Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Browse Source

mongodb: Enable authorization by default

Philipp Fromme 1 year ago
parent
9619087f37
commit
29b4318138
3 changed files with 70 additions and 2 deletions
Split View Show Diff Stats
  1. 3 0
      graylog/init.sls
  2. 24 2
      mongodb/init.sls
  3. 43 0
      mongodb/mongod.conf

+ 3 - 0
graylog/init.sls
View File 

@@ -4,6 +4,9 @@
 
 
 {% set graylog_config = salt['pillar.get']('logging:graylog') %}
 
 {% set mongodb_version = '5.0' %}
 
+{% set mongodb_admin_username = graylog_config['mongodb_admin_username'] %}
 
+{% set mongodb_admin_password = graylog_config['mongodb_admin_password'] %}
 
+{% set mongodb_admin_roles = graylog_config['mongodb_admin_roles'] %}
 
 {% include '../mongodb/init.sls' %}
 
 
 include:

+ 24 - 2
mongodb/init.sls
View File 

@@ -17,12 +17,34 @@ mongodb-repo:
 
 
 mongodb:
 
   pkg.installed:
 
-    - name: mongodb-org
 
+    - pkgs:
 
+      - mongodb-org
 
+      - python3-pymongo
 
   service.running:
 
     - name: mongod
 
     - enable: True
 
+    - require:
 
+      - pkg: mongodb
 
+    - watch:
 
+      - file: /etc/mongod.conf
 
+
 
+# Create mongodb admin user
 
+mongoadmin:
 
+  mongodb_user.present:
 
+  - name: {{ mongodb_admin_username }}
 
+  - passwd: {{ mongodb_admin_password }}
 
+  - database: admin
 
+  - roles: {{ mongodb_admin_roles }}
 
+  - user: {{ mongodb_admin_username }}
 
+  - password: {{ mongodb_admin_password }}
 
+
 
+# Install mongod config, cronjob, backup script and corresponding config file
 
+/etc/mongod.conf:
 
+  file.managed:
 
+    - source: salt://mongodb/mongod.conf
 
+    - require:
 
+      - mongodb_user: mongoadmin
 
 
-# Install cronjob, backup script and corresponding config file
 
 /etc/cron.d/mongodb_backup:
 
   file.managed:
 
     - source: salt://mongodb/mongodb_backup.cron

+ 43 - 0
mongodb/mongod.conf
View File 

@@ -0,0 +1,43 @@
 
+# mongod.conf
 
+# salt managed
 
+
 
+# for documentation of all options, see:
 
+#   http://docs.mongodb.org/manual/reference/configuration-options/
 
+
 
+# Where and how to store data.
 
+storage:
 
+  dbPath: /var/lib/mongodb
 
+  journal:
 
+    enabled: true
 
+#  engine:
 
+#  wiredTiger:
 
+
 
+# where to write logging data.
 
+systemLog:
 
+  destination: file
 
+  logAppend: true
 
+  path: /var/log/mongodb/mongod.log
 
+
 
+# network interfaces
 
+net:
 
+  port: 27017
 
+  bindIp: 127.0.0.1
 
+
 
+# how the process runs
 
+processManagement:
 
+  timeZoneInfo: /usr/share/zoneinfo
 
+
 
+security:
 
+  authorization: enabled
 
+
 
+#operationProfiling:
 
+
 
+#replication:
 
+
 
+#sharding:
 
+
 
+## Enterprise-Only Options:
 
+
 
+#auditLog:
 
+
 
+#snmp: