Skip to content

Instantly share code, notes, and snippets.

Last active April 15, 2023 22:56
Show Gist options
  • Save oakinogundeji/7576666a73d09e4f4df2210ebbb8506f to your computer and use it in GitHub Desktop.
Save oakinogundeji/7576666a73d09e4f4df2210ebbb8506f to your computer and use it in GitHub Desktop.
ansible playbook to provision hidden nodes
- name: install mongodb locally on EC2 Ubuntu Instance
hosts: localhost
connection: local
become: true
become_method: sudo
debugger: on_failed
gather_facts: true
- name: install gnupg as precursor for installing mongodb public key
name: gnupg
state: present
update_cache: true
- name: install mongodb public key
state: present
- name: add mongodb repository
repo: deb jammy/mongodb-org/6.0 multiverse
state: present
update_cache: true
- name: install mongodb
name: mongodb-org
state: present
register: mongodb_installed
- debug: var=mongodb_installed
- name: install mongodb dbase tools for mongodump and mongo restore
when: mongodb_installed is succeeded
ansible.builtin.command: "{{item}}"
- wget
- dpkg -i ./mongodb-database-tools-ubuntu1604-x86_64-100.7.0.deb
register: dbase_tools_installed
- debug: var=dbase_tools_installed
- name: edit limits.conf file
when: mongodb_installed is succeeded
path: /etc/ssh/sshd_config
block: |
* soft nofile 64000
* hard nofile 64000
* soft nproc 32000
* hard nproc 32000
backup: yes
marker: " <!-- {mark} ANSIBLE MANAGED BLOCK -->"
register: limits_conf_res
- debug: var=limits_conf_res
- name: create 90.nproc.conf file
when: limits_conf_res is succeeded
dest: /etc/security/limits.d/90-nproc.conf
content: |
* soft nproc 32000
* hard nproc 32000
register: nproc_conf_res
- debug: var=nproc_conf_res
- name: turn off core dumps
when: nproc_conf_res is succeeded
path: /etc/default/apport
regexp: '^enabled=1'
line: 'enabled=0'
state: present
backup: true
register: core_dumps_off
- debug: var=core_dumps_off
- name: backup existing mongod.conf
when: core_dumps_off is succeeded
ansible.builtin.command: mv /etc/mongod.conf /etc/mongod.conf.old
register: conf_backup_res
- debug: var=conf_backup_res
- name: create the /srv/mongod dir
when: conf_backup_res is succeeded
path: /srv/mongod
state: directory
mode: '0755'
register: keyfile_dir_res
- debug: var=keyfile_dir_res
- name: copy shared replicaset-keyfile to /srv/mongod/
when: keyfile_dir_res is succeeded
ansible.builtin.command: mv ./replicaset-keyfile /srv/mongod/replicaset-keyfile
register: keyfile_copy_res
- debug: var=keyfile_copy_res
- name: change permissions for /srv/mongod/replicaset-keyfile
when: keyfile_copy_res is succeeded
ansible.builtin.command: chmod 400 /srv/mongod/replicaset-keyfile
register: keyfile_chmod_res
- debug: var=keyfile_chmod_res
- name: chown /srv/mongod to mongod process
when: keyfile_chmod_res is succeeded
ansible.builtin.command: chown -R mongodb:mongodb /srv/mongod/
register: keyfile_chown_res
- debug: var=keyfile_chown_res
- name: copy hugepages fix to /etc/systemd/system/mongod-hugepage-fix.service
when: keyfile_chown_res is succeeded
ansible.builtin.command: mv ./hugepages-fix /etc/systemd/system/mongod-hugepage-fix.service
register: hugepages_res
- debug: var=hugepages_res
- name: enable hugepages fix
when: hugepages_res is succeeded
ansible.builtin.command: "{{item}}"
- systemctl daemon-reload
- systemctl enable mongod-hugepage-fix
- systemctl start mongod-hugepage-fix
register: hupages_activated_res
- debug: var=hupages_activated_res
- name: get ansible_fqdn value
when: hupages_activated_res is succeeded
ansible.builtin.command: echo {{ ansible_fqdn }}
register: fqdn_res
- debug: var=fqdn_res
- name: install aws cli
when: fqdn_res is succeeded
ansible.builtin.command: "{{item}}"
- curl "" -o ""
- unzip
- ./aws/install
register: aws_cli_up
- debug: var=aws_cli_up
- name: copy sample.conf to /etc/mongod.conf
when: aws_cli_up is succeeded
ansible.builtin.command: mv ./sample.conf /etc/mongod.conf
register: new_conf_res
- debug: var=new_conf_res
- name: start and enable mongodb
when: new_conf_res is succeeded
name: mongod
state: started
enabled: true
register: mongod_set
- debug: var=mongod_set
- name: install notifier dependencies
when: mongod_set is succeeded npm install --prefix ./notifiers
register: notifier_up
- debug: var=notifier_up
- debug: var=fqdn_res
- name: check if database backups in s3
when: mongod_set is succeeded
bucket_name: "{{BACKUP_BUCKET}}"
register: backup_bucket_output
- debug: var=backup_bucket_output.s3_keys
- name: restore backed up database files to running mongod instance
when: backup_bucket_output.s3_keys[0] == "mongodb_dbase_backup.gz" /bin/bash ./ {{ fqdn_res.stdout }} {{BACKUP_BUCKET}} mongodb_dbase_backup.gz
ignore_errors: true
register: dbase_restored
- name: setup cron job to auto backup mongod to S3 every 6 hours
when: mongod_set is succeeded
name: "backup mongodb"
user: "ubuntu"
minute: "0"
hour: "6,12,18,0"
job: "/bin/bash /home/ubuntu/<repo_name>/<optional_sub_directory>/ {{ fqdn_res.stdout }} {{BACKUP_BUCKET}} mongodb_dbase_backup.gz"
register: backup_croned
- debug: var=backup_croned
- name: send notification email
when: mongod_set is succeeded node ./notifiers/hidden-node.js {{ fqdn_res.stdout }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment