NewsBlur/ansible/roles/mongo/tasks/main.yml

---
- name: Permissions for mongo
  become: yes
  file:
    state: directory
    mode: 0777
    path: /var/log/mongodb

- name: Get the volume name
  shell: ls /dev/disk/by-id/ | grep -v part
  register: volume_name_raw

- set_fact:
    volume_name: "{{ volume_name_raw.stdout }}"

- debug:
    msg: "{{ volume_name }}"

- name: Create the mount point
  become: yes
  file: 
    path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}"
    state: directory

- name: Mount volume read-write
  become: yes
  mount:
    path: "/mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}"
    src: "/dev/disk/by-id/{{ volume_name }}"
    fstype: xfs
    opts: defaults,discard
    state: mounted

- name: Copy MongoDB keyfile
  become: yes
  copy:
    content: "{{ mongodb_keyfile }}"
    dest: /srv/newsblur/config/mongodb_keyfile.key
    owner: root
    mode: 0400
  tags:
    - keyfile

- name: Make docker network for newsblurnet
  become: yes
  docker_network:
    name: newsblurnet
  notify: restart docker

- name: Make backup directory
  become: yes
  file:
    path: /opt/mongo/newsblur/backup/
    state: directory
    mode: 0666

- name: Start db-mongo docker container
  become: yes
  docker_container:
    name: mongo
    image: mongo:3.6
    state: started
    container_default_behavior: no_defaults
    hostname: "{{ inventory_hostname }}"
    restart_policy: unless-stopped
    networks_cli_compatible: yes
    network_mode: host
    # network_mode: default
    # networks:
    #   - name: newsblurnet
    #     aliases: 
    #       - mongo
    # ports:
    #   - "27017:27017"
    command: --config /etc/mongod.conf
    volumes:
      - /mnt/{{ inventory_hostname | regex_replace('db-|-', '') }}:/data/db
      - /srv/newsblur/ansible/roles/mongo/templates/mongo.conf:/etc/mongod.conf
      - /srv/newsblur/config/mongodb_keyfile.key:/srv/newsblur/config/mongodb_keyfile.key
      - /var/log/mongodb/:/var/log/mongodb/
      - /opt/mongo/newsblur/backup/:/backup/

- name: Register mongo in consul
  tags: consul
  become: yes
  template:
    src: consul_service.json
    dest: /etc/consul.d/mongo.json
  when: (inventory_hostname | regex_replace('[0-9]+', '')) in ['db-mongo', 'db-mongo-secondary'] or inventory_hostname.startswith('db2')
  notify:
    - reload consul

- name: Register mongo-analytics in consul
  tags: consul
  become: yes
  template:
    src: consul_service.analytics.json
    dest: /etc/consul.d/mongo.json
  when: (inventory_hostname | regex_replace('[0-9]+', '')) == 'db-mongo-analytics' or inventory_hostname.startswith('db3')
  notify:
    - reload consul

- name: Setup logrotate for mongo
  become: yes
  copy: src=logrotate.conf dest=/etc/logrotate.d/mongodb mode=0755
  tags: 
    - logrotate
  
- name: Add sanity checkers cronjob for disk usage
  become: yes
  cron:
    name: disk_usage_sanity_checker
    user: root
    cron_file: /etc/cron.hourly/disk_usage_sanity_checker
    job: >-
      docker pull newsblur/newsblur_python3:latest;
      docker run --rm -it
      OUTPUT=$(eval sudo df / | head -n 2 |  tail -1);
      -v /srv/newsblur:/srv/newsblur
      --network=newsblurnet
      --hostname {{ ansible_hostname }} 
      newsblur/newsblur_python3 /srv/newsblur/utils/monitor_disk_usage.py $OUTPUT
  tags:
    - sanity-checker

- name: Add mongo backup
  cron:
    name: mongo backup
    minute: "0"
    hour: "4"
    job: /srv/newsblur/docker/mongo/backup_mongo.sh
  when: '"db-mongo-secondary1" in inventory_hostname'

- name: Add mongo starred_stories+stories backup
  cron:
    name: mongo backup
    minute: "0"
    hour: "5"
    job: /srv/newsblur/docker/mongo/backup_mongo_stories.sh
  when: '"db-mongo-secondary1" in inventory_hostname'


# Renaming a db-mongo3 to db-mongo2:
#  - Change hostname to db-mongo2 on Digital Ocean (doctl)
#  - Change hostname to db-mongo2 in /etc/hostname
#  - Symlink /mnt/mongo2 to /mnt/mongo3
#  - tf state mv "digitalocean_droplet.db-mongo-primary[2]" "digitalocean_droplet.db-mongo-primary[1]"
#  - tf state mv "digitalocean_volume.mongo_volume[2]" "digitalocean_volume.mongo_volume[1]"
move mongo tasks into mongo role 2021-02-03 10:39:11 -05:00			`---`
Cleaning up mongo 2021-05-10 19:11:24 -04:00			`- name: Permissions for mongo`
			`become: yes`
			`file:`
			`state: directory`
			`mode: 0777`
			`path: /var/log/mongodb`

Mounting DO volume on mongo machines. 2021-07-16 11:51:52 -04:00			`- name: Get the volume name`
			`shell: ls /dev/disk/by-id/ \| grep -v part`
			`register: volume_name_raw`

			`- set_fact:`
			`volume_name: "{{ volume_name_raw.stdout }}"`

			`- debug:`
			`msg: "{{ volume_name }}"`

			`- name: Create the mount point`
			`become: yes`
			`file:`
			`path: "/mnt/{{ inventory_hostname \| regex_replace('db-\|-', '') }}"`
			`state: directory`

			`- name: Mount volume read-write`
			`become: yes`
			`mount:`
			`path: "/mnt/{{ inventory_hostname \| regex_replace('db-\|-', '') }}"`
			`src: "/dev/disk/by-id/{{ volume_name }}"`
			`fstype: xfs`
			`opts: defaults,discard`
			`state: mounted`

Adding authentication for mongo. Hopefully this covers everything needed. 2021-07-12 11:45:25 -04:00			`- name: Copy MongoDB keyfile`
Retrying mongodb keyfile auth. 2021-07-14 19:59:00 -04:00			`become: yes`
Adding authentication for mongo. Hopefully this covers everything needed. 2021-07-12 11:45:25 -04:00			`copy:`
			`content: "{{ mongodb_keyfile }}"`
			`dest: /srv/newsblur/config/mongodb_keyfile.key`
Retrying mongodb keyfile auth. 2021-07-14 19:59:00 -04:00			`owner: root`
Adding authentication for mongo. Hopefully this covers everything needed. 2021-07-12 11:45:25 -04:00			`mode: 0400`
Retrying mongodb keyfile auth. 2021-07-14 19:59:00 -04:00			`tags:`
			`- keyfile`
Adding authentication for mongo. Hopefully this covers everything needed. 2021-07-12 11:45:25 -04:00
Switching from LOCAL_HOST to named server for monitor. 2021-05-19 23:01:12 -04:00			`- name: Make docker network for newsblurnet`
			`become: yes`
			`docker_network:`
			`name: newsblurnet`
			`notify: restart docker`

Mongo backups should use a dual-docker solution: 1) Use docker to backup mongo from the mongo container, 2) use newsblur_web container to upload to S3. 2021-07-16 12:25:25 -04:00			`- name: Make backup directory`
			`become: yes`
			`file:`
			`path: /opt/mongo/newsblur/backup/`
			`state: directory`
Mongo backup exec line. 2021-07-23 19:01:06 -04:00			`mode: 0666`
Mongo backups should use a dual-docker solution: 1) Use docker to backup mongo from the mongo container, 2) use newsblur_web container to upload to S3. 2021-07-16 12:25:25 -04:00
move mongo tasks into mongo role 2021-02-03 10:39:11 -05:00			`- name: Start db-mongo docker container`
			`become: yes`
			`docker_container:`
Finishing up db-mongo-analytics. Redis also now works. 2021-02-24 11:56:53 -05:00			`name: mongo`
move mongo tasks into mongo role 2021-02-03 10:39:11 -05:00			`image: mongo:3.6`
			`state: started`
Mongodb 3.6 config file format. 2021-05-10 18:30:54 -04:00			`container_default_behavior: no_defaults`
Adding hostnames to docker containers, changing mongo to just use host network mode dammit, and adding possibility for logging to dnsmasq. 2021-07-23 18:13:19 -04:00			`hostname: "{{ inventory_hostname }}"`
move mongo tasks into mongo role 2021-02-03 10:39:11 -05:00			`restart_policy: unless-stopped`
Switching from network_mode host to using a docker network. This gets us off host networking and to defined ports. The docker network connects the container's dns resolver to the machine's dnsmasq, which is used for consul. 2021-05-19 17:26:47 -04:00			`networks_cli_compatible: yes`
Adding hostnames to docker containers, changing mongo to just use host network mode dammit, and adding possibility for logging to dnsmasq. 2021-07-23 18:13:19 -04:00			`network_mode: host`
			`# network_mode: default`
			`# networks:`
			`# - name: newsblurnet`
Moving to SERVER_NAME for monitor as network mode is host. 2021-07-24 09:55:52 -04:00			`# aliases:`
			`# - mongo`
Adding hostnames to docker containers, changing mongo to just use host network mode dammit, and adding possibility for logging to dnsmasq. 2021-07-23 18:13:19 -04:00			`# ports:`
			`# - "27017:27017"`
Cleaning up mongo 2021-05-10 19:11:24 -04:00			`command: --config /etc/mongod.conf`
move mongo tasks into mongo role 2021-02-03 10:39:11 -05:00			`volumes:`
Mongodb 3.6 config file format. 2021-05-10 18:30:54 -04:00			`- /mnt/{{ inventory_hostname \| regex_replace('db-\|-', '') }}:/data/db`
			`- /srv/newsblur/ansible/roles/mongo/templates/mongo.conf:/etc/mongod.conf`
Adding authentication for mongo. Hopefully this covers everything needed. 2021-07-12 11:45:25 -04:00			`- /srv/newsblur/config/mongodb_keyfile.key:/srv/newsblur/config/mongodb_keyfile.key`
Setting mongo syslog location 2021-05-10 18:46:02 -04:00			`- /var/log/mongodb/:/var/log/mongodb/`
Mongo backups should use a dual-docker solution: 1) Use docker to backup mongo from the mongo container, 2) use newsblur_web container to upload to S3. 2021-07-16 12:25:25 -04:00			`- /opt/mongo/newsblur/backup/:/backup/`
registering mongo service in consul 2021-02-15 19:13:05 -05:00
			`- name: Register mongo in consul`
Adding consul tags for easy installation on services. 2021-02-23 19:30:28 -05:00			`tags: consul`
registering mongo service in consul 2021-02-15 19:13:05 -05:00			`become: yes`
			`template:`
			`src: consul_service.json`
			`dest: /etc/consul.d/mongo.json`
Adding db mongo secondary 2021-05-10 18:08:04 -04:00			`when: (inventory_hostname \| regex_replace('[0-9]+', '')) in ['db-mongo', 'db-mongo-secondary'] or inventory_hostname.startswith('db2')`
Finishing up db-mongo-analytics. Redis also now works. 2021-02-24 11:56:53 -05:00			`notify:`
			`- reload consul`

