Puppet Class: mongodb::server

Inherits:: mongodb::globals

Defined in:: manifests/server.pp

Summary

This installs a MongoDB server.

Overview

Most of the parameters manipulate the mongod.conf file.

For more details about configuration parameters consult the MongoDB Configuration File Options.

This setting can be used to specify if the service should be running.

Parameters:

ensure (String[1]) (defaults to: 'present') —

Used to ensure that the package is installed and the service is running, or that the package is absent/purged and the service is stopped.
user (String[1]) —

This setting can be used to override the default MongoDB user and owner of the service and related files in the file system. If not specified, the module will use the default for your OS distro.
group (String[1]) —

This setting can be used to override the default MongoDB user group to be used for related files in the file system. If not specified, the module will use the default for your OS distro.
config (Stdlib::Absolutepath) (defaults to: '/etc/mongod.conf') —

Path of the config file. If not specified, the module will use the default for your OS distro.
dbpath (Stdlib::Absolutepath) —

Set this value to designate a directory for the mongod instance to store it’s data. If not specified, the module will use the default for your OS distro.
dbpath_fix (Boolean) (defaults to: false) —

Set this value to true if you want puppet to recursively manage the permissions of the files in the dbpath directory. If you are using the default dbpath, this should probably be false. Set this to true if you are using a custom dbpath.
pidfilemode (String[4,4]) (defaults to: '0644') —

The file mode of the pidfilepath
pidfilepath (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Specify a file location to hold the PID or process ID of the mongod process. If not specified, the module will use the default for your OS distro.
manage_pidfile (Boolean) (defaults to: false) —

Should puppet create the pidfile. Mongod 6.2.10 will not start if pidfile exists
rcfile (String) (defaults to: "${facts['root_home']}/.mongoshrc.js") —

The path to the custom mongosh rc file.
service_manage (Boolean) (defaults to: true) —

Whether or not the MongoDB service resource should be part of the catalog.
service_manage (defaults to: true) —

Whether or not the MongoDB sharding service resource should be part of the catalog.
service_name (String[1]) (defaults to: 'mongod') —

This setting can be used to override the default Mongos service name. If not specified, the module will use whatever service name is the default for your OS distro.
service_provider (Optional[String[1]]) (defaults to: undef) —

This setting can be used to override the default Mongos service provider. If not specified, the module will use whatever service provider is the default for your OS distro.
service_status (Optional[Enum['stopped', 'running']]) (defaults to: undef) —

This setting can be used to override the default status check command for your Mongos service. If not specified, the module will use whatever service name is the default for your OS distro.
service_enable (Boolean) (defaults to: true) —

This setting can be used to specify if the service should be enable at boot.
service_ensure (Enum['stopped', 'running']) (defaults to: 'running')
package_ensure (String[1]) (defaults to: pick($mongodb::globals::version, 'present')) —

This setting can be used to specify if puppet should install the package or not.
package_name (String[1]) (defaults to: "mongodb-${mongodb::globals::edition}-server") —

This setting can be used to specify the name of the package that should be installed. If not specified, the module will use whatever service name is the default for your OS distro.
logpath (Stdlib::Absolutepath) (defaults to: '/var/log/mongodb/mongod.log') —

Specify the path to a file name for the log file that will hold all diagnostic logging information. Unless specified, mongod will output all log information to the standard output.
bind_ip (Array[Stdlib::IP::Address]) (defaults to: ['127.0.0.1']) —

Set this option to configure the mongod or mongos process to bind to and listen for connections from applications on this address. If not specified, the module will use the default for your OS distro.
ipv6 (Optional[Boolean]) (defaults to: undef) —

This setting has to be true to configure MongoDB to turn on ipv6 support. If not specified and ipv6 address is passed to MongoDB bind_ip it will just fail.
logappend (Boolean) (defaults to: true) —

Set to true to add new entries to the end of the logfile rather than overwriting the content of the log when the process restarts.
system_logrotate (Optional[String]) (defaults to: undef) —

Set to reopen for mongo to close a log file then reopen it so that logrotations handled outside of mongo perform as expected.
fork (Optional[Boolean]) (defaults to: undef) —

Set to true to fork server process at launch time. The default setting depends on the operating system.
port (Optional[Integer[1, 65535]]) (defaults to: undef) —

Specifies a TCP port for the server instance to listen for client connections.
journal (Optional[Boolean]) (defaults to: undef) —

Enable or disable the durability journal to ensure data files remain valid and recoverable. Available in MongoDB < 7.0 Default: true on 64-bit systems, false on 32-bit systems
smallfiles (Optional[Boolean]) (defaults to: undef) —

Set to true to modify MongoDB to use a smaller default data file size. Specifically, smallfiles reduces the initial size for data files and limits them to 512 megabytes.
cpu (Optional[Boolean]) (defaults to: undef) —

Set to true to force mongod to report every four seconds CPU utilization and the amount of time that the processor waits for I/O operations to complete (i.e. I/O wait.)
auth (Boolean) (defaults to: false) —

Set to true to enable database authentication for users connecting from remote hosts. If no users exist, the localhost interface will continue to have access to the database until you create the first user.
verbose (Optional[Boolean]) (defaults to: undef) —

Increases the amount of internal reporting returned on standard output or in the log file generated by logpath.
verbositylevel (Optional[String]) (defaults to: undef) —

MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.
objcheck (Optional[Boolean]) (defaults to: undef) —

Forces the mongod to validate all requests from clients upon receipt to ensure that clients never insert invalid documents into the database.
quota (Optional[Boolean]) (defaults to: undef) —

Set to true to enable a maximum limit for the number of data files each database can have. The default quota is 8 data files, when quota is true.
quotafiles (Optional[Integer]) (defaults to: undef) —

Modify limit on the number of data files per database. This option requires the quota setting.
diaglog (Optional[Integer[0, 7]]) (defaults to: undef) —

Creates a very verbose diagnostic log for troubleshooting and recording various errors. For more information please refer to MongoDB Configuration File Options.
directoryperdb (Optional[Boolean]) (defaults to: undef) —

Set to true to modify the storage pattern of the data directory to store each database’s files in a distinct folder.
profile (Any) (defaults to: undef) —

Modify this value to changes the level of database profiling, which inserts information about operation performance into output of mongod or the log file if specified by logpath.
maxconns (Optional[Integer]) (defaults to: undef) —

Specifies a value to set the maximum number of simultaneous connections that MongoDB will accept. Unless set, MongoDB will not limit its own connections.
oplog_size (Optional[Integer]) (defaults to: undef) —

Specifies a maximum size in megabytes for the replication operation log (e.g. oplog.) mongod creates an oplog based on the maximum amount of space available. For 64-bit systems, the oplog is typically 5% of available disk space.
nohints (Any) (defaults to: undef) —

Ignore query hints.
nohttpinterface (Optional[Boolean]) (defaults to: undef) —

Set to true to disable the HTTP interface. This command will override the rest and disable the HTTP interface if you specify both.
noscripting (Optional[Boolean]) (defaults to: undef) —

Set noscripting = true to disable the scripting engine.
notablescan (Optional[Boolean]) (defaults to: undef) —

Set notablescan = true to forbid operations that require a table scan.
noprealloc (Optional[Boolean]) (defaults to: undef) —

Set noprealloc = true to disable the preallocation of data files. This will shorten the start up time in some cases, but can cause significant performance penalties during normal operations.
nssize (Optional[Integer]) (defaults to: undef) —

Use this setting to control the default size for all newly created namespace files (i.e .ns).
mms_token (Any) (defaults to: undef) —

MMS token for mms monitoring.
mms_name (Any) (defaults to: undef) —

MMS identifier for mms monitoring.
mms_interval (Any) (defaults to: undef) —

MMS interval for mms monitoring.
replset (Optional[String]) (defaults to: undef) —

Use this setting to configure replication with replica sets. Specify a replica set name as an argument to this set. All hosts must have the same set name.

replset_config (Optional[Hash]) (defaults to: undef) —

A hash that is used to configure the replica set. Mutually exclusive with replset_members param. class mongodb::server {

replset        => 'rsmain',
replset_config => { 'rsmain' => {
                     ensure => present,
                     settings => { heartbeatTimeoutSecs => 15, getLastErrorModes => { ttmode => { dc => 1 } } },
                     members => [{'host' => 'host1:27017', 'tags':{ 'dc' : 'east'}}, { 'host' => 'host2:27017'}, 'host3:27017'] }},

}

replset_members (Optional[Array]) (defaults to: undef) —

An array of member hosts for the replica set. Mutually exclusive with replset_config param.
configsvr (Optional[Boolean]) (defaults to: undef) —

Use this setting to enable config server mode for mongod.
shardsvr (Optional[Boolean]) (defaults to: undef) —

Use this setting to enable shard server mode for mongod.
rest (Optional[Boolean]) (defaults to: undef) —

Set to true to enable a simple REST interface.
quiet (Optional[Boolean]) (defaults to: undef) —

Runs the mongod or mongos instance in a quiet mode that attempts to limit the amount of output. This option suppresses : “output from database commands, including drop, dropIndexes, diagLogging, validate, and clean”, “replication activity”, “connection accepted events” and “connection closed events”.

For production systems this option is not recommended as it may make tracking problems during particular connections much more difficult.
slowms (Optional[Integer]) (defaults to: undef) —

Sets the threshold for mongod to consider a query “slow” for the database profiler.
keyfile (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Specify the path to a key file to store authentication information. This option is only useful for the connection between replica set members.
key (Optional[Variant[String[6], Sensitive[String[6]]]]) (defaults to: undef) —

Specify the key contained within the keyfile. This option is only useful for the connection between replica set members.

set_parameter (Optional[Variant[String[1], Array[String[1]], Hash]]) (defaults to: undef) —

Set MongoDB parameters Supported types:

String (i.e. 'textSearchEnabled=true' or 'textSearchEnabled: true' )
Array  (i.e. ['textSearchEnabled=true'] or ['textSearchEnabled: true'] )
Hash   (i.e. {'textSearchEnabled' => true}

syslog (Boolean) (defaults to: false) —

Sends all logging output to the host’s syslog system rather than to standard output or a log file.
config_content (Any) (defaults to: undef) —

Config content if the default doesn’t match one needs.
config_template (Optional[String]) (defaults to: undef) —

Path to the config template if the default doesn’t match one needs.
config_data (Optional[Hash]) (defaults to: undef) —

A hash to allow for additional configuration options to be set. (i.e => { ‘javascriptEnabled’ => false})
tls (Boolean) (defaults to: false) —

Ensure tls is enabled.
tls_key (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Defines the path of the file that contains the TLS/SSL certificate and key.
tls_ca (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Defines the path of the file that contains the certificate chain for verifying client certificates.
tls_conn_without_cert (Optional[Boolean]) (defaults to: undef) —

Set to true to bypass client certificate validation for clients that do not present a certificate.
tls_invalid_hostnames (Optional[Boolean]) (defaults to: undef) —

Set to true to disable the validation of the hostnames in TLS certificates.
tls_invalid_certificates (Optional[Boolean]) (defaults to: undef) —

Enable or disable the validation checks for TLS certificates on other servers in the cluster and allows the use of invalid certificates to connect.
tls_mode (Enum['requireTLS', 'preferTLS', 'allowTLS']) (defaults to: 'requireTLS') —

Defines if TLS is used for all network connections. Allowed values are ‘requireTLS’, ‘preferTLS’ or ‘allowTLS’.
admin_password_hash (Optional[Variant[String[1], Sensitive[String[1]]]]) (defaults to: undef) —

Hashed password. Hex encoded md5 hash of mongodb password.
restart (Boolean) (defaults to: true) —

Specifies whether the service should be restarted on config changes.
storage_engine (Optional[String]) (defaults to: undef) —

Only needed for MongoDB 3.x versions, where it’s possible to select the ‘wiredTiger’ engine in addition to the default ‘mmapv1’ engine. If not set, the config is left out and mongo will default to ‘mmapv1’.
create_admin (Boolean) (defaults to: false) —

Allows to create admin user for admin database.
admin_username (String) (defaults to: 'admin') —

Administrator user name
admin_password (Optional[Variant[String, Sensitive[String]]]) (defaults to: undef) —

Administrator user password
admin_auth_mechanism (Enum['scram_sha_1', 'scram_sha_256']) (defaults to: 'scram_sha_1') —

Administrator authentication mechanism. scram_sha_256 password synchronization verification is not supported.
admin_update_password (Boolean) (defaults to: false) —

Update password. Used with SCRAM-SHA-256 because password verification is not supported.
admin_roles (Array[String[1]]) (defaults to: [ 'userAdmin', 'readWrite', 'dbAdmin', 'dbAdminAnyDatabase', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'clusterAdmin', 'clusterManager', 'clusterMonitor', 'hostManager', 'root', 'restore', ]) —

