<!--
Thank you for contributing to this project!
-->
Add support for net.ssl.allowConnectionsWithoutCertificates setting in mongod.conf
<!--
Thank you for contributing to this project!
-->
<!--
separate definition of /root/.mongorc.js file
-->
<!--
Fixes #449
-->
When setting up a new replica set with authentication enabled the puppet run fails because some exceptions were not caught properly, when getting the user and database instances. When checking if the mongodb is a primary node a recheck without authentication is done to be able to create the admin user.
<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
The README currently does not give a hint how to configure an arbiter node for a replica set. That feature has been introduced with pull request #182.
It should also be possible to configure an arbiter by parameter replset_arbiter
of mongodb::server
.
<!--
Thank you for contributing to this project!
-->
Add support for replication.enableMajorityReadConcern setting in mongod.conf.
This PR contains multiple changes to improve stability of parsing mongo
output:
printjson
to JSON.stringify
to avoid internal typesIn many cases printjson
is adding internal types (ObjectId
, etc) to the output, which results in an invalid JSON that is not parseable by ruby.
For example, printjson(db.isMaster())
prints something like this:
{
"topologyVersion" : {
"processId" : ObjectId("60995bb5e421c84948b94087"),
"counter" : NumberLong(6)
},
...
}
Currently, the handling of exceptions is broken because the existing logic is expecting something parseable in the output, but it's not a valid JSON even after sanitization:
Error: Authentication failed.
2021-05-11T15:35:19.647+0200 E QUERY [thread1] Error: Could not retrieve replica set config: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0, $clusterTime: { clusterTime: Timestamp(0, 0), signature: { hash: BinData(0, 0000000000000000000000000000000000000000), keyId: 0 } }, $readPreference: { mode: \"secondaryPreferred\" }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(0, 0),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
} :
rs.conf@src/mongo/shell/utils.js:1323:11
@(shell eval):1:43'
Because of this, replica set provider (that relies on an error data) can't detect that the host is online and fails to properly initialize the replica set.
I've added code that attempts to extract an object in case an output is not a valid JSON.
The existing logic relies on an error message that potentially may change (because of i18n, etc), which may break it in a long run. I've added a check for a error code name, that is less likely to change.
Fix ordering of switches in dbpath_fix
's find
command
Fixes #571
Sometimes you just want to add a user or two to Mongo and not manage it with this module (because you're using managing it through Foreman/Katello as an example). In this case maybe all you want to do is:
```
class {'mongodb::globals':
managepackagerepo => false,
manage_package => false
}
mongodbuser { 'SOMEUSER':
ensure => present,
name => 'SOMEUSER',
passwordhash => mongodbpassword('SOMEUSER', 'SOME_USER'),
database => 'admin',
roles => ['root', 'admin'],
tries => 10
}
```
Well and then you get Empty host component parsing HostAndPort from ":27017"
and realize that all that's missing is just the bind_ip and that you don't want to do anything else with this module but add users... that's where this PR comes in!
This PR will add a default bind_ip of 127.0.0.1. This may be a poor hack because I don't know ruby from an implicit returning hole in the ground :) Either way, lets talk about it? maybe I'm doing something wrong? This PR seems reasonable however.
<!--
Thank you for contributing to this project!
-->
Support for pure yaml in /etc/mongodb.cfg.
Right now only records like net.bindIp
are supported, and if for example, you are using custom configuration template and your configuration looks like:
yaml
net:
port: 27017
bindIp: 0.0.0.0
you will get an error like Error: Could not prefetch mongodb_database provider 'mongodb': Could not evaluate MongoDB shell command: load('/root/.mongorc.js'); rs.slaveOk();printjson(db.getMongo().getDBs())
when using providers.
This PR adds support for both configuration file formats
Fixes #562 for user @seidler2547
An initial puppet run (eg. in a vagrant box) will produce an error while trying to resolve the mongodbversion fact:
```
Facter: error while resolving custom fact "mongodbversion": undefined method '[]' for nil:NilClass
```
The reason is that the check for the existence of the mongo binary is inside the setcode block.
This pull request uses the fact confinement mechanism to pre-empt the fact resolution if the mongo binary is not available.
modulesync 5.1.0
<!--
Thank you for contributing to this project!
-->
<!--
-->
Example code:
mongodb_user { 'user':
name => 'user',
ensure => present,
database => 'test',
password => 'password',
roles => ['readWrite'],
tries => 10,
}
apply agent:
```
$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for mongo26-1
Info: Applying configuration version '1633423266'
Notice: /Stage[main]/Main/Node[mongo26-1]/Mongodb_user[user]/ensure: created
Notice: Applied catalog in 0.95 seconds
$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for mongo26-1
Info: Applying configuration version '1633423278'
Notice: /Stage[main]/Main/Node[mongo26-1]/Mongodb_user[user]/password: defined 'password' as 3bcfc22a1cd6be41bc7814c13d3ce94c (corrective)
Notice: Applied catalog in 0.75 seconds
$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for mongo26-1
Info: Applying configuration version '1633423289'
Notice: /Stage[main]/Main/Node[mongo26-1]/Mongodb_user[user]/password: defined 'password' as 3bcfc22a1cd6be41bc7814c13d3ce94c (corrective)
Notice: Applied catalog in 0.82 seconds
```
As you can see, password is constantly being flagged as requiring changes. This PR fixes this behavior.
mongodb versions 4 and up use SCRAM-SHA-256 by default. This mechanism disallows the use of a password hash:
$ mongo test --quiet --host 127.0.0.1:27017 --eval "load('/root/.mongorc.js'); db.runCommand({\"createUser\":\"user\",\"pwd\":\"3bcfc22a1cd6be41bc7814c13d3ce94c\",\"roles\":[\"readWrite\"],\"digestPassword\":false})"
{
"operationTime" : Timestamp(1633424331, 1),
"ok" : 0,
"errmsg" : "Use of SCRAM-SHA-256 requires undigested passwords",
"code" : 2,
"codeName" : "BadValue",
"$clusterTime" : {
"clusterTime" : Timestamp(1633424331, 1),
"signature" : {
"hash" : BinData(0,"phzg8Y9u+y3uMQL5IbE0z4DQa/c="),
"keyId" : NumberLong("7015499301837078530")
}
}
}
Therefore, it makes sense to improve support for the 'password' attribute.
fix: replset with auth returns "requires authentication" message when checking replicaset members
<!--
Thank you for contributing to this project!
-->
```
mongodb::globals::version: 4.4.10
mongodb::server::port: 27017
mongodb::server::bindip:
- 0.0.0.0
mongodb::server::auth: true
mongodb::server::storecreds: true
mongodb::server::handlecreds: true
mongodb::server::createadmin: true
mongodb::server::admin_password: admin
mongodb::server::keyfile: /etc/mongodb.key
mongodb::server::key: |
Z17Lor65VIgRCGClC3IZhXJe34fPM2Xa7lrzZdV35PDjP4cm6Vt7rP9jSQsxZBY2
UXGOIFNzQ+IOsU/bP9EUmfXqFWEJcjdXw9AfaEU+630XwmYRFnzQ3AEwxLqAgSVN
47DXoZNh7lFu7VJanhupzPwkgpsgqgpBC9HaJCDe0Pxx5AenrxWdSwRkmzrG5tEL
JJXxdCWPGVCYp6YXzdTuHzJ2Ff/Ph2yhDxNlxNHFcgeuFGVnPe5TsjFEqzsYxjNI
8q75LSwN+D9L9yPLAPwV3l70mKbKncp8RP/NlR3dScQpuS0P/PhkWkYs2hQVFAOu
O52UOiwKti4Zaio3K2ZVIN2PlFQ8m2H5VMijkI6CQE5iGWieui/eJCtakauEuOXk
NHHJ0DseSWNEapz5QE+lpWicDLb8maz9Gon3WEEDhcCt68MyA+/0HhoOgomhoEOj
/R5Did6BvJpiYsVhbKakiFauDZlsXM710kSHtxs2IYXj+PBa7FMDr4rgLk4eqU5e
ZY6LsFvVxgi+qNSsIdXtEpWOHjeiHTFucE8/mKDE8cKeRjQfaJYOgFIHLCIZLvkF
T9QEbd1+0WRkXpOBzBsPr106s+M9IDMcGeaD8rk3NY8AitmRkKHdXVtt2Mm5HSXP
CpQLg0vUcqe37TqUy0FomeSu95DXO0Ud7lKO7I/PPwkxaACfU9lr0uQm0gOV4EMW
hzxqMUZUHpMz+CMh9AWsZWcaWLr/rpxeLb2/mO8+kzoRgRNCLBOD/l5QjBkqxKpr
CdhRRBdgV/ZMFE6+vy2VtN8Be2gweTiKhS9lMUTHD3gjEOCgGfyN6v1eZDCjJG9h
2Wuk63L2NIHFENaq5Cf4IIPTYweMfrYG1OnRVfkvstFUxlBqnMQAjPrM/YbITvpI
29MN4jnLWVkqmy8dLszrlAiT70bT2dGnAbyefGr0UhHHxVXfP75K2mPITKrMvMot
YsfL9ZkOH+WOYIAhF7VaEfV8KigEHbc/Er8vI3PTE5+Cxrxu
mongodb::server::replset: myrs
mongodb::server::replset_config:
myrs:
ensure: present
members:
- host: mongo-03:27017
priority: 3
- host: mongo-02:27017
priority: 2
- host: mongo-01:27017
priority: 1
```
I'm using full Hiera config but this was not working because Mongo is giving "errmsg": "command replSetGetStatus requires authentication"
which was not included in the auth condition.
Tested on Debian 10 with Mongo 4.4.10
n/a
Fix for several issues: SSL, Replicaset initialization, Secondary checking, etc..
Enable MongoDB 5.0 support
Fix mongorcjs typo
Fixed mongorc.js type for secondary check
Add support for Mongo 4.x secondary check
Fix SSL support for MongoDB 4.x
Fix for MongoDB v4 Replica Set initialization