			`- name: Register mongo-analytics in consul`
			`tags: consul`
			`become: yes`
			`template:`
			`src: consul_service.analytics.json`
			`dest: /etc/consul.d/mongo.json`
Attempting to fix resolve issues. 2021-03-10 16:54:18 -05:00			`when: (inventory_hostname \| regex_replace('[0-9]+', '')) == 'db-mongo-analytics' or inventory_hostname.startswith('db3')`
registering mongo service in consul 2021-02-15 19:13:05 -05:00			`notify:`
Deleting all ufw rules on every run so firewalls remain clean. Also reloading gunicorn. 2021-02-23 18:37:56 -05:00			`- reload consul`
add disk usage sanity checker 2021-06-07 15:44:59 -04:00
Adding logrotate for mongo. 2021-06-29 17:51:14 -04:00			`- name: Setup logrotate for mongo`
			`become: yes`
			`copy: src=logrotate.conf dest=/etc/logrotate.d/mongodb mode=0755`
Switching celery to local log driver for docker due to logs filling up disk space. 2021-06-30 00:22:09 -04:00			`tags:`
			`- logrotate`
Adding logrotate for mongo. 2021-06-29 17:51:14 -04:00
fix disk usage sanity checker to check host machine and pass the data into the container to evaluate the disk usage and send an email 2021-06-18 14:57:29 -06:00			`- name: Add sanity checkers cronjob for disk usage`
add disk usage sanity checker 2021-06-07 15:44:59 -04:00			`become: yes`
fix disk usage sanity checker to check host machine and pass the data into the container to evaluate the disk usage and send an email 2021-06-18 14:57:29 -06:00			`cron:`
			`name: disk_usage_sanity_checker`
edit ansible files so that all disk usage sanity checkers run hourly 2021-06-25 11:42:21 -06:00			`user: root`
			`cron_file: /etc/cron.hourly/disk_usage_sanity_checker`
add multiline command syntax `>-` to cronjobs for sanity checkers 2021-06-27 13:24:07 -06:00			`job: >-`
			`docker pull newsblur/newsblur_python3:latest;`
add -it to disk usage commands for cronjobs. capitalize OUTPUT in disk usage commands 2021-06-25 11:46:09 -06:00			`docker run --rm -it`
			`OUTPUT=$(eval sudo df / \| head -n 2 \| tail -1);`
fix disk usage sanity checker to check host machine and pass the data into the container to evaluate the disk usage and send an email 2021-06-18 14:57:29 -06:00			`-v /srv/newsblur:/srv/newsblur`
edit ansible files so that all disk usage sanity checkers run hourly 2021-06-25 11:42:21 -06:00			`--network=newsblurnet`
			`--hostname {{ ansible_hostname }}`
add -it to disk usage commands for cronjobs. capitalize OUTPUT in disk usage commands 2021-06-25 11:46:09 -06:00			`newsblur/newsblur_python3 /srv/newsblur/utils/monitor_disk_usage.py $OUTPUT`
fix disk usage sanity checker to check host machine and pass the data into the container to evaluate the disk usage and send an email 2021-06-18 14:57:29 -06:00			`tags:`
			`- sanity-checker`
add mongo backup cronjob for ansible and integrate backup_mongo.py with docker setup 2021-06-19 12:02:29 -06:00
Mongo backups should use a dual-docker solution: 1) Use docker to backup mongo from the mongo container, 2) use newsblur_web container to upload to S3. 2021-07-16 12:25:25 -04:00			`- name: Add mongo backup`
			`cron:`
			`name: mongo backup`
			`minute: "0"`
			`hour: "4"`
			`job: /srv/newsblur/docker/mongo/backup_mongo.sh`
Changing how mongo is registered on consul. Now allows members before they are part of the replica set. 2021-07-21 21:10:02 -04:00			`when: '"db-mongo-secondary1" in inventory_hostname'`

			`- name: Add mongo starred_stories+stories backup`
			`cron:`
			`name: mongo backup`
			`minute: "0"`
			`hour: "5"`
			`job: /srv/newsblur/docker/mongo/backup_mongo_stories.sh`
			`when: '"db-mongo-secondary1" in inventory_hostname'`
Adding hostnames to docker containers, changing mongo to just use host network mode dammit, and adding possibility for logging to dnsmasq. 2021-07-23 18:13:19 -04:00

			`# Renaming a db-mongo3 to db-mongo2:`
			`# - Change hostname to db-mongo2 on Digital Ocean (doctl)`
			`# - Change hostname to db-mongo2 in /etc/hostname`
			`# - Symlink /mnt/mongo2 to /mnt/mongo3`
			`# - tf state mv "digitalocean_droplet.db-mongo-primary[2]" "digitalocean_droplet.db-mongo-primary[1]"`
			`# - tf state mv "digitalocean_volume.mongo_volume[2]" "digitalocean_volume.mongo_volume[1]"`