iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/ansible/prod/roles/db_stack/tasks/db_node.yml
Murat ÖZDEMİR c568e31515 Finalize production database bootstrap automation 
Add DB-specific StorageBox ownership variables and make the davfs mount role honor configurable uid and gid values so database containers can access mounted files.

Extend the prod DB node role to sync StorageBox writes, generate and distribute the MongoDB replica set keyfile, wait for the keyfile on each node, and enforce keyfile permissions.

Tune MongoDB and Patroni templates for quieter logging, correct secret variable names, local bootstrap trust, and production network pg_hba coverage.

Refresh the production setup history with the current bootstrap sequence, DB stack deployment workflow, MongoDB replica set initialization, Patroni validation, and completed DB cluster status.
2026-05-21 21:48:11 +03:00

55 lines
2.2 KiB
YAML
Raw Blame History

---
- name: Create StorageBox MongoDB config directory
ansible.builtin.file:
path: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config"
state: directory
mode: '0755'
- name: Create StorageBox PostgreSQL config directory
ansible.builtin.file:
path: "{{ storagebox_mount_point }}/db/postgresql-{{ inventory_hostname.split('-')[-1] }}/config"
state: directory
mode: '0755'
- name: Sync StorageBox after directory creation
ansible.builtin.command: sync
- name: Deploy mongod.conf to StorageBox
ansible.builtin.template:
src: mongod.conf.j2
dest: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config/mongod.conf"
mode: '0644'
- name: Deploy patroni.yml to StorageBox
ansible.builtin.template:
src: patroni.yml.j2
dest: "{{ storagebox_mount_point }}/db/postgresql-{{ inventory_hostname.split('-')[-1] }}/config/patroni.yml"
mode: '0644'
- name: Sync StorageBox after config file writes
ansible.builtin.command: sync
- name: Generate MongoDB replica set keyfile on db-01
when: inventory_hostname == 'iklim-db-01'
ansible.builtin.shell: |
openssl rand -base64 756 > {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key
chmod 400 {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key
cp {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key \
{{ storagebox_mount_point }}/db/mongodb-02/config/rs-auth.key
cp {{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key \
{{ storagebox_mount_point }}/db/mongodb-03/config/rs-auth.key
chmod 400 {{ storagebox_mount_point }}/db/mongodb-02/config/rs-auth.key
chmod 400 {{ storagebox_mount_point }}/db/mongodb-03/config/rs-auth.key
sync
args:
creates: "{{ storagebox_mount_point }}/db/mongodb-01/config/rs-auth.key"
- name: Wait for MongoDB keyfile on this node's StorageBox mount
ansible.builtin.wait_for:
path: "{{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config/rs-auth.key"
timeout: 60
- name: Fix MongoDB keyfile permissions on this node
ansible.builtin.shell: |
chmod 400 {{ storagebox_mount_point }}/db/mongodb-{{ inventory_hostname.split('-')[-1] }}/config/rs-auth.key
Reference in New Issue View Git Blame Copy Permalink