feat(mongod): logrotate configuration (#608)

* feat(mongod): log rotation * remove PID file, create troubles with ubuntu * fix(mongod): logrotate semantic bool value * docs(mongod): logrotate variable description * docs(mongod): logrotate default variable value --------- Co-authored-by: beerfranz <francois.guegnaud@gmail.com>
ansible-collections · Oct 26, 2023 · 13ab305 · 13ab305
1 parent 70e8344
commit 13ab305
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 0 deletions.
diff --git a/roles/mongodb_mongod/README.md b/roles/mongodb_mongod/README.md
@@ -30,6 +30,8 @@ Role Variables
 * `mongodb_disabled_tls_protocols`: The tls protocols to be disabled. Leave blank to let MongoDB decide which protocols to allow according to the ones available on the system; check the [official docs](https://www.mongodb.com/docs/v6.0/reference/configuration-options/#mongodb-setting-net.tls.disabledProtocols) for details. Default "".
 * `mongodb_certificate_key_file`: Path to the PEM-file containing the certficate and private key.
 * `mongodb_certificate_ca_file`:  Path to the CA-file.
+* `mongodb_logrotate_enabled`: Add logrotate configuration. Default: `false`.
+* `mongodb_logrotate_template`: Jinja template for the logrotate configuration. Default `mongodb.logrotate.j2`.
 
 IMPORTANT NOTE: It is expected that `mongodb_admin_user` & `mongodb_admin_pwd` values be overridden in your own file protected by Ansible Vault. These values are primary included here for Molecule/Travis CI integration. Any production environments should protect these values. For more information see [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html)
 

diff --git a/roles/mongodb_mongod/defaults/main.yml b/roles/mongodb_mongod/defaults/main.yml
@@ -35,3 +35,5 @@ skip_restart: true
 db_path: "{{ '/var/lib/mongodb' if ansible_os_family == 'Debian' else '/var/lib/mongo' if ansible_os_family == 'RedHat' else '/var/lib/mongo' }}"
 mongodb_use_tls: false
 mongodb_disabled_tls_protocols: ""
+mongodb_logrotate_enabled: false
+mongodb_logrotate_template: "mongodb.logrotate.j2"
diff --git a/roles/mongodb_mongod/tasks/logrotate.yml b/roles/mongodb_mongod/tasks/logrotate.yml
@@ -0,0 +1,9 @@
+---
+- name: Install logrotate configuration
+  ansible.builtin.template:
+    src: "{{ mongodb_logrotate_template }}"
+    dest: /etc/logrotate.d/mongod
+  tags:
+    - "mongodb"
+    - "setup"
+    - "service"
diff --git a/roles/mongodb_mongod/tasks/main.yml b/roles/mongodb_mongod/tasks/main.yml
@@ -79,6 +79,15 @@
     - "mongodb"
     - "setup"
     - "service"
+
+- name: Configure logrotate if enabled
+  when: mongodb_logrotate_enabled
+  ansible.builtin.include_tasks: logrotate.yml
+  tags:
+    - "mongodb"
+    - "setup"
+    - "service"
+
 # debug section
 - pause:
     seconds: 5

diff --git a/roles/mongodb_mongod/templates/mongod.conf.j2 b/roles/mongodb_mongod/templates/mongod.conf.j2
@@ -8,6 +8,9 @@ systemLog:
   destination: file
   logAppend: true
   path: {{ log_path }}
+{% if mongodb_logrotate_enabled %}
+  logRotate: reopen
+{% endif %}
 
 # Where and how to store data.
 storage:

diff --git a/roles/mongodb_mongod/templates/mongodb.logrotate.j2 b/roles/mongodb_mongod/templates/mongodb.logrotate.j2
@@ -0,0 +1,14 @@
+{{ log_path }} {
+  daily
+  size 100M
+  rotate 5
+  missingok
+  compress
+  delaycompress
+  notifempty
+  create 640 {{ mongodb_user }} {{ mongodb_group }}
+  sharedscripts
+  postrotate
+    /bin/kill -SIGUSR1 `pidof {{ mongod_service }} 2>/dev/null` >/dev/null 2>&1
+  endscript
+}