<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Add support for net.ssl.allowConnectionsWithoutCertificates setting in mongod.conf

This Pull Request (PR) fixes the following issues

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

<!--
separate definition of /root/.mongorc.js file
-->

This Pull Request (PR) fixes the following issues

<!--
Fixes #449
-->

The README currently does not give a hint how to configure an arbiter node for a replica set. That feature has been introduced with pull request #182.
It should also be possible to configure an arbiter by parameter replset_arbiter of mongodb::server.

Pull Request (PR) description

Fix ordering of switches in dbpath_fix's find command

This Pull Request (PR) fixes the following issues

Fixes #571

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Support for pure yaml in /etc/mongodb.cfg.
Right now only records like net.bindIp are supported, and if for example, you are using custom configuration template and your configuration looks like:
yaml
net:
port: 27017
bindIp: 0.0.0.0

you will get an error like Error: Could not prefetch mongodb_database provider 'mongodb': Could not evaluate MongoDB shell command: load('/root/.mongorc.js'); rs.slaveOk();printjson(db.getMongo().getDBs()) when using providers.
This PR adds support for both configuration file formats

This Pull Request (PR) fixes the following issues

Fixes #562 for user @seidler2547

Pull Request (PR) description

This PR is a work in progress.

* adds x509 auth_mechanism for the admin user
* replaces mongo with mongosh, mainly using x509 authentication (for now)

It works for me in a already running setup, which I'm upgrading from 4.x to 6.x.

Setting up proper test nodes to keep supporting all versions supporting mongosh.

Not planning to stay compatible with mongo command, since its gone in 6.x

This Pull Request (PR) try to fix the following issues

Fixes #648
Fixes #642

will be very please with loads of comments and how to proceed with this.

(and need to do some work on the tests still )

Currently the mongodb command updateUser defaults to SCRAM-SHA-256 but you can't update these passwords.

And also show an error when the update goes wrong.

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Currently the mongodb command updateUser defaults to SCRAM-SHA-256 but you can't update these passwords.

So now set the correct mecahnisms and handle the response of the command. So if you try to update this hash with SCRAM-SHA-256 you will see an error message. If you use scram_sha_1 it will update the password and continue like it should.

This Pull Request (PR) fixes the following issues

Fixes #649
Fixes https://github.com/voxpupuli/puppet-mongodb/pull/650

modulesync 5.1.0

An initial puppet run (eg. in a vagrant box) will produce an error while trying to resolve the mongodbversion fact:
```
Facter: error while resolving custom fact "mongodbversion": undefined method '[]' for nil:NilClass
```
The reason is that the check for the existence of the mongo binary is inside the setcode block.

This pull request uses the fact confinement mechanism to pre-empt the fact resolution if the mongo binary is not available.

Pull Request (PR) description

Fix for several issues: SSL, Replicaset initialization, Secondary checking, etc..

This Pull Request (PR) fixes the following issues

Enable MongoDB 5.0 support
Fix mongorcjs typo
Fixed mongorc.js type for secondary check
Add support for Mongo 4.x secondary check
Fix SSL support for MongoDB 4.x
Fix for MongoDB v4 Replica Set initialization

Improve mongo output handling

This PR contains multiple changes to improve stability of parsing mongo output:

changes printjson to JSON.stringify to avoid internal types

In many cases printjson is adding internal types (ObjectId, etc) to the output, which results in an invalid JSON that is not parseable by ruby.

For example, printjson(db.isMaster()) prints something like this:


{
"topologyVersion" : {
"processId" : ObjectId("60995bb5e421c84948b94087"),
"counter" : NumberLong(6)
},
...
}


adds logic to extract error object from a corrupted output

Currently, the handling of exceptions is broken because the existing logic is expecting something parseable in the output, but it's not a valid JSON even after sanitization:


Error: Authentication failed.
2021-05-11T15:35:19.647+0200 E QUERY [thread1] Error: Could not retrieve replica set config: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0, $clusterTime: { clusterTime: Timestamp(0, 0), signature: { hash: BinData(0, 0000000000000000000000000000000000000000), keyId: 0 } }, $readPreference: { mode: \"secondaryPreferred\" }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(0, 0),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
} :
rs.conf@src/mongo/shell/utils.js:1323:11
@(shell eval):1:43'


Because of this, replica set provider (that relies on an error data) can't detect that the host is online and fails to properly initialize the replica set.

I've added code that attempts to extract an object in case an output is not a valid JSON.

adds check for error code when detecting failed authorization

The existing logic relies on an error message that potentially may change (because of i18n, etc), which may break it in a long run. I've added a check for a error code name, that is less likely to change.

…while auth is enabled

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

On arbitrator servers you get the following message when auth is enabled:

Notice: /Stage[main]/Mongodb::Replset/Mongodb_replset[example_set]/ensure: created (corrective)
Warning: Host mongoarb01:27017 is available, but you are unauthorized because of authentication is enabled: true


In debug mode you can see:
```
Debug: Request failed: 'Execution of '/usr/bin/mongo admin --quiet --host 127.0.0.1:27017 --eval load('/root/.mongorc.js'); printjson(rs.conf())' returned 252: uncaught exception: Error: Could not retrieve replica set config: {

      "ok" : 0,

      "errmsg" : "not authorized on admin to execute command { replSetGetConfig: 1.0, lsid: { id: UUID(\"a2213cd2-e6c4-4d15-bf29-d01b7a54a838\") }, $db: \"admin\" }",

      "code" : 13,

      "codeName" : "Unauthorized"

} :
```
The admin user has all the needed rights but this errmsg keeps telling us it has not.

For this reason I created a variable so we can disable this class on our arbitrator nodes by setting:
mongodb::replset::sets_creation: false

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Added slack Integration to fix a know bug in OpsManager 4.4 in conf-mms.properties file

<!--

-->

This Pull Request (PR) fixes the following issues

Ops Manager 4.4. has known issue with slack integration. We contact support and they asked us to do couple

configurations which apparently are not in this monog module. Theses two settings are slack client id and client secret #### for slack integration.

Pull Request (PR) description

Sometimes you just want to add a user or two to Mongo and not manage it with this module (because you're using managing it through Foreman/Katello as an example). In this case maybe all you want to do is:
```
class {'mongodb::globals':
managepackagerepo => false,
manage_package => false
}

mongodbuser { 'SOMEUSER':
ensure => present,
name => 'SOMEUSER',
passwordhash => mongodbpassword('SOMEUSER', 'SOME_USER'),
database => 'admin',
roles => ['root', 'admin'],
tries => 10
}
```

Well and then you get Empty host component parsing HostAndPort from ":27017" and realize that all that's missing is just the bind_ip and that you don't want to do anything else with this module but add users... that's where this PR comes in!

This PR will add a default bind_ip of 127.0.0.1. This may be a poor hack because I don't know ruby from an implicit returning hole in the ground :) Either way, lets talk about it? maybe I'm doing something wrong? This PR seems reasonable however.

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Added the mechanism parameter for the passwordhash command
```
def passwordhash=(value)
if dbismaster
command = {
updateUser: @resource[:username],
pwd: @resource[:passwordhash],
digestPassword: false
}
command[:mechanisms] = @resource[:authmechanism] == :scramsha1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256']

mongoeval("db.runCommand(#{command.tojson})", @resource[:database])
else
Puppet.warning 'User password operations are available only from master host'
end
end
```

Changed unit test for mongodbuser due to new expected line generated for passwordhash command.

This Pull Request (PR) fixes the following issues

Fixes #649

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Add support for replication.enableMajorityReadConcern setting in mongod.conf.

This Pull Request (PR) fixes the following issues

542

Pull Request (PR) description

When setting up a new replica set with authentication enabled the puppet run fails because some exceptions were not caught properly, when getting the user and database instances. When checking if the mongodb is a primary node a recheck without authentication is done to be able to create the admin user.

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Add a switch to the pidfilepath, making it undef if the global manage_pidfile is set to false. This avoid having the pidFilePath populated in the mongo.conf when there is no need for a PID file. Actually prevents mongo to start on RHEL after a reboot of the host.

This Pull Request (PR) fixes the following issues

<!--

-->

Pull Request (PR) description

Use hiera module level data to specify default versions and if a repository should be configured.

This will make adding new OSes easier.

2nd commit fixes some rpsec by adding facts so the service provider is detected correctly.

Here is a pr for changing the max version of puppet-systemd to 6.0.0

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->

This is a breaking PR

• move to mongodb-mongosh (mongo will not work anymore)
• Only support mongodb version 4.4 and higher (following mongodb support cycle)
• Still work in process
• Tested on rhel8 an mongodb 6.x