add mongodb role

ansible/roles/mongodb/templates/mk_mongodb.cfg.j2

@@ -0,0 +1,10 @@
+[MONGODB]
+
+# all keys are optional
+host = 127.0.0.1
+# host defaults to localhost
+username = checkmk
+password = {{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/mongodb/{{ env }}/users/checkmk:password') }}
+auth_source = admin
+# auth_source defaults to admin
+auth_mechanism = DEFAULT

ansible/roles/mongodb/templates/mongo-keyfile.j2

@@ -0,0 +1 @@
+{{ lookup('hashi_vault','ansible/data/mongodb/{{ env }}/keyFile:key') }}

ansible/roles/mongodb/templates/mongod.conf.j2

@@ -0,0 +1,44 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+processManagement:
+  pidFilePath: /var/run/mongodb/mongod.pid
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+#  engine:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  logRotate: reopen
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 0.0.0.0
+
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
+
+security:
+  keyFile: /etc/mongo-keyfile
+  authorization: enabled
+
+#operationProfiling:
+
+replication:
+  replSetName: {{ mongodb_replicaset_name }}
+
+#sharding:
+
+setParameter:
+    transactionLifetimeLimitSeconds: 3600

ansible/roles/mongodb/templates/mongodb-dump-full.sh.j2

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+set -eu
+
+DATE=$(date +%Y%m%d)
+HOSTNAME=$(hostname -s)
+STATUS=0
+LOGFILE="/var/tmp/mongodb-dump-databases.log"
+HOST="localhost"
+COMPRESS=false
+USER="backup"
+PASSWORD="{{lookup('community.hashi_vault.hashi_vault', 'ansible/data/mongodb/{{ env }}/users/backup:password') }}"
+DUMP_OPTIONS=""
+
+touch ${LOGFILE}
+
+#
+# Fonctions
+#
+
+checkNas()
+{
+    if [ ! -e "${BACKUPDIR}/.mount" ]; then
+        echo "${BACKUPDIR} not mounted. Backup aborted." | tee -a ${LOGFILE}
+        exit 1
+    fi
+}
+
+usage()
+{
+  echo "$0 -r <retention> -d <repertoire> -c (compression)"
+  echo "Exemple : /data/scripts/mongodb-dump-full.sh -r 20 -d /nas -c"
+}
+
+#
+# Main
+#
+
+while getopts "hcr:d:" option
+do
+  case "${option}"
+  in
+    r)
+      RETENTION=${OPTARG};;
+    d)
+      BACKUPDIR=${OPTARG};;
+    c)
+      COMPRESS=true;;
+    h | *)
+      usage
+      exit 1;;
+  esac
+done
+
+echo "Lancement du dump - Retention : ${RETENTION} - Repertoire : ${BACKUPDIR}" | tee -a ${LOGFILE}
+
+# check if the node is secondary
+SEC=$(mongosh --host=${HOST} --authenticationDatabase admin --username ${USER} --password ${PASSWORD} --eval 'rs.hello().secondary' --quiet)
+if [ ! "${SEC}" == "true" ]; then
+    echo "$(date +%s)|2|Node is not seconday ${LOGFILE}" > /var/tmp/batch."$(basename $0)"
+    exit 0
+fi
+
+[ -d "${BACKUPDIR}" ] || mkdir -p "${BACKUPDIR}"
+
+if [ "${COMPRESS}" ]; then
+    DUMP_OPTIONS="${DUMP_OPTIONS} --authenticationDatabase=admin --username=${USER} --password=${PASSWORD} --gzip"
+else
+    DUMP_OPTIONS="${DUMP_OPTIONS} --authenticationDatabase=admin --username=${USER} --password=${PASSWORD}"
+fi
+
+# dump
+mongodump -v --host=${HOST} ${DUMP_OPTIONS} --archive="${BACKUPDIR}/${DATE}-${HOSTNAME}.gz" |tee -a ${LOGFILE}
+STATUS=$?
+
+# output in statusfile for checkmk
+echo "$(date +%s)|${STATUS}|Check log file ${LOGFILE}" > /var/tmp/batch."$(basename "$0")"
+echo "Fin du dump - Retention : ${RETENTION} - Repertoire : ${BACKUPDIR}" | tee -a ${LOGFILE}