我正在使用ansible在mongodb中添加admin用户。我使用下面的剧本,但我得到错误。有人能提出解决办法吗?为了使用模块,我还在添加用户之前安装了pymongo。在mongod.conf中禁用鉴权,并且bindIp设置为0.0.0.0
- hosts: devqa_mongod_single:dwprod_mongod_single
become: yes
vars_files:
- ../../vars/vars_secrets.yaml
vars:
password: "mongoadmin"
mongoAuth: "/usr/bin/mongosh 'mongodb://admin:{{ password | urlencode() }}@localhost:27017/admin?authSource=admin' --norc --quiet"
mongoNoAuth: "/usr/bin/mongosh 'mongodb://localhost:27017/admin' --norc --quiet"
tasks:
# volume config for mongodb
- name: Create a new xfs primary partition
community.general.parted:
device: /dev/nvme1n1
number: 1
state: present
fs_type: xfs
label: gpt
- name: Create an xfs filesystem on /dev/nvme1n1
community.general.filesystem:
fstype: xfs
state: present
dev: /dev/nvme1n1p1
- name: Create Directory /data/db
ansible.builtin.file:
path: /data/db
state: directory
owner: root
group: root
mode: 0751
- name: Fetch the UUID of /dev/nvme1n1p1
command: blkid -s UUID -o value /dev/nvme1n1p1
changed_when: false
register: blkid_out
- name: Mount /dev/nvme1n1 by UUID
ansible.posix.mount:
path: /data/db
src: UUID={{ blkid_out.stdout }}
fstype: xfs
opts: "defaults,nofail"
passno: 2
state: mounted
# Installation of mongodb
- name: Install aptitude using apt
apt:
name: aptitude
state: latest
update_cache: yes
- name: Import public key
apt_key:
url: 'https://www.mongodb.org/static/pgp/server-6.0.asc'
state: present
- name: Add repository
apt_repository:
filename: '/etc/apt/sources.list.d/mongodb-org-6.0.list'
repo: 'deb https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/6.0 multiverse'
state: present
update_cache: yes
- name: Install mongoDB
apt:
name: mongodb-org
state: present
update_cache: yes
notify:
- restart mongodb
- name: Recursively change ownership of a /data/db
ansible.builtin.file:
path: /data/db
state: directory
recurse: yes
owner: mongodb
group: mongodb
notify:
- restart mongodb
- name: Create Directory /var/run/mongodb
ansible.builtin.file:
path: /var/run/mongodb
state: directory
owner: mongodb
group: mongodb
mode: 0751
notify:
- restart mongodb
- name: Ensure mongodb is running and and enabled to start automatically on reboots
service:
name: mongod
enabled: yes
state: started
# Installing pymongo to use community.mongodb.mongodb_user module
- name: "Install PyMongo"
apt:
update_cache: yes
name: "python3-pymongo"
state: "latest"
# copy temorary config file
- name: user_init | set temporary conf
become: yes
timeout: 300
ansible.builtin.copy:
src: ../templates/mongodb/mongod_init.conf.j2
dest: /etc/mongod.conf
owner: root
group: root
mode: '0644'
notify:
- restart mongodb
# Adding root user
- name: Check if authentication is enabled
shell:
cmd: "{{ mongoAuth }} --eval 'db.getMongo()'"
executable: /bin/bash
register: authenticate
failed_when: false
changed_when: false
check_mode: no
- name: Create users
shell:
cmd: "{{ (authenticate.rc == 0) | ternary(mongoAuth, mongoNoAuth) }} --eval '{{ js }}'"
executable: /bin/bash
vars:
js: |
admin = db.getSiblingDB("admin")
{% if authenticate.rc != 0 %}
admin.createUser({ user: "admin", pwd: "{{ password }}", roles: ["root"] })
admin.auth("admin", "{{ password }}")
{% endif %}
notify:
- restart mongodb
# Copy mongod.conf file having auth enabled
- name: copy mongod.conf | set
become: yes
timeout: 300
ansible.builtin.copy:
src: ../templates/mongodb/mongod.conf.j2
dest: /etc/mongod.conf
owner: root
group: root
mode: '0644'
register: mongo_conf_set
notify:
- restart mongodb
- name: Copy mongodb file for log rotation
become: yes
timeout: 300
ansible.builtin.copy:
src: ../templates/mongodb/mongodb
dest: /etc/logrotate.d/mongodb
owner: root
group: root
mode: 0644
- name: Daemon Reload
shell: systemctl daemon-reload
- name: Starting MongoDB service
service:
name: mongod
state: started
handlers:
- name: restart mongodb
service: name=mongod state=restarted
我的mon .conf文件在实例
systemLog:
destination: file
logAppend: true
logRotate: reopen
path: /var/log/mongodb/mongod.log
storage:
dbPath: /data/db
journal:
enabled: true
engine: wiredTiger
processManagement:
fork: true
pidFilePath: /var/run/mongodb/mongod.pid
net:
port: 27017
bindIp: 0.0.0.0
security:
authorization: enabled
我手动创建用户:
- hosts: all
vars:
mongoAuth: "/usr/bin/mongosh 'mongodb://admin:{{ password | urlencode() }}@localhost:27017/admin?authSource=admin' --norc --quiet"
mongoNoAuth: "/usr/bin/mongosh 'mongodb://localhost:27017/admin' --norc --quiet"
tasks:
- name: Check if authentication is enabled and if user already exists
shell:
cmd: "{{ mongoAuth }} --eval 'db.getMongo()'"
executable: /bin/bash
register: authenticate
failed_when: false
changed_when: false
check_mode: no
- name: Create users
shell:
cmd: "{{ (authenticate.rc == 0) | ternary(mongoAuth, mongoNoAuth) }} --eval '{{ js }}'"
executable: /bin/bash
vars:
js: |
admin = db.getSiblingDB("admin")
{% if authenticate.rc != 0 %}
admin.createUser({ user: "admin", pwd: "{{ password }}", roles: ["root"] })
admin.auth("admin", "{{ password }}")
{% endif %}
// create more users if needed
admin.createUser(...)
我猜您在主机上设置了错误的配置。
无法连接到数据库:Unknown option directconnection
这看起来不像一个可见的错误。
为了进一步帮助您,您应该禁用mongo身份验证,并重新启动mongo。然后创建3个用户:admin、root和userAdminAnyDatabase。然后重启mongo。这是我为MongoDB写的一个Ansible角色,所以你可以看看它是如何工作的。