From c7c43e28cae7a41d6736eb2751b972acbc284059 Mon Sep 17 00:00:00 2001 From: Clayton Coggeshall Date: Tue, 9 Oct 2018 15:26:36 -0400 Subject: [PATCH] Add new classes for installing Ops Manager --- README.md | 47 +++++++ manifests/opsmanager.pp | 52 ++++++++ manifests/opsmanager/config.pp | 13 ++ manifests/opsmanager/install.pp | 41 ++++++ manifests/opsmanager/params.pp | 20 +++ manifests/opsmanager/service.pp | 19 +++ manifests/params.pp | 2 +- spec/classes/ops_manager_install_spec.rb | 20 +++ spec/classes/ops_manager_spec.rb | 37 ++++++ templates/opsmanager/conf-mms.properties.epp | 128 +++++++++++++++++++ 10 files changed, 378 insertions(+), 1 deletion(-) create mode 100644 manifests/opsmanager.pp create mode 100644 manifests/opsmanager/config.pp create mode 100644 manifests/opsmanager/install.pp create mode 100644 manifests/opsmanager/params.pp create mode 100644 manifests/opsmanager/service.pp create mode 100644 spec/classes/ops_manager_install_spec.rb create mode 100644 spec/classes/ops_manager_spec.rb create mode 100644 templates/opsmanager/conf-mms.properties.epp diff --git a/README.md b/README.md index d9ef22cbf..437c055bc 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,8 @@ The MongoDB module manages mongod server installation and configuration of the mongod daemon. For the time being it supports only a single MongoDB server instance, without sharding functionality. +The MongoDB module also manages Ops Manager setup and the mongdb-mms daemon. + ## Setup ### What MongoDB affects @@ -39,6 +41,8 @@ instance, without sharding functionality. * MongoDB client. * MongoDB sharding support (mongos) * MongoDB apt/yum repository. +* Ops Manager package. +* Ops Manager configuration files. ### Beginning with MongoDB @@ -135,6 +139,30 @@ mongodb::db { 'testdb': Parameter 'password_hash' is hex encoded md5 hash of "user1:mongo:pass1". Unsafe plain text password could be used with 'password' parameter instead of 'password_hash'. +### Ops Manager + +To install Ops Manager and have it run with a local MongoDB application server do the following: + +```puppet +class {'mongodb::opsmanager': + opsmanager_url => 'http://opsmanager.yourdomain.com' + mongo_uri => 'mongodb://yourmongocluster:27017, + from_email_addr => 'opsmanager@yourdomain.com', + reply_to_email_addr => 'replyto@yourdomain.com', + admin_email_addr => 'admin@yourdomain.com', + $smtp_server_hostname => 'email-relay.yourdomain.com' +} +``` + +The default settings will not set useful email addresses. You can also just run `include mongodb::opsmanager` +and then set the emails later. + +## Ops Manager Usage + +Most of the interaction for the server is done via `mongodb::opsmanager`. For +more options please have a look at [mongodb::opsmanager](#class-mongodbopsmanager). +There are also some settings that can be configured in `mongodb::globals`. + ## Reference ### Classes @@ -144,6 +172,7 @@ Unsafe plain text password could be used with 'password' parameter instead of 'p * `mongodb::client`: Installs the MongoDB client shell (for Red Hat family systems) * `mongodb::globals`: Configure main settings in a global way * `mongodb::mongos`: Installs and configure Mongos server (for sharding support) +* `mongodb::opsmanager`: Installs and configure Ops Manager #### Private classes * `mongodb::repo`: Manage MongoDB software repository @@ -156,6 +185,8 @@ Unsafe plain text password could be used with 'password' parameter instead of 'p * `mongodb::mongos::config`: Configures Mongos configuration files * `mongodb::mongos::install`: Install Mongos software packages * `mongodb::mongos::service`: Manages Mongos service +* `mongodb::opsmanager::install` : Install Ops Manager software package +* `mongodb::opsmanager::service` : Manages Ops Manager (mongodb-mms) service #### Class: mongodb::globals *Note:* most server specific defaults should be overridden in the `mongodb::server` @@ -623,6 +654,22 @@ Plain-text user password (will be hashed) ##### `roles` Array with user roles. Default: ['dbAdmin'] +##### `opsmanager_url` +The fully qualified url where opsmanager runs. Must include the port. Ex: +'http://opsmanager.yourdomain.com:8080' + +##### `opsmanager_mongo_uri` +Full URI where the Ops Manager application mongodb server(s) can be found. Default: 'mongodb://127.0.0.1:27017' + +##### `ca_file` +Ca file for secure connection to backup agents. + +##### `pem_key_file` +Pem key file containing the cert and private key used for secure connections to backup agents. + +##### `pem_key_password` +The password to the pem key file. + ### Providers #### Provider: mongodb_database diff --git a/manifests/opsmanager.pp b/manifests/opsmanager.pp new file mode 100644 index 000000000..aa3110bcb --- /dev/null +++ b/manifests/opsmanager.pp @@ -0,0 +1,52 @@ +# This installs Ops Manager. See README.md for more info. + +class mongodb::opsmanager ( + String[1] $user = $mongodb::opsmanager::params::user, + String[1] $group = $mongodb::opsmanager::params::group, + Enum['running', 'stopped'] $ensure = $mongodb::opsmanager::params::ensure, + String[1] $package_name = $mongodb::opsmanager::params::package_name, + String[1] $package_ensure = $mongodb::opsmanager::params::package_ensure, + Boolean $service_enable = $mongodb::opsmanager::params::service_enable, + Boolean $service_manage = $mongodb::opsmanager::params::service_manage, + String[1] $service_name = $mongodb::opsmanager::params::service_name, + Stdlib::Httpurl $download_url = $mongodb::opsmanager::params::download_url, + String[1] $mongo_uri = $mongodb::opsmanager::params::mongo_uri, + Stdlib::Httpurl $opsmanager_url = $mongodb::opsmanager::params::opsmanager_url, + String[1] $client_certificate_mode = 'None', + String[1] $from_email_addr = 'from@yourdomain.com', + String[1] $reply_to_email_addr = 'replyto@yourdomain.com', + String[1] $admin_email_addr = 'admin@yourdomain.com', + String[1] $email_dao_class = 'com.xgen.svc.core.dao.email.JavaEmailDao', #AWS SES: com.xgen.svc.core.dao.email.AwsEmailDao or SMTP: com.xgen.svc.core.dao.email.JavaEmailDao + Enum['smtp','smtps'] $mail_transport = 'smtp', #smtp or smtps + String[1] $smtp_server_hostname = 'your-email-relay.email.com', # if email_dao_class is SMTP: Email hostname your email provider specifies. + String[1] $smtp_server_port = '25', #if email_dao_class is SMTP: Email hostname your email provider specifies. + Boolean $ssl = false, + Boolean $ignore_ui_setup = true, + #optional settings + Optional[String[1]] $ca_file = $mongodb::opsmanager::params::ca_file, + Optional[String[1]] $pem_key_file = $mongodb::opsmanager::params::pem_key_file, + Optional[String[1]] $pem_key_password = $mongodb::opsmanager::params::pem_key_password, + Optional[String[1]] $user_svc_class = undef, # Default: com.xgen.svc.mms.svc.user.UserSvcDb External Source: com.xgen.svc.mms.svc.user.UserSvcCrowd or Internal Database: com.xgen.svc.mms.svc.user.UserSvcDb + Optional[Integer] $snapshot_interval = undef, # Default: 24 + Optional[Integer] $snapshot_interval_retention = undef, # Default: 2 + Optional[Integer] $snapshot_daily_retention = undef, # Default: 0 + Optional[Integer] $snapshot_weekly_retention = undef, # Default: 2 + Optional[Integer] $snapshot_monthly_retention = undef, # Default: 1 + Optional[Integer] $versions_directory = undef, # Linux default: /opt/mongodb/mms/mongodb-releases/ + + ) inherits mongodb::opsmanager::params { + + contain mongodb::opsmanager::install + contain mongodb::opsmanager::config + contain mongodb::opsmanager::service + + if ($mongo_uri == 'mongodb://127.0.0.1:27017') { + include mongodb::server + } + + if ($ensure == 'running') { + Class['mongodb::opsmanager::install'] + ~> Class['mongodb::opsmanager::config'] + ~> Class['mongodb::opsmanager::service'] + } +} diff --git a/manifests/opsmanager/config.pp b/manifests/opsmanager/config.pp new file mode 100644 index 000000000..9b2f6a5ec --- /dev/null +++ b/manifests/opsmanager/config.pp @@ -0,0 +1,13 @@ +# @api private +class mongodb::opsmanager::config { + $user = $mongodb::opsmanager::user + $group = $mongodb::opsmanager::group + + file { '/opt/mongodb/mms/conf/conf-mms.properties': + ensure => file, + owner => $user, + group => $group, + mode => '0644', + content => epp('mongodb/opsmanager/conf-mms.properties.epp'), + } +} diff --git a/manifests/opsmanager/install.pp b/manifests/opsmanager/install.pp new file mode 100644 index 000000000..6a920306f --- /dev/null +++ b/manifests/opsmanager/install.pp @@ -0,0 +1,41 @@ +# @api private +class mongodb::opsmanager::install { + #assert_private("You are calling a private class mongodb::opsmanager::install.") + $package_ensure = $mongodb::opsmanager::package_ensure + $package_name = $mongodb::opsmanager::package_name + $download_url = $mongodb::opsmanager::download_url + + case $package_ensure { + 'absent': { + $my_package_ensure = 'absent' + $file_ensure = 'absent' + } + default: { + $my_package_ensure = $package_ensure + $file_ensure = 'present' + } + } + + if versioncmp(fact('puppetversion'),'5.4.0') < 0 { + case $facts['os']['family'] { + 'RedHat': { + $my_provider = 'rpm' + } + 'Debian': { + $my_provider = 'dpkg' + } + default: { + warning("The ${module_name} module might not work on ${facts['os']['family']}. Sensible defaults will be attempted.") + $my_provider = undef + } + } + } else { + $my_provider = undef + } + + package { $package_name: + ensure => $my_package_ensure, + source => $download_url, + provider => $my_provider, + } +} diff --git a/manifests/opsmanager/params.pp b/manifests/opsmanager/params.pp new file mode 100644 index 000000000..c03d971ab --- /dev/null +++ b/manifests/opsmanager/params.pp @@ -0,0 +1,20 @@ +# @api private +class mongodb::opsmanager::params { + $ensure = 'running' + $user = 'mongodb-mms' + $group = 'mongodb-mms' + $package_name = 'mongodb-mms' + $service_name = 'mongodb-mms' + $service_manage = true + $service_enable = true + $service_ensure = 'running' + $service_status = undef + $opsmanager_url = undef + $service_provider = undef + $download_url = 'https://downloads.mongodb.com/on-prem-mms/rpm/mongodb-mms-4.0.1.50101.20180801T1117Z-1.x86_64.rpm' + $mongo_uri = 'mongodb://127.0.0.1:27017' + $package_ensure = 'present' + $ca_file = undef + $pem_key_file = undef + $pem_key_password = undef +} diff --git a/manifests/opsmanager/service.pp b/manifests/opsmanager/service.pp new file mode 100644 index 000000000..1254eb0a6 --- /dev/null +++ b/manifests/opsmanager/service.pp @@ -0,0 +1,19 @@ +# @api private +class mongodb::opsmanager::service { + #assert_private("You are calling a private class mongodb::opsmanager::service.") + $service_ensure = $mongodb::opsmanager::ensure + $service_manage = $mongodb::opsmanager::service_manage + $service_enable = $mongodb::opsmanager::service_enable + $service_name = $mongodb::opsmanager::service_name + $service_provider = $mongodb::opsmanager::service_provider + $service_status = $mongodb::opsmanager::service_status + + if $service_manage { + service { $service_name: + ensure => $service_ensure, + enable => $service_enable, + provider => $service_provider, + status => $service_status, + } + } +} diff --git a/manifests/params.pp b/manifests/params.pp index c7e84aea9..941270980 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -25,7 +25,7 @@ $pidfilemode = pick($mongodb::globals::pidfilemode, '0644') $manage_pidfile = pick($mongodb::globals::manage_pidfile, true) - $version = $mongodb::globals::version + $version = $mongodb::globals::version $config_data = undef diff --git a/spec/classes/ops_manager_install_spec.rb b/spec/classes/ops_manager_install_spec.rb new file mode 100644 index 000000000..e82fdeaa6 --- /dev/null +++ b/spec/classes/ops_manager_install_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'mongodb::opsmanager::install' do + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + + describe 'it should create package' do + let(:pre_condition) { ["class mongodb::opsmanager { $download_url = 'https://downloads.mongodb.com/on-prem-mms/rpm/mongodb-mms-4.0.1.50101.20180801T1117Z-1.x86_64.rpm' $package_ensure = 'present' $user = 'mongodb' $group = 'mongodb' $package_name = 'mongodb-mms' }", 'include mongodb::opsmanager'] } + + it { + is_expected.to contain_package('mongodb-mms').with(ensure: 'present', + name: 'mongodb-mms') + } + + it { is_expected.to compile.with_all_deps } + end + end + end +end diff --git a/spec/classes/ops_manager_spec.rb b/spec/classes/ops_manager_spec.rb new file mode 100644 index 000000000..4af03ece0 --- /dev/null +++ b/spec/classes/ops_manager_spec.rb @@ -0,0 +1,37 @@ +require 'spec_helper' + +describe 'mongodb::opsmanager' do + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + + let(:params) do + { + opsmanager_url: 'http://localhost:8080' + } + end + + describe 'with defaults' do + it { is_expected.to compile.with_all_deps } + + it { + is_expected.to contain_class('mongodb::opsmanager::install'). + that_notifies('Class[mongodb::opsmanager::config]') + } + + it { + is_expected.to contain_class('mongodb::opsmanager::config'). + that_notifies('Class[mongodb::opsmanager::service]') + } + + it { is_expected.to contain_class('mongodb::opsmanager::service') } + + it { is_expected.to contain_service('mongodb') } + + it { is_expected.to contain_service('mongodb-mms') } + + it { is_expected.to create_package('mongodb-mms').with_ensure('present') } + end + end + end +end diff --git a/templates/opsmanager/conf-mms.properties.epp b/templates/opsmanager/conf-mms.properties.epp new file mode 100644 index 000000000..9ea2aca61 --- /dev/null +++ b/templates/opsmanager/conf-mms.properties.epp @@ -0,0 +1,128 @@ +# +# Ops Manager Configuration File +# + +# ##################################### +# Ops Manager MongoDB storage settings +# +# The following MongoURI parameters are for configuring the MongoDB storage +# that backs the Ops Manager server's functionality. By default. the Ops Manager server is +# configured to expect a local standalone instance of MongoDB running on +# the default port 27017. +# +# For more advanced configurations of the backing MongoDB store, such as +# running with replication or authentication, please refer to the +# documentation at http://mms.mongodb.com/help-hosted. +# #################################### +mongo.mongoUri=<%=$mongodb::opsmanager::mongo_uri %> +mongo.ssl=<%=$mongodb::opsmanager::ssl %> + +# ##################################### +# MongoDB SSL Settings (Optional) +# +# The following parameters are for configuring the SSL certificates to be +# used by the Ops Manager server to connect to its MongoDB backing stores. These +# settings are only applied to the mongoUri connection above when +# `mongo.ssl` is set to true. +# CAFile - the certificate of the CA that issued the MongoDB server certificate(s) +# PEMKeyFile - a client certificate containing a certificate and private key +# (needed when MongoDB is running with --sslCAFile) +# PEMKeyFilePassword - required if the `PEMKeyFile` contains an encrypted private key +# #################################### +mongodb.ssl.CAFile=<%=$mongodb::opsmanager::ca_file %> +mongodb.ssl.PEMKeyFile=<%=$mongodb::opsmanager::pem_key_file %> +mongodb.ssl.PEMKeyFilePassword=<%=$mongodb::opsmanager::pem_key_password %> + +# ##################################### +# Kerberos Module (Optional) +# +# The following parameters are for configuring Ops Manager to use Kerberos to connection +# to its MongoDB backing stores. +# +# jvm.java.security.krb5.conf: This should be the path to the Kerberos conf file. The value will be set to JVM's +# java.security.krb5.conf. +# +# jvm.java.security.krb5.kdc: This should be the IP/FQDN of the KDC server. The value will be set to JVM's +# java.security.krb5.kdc. +# +# jvm.java.security.krb5.realm: This is the default REALM for Kerberos. It is being used for JVM's +# java.security.krb5.realm. +# +# mms.kerberos.principal: The principal we used to authenticate with MongoDB. This should be the exact same user +# on the mongoUri above. +# +# mms.kerberos.keyTab: The absolute path to the keytab file for the principal. +# +# mms.kerberos.debug: The debug flag to output more information on Kerberos authentication process. +# +# Please note, all the parameters are required for Kerberos authentication, except jvm.java.security.krb5.conf and +# mms.kerberos.debug. The mechanism will not be functioning if any of the setting value is missing. +# +# Assume your kdc server FQDN is kdc.example.com, your Kerberos default realm is: EXAMPLE.COM, +# the host running Ops Manager is mmsweb.example.com, the Kerberos for Ops Manager is mms/mmsweb.example.com $mongodb::opsmanager::EXAMPLE.com, +# And you have a keytab file for mms/mmsweb.example.com $mongodb::opsmanager::EXAMPLE.COM located at /path/to/mms.keytab, then the +# configurations would be: +# jvm.java.security.krb5.kdc=kdc.example.com +# jvm.java.security.krb5.realm=EXAMPLE.COM +# mms.kerberos.principal=mms/mmsweb.example.com $mongodb::opsmanager::EXAMPLE.COM +# mms.kerberos.keyTab=/path/to/mms.keytab +# mms.kerberos.debug=false +# +# #################################### +jvm.java.security.krb5.conf= +jvm.java.security.krb5.kdc= +jvm.java.security.krb5.realm= +mms.kerberos.principal= +mms.kerberos.keyTab= +mms.kerberos.debug= + +# ##################################### +# Instance Parameter Overrides +# +# In this section include any parameters to be used on this instance +# of Ops Manager. These parameters will override any global configuration +# stored in the Ops Manager database. +# +# See https://docs.opsmanager.mongodb.com/current/reference/configuration/ +# for additional information +# +# ##################################### + +mms.ignoreInitialUiSetup=<%=$mongodb::opsmanager::ignore_ui_setup %> +mms.centralUrl=<%=$mongodb::opsmanager::opsmanager_url %> +mms.https.ClientCertificateMode=<%=$mongodb::opsmanager::client_certificate_mode %> +mms.fromEmailAddr=<%=$mongodb::opsmanager::from_email_addr %> +mms.replyToEmailAddr=<%=$mongodb::opsmanager::reply_to_email_addr %> +mms.adminEmailAddr=<%=$mongodb::opsmanager::admin_email_addr %> +mms.emailDaoClass=<%=$mongodb::opsmanager::email_dao_class %> +mms.mail.transport=<%=$mongodb::opsmanager::mail_transport %> +mms.mail.hostname=<%=$mongodb::opsmanager::smtp_server_hostname %> +mms.mail.port=<%=$mongodb::opsmanager::smtp_server_port %> + +<% if $mongodb::opsmanager::user_svc_class { -%> +mms.userSvcClass=<%=$mongodb::opsmanager::user_svc_class -%> +<% } -%> + +<% if $mongodb::opsmanager::snapshot_interval { -%> +brs.snapshotSchedule.interval=<%=$mongodb::opsmanager::snapshot_interval -%> +<% } -%> + +<% if $mongodb::opsmanager::snapshot_interval_retention { -%> +brs.snapshotSchedule.retention.base=<%=$mongodb::opsmanager::snapshot_retention -%> +<% } -%> + +<% if $mongodb::opsmanager::snapshot_daily_retention { -%> +brs.snapshotSchedule.retention.daily=<%=$mongodb::opsmanager::snapshot_daily_retention -%> +<% } -%> + +<% if $mongodb::opsmanager::snapshot_weekly_retention { -%> +brs.snapshotSchedule.retention.weekly=<%=$mongodb::opsmanager::snapshot_weekly_retention -%> +<% } -%> + +<% if $mongodb::opsmanager::snapshot_monthly_retention { -%> +brs.snapshotSchedule.retention.monthly=<%=$mongodb::opsmanager::snapshot_monthly_retention -%> +<% } -%> + +<% if $mongodb::opsmanager::versions_directory { -%> +automation.versions.directory=<%=$mongodb::opsmanager::versions_directory -%> +<% } -%>