Skip to content
This repository was archived by the owner on May 8, 2021. It is now read-only.

Commit f4fda6a

Browse files
exAspArkexAspArk
authored
Merge pull request #12 from uniiverse/ssl_v2
Use new CA signed SSL certificates for MongoDB, install agents through OpsManager
2 parents 52b80d9 + 35bd45d commit f4fda6a

File tree

2 files changed

+10
-74
lines changed

2 files changed

+10
-74
lines changed

mongodb/mongodb/mongodb.tf

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,9 @@ variable "mongodb_conf_engine" {}
66
variable "mongodb_conf_replsetname" {}
77
variable "mongodb_conf_oplogsizemb" {}
88
variable "mongodb_key_s3_object" {}
9-
variable "mongodb_ssl_server_key_s3_object" {}
10-
variable "mongodb_ssl_client_key_s3_object" {}
9+
variable "ssl_ca_key_s3_object" {}
10+
variable "ssl_agent_key_s3_object" {}
11+
variable "ssl_mongod_key_s3_object" {}
1112
variable "opsmanager_key_s3_object" {}
1213
variable "mongodb_iam_name" {}
1314
variable "mongodb_sg_id" {}
@@ -36,12 +37,6 @@ variable "config_ebs" {
3637
variable "role_node" {
3738
default = "false"
3839
}
39-
variable "role_monitoring_agent" {
40-
default = "false"
41-
}
42-
variable "role_backup_agent" {
43-
default = "false"
44-
}
4540
variable "role_opsmanager" {
4641
default = "false"
4742
}
@@ -71,17 +66,16 @@ data "template_file" "user_data" {
7166
mongodb_conf_replsetname = "${var.mongodb_conf_replsetname}"
7267
mongodb_conf_oplogsizemb = "${var.mongodb_conf_oplogsizemb}"
7368
mongodb_key_s3_object = "${var.mongodb_key_s3_object}"
74-
mongodb_ssl_server_key_s3_object = "${var.mongodb_ssl_server_key_s3_object}"
75-
mongodb_ssl_client_key_s3_object = "${var.mongodb_ssl_client_key_s3_object}"
69+
ssl_ca_key_s3_object = "${var.ssl_ca_key_s3_object}"
70+
ssl_mongod_key_s3_object = "${var.ssl_mongod_key_s3_object}"
71+
ssl_agent_key_s3_object = "${var.ssl_agent_key_s3_object}"
7672
opsmanager_key_s3_object = "${var.opsmanager_key_s3_object}"
7773
opsmanager_subdomain = "${var.opsmanager_subdomain}"
7874
hostname = "${var.route53_hostname}"
7975
aws_region = "${var.aws_region}"
8076
config_ephemeral = "${var.config_ephemeral}"
8177
config_ebs = "${var.config_ebs}"
8278
role_node = "${var.role_node}"
83-
role_monitoring_agent = "${var.role_monitoring_agent}"
84-
role_backup_agent = "${var.role_backup_agent}"
8579
role_opsmanager = "${var.role_opsmanager}"
8680
role_backup = "${var.role_backup}"
8781
mms_group_id = "${var.mms_group_id}"

mongodb/mongodb/templates/user-data.sh

Lines changed: 4 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ hostname ${hostname}
66
#
77
# apt
88
#
9-
DEBIAN_FRONTEND=noninteractive apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
9+
DEBIAN_FRONTEND=noninteractive apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv BC711F9BA15703C6
1010
echo "deb [ arch=amd64 ] http://repo.mongodb.com/apt/ubuntu trusty/mongodb-enterprise/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list
1111
DEBIAN_FRONTEND=noninteractive apt-key update -y
1212
DEBIAN_FRONTEND=noninteractive apt-get update -y
@@ -204,74 +204,16 @@ if [ "${role_node}" == "true" ]; then
204204
# setup ssl certificates for mongodb
205205
SSL_PATH=/etc/mongodb/ssl
206206
mkdir -p $SSL_PATH
207-
aws s3 --region=${aws_region} cp ${mongodb_ssl_server_key_s3_object} $SSL_PATH/mongodb_ssl_server.pem
208-
aws s3 --region=${aws_region} cp ${mongodb_ssl_client_key_s3_object} $SSL_PATH/mongodb_ssl_client.pem
207+
aws s3 --region=${aws_region} cp ${ssl_ca_key_s3_object} $SSL_PATH/CAroot.pem
208+
aws s3 --region=${aws_region} cp ${ssl_mongod_key_s3_object} $SSL_PATH/mongod.pem
209+
aws s3 --region=${aws_region} cp ${ssl_agent_key_s3_object} $SSL_PATH/agent.pem
209210
chmod 700 -R $SSL_PATH
210211
chown -R mongodb:mongodb $SSL_PATH
211212

212213
service mongodb-mms-automation-agent stop
213214
service mongodb-mms-automation-agent start
214215
fi
215216

216-
#
217-
# Monitoring Agent (connects to OpsManager)
218-
#
219-
if [ "${role_monitoring_agent}" == "true" ] ; then
220-
# install
221-
curl -k -OL http://${opsmanager_subdomain}:8080/download/agent/monitoring/mongodb-mms-monitoring-agent_5.4.5.370-1_amd64.deb
222-
DEBIAN_FRONTEND=noninteractive dpkg --install mongodb-mms-monitoring-agent_5.4.5.370-1_amd64.deb
223-
224-
# setup for opsmanager
225-
MONITORING_AGENT_CONFIG_FILE=/etc/mongodb-mms/monitoring-agent.config
226-
ESCAPED_OPSMANAGER_URL=`echo http://${opsmanager_subdomain}:8080 | awk '{gsub("/", "\\\/");print}'`
227-
sed -i "s/mmsBaseUrl=.*/mmsBaseUrl=$ESCAPED_OPSMANAGER_URL/" $MONITORING_AGENT_CONFIG_FILE
228-
sed -i "s/mmsApiKey=.*/mmsApiKey=${mms_api_key}/" $MONITORING_AGENT_CONFIG_FILE
229-
230-
# setup ssl certificates for monitoring agents
231-
SSL_PATH=/etc/mongodb-mms/ssl
232-
mkdir -p $SSL_PATH
233-
aws s3 --region=${aws_region} cp ${mongodb_ssl_server_key_s3_object} $SSL_PATH/mongodb_ssl_server.pem
234-
aws s3 --region=${aws_region} cp ${mongodb_ssl_client_key_s3_object} $SSL_PATH/mongodb_ssl_client.pem
235-
chmod 700 -R $SSL_PATH
236-
chown -R mongodb-mms-agent:mongodb-mms-agent $SSL_PATH
237-
echo "sslTrustedServerCertificates=$SSL_PATH/mongodb_ssl_server.pem" >> $MONITORING_AGENT_CONFIG_FILE
238-
echo "sslClientCertificate=$SSL_PATH/mongodb_ssl_client.pem" >> $MONITORING_AGENT_CONFIG_FILE
239-
echo "sslRequireValidServerCertificates=true" >> $MONITORING_AGENT_CONFIG_FILE
240-
241-
stop mongodb-mms-monitoring-agent
242-
start mongodb-mms-monitoring-agent
243-
fi
244-
245-
#
246-
# Backup Agent (connects to OpsManager)
247-
#
248-
if [ "${role_backup_agent}" == "true" ] ; then
249-
# install
250-
curl -k -OL http://${opsmanager_subdomain}:8080/download/agent/backup/mongodb-mms-backup-agent_5.0.7.494-1_amd64.deb
251-
DEBIAN_FRONTEND=noninteractive dpkg --install mongodb-mms-backup-agent_5.0.7.494-1_amd64.deb
252-
253-
# setup for opsmanager
254-
BACKUP_AGENT_CONFIG_FILE=/etc/mongodb-mms/backup-agent.config
255-
chmod 644 $BACKUP_AGENT_CONFIG_FILE
256-
chown mongodb:mongodb $BACKUP_AGENT_CONFIG_FILE
257-
sed -i "s/mmsApiKey=.*/mmsApiKey=${mms_api_key}/" $BACKUP_AGENT_CONFIG_FILE
258-
sed -i "s/mothership=.*/mothership=${opsmanager_subdomain}:8080/" $BACKUP_AGENT_CONFIG_FILE
259-
260-
# setup ssl certificates for monitoring agents
261-
SSL_PATH=/etc/mongodb-mms/ssl
262-
mkdir -p $SSL_PATH
263-
aws s3 --region=${aws_region} cp ${mongodb_ssl_server_key_s3_object} $SSL_PATH/mongodb_ssl_server.pem
264-
aws s3 --region=${aws_region} cp ${mongodb_ssl_client_key_s3_object} $SSL_PATH/mongodb_ssl_client.pem
265-
chmod 700 -R $SSL_PATH
266-
chown -R mongodb-mms-agent:mongodb-mms-agent $SSL_PATH
267-
echo "sslTrustedServerCertificates=$SSL_PATH/mongodb_ssl_server.pem" >> $BACKUP_AGENT_CONFIG_FILE
268-
echo "sslClientCertificate=$SSL_PATH/mongodb_ssl_client.pem" >> $BACKUP_AGENT_CONFIG_FILE
269-
echo "sslRequireValidServerCertificates=true" >> $BACKUP_AGENT_CONFIG_FILE
270-
271-
stop mongodb-mms-backup-agent
272-
start mongodb-mms-backup-agent
273-
fi
274-
275217
#
276218
# Backup Node (connects to OpsManager)
277219
#

0 commit comments

Comments
 (0)