PLAT-183 Add MongoDB SSL support

mongodb/mongodb/mongodb.tf

@@ -6,6 +6,8 @@ variable "mongodb_conf_engine"      {}
 variable "mongodb_conf_replsetname" {}
 variable "mongodb_conf_oplogsizemb" {}
 variable "mongodb_key_s3_object"    {}
+variable "mongodb_ssl_server_key_s3_object" {}
+variable "mongodb_ssl_client_key_s3_object" {}
 variable "opsmanager_key_s3_object" {}
 variable "mongodb_iam_name"         {}
 variable "mongodb_sg_id"            {}
@@ -63,6 +65,8 @@ data "template_file" "user_data" {
     mongodb_conf_replsetname = "${var.mongodb_conf_replsetname}"
     mongodb_conf_oplogsizemb = "${var.mongodb_conf_oplogsizemb}"
     mongodb_key_s3_object    = "${var.mongodb_key_s3_object}"
+    mongodb_ssl_server_key_s3_object = "${var.mongodb_ssl_server_key_s3_object}"
+    mongodb_ssl_client_key_s3_object = "${var.mongodb_ssl_client_key_s3_object}"
     opsmanager_key_s3_object = "${var.opsmanager_key_s3_object}"
     opsmanager_subdomain     = "${var.opsmanager_subdomain}"
     hostname                 = "${var.route53_hostname}"

mongodb/mongodb/templates/user-data.sh

@@ -201,6 +201,14 @@ if [ "${role_node}" == "true" ]; then
   # Automation Agent won't start without proper hostname resolution, but Route53 takes a few mins to propagate.
   echo "`curl http://169.254.169.254/latest/meta-data/local-ipv4` ${hostname}" >> /etc/hosts
 
+  # setup ssl certificates
+  SSL_PATH=/etc/mongodb/ssl
+  mkdir -p $SSL_PATH
+  aws s3 --region=${aws_region} cp ${mongodb_ssl_server_key_s3_object} $SSL_PATH/mongodb_ssl_server.pem
+  aws s3 --region=${aws_region} cp ${mongodb_ssl_client_key_s3_object} $SSL_PATH/mongodb_ssl_client.pem
+  chmod 700 -R $SSL_PATH
+  chown -R mongodb:mongodb $SSL_PATH
+
   service mongodb-mms-automation-agent stop
   service mongodb-mms-automation-agent start
 fi