From 459165ad644d1e9154c458c0aeab7dc867321ed4 Mon Sep 17 00:00:00 2001 From: Daniel Radeau Date: Thu, 7 Dec 2023 17:58:31 +0100 Subject: [PATCH] fix: default value for no_log for dev env --- .../group_vars/all/ansible_options.yml | 1 - .../roles/init_app_bdd/tasks/check_auth.yml | 6 +- .../roles/init_app_bdd/tasks/referential.yml | 2 +- .../tasks/archive-search.yml | 2 +- .../tasks/check_mongo_auth.yml | 6 +- .../tasks/check_mongo_auth.yml | 6 +- .../init_ingest_app_bdd/tasks/ingest.yml | 2 +- deployment/roles/mongo/tasks/check_auth.yml | 6 +- .../mongo_backup/tasks/backup_collection.yml | 5 +- .../roles/mongo_backup/tasks/backup_db.yml | 3 +- .../roles/mongo_configure/tasks/main.yml | 5 +- .../roles/mongo_init/tasks/check_auth.yml | 6 +- deployment/roles/mongo_init/tasks/main.yml | 206 +++++++++--------- .../tasks/restore_collection.yml | 3 +- .../roles/mongo_restore/tasks/restore_db.yml | 5 +- .../tasks/main.yml | 3 +- .../tasks/main.yml | 3 +- .../mongodb_migration_v5/tasks/reconfig.yml | 5 +- .../tasks/main.yml | 3 +- .../mongodb_set_members_groups/tasks/main.yml | 4 +- .../tasks/update_packages_mongod.yml | 178 ++++++++------- deployment/roles/vitamui/tasks/main.yml | 64 +++--- 22 files changed, 249 insertions(+), 275 deletions(-) diff --git a/deployment/environments/group_vars/all/ansible_options.yml b/deployment/environments/group_vars/all/ansible_options.yml index 7fb88ca8ace..695c9e9ed05 100755 --- a/deployment/environments/group_vars/all/ansible_options.yml +++ b/deployment/environments/group_vars/all/ansible_options.yml @@ -1,5 +1,4 @@ --- - packages_install_retries_number: 10 packages_install_retries_delay: 10 hide_passwords_during_deploy: true # false for testing purpose diff --git a/deployment/roles/init_app_bdd/tasks/check_auth.yml b/deployment/roles/init_app_bdd/tasks/check_auth.yml index f1b7df2392e..95e88fcee14 100644 --- a/deployment/roles/init_app_bdd/tasks/check_auth.yml +++ b/deployment/roles/init_app_bdd/tasks/check_auth.yml @@ -1,10 +1,9 @@ --- - - name: Check if authent is enabled command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: - update_mongodb_configuration @@ -29,5 +28,4 @@ set_fact: mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" when: "mongo_authent_enabled.rc == 0" - no_log: "{{ hide_passwords_during_deploy }}" - + no_log: "{{ hide_passwords_during_deploy | default(true) }}" diff --git a/deployment/roles/init_app_bdd/tasks/referential.yml b/deployment/roles/init_app_bdd/tasks/referential.yml index f7257bafd94..2264cfff16d 100644 --- a/deployment/roles/init_app_bdd/tasks/referential.yml +++ b/deployment/roles/init_app_bdd/tasks/referential.yml @@ -21,7 +21,7 @@ - name: Load referential scripts in database command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/scripts/referential/{{ item | basename | regex_replace('\\.j2$') }}" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" with_fileglob: - "{{ role_path }}/templates/referential/*" tags: diff --git a/deployment/roles/init_archive_search_app_bdd/tasks/archive-search.yml b/deployment/roles/init_archive_search_app_bdd/tasks/archive-search.yml index 319a1e06559..57b68f0c603 100644 --- a/deployment/roles/init_archive_search_app_bdd/tasks/archive-search.yml +++ b/deployment/roles/init_archive_search_app_bdd/tasks/archive-search.yml @@ -21,7 +21,7 @@ - name: Load archive search scripts in database command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/scripts/archive-search/{{ item | basename | regex_replace('\\.j2$') }}" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" with_fileglob: - "{{ role_path }}/templates/archive-search/*" tags: diff --git a/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml b/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml index f1b7df2392e..95e88fcee14 100644 --- a/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml +++ b/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml @@ -1,10 +1,9 @@ --- - - name: Check if authent is enabled command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: - update_mongodb_configuration @@ -29,5 +28,4 @@ set_fact: mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" when: "mongo_authent_enabled.rc == 0" - no_log: "{{ hide_passwords_during_deploy }}" - + no_log: "{{ hide_passwords_during_deploy | default(true) }}" diff --git a/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml b/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml index f1b7df2392e..95e88fcee14 100644 --- a/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml +++ b/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml @@ -1,10 +1,9 @@ --- - - name: Check if authent is enabled command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: - update_mongodb_configuration @@ -29,5 +28,4 @@ set_fact: mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" when: "mongo_authent_enabled.rc == 0" - no_log: "{{ hide_passwords_during_deploy }}" - + no_log: "{{ hide_passwords_during_deploy | default(true) }}" diff --git a/deployment/roles/init_ingest_app_bdd/tasks/ingest.yml b/deployment/roles/init_ingest_app_bdd/tasks/ingest.yml index 6ea7cc36b00..19e6362a24d 100644 --- a/deployment/roles/init_ingest_app_bdd/tasks/ingest.yml +++ b/deployment/roles/init_ingest_app_bdd/tasks/ingest.yml @@ -21,7 +21,7 @@ - name: Load ingest scripts in database command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/scripts/ingest/{{ item | basename | regex_replace('\\.j2$') }}" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" with_fileglob: - "{{ role_path }}/templates/ingest/*" tags: diff --git a/deployment/roles/mongo/tasks/check_auth.yml b/deployment/roles/mongo/tasks/check_auth.yml index d1082395bc6..76e2ff040fb 100644 --- a/deployment/roles/mongo/tasks/check_auth.yml +++ b/deployment/roles/mongo/tasks/check_auth.yml @@ -1,10 +1,9 @@ --- - - name: Check if authent is enabled command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: update_mongodb_configuration - name: Set mongo_no_auth fact to true @@ -20,6 +19,5 @@ mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}" mongo_no_auth: false when: "mongo_authent_enabled.rc == 0" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: update_mongodb_configuration - diff --git a/deployment/roles/mongo_backup/tasks/backup_collection.yml b/deployment/roles/mongo_backup/tasks/backup_collection.yml index 11161627244..be1d8149a13 100644 --- a/deployment/roles/mongo_backup/tasks/backup_collection.yml +++ b/deployment/roles/mongo_backup/tasks/backup_collection.yml @@ -1,10 +1,9 @@ --- - - name: mongo dump collection command: "mongodump --host {{ ip_service }} --db {{db}} --collection {{inner_item}} {{mongo_credentials}} --gzip --out {{mongo_dump_folder}}" with_items: - - "{{collections}}" + - "{{collections}}" loop_control: loop_var: inner_item - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" ignore_errors: yes diff --git a/deployment/roles/mongo_backup/tasks/backup_db.yml b/deployment/roles/mongo_backup/tasks/backup_db.yml index 1e42f17a969..8807c351fe1 100644 --- a/deployment/roles/mongo_backup/tasks/backup_db.yml +++ b/deployment/roles/mongo_backup/tasks/backup_db.yml @@ -1,6 +1,5 @@ --- - - name: "mongo dump db ({{db}})" command: "mongodump --host {{ ip_service }} --db {{db}} {{mongo_credentials}} --gzip --out {{mongo_dump_folder}}" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" ignore_errors: yes diff --git a/deployment/roles/mongo_configure/tasks/main.yml b/deployment/roles/mongo_configure/tasks/main.yml index 6d4a42db5fd..10576b76d1d 100644 --- a/deployment/roles/mongo_configure/tasks/main.yml +++ b/deployment/roles/mongo_configure/tasks/main.yml @@ -1,10 +1,9 @@ --- - - name: Set mongo connection & credentials set_fact: mongo_connection: "--host {{ ip_service }} --port {{ mongodb.mongod_port }} --quiet" mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: update_mongodb_configuration # Detect if authentication is enabled @@ -12,7 +11,7 @@ command: "mongosh {{ mongo_connection }} {{ mongo_credentials }} --eval 'db.help();'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: update_mongodb_configuration - name: Disable mongo credentials as authent is not enabled diff --git a/deployment/roles/mongo_init/tasks/check_auth.yml b/deployment/roles/mongo_init/tasks/check_auth.yml index 55a576c57b9..142d5b2041f 100644 --- a/deployment/roles/mongo_init/tasks/check_auth.yml +++ b/deployment/roles/mongo_init/tasks/check_auth.yml @@ -10,7 +10,7 @@ command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" - name: Set mongo_no_auth fact to true set_fact: @@ -20,7 +20,7 @@ - block: - name: Load script in database (docker) - shell: "docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'\"" + shell: 'docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval ''db.help()''"' failed_when: false register: mongo_authent_enabled @@ -36,4 +36,4 @@ set_fact: mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --authenticationDatabase {{ mongodb.admin.db }} " when: not mongo_no_auth - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" diff --git a/deployment/roles/mongo_init/tasks/main.yml b/deployment/roles/mongo_init/tasks/main.yml index 79434d844b2..6ad0a8c086a 100644 --- a/deployment/roles/mongo_init/tasks/main.yml +++ b/deployment/roles/mongo_init/tasks/main.yml @@ -1,109 +1,107 @@ --- - - block: - - - fail: msg="Variable '{{ mongod_source_template_dir }}' is not defined" - when: mongod_source_template_dir is undefined - - - name: Compute list of mongo nodes - set_fact: - mongo_nodes: "{{ mongo_nodes | default([]) + [ hostvars[item]['ip_service'] + ':'+ mongodb.mongod_port | string ] }}" - loop: "{{ groups['hosts_vitamui_mongod'] }}" - - - name: Set Mongo URI - set_fact: - mongod_uri: "{{ mongo_nodes| join(',') }}" - - - name: Set mongod_output_dir_entry_point - set_fact: - mongod_output_dir_entry_point: "{{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/" - - - import_tasks: check_auth.yml - - - name: Initialize directory if it doesn't exist. - file: - path: "{{ mongod_output_dir_entry_point }}" - state: directory - - - name: "Clean directory {{ mongod_output_dir_entry_point }}" - shell: "rm -Rf {{ mongod_output_dir_entry_point }}/*" - - # We sort directories by theirs versions - - name: List script files versions in the directory {{ mongod_source_template_dir }} - delegate_to: localhost - shell: - cmd: find * -maxdepth 1 -type d | sort -V - chdir: "{{ mongod_source_template_dir }}" - register: versions - - # For each version, we apply a second sort on the index of the script file. - - name: List script files in the directory {{ mongod_source_template_dir }} - delegate_to: localhost - shell: - cmd: find {{ version }}/* -type f -print | sort -V -t '_' -k1 - chdir: "{{ mongod_source_template_dir }}" - register: output - loop: "{{ versions.stdout_lines }}" - loop_control: - loop_var: version - - - name: "Compute file scripts" - delegate_to: localhost - set_fact: - mongod_files: "{{ (mongod_files| default([])) + item.stdout_lines }}" - loop: "{{ output.results }}" - - # We apply regex for included and excluded files in order to compute the eligible scripts. - - name: Compute list of excluded files - delegate_to: localhost - set_fact: - mongod_excluded_files : "{{ (mongod_excluded_files| default([])) + [ item.0 ] }}" - when: item.0 is not match(item.1) or item.0 is match(item.2) - with_nested: - - "{{ mongod_files }}" - - "{{ mongodb.included_scripts }}" - - "{{ mongodb.excluded_scripts }}" - - - name: Compute list of eligible files - delegate_to: localhost - set_fact: - mongod_eligible_files : "{{ (mongod_eligible_files| default([])) + [ {'name': item, 'version': item | regex_replace('^(.+)/(.+)$', '\\1') ,'finalname': 'vitamui_' + item | regex_replace('/', '_') | basename | regex_replace('\\.j2$')} ] }}" - loop: "{{ mongod_files | difference(mongod_excluded_files| default([])) }}" - - # We generate scripts and upload on remote host - - name: Compute and copy script files - template: - src: "{{ mongod_source_template_dir }}/{{ item.name }}" - dest: "{{ mongod_output_dir_entry_point }}/{{ item.finalname }}" - owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}" - group: "{{ vitamui_defaults.users.group | default('vitamui') }}" - mode: 0755 - loop: "{{ mongod_eligible_files | unique }}" - - - name: "Prepare file" - include_tasks: "prepare_script.yml" - when: mongodb.versioning is defined and mongodb.versioning.enable - loop: "{{ mongod_eligible_files | unique }}" - loop_control: - loop_var: mongo_file - - - name: Compute main script file - template: - src: "main_script.js.j2" - dest: "{{ mongod_output_dir_entry_point }}/main_script.js" - owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}" - group: "{{ vitamui_defaults.users.group | default('vitamui') }}" - mode: 0755 - - - name: Load script in database - shell: "mongosh mongodb://{{ mongod_uri }}/admin {{ mongo_credentials }} --quiet --file {{ mongod_output_dir_entry_point }}/main_script.js" - no_log: "{{ hide_passwords_during_deploy }}" - when: mongodb.docker is not defined or not mongodb.docker.enable - - - name: Load script in database test (docker) - command: "docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin {{ mongo_credentials }} --quiet --file {{ mongodb.docker.internal_dir}}/app/mongod/main_script.js\"" - no_log: "{{ hide_passwords_during_deploy }}" - when: mongodb.docker is defined and mongodb.docker.enable + - fail: msg="Variable '{{ mongod_source_template_dir }}' is not defined" + when: mongod_source_template_dir is undefined + + - name: Compute list of mongo nodes + set_fact: + mongo_nodes: "{{ mongo_nodes | default([]) + [ hostvars[item]['ip_service'] + ':'+ mongodb.mongod_port | string ] }}" + loop: "{{ groups['hosts_vitamui_mongod'] }}" + + - name: Set Mongo URI + set_fact: + mongod_uri: "{{ mongo_nodes| join(',') }}" + + - name: Set mongod_output_dir_entry_point + set_fact: + mongod_output_dir_entry_point: "{{ vitamui_defaults.folder.root_path | default('/vitamui') }}/app/mongod/" + + - import_tasks: check_auth.yml + + - name: Initialize directory if it doesn't exist. + file: + path: "{{ mongod_output_dir_entry_point }}" + state: directory + + - name: "Clean directory {{ mongod_output_dir_entry_point }}" + shell: "rm -Rf {{ mongod_output_dir_entry_point }}/*" + + # We sort directories by theirs versions + - name: List script files versions in the directory {{ mongod_source_template_dir }} + delegate_to: localhost + shell: + cmd: find * -maxdepth 1 -type d | sort -V + chdir: "{{ mongod_source_template_dir }}" + register: versions + + # For each version, we apply a second sort on the index of the script file. + - name: List script files in the directory {{ mongod_source_template_dir }} + delegate_to: localhost + shell: + cmd: find {{ version }}/* -type f -print | sort -V -t '_' -k1 + chdir: "{{ mongod_source_template_dir }}" + register: output + loop: "{{ versions.stdout_lines }}" + loop_control: + loop_var: version + + - name: "Compute file scripts" + delegate_to: localhost + set_fact: + mongod_files: "{{ (mongod_files| default([])) + item.stdout_lines }}" + loop: "{{ output.results }}" + + # We apply regex for included and excluded files in order to compute the eligible scripts. + - name: Compute list of excluded files + delegate_to: localhost + set_fact: + mongod_excluded_files: "{{ (mongod_excluded_files| default([])) + [ item.0 ] }}" + when: item.0 is not match(item.1) or item.0 is match(item.2) + with_nested: + - "{{ mongod_files }}" + - "{{ mongodb.included_scripts }}" + - "{{ mongodb.excluded_scripts }}" + + - name: Compute list of eligible files + delegate_to: localhost + set_fact: + mongod_eligible_files: "{{ (mongod_eligible_files| default([])) + [ {'name': item, 'version': item | regex_replace('^(.+)/(.+)$', '\\1') ,'finalname': 'vitamui_' + item | regex_replace('/', '_') | basename | regex_replace('\\.j2$')} ] }}" + loop: "{{ mongod_files | difference(mongod_excluded_files| default([])) }}" + + # We generate scripts and upload on remote host + - name: Compute and copy script files + template: + src: "{{ mongod_source_template_dir }}/{{ item.name }}" + dest: "{{ mongod_output_dir_entry_point }}/{{ item.finalname }}" + owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}" + group: "{{ vitamui_defaults.users.group | default('vitamui') }}" + mode: 0755 + loop: "{{ mongod_eligible_files | unique }}" + + - name: "Prepare file" + include_tasks: "prepare_script.yml" + when: mongodb.versioning is defined and mongodb.versioning.enable + loop: "{{ mongod_eligible_files | unique }}" + loop_control: + loop_var: mongo_file + + - name: Compute main script file + template: + src: "main_script.js.j2" + dest: "{{ mongod_output_dir_entry_point }}/main_script.js" + owner: "{{ vitamui_defaults.users.vitamuidb | default('vitamuidb') }}" + group: "{{ vitamui_defaults.users.group | default('vitamui') }}" + mode: 0755 + + - name: Load script in database + shell: "mongosh mongodb://{{ mongod_uri }}/admin {{ mongo_credentials }} --quiet --file {{ mongod_output_dir_entry_point }}/main_script.js" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + when: mongodb.docker is not defined or not mongodb.docker.enable + + - name: Load script in database test (docker) + command: 'docker exec --tty {{ mongodb.docker.image_name }} /bin/bash -c "mongosh mongodb://{{ mongod_uri }}/admin {{ mongo_credentials }} --quiet --file {{ mongodb.docker.internal_dir}}/app/mongod/main_script.js"' + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + when: mongodb.docker is defined and mongodb.docker.enable # - name: "Execute file" # include_tasks: "execute_script.yml" diff --git