This project automates the deployment of a MongoDB cluster on DigitalOcean using Terraform and Ansible. Terraform is used for provisioning the infrastructure (Droplets), while Ansible configures the MongoDB cluster on the provisioned Droplets. A MongoDB Replica Set is configured with three nodes.
- A DigitalOcean account (with an API token and public SSH key loaded)
- Terraform installed
- Ansible installed
- Git installed
- Clone this repository:
git clone https://github.com/gcalcaterra/mongodb-cluster-on-digitalocean
cd mongodb-cluster-on-digitalocean
- Initialize Terraform:
terraform init
- Create a
terraform.tfvars
file in the project root directory with your DigitalOcean API token and any other required variables:
do_token = "your_digitalocean_api_token"
ssh_key_fingerprint = "your_ssh_key_fingerprint"
About the do_token:
Generate one DO token, see How to Create a Personal Access Token.
About the the ssh_key_fingerprint var:
This will be the ssh key that Ansible will use to connect to the droplets (and you can use too).
First add your public SSH key to your Digital Ocean account. See How to Upload SSH Public Keys to a DigitalOcean Team.
Gather the Fingerprint from the DigitalOcean web or use this command from your terminal (dont't use the initial MD5:
in the var):
sh-keygen -E md5 -lf ~/path/to/your/ssh_key.pub | awk '{print $2}'
Example for the terraform.tfvars:
do_token = "dop_v1_a63d8370a557a5185833587f34bbed1e90c1970ac7ab254aa762d5d875daed65"
ssh_key_fingerprint = "22:23:4c:46:16:5a:2d:11:c3:56:fb:87:9a:59:a4:cf"
- Apply the Terraform configuration to provision the infrastructure on DigitalOcean:
terraform apply
- Install the Ansible MongoDB collections This is the collection that will be used in the Ansible playbook.
ansible-galaxy collections install -r collections/requirements.yml
- Run the Ansible playbook to configure the MongoDB cluster (inventory is autogenerated from Terraform output):
Password for the admin password (mongodb_admin_password var) must be set and the recommended way is to use Ansible vault.
ansible-playbook mongodb_cluster.yml
Another (dirty) way of setting the mongodb_admin_password var is when running the playbook:
ansible-plabyook mongodb_cluster.yml -e "mongodb_admin_password=MyNewPassword"
- Access your MongoDB cluster and enjoy! You can test the connection to the MongoDB and test the Replica Set by connecting to the primary node and requesting some info. Here's an example:
ssh `grep -v mongodb inventory.ini | awk '{print $2}' | awk -F= '{print $2}' | head -n1`
mongosh --username admin --password MongoDBChangeMe
rs.status()
The main.tf
file contains the Terraform configuration for provisioning the infrastructure required for the MongoDB cluster on DigitalOcean. You'll need to create a terraform.tfvars
file in the project root directory to set your DigitalOcean API token and any other required variables.
Example terraform.tfvars
:
do_token = "your_digitalocean_api_token"
The playbook.yml
file contains the main Ansible playbook for configuring the MongoDB cluster. The collections
directory contains a requirements.yml that is needed to install the collections that Ansible use for installing and configuring MongoDB. Run the next command to install the collections:
ansible-galaxy collection install -r collections/requirements.yml
The inventory.ini is generated from terraform output. You can also include any additional configuration options, such as the username and password for the MongoDB admin user.
To use this project for production, here is a list of some other suggestion to analyze and if possible apply in some form:
- Use a Firewall (to only allow specific ports, allow only necessary IPs, etc.).
- If possible, only use the private network (of the droplets) for the MongoDB Cluster communication and for the apps (clients) that will use the DB.
- Periodically apply updates (MongoDB, OS, Ansible, Ansible Collections, etc.) and specify in the configurantion management tools (Terraform, Ansible, etc.) at least the major version of applications and dependencies, so in that way the process of rolling updates can be known and understood better.
- Add a volume (disk) to the droplets, in that way it's possible for Terraform (immutable infrastructure) to destroy only the droplets without the data, that can be useful for an upgrade for example.
- Enable monitoring and if possible a tool to consume and analyze logs.
- Create and test a backup policy for the MongoDB (SnapShooter is one that have integration with DO).
- Always a good idea to have more than one environment, and have a CICD workflow for deploying changes.
- There are some docs that would be a good read from the official Docs to check what can be added: Production Notes(this one is mostly implemented with the Ansible role community.mongodb.mongodb_linux that is already applied in this project), Operations Checklist and Development Checklist.
You can customize the deployment by modifying the Terraform and Ansible configuration files as needed. For example, you can adjust the number of MongoDB instances, the instance types, or the MongoDB version.
Integration with a CICD (GitHub actions, Spacelift, etc.) Terraform with its state in a shared backend for collaboration (PostgreSQL, Amazon S3, Terraform Cloud, etc.).
Contributions are welcome!
- Gustavo Calcaterra - Initial work - GitHub Profile
This project is licensed under the MIT License.