您的位置:首页 > 数据库 > Mongodb

saltstack 配置mongodb作为后台存储pillar,自动化安装mongodb,创建mongodb用户

2017-07-28 17:03 495 查看
## saltstack 学习记录

配置文件

$ cat /etc/salt/master.d/10-master.conf
user: root
interface: 127.0.0.1
ipv6: False
worker_threads: 10
hash_type: sha256
log_level_logfile: debug
log_level: info
default_top: base
cli_summary: false
state_output: changes
$ cat /etc/salt/master.d/20-git.off
fileserver_backend:
- git


#gitfs_remotes:
#  - $' target='_blank'>http://salt-master:r60JgZsSqR0FvXjowL8c@127.0.2.1:80/saltstack/state.git
$ cat /etc/salt/master.d/30-file.conf
file_roots:
dev:
- /home/jony/salt_gitlab

cat /etc/salt/master.d/40-mongo.conf
mongo.db: vortex
mongo.host: 127.0.0.1
mongo.user: mongodb_salt
mongo.password: 123456
mongo.indexes: true

master_tops:
mongo: { id_field: minion_id, collection: salt_top }
ext_pillar:
- mongo: { id_field: minion_id, collection: salt_pillar }


### saltstack 用法

> 如果刷新不出数据,或者出现一些莫名其妙的问题,可以killall -9 杀掉重启试试
$ salt '*' saltutil.pillar_refresh 刷新pillar数据
$ salt '*' pillar.items #获取pillar数据
$ salt '*' pillar.data #获取pillar数据
$ salt 'ubuntu' pillar.items application:mysql-databases:grants:from
ubuntu:
----------
application:mysql-databases:grants:from:
%
$ salt '*' grains.items #获取grains 数据
$ salt '*' grains.ls
$ salt 'ubuntu' grains.item ip_interfaces:eth0
ubuntu:
----------
ip_interfaces:eth0:
- 192.168.100.130
- fe80::20c:29ff:fea9:c4f4
$ salt 'ubuntu' sys.doc #获取帮助信息
## mongodb 部署
#### 目录结构
$ tree subsystem/mongo
mongo
├── client
│   ├── init.sls
│   └── mongo-client-install.sls
├── init.sls
└── server
├── init.sls
├── mongo-3.4.pub
├── mongodb-install.sls
├── mongodb-reconfigure.sls
└── mongod_conf.jinja

#### sls文件编写
$ cat init.sls
include:
- .server
- .client

$ cat server/init.sls #初始化模板,这样写易于扩展
{% if 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status']  == 'installed' %}
include:
- .mongodb-reconfigure
{% elif 'mongo-server' in pillar['subsystem'] and pillar['subsystem']['mongo-server']['status']  == 'pre-install' %}
include:
- .mongodb-install

$ cat server/mongodb-install.sls  #安装sls文件
{% set config = pillar['subsystem']['mongo-server'] %}
subsystem.mongo.server.deploy:
pkgrepo.managed:
- humanname: mongodb-org-3.4
- name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
- key_url: salt://subsystem/mongodb/mongo-3.4.pub
- file: /etc/apt/sources.list.d/mongodb-org-3.4.list
- unless: apt-key list|grep -qE 'MongoDB 3.4 Release'
pkg.installed:
- name: mongodb-org
- skip_verify: True
- skip_suggestions: True
file.directory:
- name: /data/mongodata
- user: mongodb
- group: mongodb
- makedirs: True
subsystem.mongo.server.config:
file.managed:
- name: /etc/mongod.conf
- source: salt://subsystem/mongo/server/mongod_conf.jinja
- template: jinja
- defaults:
config: {{ pillar['subsystem']['mongo-server'] | json() }}
service.running:
- name: mongod
- enable: True
- restart: True
- watch:
- file: /etc/mongod.conf
subsystem.mongo.server.root:
cmd.run:
- cwd: /root
- name: mongo admin --eval "db.createUser({user:'mongodbadmin', pwd:'{{ config['install_password'] }}', roles:['root']})"
- unless: echo 'show users' | mongo admin | grep -qE '.*_id.*admin.mongodbadmin'
- require:
- service: mongod

$ cat server/mongod_conf.jinja  #配置文件jinja模板
storage:
dbPath: /data/mongodata
journal:
enabled: true
systemLog:
destination: file
logAppend: true
path: /data/mongodata/mongod.log
net:
port: {{ config['listen-port'] if 'listen-port' in config else '27017' }}
bindIp: {{ config['listen-ip'] if 'listen-ip' in config else '127.0.0.1' }}
{% if 'status' in config and config['status'] == 'installed' %}
security:
authorization: enabled
{% endif %}

$ cat server/mongo-3.4.pub  #apt安装所需要的mongo公钥
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFaUNhsBEACkTlpL9xCrlirl77tahFzzd9ccTc5wP+M3oob18GIaMYKicjbR
h6J6ytCiXCkl65zYKvQdLkt8qlkBVc5DxGeJvD41IY3NzGPz+BZ9pFFBndAE+JEP
ng0ULLxzUDmWXIoukdHqf92BSizTFd2A8v+YGuwOkNBdPi/BHkwiViAaAKDZm/4k
9LZeOF0v7gZF89QD75NrSCKo5SGFRb8Cxi4KR4cS/jPuQVjd+B9fWkc74BUWE91t
3R87Uypd+1qnmoN6cOssLZ4s8n/cyOCkVphGmk1tDDhbEsI4knOqtPXaBHiC4lVI
ghpTHEDUuDfbQ7scySae8/YItTC/vVGngiJmZSfZU5AvVspe6rfkHQHqZs3gYMqj
XPl7acviEAZ7OiMp9diq6Kgp+xLRvRGL+jtUjLkP5O4gJlnxCm7YWrYfYA/vHULD
MyIGSBzuESGxL+Ygz+Dc0Aim9NPM5KhpV5FoAXNt50cn6n1adIwbUciRY0zBXKAI
Vj6D+j3e0ozsO+GGEpmQFAIo1h7CEn8VV61WaLz2F60LKR8d/DEMZ7SY8uznbzkm
TJCeCp/pTnPeGwkyJmJ78LAaKw2tSCeEAfRlnzPeQeanOnEX/wnAjHHAHewvGgQe
GW1QkEdy8zNmfODDf9wqknBShaFRHAOAQFEgBAkYHuT4SgHqW8TVDtF3CQARAQAB
tDdNb25nb0RCIDMuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u
Z29kYi5jb20+iQI+BBMBAgAoBQJWlDYbAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRC8cR+boVcDxmtEEACSjnZcwcozGYS/8peH2P8yPxD2mXVQ
AJ8Pss+YBo8hpRaiA7BEY+FFthbSYEX8XRR/Bg9HjDk9CNXc221I0WcTRv3Sb718
QutRd4ppdGtusgTHjUdYNDzctExU90vtJRvwI2oiz2YA8dM7mtTzUFpR4IQGopB4
PmjEls6hkebTjjSaO9UmcLyip+S+rTZ9c8UQvBH7rNoe4QacmGi/l/uUo/q4J7nE
jtjpsemUK7LWY7YtB21F/hH3OrQkgQAoVv2q2xSaiLJeWsr33jgd4o4/d3QN1t/P
GkNIOEBdO/hM8uOj+hGD+tDphHzd9jGjALqV6lC2k9zNXyAFnTUwp0NL74hODv6z
daihKu4fTRU7S0eYSGc2sQDPiiQF5YkxAHqADnPmR2ZpBVVtbUNB31BDOYjTzRwq
tkLKRCgI29Kgut0Uhvq+/Hx+0485ndgzcqeaLhslUagZy1bXN3sDW4QYN2tPvP+P
2JDtGydsYGZCWA0FBRFdsSbruBSK/BkEpGhq97bE9vclfVchb989A47lgErusw5C
xtLxUGPmVc2dYmHJLUkgHszdcTLHwy8/arYMehG7RVzAEG55AueLsc9B0vSI0E6r
lvalHgoCttCynEzM4Ol1rcG9XtlCyKk4AeimYLE/cxlckDoIVVwrFXrRrhB41Asw
rP4l4xtk+nWHpg==
=F42J
-----END PGP PUBLIC KEY BLOCK-----

$ cat server/mongodb-reconfigure.sls #如果配置文件有变,就重启
subsystem.mongo.server.config:
file.managed:
- name: /etc/mongod.conf
- source: salt://subsystem/mongo/server/mongod_conf.jinja
- template: jinja
- defaults:
config: {{ pillar['subsystem']['mongo-server'] | json() }}
service.running:
- name: mongod
- enable: True
- restart: True
- watch:
- file: /etc/mongod.conf
$ cat client/init.sls #client客户端安装,易于扩展
{% if 'mongo-client' in pillar['subsystem'] and pillar['subsystem']['mongo-client']['status']  == 'pre-install' %}
include:
- .mongo-client-install
{% endif %}

$ cat client/mongo-client-install.sls  #客户端安装
Add apt-repo of mongodb-org on {{ grains['id'] }}:
pkgrepo.managed:
- humanname: mongodb-org-3.4
- name: deb [ arch=amd64 ] http://mirrors.aliyun.com/mongodb/apt/ubuntu trusty/mongodb-org/3.4 multiverse
- key_url: salt://subsystem/mongodb/mongo-3.4.pub
- file: /etc/apt/sources.list.d/mongodb-org-3.4.list
- unless: apt-key list|grep -qE 'MongoDB 3.4 Release'
pkg.installed:
- name: mongodb-org-shell
- skip_verify: True
- skip_suggestions: True

## mongodb增删创建库与用户
#### 目录结构
$ tree application/mongo
mongo
├── init.sls
├── mongo_create.sh
├── mongo_drop.sh
├── mongo_user_create.sh
└── mongo_user_drop.sh

#### sls 文件编写
$ cat mongo/init.sls
{% if 'mongodb-client' in pillar['subsystem'] and pillar['subsystem']['mongodb-client']['status'] == 'installed' %}
{% for mongo in pillar['application']['mongodb-instances'] %}
{% for db in mongo['dbs'] %}
{% if 'delete' in db and db['delete'] %}
Drop mongo database {{ db['dbname'] }}:
cmd.script:
- name: salt://application/mongo/mongo_drop.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
dbname: {{ db['dbname'] }}
adminuser: {{ mongo['adminuser'] }}
adminpasswd: {{ mongo['adminpasswd'] }}
host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
port: {{ mongo['port'] if 'port' in mongo else '27017' }}
{% else %}
Create mongo database  {{ db['dbname'] }}:
cmd.script:
- name: salt://application/mongo/mongo_create.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
dbname: {{ db['dbname'] }}
adminuser: {{ mongo['adminuser'] }}
adminpasswd: {{ mongo['adminpasswd'] }}
host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
port: {{ mongo['port'] if 'port' in mongo else '27017' }}
{% if 'users' in db %}
{% for user in db['users'] %}
{% if 'delete' in user and user['delete'] %}
Drop user {{ user['username'] }} on {{ db['dbname'] }}:
cmd.script:
- name: salt://application/mongo/mongo_user_drop.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
username: {{ user['username'] }}
adminuser: {{ mongo['adminuser'] }}
adminpasswd: {{ mongo['adminpasswd'] }}
host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1' }}
port: {{ mongo['port'] if 'port' in mongo else '27017' }}
dbname: {{ db['dbname'] }}
{% else %}
Create user {{ user['username'] }} on {{ db['dbname'] }}:
cmd.script:
- name: salt://application/mongo/mongo_user_create.sh
- cwd: /root
- stateful: True
- template: jinja
- default:
username: {{ user['username'] }}
mongo_password: {{ user['password'] }}
privileges: {{ user['privileges'] if 'privileges' in user else ['read'] | json() }}
adminuser: {{ mongo['adminuser']  }}
adminpasswd: {{ mongo['adminpasswd']  }}
host: {{ mongo['ip'] if 'ip' in mongo else '127.0.0.1'  }}
port: {{ mongo['port'] if 'port' in mongo else '27017'  }}
dbname: {{ db['dbname']  }}
{% endif %} # delete in user
{% endfor %} # user in db
{% endif %} # user in db
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}


#### 创建db脚本
$ cat mongo/mongo_create.sh
#!/usr/bin/env bash
#_author=jony
#判断db是否存在
info=$(echo 'show dbs'|mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info}|grep -qE "{{ dbname }}"; then
echo "changed=false comment='db {{ dbname }} is already present'"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment='db {{ dbname }} is already present ${info}' test=True"
exit 0
fi
#创建db
info=$(mongo --host "{{ host  }}" --port "{{ port  }}" -u "{{ adminuser  }}" -p "{{ adminpasswd }}" --authenticationDatabase admin {{ dbname }} --eval "db.iteminfo.insert({dbinfo:'mongo for game'})")
if echo $info |grep -qE "nInserted";then
echo "changed=true comment='Create mongodb {{ dbname }} on {{ host }} Success!'"
exit 0
else
echo "changed=false comment='Create mongodb {{ dbname }} on {{ host }} Failed!"
exit 1
fi
#### 删除db脚本
$ cat mongo/mongo_drop.sh
#!/usr/bin/env bash
#_autho=jony
#判断db是否存在
info=$(echo 'show dbs;' |mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin)
if echo ${info} |grep -qvE "{{ dbname }}"; then
echo "changed=false comment='db {{ dbname }} is absent'"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment='db {{ dbname }} is absent' test=True"
exit 0
fi
#创建db
info=$(mongo --host "{{ host }}" --port "{{ port }}" -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin  {{ dbname }} --eval "db.dropDatabase()")
if echo $info |grep -qE ".*dropped.*ok.*1";then
echo "changed=true comment='Drop mongodb {{ dbname }} on {{ host }}  Success!'"
exit 0
else
echo "changed=false comment='Drop mongodb {{ dbname }} on {{ host }} Failed!'"
exit 1
fi


#### 创建用户并授权
$ cat mongo/mongo_user_create.sh
#!/usr/bin/env bash
#_author=jony
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
_action=0
#判断用户是否存在
if echo ${msg}|grep -qE '.*_id" : "{{ dbname }}.{{ username }}"';then
# 判断权限是否有变更
_priv=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUser('{{ username }}')" |awk -F':' '/"role"/{print $2}'|tr -d '\n ",')
_cpriv=$(echo {{ privileges }} | tr -d '[, ]')
if [[ ${_priv} == ${_cpriv} ]]; then
echo "changed=false comment='{{ dbname }}.{{ username }} with roles is already present '"
exit 0
else
_action=1
fi
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True"
exit 0
fi
if [ ${_action} -eq 0 ];then
#创建用户
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \
--eval 'db.createUser({user:"{{ username }}",pwd:"{{ mongo_password }}",roles:["{{ privileges }}"]})')
if echo $msg |grep -qE "Successfully added";then
echo "changed=true comment='Create {{ dbname }}.{{ username }} Success!'"
exit 0
else
echo "changed=false comment='Create {{ dbname }}.{{ username }} Failed!"
exit 1
fi
else
msg=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" \
--eval 'db.updateUser("{{ username }}",{roles:[ "{{ privileges | join('","') }}" ]})')
if [ $? -eq 0 ];then
echo "changed=true comment='Change privileges Success!'${_cpriv} and ${_priv}"
exit 0
else
echo "changed=false comment='Change privileges Failed!'"
exit 1
fi
fi
#### 删除用户
$ cat mongo/mongo_user_drop.sh
#!/usr/bin/env bash
#_author=jony
#判断user是否存在
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.getUsers()")
if echo ${info}|grep -qvE "{{ dbname }}.{{ username }}"; then
echo "changed=false comment='{{ dbname }}.{{ username }} is already present'"
exit 0
elif [ -n "${1}" -a "${1}" == "test" ];then
echo "changed=false comment='{{ dbname }}.{{ username }} is already present' test=True"
exit 0
fi
#删除用户
info=$(mongo --host "{{ host }}" --port {{ port }} -u "{{ adminuser }}" -p "{{ adminpasswd }}" --authenticationDatabase admin "{{ dbname }}" --eval "db.dropUser('{{ username }}')")
if echo $info |grep -qE "true";then
echo "changed=true comment='Drop {{ dbname }}.{{ username }} Success!'"
exit 0
else
echo "changed=false comment='Drop {{ dbname }}.{{ username }} Failed!"
exit 1
fi
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  mongodb saltstack
相关文章推荐
新的分享
章节导航