diff --git a/ansible/env_vars/base.yml b/ansible/env_vars/base.yml index 721ab1398..02b9b895a 100644 --- a/ansible/env_vars/base.yml +++ b/ansible/env_vars/base.yml @@ -8,6 +8,8 @@ create_user: nb local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" copy_local_key: "{{ lookup('file', '/srv/secrets-newsblur/keys/docker.key.pub') }}" mongodb_keyfile: "{{ lookup('file', '/srv/secrets-newsblur/keys/mongodb_keyfile.key') }}" +mongodb_username: "{{ lookup('ini', 'mongodb_username section=nbauth file=/srv/secrets-newsblur/configs/mongodb_auth.ini') }}" +mongodb_password: "{{ lookup('ini', 'mongodb_password section=nbauth file=/srv/secrets-newsblur/configs/mongodb_auth.ini') }}" sys_packages: [ 'git', 'python3', diff --git a/ansible/roles/mongo-exporter/tasks/main.yml b/ansible/roles/mongo-exporter/tasks/main.yml index 50512233e..67e9e3c2f 100644 --- a/ansible/roles/mongo-exporter/tasks/main.yml +++ b/ansible/roles/mongo-exporter/tasks/main.yml @@ -16,7 +16,7 @@ networks: - name: newsblurnet env: - MONGODB_URI: 'mongodb://nb:KCi@db-mongo.service.nyc1.consul:27017/admin?' + MONGODB_URI: 'mongodb://{{ mongodb_username }}:{{ mongodb_password }}@db-mongo.service.nyc1.consul:27017/admin?authSource=nbauth' ports: - '9216:9216' diff --git a/ansible/roles/mongo/templates/mongo.conf b/ansible/roles/mongo/templates/mongo.conf index fb47d96b5..141f322d3 100644 --- a/ansible/roles/mongo/templates/mongo.conf +++ b/ansible/roles/mongo/templates/mongo.conf @@ -28,8 +28,8 @@ processManagement: timeZoneInfo: /usr/share/zoneinfo security: - authorization: enabled keyFile: /srv/newsblur/config/mongodb_keyfile.key + # authorization: enabled # No RBAC operationProfiling: mode: slowOp diff --git a/flask_monitor/db_monitor.py b/flask_monitor/db_monitor.py index 7fa3a0de4..16178c8cc 100644 --- a/flask_monitor/db_monitor.py +++ b/flask_monitor/db_monitor.py @@ -67,7 +67,7 @@ def db_check_mysql(): @app.route("/db_check/mongo") def db_check_mongo(): try: - client = pymongo.MongoClient(f'mongodb://{settings.MONGO_DB['username']}:{settings.MONGO_DB['password']}@db-mongo.server.nyc1.consul') + client = pymongo.MongoClient(f'mongodb://{settings.MONGO_DB['username']}:{settings.MONGO_DB['password']}@db-mongo.server.nyc1.consul?authSource=nbauth') db = client.newsblur except: abort(503) diff --git a/utils/monitor_task_fetches.py b/utils/monitor_task_fetches.py index 8524b6f22..a70c3f3d3 100755 --- a/utils/monitor_task_fetches.py +++ b/utils/monitor_task_fetches.py @@ -20,7 +20,7 @@ def main(): r = redis.Redis(connection_pool=settings.REDIS_ANALYTICS_POOL) try: - client = pymongo.MongoClient(f'mongodb://{settings.MONGO_DB['username']}:{settings.MONGO_DB['password']}@{settings.MONGO_DB['host']}') + client = pymongo.MongoClient(f'mongodb://{settings.MONGO_DB['username']}:{settings.MONGO_DB['password']}@{settings.MONGO_DB['host']}?authSource=nbauth') feeds_fetched = client.newsblur.statistics.find_one({"key": "feeds_fetched"})['value'] redis_task_fetches = int(r.get(monitor_key) or 0) except Exception as e: