2 Ревизии 9619087f37 ... 172990e9c3

Автор SHA1 Съобщение Дата
  Philipp Fromme 172990e9c3 graylog: Use mongodb with authentication преди 1 година
  Philipp Fromme 29b4318138 mongodb: Enable authorization by default преди 1 година
променени са 4 файла, в които са добавени 80 реда и са изтрити 3 реда
  1. 12 0
      graylog/init.sls
  2. 1 1
      graylog/server.conf.tmpl
  3. 24 2
      mongodb/init.sls
  4. 43 0
      mongodb/mongod.conf

+ 12 - 0
graylog/init.sls

@@ -4,11 +4,23 @@
 
 {% set graylog_config = salt['pillar.get']('logging:graylog') %}
 {% set mongodb_version = '5.0' %}
+{% set mongodb_admin_username = graylog_config['mongodb_admin_username'] %}
+{% set mongodb_admin_password = graylog_config['mongodb_admin_password'] %}
+{% set mongodb_admin_roles = graylog_config['mongodb_admin_roles'] %}
 {% include '../mongodb/init.sls' %}
 
 include:
   - elasticsearch
 
+mongouser:
+  mongodb_user.present:
+  - name: {{ graylog_config['mongodb_username'] }}
+  - passwd: {{ graylog_config['mongodb_password'] }}
+  - database: graylog
+  - roles: {{ graylog_config['mongodb_roles'] }}
+  - user: {{ mongodb_admin_username }}
+  - password: {{ mongodb_admin_password }}
+
 graylog-repo:
 # add Graylog Repo
   pkgrepo.managed:

+ 1 - 1
graylog/server.conf.tmpl

@@ -530,7 +530,7 @@ lb_recognition_period_seconds = 3
 
 # MongoDB connection string
 # See https://docs.mongodb.com/manual/reference/connection-string/ for details
-mongodb_uri = mongodb://localhost/graylog
+mongodb_uri = mongodb://{{ graylog_config['mongodb_username'] }}:{{ graylog_config['mongodb_password'] }}@localhost/graylog
 
 # Authenticate against the MongoDB server
 # '+'-signs in the username or password need to be replaced by '%2B'

+ 24 - 2
mongodb/init.sls

@@ -17,12 +17,34 @@ mongodb-repo:
 
 mongodb:
   pkg.installed:
-    - name: mongodb-org
+    - pkgs:
+      - mongodb-org
+      - python3-pymongo
   service.running:
     - name: mongod
     - enable: True
+    - require:
+      - pkg: mongodb
+    - watch:
+      - file: /etc/mongod.conf
+
+# Create mongodb admin user
+mongoadmin:
+  mongodb_user.present:
+  - name: {{ mongodb_admin_username }}
+  - passwd: {{ mongodb_admin_password }}
+  - database: admin
+  - roles: {{ mongodb_admin_roles }}
+  - user: {{ mongodb_admin_username }}
+  - password: {{ mongodb_admin_password }}
+
+# Install mongod config, cronjob, backup script and corresponding config file
+/etc/mongod.conf:
+  file.managed:
+    - source: salt://mongodb/mongod.conf
+    - require:
+      - mongodb_user: mongoadmin
 
-# Install cronjob, backup script and corresponding config file
 /etc/cron.d/mongodb_backup:
   file.managed:
     - source: salt://mongodb/mongodb_backup.cron

+ 43 - 0
mongodb/mongod.conf

@@ -0,0 +1,43 @@
+# mongod.conf
+# salt managed
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+  journal:
+    enabled: true
+#  engine:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
+
+security:
+  authorization: enabled
+
+#operationProfiling:
+
+#replication:
+
+#sharding:
+
+## Enterprise-Only Options:
+
+#auditLog:
+
+#snmp: