stat.exists and not MONGO_CLUSTERED
+  
 - name: install python pymongo for mongo_user ansible module
  pip: >
    name=pymongo state=present
-    version=2.6.3 extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+    version={{ pymongo_version }} extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"

 - name: add the mongodb signing key
  apt_key: >
@@ -46,8 +51,9 @@
  service: name=mongod state=stopped

 - name: move mongodb to {{ mongo_data_dir }}
-  command: mv /var/lib/mongodb  {{ mongo_data_dir}}/.  creates={{ mongo_data_dir }}/mongodb
-
+  command: >
+    mv /var/lib/mongodb  {{ mongo_data_dir}}/.
+    creates={{ mongo_data_dir }}/mongodb

 - name: copy mongodb key file
  copy: >
@@ -68,24 +74,56 @@
 - name: wait for mongo server to start
  wait_for: port=27017 delay=2

+- name: drop super user script
+  template: src="create_root.js.j2" dest="/tmp/create_root.js"
+  when: not MONGO_CLUSTERED
+
+- name: create super user with js
+  shell: >
+    /usr/bin/mongo admin /tmp/create_root.js
+  when: not MONGO_CLUSTERED
+
+- name: delete super user script
+  file: path=/tmp/create_root.js state=absent
+  when: not MONGO_CLUSTERED
+
 - name: Create the file to initialize the mongod replica set
-  template: src=repset_init.j2 dest=/tmp/repset_init.js
+  template: src=repset_init.js.j2 dest=/tmp/repset_init.js
  when: MONGO_CLUSTERED

 - name: Initialize the replication set
-  shell: /usr/bin/mongo  /tmp/repset_init.js
+  shell: >
+    /usr/bin/mongo /tmp/repset_init.js
  when: MONGO_CLUSTERED

-# Ignore errors doesn't work because the module throws an exception
-# it doesn't catch.
+#- name: delete repset script
+#  file: path=/tmp/repset_init.js state=absent
+#  when: MONGO_CLUSTERED
+
 - name: create a mongodb user
-  mongodb_user: >
+  mongo_user_1.8: >
    database={{ item.database }}
+    login_user={{ MONGO_ADMIN_USER }}
+    login_password={{ MONGO_ADMIN_PASSWORD }}
    name={{ item.user }}
    password={{ item.password }}
+    roles={{ item.roles }}
    state=present
  with_items: MONGO_USERS
-  when: mongo_create_users
+  when: not MONGO_CLUSTERED
+
+- name: create a mongodb user
+  mongo_user_1.8: >
+    database={{ item.database }}
+    login_user={{ MONGO_ADMIN_USER }}
+    login_password={{ MONGO_ADMIN_PASSWORD }}
+    name={{ item.user }}
+    password={{ item.password }}
+    roles={{ item.roles }}
+    state=present
+    replica_set={{ mongo_repl_set }}
+  with_items: MONGO_USERS
+  when: MONGO_CLUSTERED

 - name: install s3cmd
  pip: >
@@ -93,7 +131,7 @@
    state=present
    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
  when: MONGO_S3_BACKUP
- 
+
 - name: configure s3cmd
  template: >
    dest="{{ MONGO_S3_S3CMD_CONFIG }}"

--- a/playbooks/roles/mongo/templates/create_root.js.j2
+++ b/playbooks/roles/mongo/templates/create_root.js.j2
+// Add super user
+conn = new Mongo();
+db = conn.getDB("admin");
+db.auth( '{{ MONGO_ADMIN_USER }}', '{{ MONGO_ADMIN_PASSWORD }}');
+
+if(db.getUser('{{ MONGO_ADMIN_USER }}') == null) {
+    db.createUser(
+        {
+            "user": "{{ MONGO_ADMIN_USER }}",
+            "pwd": "{{ MONGO_ADMIN_PASSWORD }}",
+            "roles": ["root"]
+        }
+    );
+} else {
+    db.updateUser(
+        "{{ MONGO_ADMIN_USER }}",
+        {
+            "pwd": "{{ MONGO_ADMIN_PASSWORD }}",
+            "roles": ["root"]
+        }
+    );
+}
+
--- a/playbooks/roles/mongo/templates/repset_init.j2
+++ b/playbooks/roles/mongo/templates/repset_init.j2
@@ -20,9 +20,9 @@
 {%- endif -%}

 config = {_id: '{{ mongo_repl_set }}', members: [
-	   {%- for host in hosts -%}
-	   {_id: {{ loop.index }}, host: '{{ host }}'}{% if not loop.last %},{% endif %}
-	   {%- endfor -%}
+       {%- for host in hosts -%}
+       {_id: {{ loop.index }}, host: '{{ host }}'}{% if not loop.last %},{% endif %}
+       {%- endfor -%}
           ]};
 rs.initiate(config)

@@ -47,4 +47,26 @@ if(rs.isMaster().ismaster) {
            throw 'Could not add all members to cluster'
        }
    }
+    // Now add super user to cluster
+    conn = new Mongo();
+    db = conn.getDB("admin");
+    db.auth( '{{ MONGO_ADMIN_USER }}', '{{ MONGO_ADMIN_PASSWORD }}');
+
+    if(db.getUser("{{ MONGO_ADMIN_USER }}") == null) {
+        db.createUser(
+            {
+                "user": "{{ MONGO_ADMIN_USER }}",
+                "pwd": "{{ MONGO_ADMIN_PASSWORD }}",
+                "roles": ["root"]
+            }
+        );
+    } else {
+        db.updateUser(
+            "{{ MONGO_ADMIN_USER }}",
+            {
+                "pwd": "{{ MONGO_ADMIN_PASSWORD }}",
+                "roles": ["root"]
+            }
+        );
+    }
 }
--- a/playbooks/vagrant-cluster.yml
+++ b/playbooks/vagrant-cluster.yml
@@ -10,7 +10,6 @@
      - "cluster3"
    MONGO_CLUSTERED: yes
    MONGO_CLUSTER_KEY: 'password'
-    mongo_create_users: no
    ELASTICSEARCH_CLUSTERED: yes
    MARIADB_CLUSTERED: yes
    MARIADB_CREATE_DBS: no
@@ -41,8 +40,7 @@
  roles:
    - rabbitmq

-# Mongo user doesn't handle slave's gracefully when
-# creating users and there are race conditions
+# There are race conditions creating DBs
 # in MariaDB occasionally so this play will work
 # but will also show as failed
 - name: Configure group with tasks that will always fail
@@ -50,19 +48,10 @@
  sudo: True
  gather_facts: True
  vars:
-    mongo_cluster_members:
-      - "cluster1"
-      - "cluster2"
-      - "cluster3"
-    MONGO_CLUSTERED: yes
-    MONGO_CLUSTER_KEY: 'password'
-    mongo_create_users: yes
-    RABBITMQ_CLUSTERED: yes
    MARIADB_CLUSTERED: yes
    MARIADB_CREATE_DBS: yes
  vars_files:
    - "group_vars/all"
    - "roles/analytics-api/defaults/main.yml"
  roles:
-    - mongo
    - mariadb