Administrator user roles
handle_creds (Boolean) (defaults to: true) —

Set this to false to avoid having puppet handle .mongoshrc.js in case you wish to deliver it by other means. This is needed for facts and providers to work if you have auth set to true.
store_creds (Boolean) (defaults to: false) —

Store admin credentials in mongoshrc.js file. Uses with create_admin parameter

# File 'manifests/server.pp', line 306

class mongodb::server (
  String[1] $user,
  String[1] $group,
  Stdlib::Absolutepath $dbpath,
  String[1] $ensure                                                       = 'present',
  Stdlib::Absolutepath $config                                            = '/etc/mongod.conf',
  Boolean $dbpath_fix                                                     = false,
  Optional[Stdlib::Absolutepath] $pidfilepath                             = undef,
  String[4,4] $pidfilemode                                                = '0644',
  Boolean $manage_pidfile                                                 = false,
  String $rcfile                                                          = "${facts['root_home']}/.mongoshrc.js",
  Boolean $service_manage                                                 = true,
  Optional[String[1]] $service_provider                                   = undef,
  String[1] $service_name                                                 = 'mongod',
  Boolean $service_enable                                                 = true,
  Enum['stopped', 'running'] $service_ensure                              = 'running',
  Optional[Enum['stopped', 'running']] $service_status                    = undef,
  String[1] $package_ensure                                               = pick($mongodb::globals::version, 'present'),
  String[1] $package_name                                                 = "mongodb-${mongodb::globals::edition}-server",
  Stdlib::Absolutepath $logpath                                           = '/var/log/mongodb/mongod.log',
  Array[Stdlib::IP::Address] $bind_ip                                     = ['127.0.0.1'],
  Optional[Boolean] $ipv6                                                 = undef,
  Boolean $logappend                                                      = true,
  Optional[String] $system_logrotate                                      = undef,
  Optional[Boolean] $fork                                                 = undef,
  Optional[Integer[1, 65535]] $port                                       = undef,
  Optional[Boolean] $journal                                              = undef,
  Optional[Boolean] $smallfiles                                           = undef,
  Optional[Boolean] $cpu                                                  = undef,
  Boolean $auth                                                           = false,
  Optional[Boolean] $verbose                                              = undef,
  Optional[String] $verbositylevel                                        = undef,
  Optional[Boolean] $objcheck                                             = undef,
  Optional[Boolean] $quota                                                = undef,
  Optional[Integer] $quotafiles                                           = undef,
  Optional[Integer[0, 7]] $diaglog                                        = undef,
  Optional[Boolean] $directoryperdb                                       = undef,
  $profile                                                                = undef,
  Optional[Integer] $maxconns                                             = undef,
  Optional[Integer] $oplog_size                                           = undef,
  $nohints                                                                = undef,
  Optional[Boolean] $nohttpinterface                                      = undef,
  Optional[Boolean] $noscripting                                          = undef,
  Optional[Boolean] $notablescan                                          = undef,
  Optional[Boolean] $noprealloc                                           = undef,
  Optional[Integer] $nssize                                               = undef,
  $mms_token                                                              = undef,
  $mms_name                                                               = undef,
  $mms_interval                                                           = undef,
  Optional[String] $replset                                               = undef,
  Optional[Hash] $replset_config                                          = undef,
  Optional[Array] $replset_members                                        = undef,
  Optional[Boolean] $configsvr                                            = undef,
  Optional[Boolean] $shardsvr                                             = undef,
  Optional[Boolean] $rest                                                 = undef,
  Optional[Boolean] $quiet                                                = undef,
  Optional[Integer] $slowms                                               = undef,
  Optional[Stdlib::Absolutepath] $keyfile                                 = undef,
  Optional[Variant[String[6], Sensitive[String[6]]]] $key                 = undef,
  Optional[Variant[String[1], Array[String[1]], Hash]] $set_parameter     = undef,
  Boolean $syslog                                                         = false,
  $config_content                                                         = undef,
  Optional[String] $config_template                                       = undef,
  Optional[Hash] $config_data                                             = undef,
  Boolean $tls                                                            = false,
  Optional[Stdlib::Absolutepath] $tls_key                                 = undef,
  Optional[Stdlib::Absolutepath] $tls_ca                                  = undef,
  Optional[Boolean] $tls_conn_without_cert                                = undef,
  Optional[Boolean] $tls_invalid_hostnames                                = undef,
  Optional[Boolean] $tls_invalid_certificates                             = undef,
  Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode                   = 'requireTLS',
  Boolean $restart                                                        = true,
  Optional[String] $storage_engine                                        = undef,
  Boolean $create_admin                                                   = false,
  String $admin_username                                                  = 'admin',
  Optional[Variant[String, Sensitive[String]]] $admin_password            = undef,
  Optional[Variant[String[1], Sensitive[String[1]]]] $admin_password_hash = undef,
  Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism              = 'scram_sha_1',
  Boolean $admin_update_password                                          = false,
  Boolean $handle_creds                                                   = true,
  Boolean $store_creds                                                    = false,
  Array[String[1]] $admin_roles                                           = [
    'userAdmin', 'readWrite', 'dbAdmin', 'dbAdminAnyDatabase', 'readAnyDatabase',
    'readWriteAnyDatabase', 'userAdminAnyDatabase', 'clusterAdmin',
    'clusterManager', 'clusterMonitor', 'hostManager', 'root', 'restore',
  ],
) inherits mongodb::globals {
  if $journal != undef {
    if $mongodb::globals::repo_location == undef {
      $_repo_loc_version_match = undef
    } else {
      $_repo_loc_version_match = $mongodb::globals::repo_location.match(/[0-9]+\.[0-9]+/)
    }
    if (
      $mongodb::globals::manage_package_repo
      and $mongodb::globals::repo_location == undef
      and versioncmp($mongodb::globals::repo_version, '7.0') >= 0
    ) or (
      $mongodb::globals::manage_package_repo
      and $mongodb::globals::repo_location != undef
      and $_repo_loc_version_match != undef
      and versioncmp($_repo_loc_version_match[0], '7.0') >= 0
    ) or (
      $package_ensure =~ /\./ and versioncmp($package_ensure, '7.0.0') >= 0
    ) {
      fail('`journal` parameter is only supported for MongoDB < 7.0')
    }
  }

  contain mongodb::server::install
  contain mongodb::server::config
  contain mongodb::server::service

  if ($ensure == 'present' or $ensure == true) {
    Class['mongodb::server::install'] -> Class['mongodb::server::config']

    if $restart {
      # If $restart is true, notify the service on config changes (~>)
      Class['mongodb::server::config'] ~> Class['mongodb::server::service']
    } else {
      # If $restart is false, config changes won't restart the service (->)
      Class['mongodb::server::config'] -> Class['mongodb::server::service']
    }
  } else {
    Class['mongodb::server::service'] -> Class['mongodb::server::config'] -> Class['mongodb::server::install']
  }

  $admin_password_unsensitive = if $admin_password =~ Sensitive[String] {
    $admin_password.unwrap
  } else {
    $admin_password
  }
  if $create_admin and ($service_ensure == 'running' or $service_ensure == true) {
    mongodb::db { 'admin':
      user            => $admin_username,
      auth_mechanism  => $admin_auth_mechanism,
      password        => $admin_password_unsensitive,
      password_hash   => $admin_password_hash,
      roles           => $admin_roles,
      update_password => $admin_update_password,
    }

    # Make sure it runs before other DB creation
    Mongodb::Db['admin'] -> Mongodb::Db <| title != 'admin' |>
  }

  # Set-up replicasets
  if $replset {
    # Check that we've got either a members array or a replset_config hash
    if $replset_members and $replset_config {
      fail('You can provide either replset_members or replset_config, not both.')
    } elsif !$replset_members and !$replset_config {
      # No members or config provided. Warn about it.
      warning('Replset specified, but no replset_members or replset_config provided.')
    } else {
      if $replset_config {
        # Copy it to REAL value
        $_replset_config = $replset_config
      } else {
        # Build up a config hash
        $_replset_config = {
          "${replset}" => {
            'ensure'   => 'present',
            'members'  => $replset_members,
          },
        }
      }

      # Wrap the replset class
      class { 'mongodb::replset':
        sets => $_replset_config,
      }

      $replset_config_real = $_replset_config  # lint:ignore:variable_is_lowercase required for compatibility

      # Make sure that the ordering is correct
      if $create_admin {
        Class['mongodb::replset'] -> Mongodb::Db['admin']
      }
    }
  }
}