Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hotfix/mongo auth #24

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Hotfix/mongo auth #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5ebf262
managing mongo auth with file instead of fact
asktheaxis Nov 6, 2024
acc7250
changing marker file location
asktheaxis Nov 6, 2024
41f1a80
changing location again to avoid depend cycle
asktheaxis Nov 6, 2024
363ebc9
same thing
asktheaxis Nov 6, 2024
5a60478
adding notifies to resource servers to update service with changes
asktheaxis Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 18 additions & 10 deletions manifests/profile/mongodb.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@
$manage_repo = $st2::mongodb_manage_repo,
$auth = $st2::mongodb_auth,
) inherits st2 {
# Define the marker file path
$marker_file = '/etc/.mongodb_auth_init'

# if Ubuntu is 20.04 then MongoDB 4.4
# if the StackStorm version is > 3.3.0 then MongoDB 4.0
# if the StackStorm version is > 2.4.0 then MongoDB 3.4
Expand Down Expand Up @@ -92,12 +95,17 @@
# on the admin database.
#
# The code below fixes this by first disabling auth, then creates the
# database, the re-enables auth.
# database, then re-enables auth.
#
# To prevent this from running every time we've create a puppet fact
# called $mongodb_auth_init that is set when
if !$facts['mongodb_auth_init'] {
# unfortinately there is no way to synchronously force a service restart
# To prevent this from running every time, we use a marker file
# located at /etc/.mongodb_auth_init to indicate that
# the initialization is complete.
file { $marker_file:
ensure => absent,
}

if !defined(File[$marker_file]) {
# unfortunately there is no way to synchronously force a service restart
# in Puppet, so we have to revert to exec... sorry
include mongodb::params
$_mongodb_stop_cmd = "systemctl stop ${mongodb::params::service_name}"
Expand All @@ -116,9 +124,6 @@
refreshonly => true,
path => $_mongodb_exec_path,
}
facter::fact { 'mongodb_auth_init':
value => bool2str(true),
}

# start mongodb with auth disabled
exec { 'mongodb - start service':
Expand Down Expand Up @@ -153,14 +158,18 @@
timeout => '240',
}

# Create the marker file to indicate initialization is complete
file { $marker_file:
ensure => file,
content => 'Initialization complete',
}

# ensure MongoDB config is present and service is running
Class['mongodb::server::config']
-> Class['mongodb::server::service']
# stop mongodb; disable auth
-> Exec['mongodb - stop service']
~> Exec['mongodb - disable auth']
~> Facter::Fact['mongodb_auth_init']
# start mongodb with auth disabled
~> Exec['mongodb - start service']
# create mongodb admin database with auth disabled
Expand Down Expand Up @@ -231,5 +240,4 @@
require => Class['mongodb::server'],
}
}

}
2 changes: 2 additions & 0 deletions manifests/profile/web.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@
ssl_redirect => true,
add_header => $add_header,
tag => ['st2', 'st2::frontend', 'st2::frontend::http'],
notify => Service['nginx'],
}

# convert arrays into strings if necessary
Expand Down Expand Up @@ -164,6 +165,7 @@
],
},
tag => ['st2', 'st2::frontend', 'st2::frontend::https'],
notify => Service['nginx'],
}

# default settings for all locations
Expand Down