skip to Main Content

I am am using ansible to add admin user in mongodb.. I used below playbook but i am getting error. Can someone suggest the solution.. i have also installed pymongo prior to adding user in order to use module. authentication is disabled in mongod.conf and bindIp is set to 0.0.0.0

- hosts: devqa_mongod_single:dwprod_mongod_single
  become: yes
  vars_files:
    - ../../vars/vars_secrets.yaml

  vars: 
    password: "mongoadmin"
    mongoAuth: "/usr/bin/mongosh 'mongodb://admin:{{ password | urlencode() }}@localhost:27017/admin?authSource=admin' --norc --quiet"
    mongoNoAuth: "/usr/bin/mongosh 'mongodb://localhost:27017/admin' --norc --quiet"
  
  tasks:
    # volume config for mongodb
    - name: Create a new xfs primary partition
      community.general.parted:
        device: /dev/nvme1n1
        number: 1
        state: present
        fs_type: xfs
        label: gpt

    - name: Create an xfs filesystem on /dev/nvme1n1
      community.general.filesystem:
        fstype: xfs
        state: present
        dev: /dev/nvme1n1p1

    - name: Create Directory /data/db
      ansible.builtin.file:
        path: /data/db
        state: directory
        owner: root
        group: root
        mode: 0751

    - name: Fetch the UUID of /dev/nvme1n1p1 
      command: blkid -s UUID -o value /dev/nvme1n1p1 
      changed_when: false
      register: blkid_out
           
    - name: Mount /dev/nvme1n1 by UUID 
      ansible.posix.mount:
        path: /data/db
        src: UUID={{ blkid_out.stdout }}
        fstype: xfs
        opts: "defaults,nofail"
        passno: 2
        state: mounted
 
  # Installation of mongodb
    - name: Install aptitude using apt
      apt: 
        name: aptitude 
        state: latest 
        update_cache: yes 
    
    - name: Import public key
      apt_key:
        url: 'https://www.mongodb.org/static/pgp/server-6.0.asc'
        state: present
    
    - name: Add repository
      apt_repository:
        filename: '/etc/apt/sources.list.d/mongodb-org-6.0.list'
        repo: 'deb https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/6.0 multiverse'
        state: present
        update_cache: yes
    
    - name: Install mongoDB
      apt: 
        name: mongodb-org
        state: present
        update_cache: yes 
      notify:
        - restart mongodb  
    
    - name: Recursively change ownership of a /data/db
      ansible.builtin.file:
        path: /data/db
        state: directory
        recurse: yes
        owner: mongodb
        group: mongodb
      notify:
        - restart mongodb
    
    - name: Create Directory /var/run/mongodb
      ansible.builtin.file:
        path: /var/run/mongodb
        state: directory
        owner: mongodb
        group: mongodb
        mode: 0751
      notify:
        - restart mongodb

    - name: Ensure mongodb is running and and enabled to start automatically on reboots
      service: 
        name: mongod 
        enabled: yes
        state: started

  # Installing pymongo to use community.mongodb.mongodb_user module      
    - name: "Install PyMongo"
      apt:
        update_cache: yes
        name: "python3-pymongo"
        state: "latest"    
  
  # copy temorary config file
    - name: user_init | set temporary conf
      become: yes
      timeout: 300
      ansible.builtin.copy:
        src: ../templates/mongodb/mongod_init.conf.j2
        dest: /etc/mongod.conf
        owner: root
        group: root
        mode: '0644'
      notify:
        - restart mongodb   

  # Adding root user
    - name: Check if authentication is enabled
      shell: 
        cmd: "{{ mongoAuth }} --eval 'db.getMongo()'"
        executable: /bin/bash
      register: authenticate 
      failed_when: false 
      changed_when: false
      check_mode: no 

    - name: Create users
      shell: 
        cmd: "{{ (authenticate.rc == 0) | ternary(mongoAuth, mongoNoAuth) }} --eval '{{ js }}'"
        executable: /bin/bash
      vars: 
        js: |
          admin = db.getSiblingDB("admin")
          {% if authenticate.rc != 0 %}
          admin.createUser({ user: "admin", pwd: "{{ password }}", roles: ["root"] })
          admin.auth("admin", "{{ password }}")
          {% endif %} 
      notify:
        - restart mongodb

  # Copy mongod.conf file having auth enabled   
    - name: copy mongod.conf | set
      become: yes
      timeout: 300
      ansible.builtin.copy:
        src: ../templates/mongodb/mongod.conf.j2
        dest: /etc/mongod.conf
        owner: root
        group: root
        mode: '0644'
      register: mongo_conf_set
      notify:
        - restart mongodb 

    - name: Copy mongodb file for log rotation
      become: yes
      timeout: 300
      ansible.builtin.copy:
        src: ../templates/mongodb/mongodb
        dest: /etc/logrotate.d/mongodb
        owner: root
        group: root
        mode: 0644    

    - name: Daemon Reload
      shell: systemctl daemon-reload

    - name: Starting MongoDB service
      service:
        name: mongod
        state: started
  
  handlers:
    - name: restart mongodb
      service: name=mongod state=restarted

my mongod.conf file on instance

systemLog:
  destination: file
  logAppend: true
  logRotate: reopen
  path: /var/log/mongodb/mongod.log

storage:
  dbPath: /data/db
  journal:
    enabled: true
  engine: wiredTiger

processManagement:
  fork: true
  pidFilePath: /var/run/mongodb/mongod.pid

net:
  port: 27017
  bindIp: 0.0.0.0

security:
  authorization: enabled

2

Answers


  1. I create the users manually:

    - hosts: all
      vars: 
        mongoAuth: "/usr/bin/mongosh 'mongodb://admin:{{ password | urlencode() }}@localhost:27017/admin?authSource=admin' --norc --quiet"
        mongoNoAuth: "/usr/bin/mongosh 'mongodb://localhost:27017/admin' --norc --quiet"
    
      tasks: 
      - name: Check if authentication is enabled and if user already exists
        shell: 
          cmd: "{{ mongoAuth }} --eval 'db.getMongo()'"
          executable: /bin/bash
        register: authenticate 
        failed_when: false 
        changed_when: false
        check_mode: no 
    
    
      - name: Create users
        shell: 
          cmd: "{{ (authenticate.rc == 0) | ternary(mongoAuth, mongoNoAuth) }} --eval '{{ js }}'"
          executable: /bin/bash
        vars: 
          js: |
            admin = db.getSiblingDB("admin")
            {% if authenticate.rc != 0 %}
            admin.createUser({ user: "admin", pwd: "{{ password }}", roles: ["root"] })
            admin.auth("admin", "{{ password }}")
            {% endif %} 
            // create more users if needed
            admin.createUser(...)
    
    Login or Signup to reply.
  2. I assume you have a wrong configuration setting on the host.

    Unable to connect to database: Unknown option directconnection

    This doesn’t look like an Ansible error to me.

    To help you further out, you should disable mongo authentication, and restart mongo. Then, create 3 users, admin, root and userAdminAnyDatabase. Then restart mongo. Here is an Ansible role I’ve written for MongoDB, so you can take a look there to see how it works.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search