a/deployment/roles/mongo_restore/tasks/restore_collection.yml b/deployment/roles/mongo_restore/tasks/restore_collection.yml index e7b85236660..cf0bbef9997 100644 --- a/deployment/roles/mongo_restore/tasks/restore_collection.yml +++ b/deployment/roles/mongo_restore/tasks/restore_collection.yml @@ -1,9 +1,8 @@ --- - - name: Restore each collection for {{db}} command: "mongorestore --host {{ ip_service }} --db {{db}} --collection {{inner_item}} {{mongo_credentials}} --gzip {{mongo_dump_folder}}/{{db}}/{{inner_item}}.bson.gz" with_items: "{{collections}}" loop_control: loop_var: inner_item - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" ignore_errors: yes diff --git a/deployment/roles/mongo_restore/tasks/restore_db.yml b/deployment/roles/mongo_restore/tasks/restore_db.yml index 01a494c762a..1ec6daaac10 100644 --- a/deployment/roles/mongo_restore/tasks/restore_db.yml +++ b/deployment/roles/mongo_restore/tasks/restore_db.yml @@ -1,6 +1,5 @@ --- - - name: Restore db full {{db}} command: "mongorestore --host {{ ip_service }} --db {{db}} {{mongo_credentials}} --gzip {{mongo_dump_folder}}/{{db}} --drop" - no_log: "{{ hide_passwords_during_deploy }}" - ignore_errors: yes \ No newline at end of file + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + ignore_errors: yes diff --git a/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml b/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml index c0aae381d8f..0b16784b1d2 100644 --- a/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml +++ b/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Ensure mongosh package is present package: name: @@ -20,7 +19,7 @@ - name: "Check compatibility version with mongo {{ mongo_compatibility_list }}" command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_compatibility_version.js" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" ignore_errors: true # To properly catch output on the next task register: output_compatibility_version diff --git a/deployment/roles/mongodb_check_replica_state/tasks/main.yml b/deployment/roles/mongodb_check_replica_state/tasks/main.yml index 3baa348865c..33cb19db00f 100644 --- a/deployment/roles/mongodb_check_replica_state/tasks/main.yml +++ b/deployment/roles/mongodb_check_replica_state/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Copy check_replica_state database script copy: src: check_replica_state.js @@ -10,7 +9,7 @@ - name: Check replica state command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_replica_state.js" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" ignore_errors: true # To properly catch output on the next task register: output_replica_state diff --git a/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml b/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml index e00dcd5bfff..2aff21d80ff 100644 --- a/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml +++ b/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml @@ -1,10 +1,9 @@ --- - # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output - name: Check if the member is primary of the replicaset or not command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'" register: primary_test_command - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" - name: Copy reconfiguration database script when primary copy: @@ -17,6 +16,6 @@ - name: "Reconfigure replicaset for {{ mongo_type }}" command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/{{ mongo_type }}/reconfig.js" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" when: - primary_test_command.stdout == 'true' diff --git a/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml b/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml index 5159e306463..f3b6eeb84c9 100644 --- a/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml +++ b/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Ensure mongosh package is present package: name: @@ -20,4 +19,4 @@ - name: "Set_feature_compatibility to {{ mongo_version }}" command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/mongod/set_feature_compatibility.js" - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" diff --git a/deployment/roles/mongodb_set_members_groups/tasks/main.yml b/deployment/roles/mongodb_set_members_groups/tasks/main.yml index 4ea99669272..74479e84fd5 100644 --- a/deployment/roles/mongodb_set_members_groups/tasks/main.yml +++ b/deployment/roles/mongodb_set_members_groups/tasks/main.yml @@ -1,10 +1,9 @@ --- - # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output - name: Check if the member is primary of the replicaset or not command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'" register: primary_test_command - no_log: "{{ hide_passwords_during_deploy }}" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" # set the is_primary var for each host to find out if the member is primary or not, used later to upgrade first secondary nodes - name: Set is_primary = true var @@ -18,4 +17,3 @@ is_primary: false when: - primary_test_command.stdout != 'true' - diff --git a/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml b/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml index 6ab4d640d00..1e6b7e9add0 100644 --- a/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml +++ b/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml @@ -1,107 +1,105 @@ --- - - block: + - name: Copy database scripts + copy: + src: "{{ item }}" + dest: "{{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}" + owner: "{{ vitamui_defaults.users.vitamuidb }}" + group: "{{ vitamui_defaults.users.group }}" + mode: "{{ vitamui_defaults.folder.conf_permission }}" + with_items: + - shutdown.js + - wait_until_proper_node_state.js + - wait_until_not_master.js - - name: Copy database scripts - copy: - src: "{{ item }}" - dest: "{{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}" - owner: "{{ vitamui_defaults.users.vitamuidb }}" - group: "{{ vitamui_defaults.users.group }}" - mode: "{{ vitamui_defaults.folder.conf_permission }}" - with_items: - - shutdown.js - - wait_until_proper_node_state.js - - wait_until_not_master.js - - # Elect a new primary member (if we are the primary and if there is more than 1 node) - - block: - # https://www.mongodb.com/docs/manual/reference/method/rs.stepDown/ - - name: Step down the member (elect a new primary member) - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.stepDown();'" - no_log: "{{ hide_passwords_during_deploy }}" - ignore_errors: true # as we are brutally disconnected by the server (because reboot) + # Elect a new primary member (if we are the primary and if there is more than 1 node) + - block: + # https://www.mongodb.com/docs/manual/reference/method/rs.stepDown/ + - name: Step down the member (elect a new primary member) + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.stepDown();'" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + ignore_errors: true # as we are brutally disconnected by the server (because reboot) - - name: Wait until this member is not primary anymore - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js" - no_log: "{{ hide_passwords_during_deploy }}" - ignore_errors: true # To properly catch output on the next task - register: output_not_master + - name: Wait until this member is not primary anymore + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + ignore_errors: true # To properly catch output on the next task + register: output_not_master - - name: Fail if step down is not succeeded - assert: - fail_msg: "{{ output_not_master.stderr_lines }}" - success_msg: "{{ output_not_master.stdout_lines }}" - that: output_not_master.rc == 0 - when: - - is_primary == true - - groups['hosts_vitamui_mongod'] | length > 1 + - name: Fail if step down is not succeeded + assert: + fail_msg: "{{ output_not_master.stderr_lines }}" + success_msg: "{{ output_not_master.stdout_lines }}" + that: output_not_master.rc == 0 + when: + - is_primary == true + - groups['hosts_vitamui_mongod'] | length > 1 - - name: Graceful shutdown of node - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js" - no_log: "{{ hide_passwords_during_deploy }}" - ignore_errors: true # as we are brutally disconnected by the server (because of shutdown) + - name: Graceful shutdown of node + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + ignore_errors: true # as we are brutally disconnected by the server (because of shutdown) - - name: Workaround to manually force shutdown as services are set to Restart=always - systemd: - name: "{{ mongodb.service_name | default('vitamui-mongod') }}" - state: stopped + - name: Workaround to manually force shutdown as services are set to Restart=always + systemd: + name: "{{ mongodb.service_name | default('vitamui-mongod') }}" + state: stopped - # Upgrade the package - - name: "Update mongodb packages ({{ mongo_version }})" - yum: - name: - - "mongodb-org-server-{{ mongo_version }}" - state: present - update_cache: yes # make sure cache is up to date for upgrade - register: result - retries: "{{ packages_install_retries_number }}" - until: result is succeeded - delay: "{{ packages_install_retries_delay }}" - when: ansible_os_family == "RedHat" + # Upgrade the package + - name: "Update mongodb packages ({{ mongo_version }})" + yum: + name: + - "mongodb-org-server-{{ mongo_version }}" + state: present + update_cache: yes # make sure cache is up to date for upgrade + register: result + retries: "{{ packages_install_retries_number }}" + until: result is succeeded + delay: "{{ packages_install_retries_delay }}" + when: ansible_os_family == "RedHat" - - name: "Update mongodb packages ({{ mongo_version }})" - apt: - name: - - "mongodb-org-server={{ mongo_version }}" - state: present - update_cache: yes # make sure cache is up to date for upgrade - register: result - retries: "{{ packages_install_retries_number }}" - until: result is succeeded - delay: "{{ packages_install_retries_delay }}" - when: ansible_os_family == "Debian" + - name: "Update mongodb packages ({{ mongo_version }})" + apt: + name: + - "mongodb-org-server={{ mongo_version }}" + state: present + update_cache: yes # make sure cache is up to date for upgrade + register: result + retries: "{{ packages_install_retries_number }}" + until: result is succeeded + delay: "{{ packages_install_retries_delay }}" + when: ansible_os_family == "Debian" - - name: Disable default mongodb service - systemd: - name: mongod - enabled: no - state: stopped + - name: Disable default mongodb service + systemd: + name: mongod + enabled: no + state: stopped - - name: Make sure the service is restarted - systemd: - name: "vitamui-{{ mongo_type }}" - daemon_reload: yes - state: restarted - enabled: "{{ mongodb.at_boot | default(service_at_boot) }}" + - name: Make sure the service is restarted + systemd: + name: "vitamui-{{ mongo_type }}" + daemon_reload: yes + state: restarted + enabled: "{{ mongodb.at_boot | default(service_at_boot) }}" - - name: Check the service port - wait_for: - host: "{{ ip_service }}" - port: "{{ mongo_port }}" - timeout: "{{ vitamui_defaults.services.start_timeout }}" + - name: Check the service port + wait_for: + host: "{{ ip_service }}" + port: "{{ mongo_port }}" + timeout: "{{ vitamui_defaults.services.start_timeout }}" - - name: Wait for node to join the cluster and reach "secondary" or "primary" status - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js" - no_log: "{{ hide_passwords_during_deploy }}" - ignore_errors: true # To properly catch output on the next task - register: output_node_state + - name: Wait for node to join the cluster and reach "secondary" or "primary" status + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js" + no_log: "{{ hide_passwords_during_deploy | default(true) }}" + ignore_errors: true # To properly catch output on the next task + register: output_node_state - - name: Fail if node state is incorrect - assert: - fail_msg: "{{ output_node_state.stderr_lines }}" - success_msg: "{{ output_node_state.stdout_lines }}" - that: output_node_state.rc == 0 + - name: Fail if node state is incorrect + assert: + fail_msg: "{{ output_node_state.stderr_lines }}" + success_msg: "{{ output_node_state.stdout_lines }}" + that: output_node_state.rc == 0 when: - is_primary == mongo_primary diff --git a/deployment/roles/vitamui/tasks/main.yml b/deployment/roles/vitamui/tasks/main.yml index 30228313be0..b297f8d9818 100644 --- a/deployment/roles/vitamui/tasks/main.yml +++ b/deployment/roles/vitamui/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: "Install {{ vitamui_struct.package_name | default(package_name) }} package" package: name: "{{ vitamui_struct.package_name | default(package_name) }}" @@ -16,32 +15,31 @@ # Force a specific version to install (even downgrade) - block: - - - name: "Install {{ vitamui_struct.package_name | default(package_name) }} package" - apt: - name: "{{ vitamui_struct.package_name | default(package_name) }}={{ force_vitamui_version }}" - force: yes - state: present - register: result - retries: "{{ packages_install_retries_number }}" - until: result is succeeded - delay: "{{ packages_install_retries_delay }}" - tags: update_package_vitamui - notify: restart service - when: ansible_os_family == "Debian" - - - name: "Install {{ vitamui_struct.package_name | default(package_name) }} package" - yum: - name: "{{ vitamui_struct.package_name | default(package_name) }}-{{ force_vitamui_version }}" - allow_downgrade : yes - state: present - register: result - retries: "{{ packages_install_retries_number }}" - until: result is succeeded - delay: "{{ packages_install_retries_delay }}" - tags: update_package_vitamui - notify: restart service - when: ansible_os_family == "RedHat" + - name: "Install {{ vitamui_struct.package_name | default(package_name) }} package" + apt: + name: "{{ vitamui_struct.package_name | default(package_name) }}={{ force_vitamui_version }}" + force: yes + state: present + register: result + retries: "{{ packages_install_retries_number }}" + until: result is succeeded + delay: "{{ packages_install_retries_delay }}" + tags: update_package_vitamui + notify: restart service + when: ansible_os_family == "Debian" + + - name: "Install {{ vitamui_struct.package_name | default(package_name) }} package" + yum: + name: "{{ vitamui_struct.package_name | default(package_name) }}-{{ force_vitamui_version }}" + allow_downgrade: yes + state: present + register: result + retries: "{{ packages_install_retries_number }}" + until: result is succeeded + delay: "{{ packages_install_retries_delay }}" + tags: update_package_vitamui + notify: restart service + when: ansible_os_family == "RedHat" when: force_vitamui_version is defined @@ -125,7 +123,7 @@ mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}" with_fileglob: - "{{ role_path }}/templates/{{ vitamui_struct.vitamui_component }}/*" - #no_log: "{{ hide_passwords_during_deploy }}" + #no_log: "{{ hide_passwords_during_deploy | default(true) }}" tags: - update_vitam_configuration notify: @@ -138,7 +136,7 @@ owner: "{{ vitamui_defaults.users.vitamui | default('vitamui') }}" group: "{{ vitamui_defaults.users.group | default('vitamui') }}" mode: "{{ vitamui_defaults.folder.folder_permission | default('0750') }}" - when: "( vitamui_struct.secure | default(secure) | lower == 'true' ) and ({{ lookup('pipe', 'test -f {{ inventory_dir }}/keystores/server/{{ inventory_hostname }}/keystore_{{ vitamui_struct.vitamui_component }}.jks || echo nofile') == \"\" }})" + when: '( vitamui_struct.secure | default(secure) | lower == ''true'' ) and ({{ lookup(''pipe'', ''test -f {{ inventory_dir }}/keystores/server/{{ inventory_hostname }}/keystore_{{ vitamui_struct.vitamui_component }}.jks || echo nofile'') == "" }})' tags: - update_vitamui_certificates notify: @@ -156,7 +154,7 @@ - vitamui_struct.secure | default(secure) | lower == 'true' - vitamui_certificate_type is defined - "vitamui_certificate_type|lower == 'server'" - - "{{ lookup('pipe', 'test -f {{ inventory_dir }}/keystores/server/truststore_server.jks || echo nofile') == \"\" }}" + - '{{ lookup(''pipe'', ''test -f {{ inventory_dir }}/keystores/server/truststore_server.jks || echo nofile'') == "" }}' tags: - update_vitamui_certificates notify: @@ -174,7 +172,7 @@ - vitamui_struct.secure | default(secure) | lower == 'true' - vitamui_certificate_type is defined - "vitamui_certificate_type|lower == 'external'" - - "{{ lookup('pipe', 'test -f {{ inventory_dir }}/keystores/client-{{ vitamui_certificate_type }}/truststore_{{ vitamui_certificate_type }}.jks || echo nofile') == \"\" }}" + - '{{ lookup(''pipe'', ''test -f {{ inventory_dir }}/keystores/client-{{ vitamui_certificate_type }}/truststore_{{ vitamui_certificate_type }}.jks || echo nofile'') == "" }}' tags: - update_vitamui_certificates notify: @@ -182,11 +180,11 @@ - name: "Execute sub-tasks for the component type: {{ vitamui_struct.vitamui_component_type }}" include_tasks: "{{ vitamui_struct.vitamui_component_type }}.yml" - when: "{{ lookup('pipe', 'test -f {{ role_path }}/tasks/{{ vitamui_struct.vitamui_component_type }}.yml || echo nofile') == \"\" }}" + when: '{{ lookup(''pipe'', ''test -f {{ role_path }}/tasks/{{ vitamui_struct.vitamui_component_type }}.yml || echo nofile'') == "" }}' - name: "Execute sub-tasks for the component: {{ vitamui_struct.vitamui_component }}" include_tasks: "{{ vitamui_struct.vitamui_component }}.yml" - when: "{{ lookup('pipe', 'test -f {{ role_path }}/tasks/{{ vitamui_struct.vitamui_component }}.yml || echo nofile') == \"\" }}" + when: '{{ lookup(''pipe'', ''test -f {{ role_path }}/tasks/{{ vitamui_struct.vitamui_component }}.yml || echo nofile'') == "" }}' - meta: flush_handlers tags: