search

ibm-mas / ansible-devops

Ansible collection supporting devops for IBM Maximo Application Suite
https://ibm-mas.github.io/ansible-devops/
Eclipse Public License 2.0
49 stars 86 forks source link

[patch] Fix gencfg_mongo template for certificates #1256

Closed rene-oromtz closed 6 months ago

rene-oromtz commented 6 months ago

Fix description

Currently, the generated mongocfg file by gencfg_mongo file is not valid for sls role.

With current mongocfg file, validation will fail at task sls Task Override MongoDb facts bases on mongocfg. The reason is that on sls template templates/mongo-certificates.yml.j2 it will look for the certificates in mongocfg[1].spec.certificates. Currently, gencfg_mongo sets the certificates as follows: mongocfg[1].spec.config.certificates.

This small tweak on gencfg_mongotemplates/suite_mongocfg.yml.j2 will take care of setting mongocfg yaml the way sls role expects it to.

Validated MongoCfg after modification:

...
spec:
  displayName: "External MongoDB in 'mas-cpst3-core' namespace"
  type: external
  config:
    configDb: admin
    retryWrites: true
    authMechanism: DEFAULT
    credentials:
      secretName: mongodb-cpst3-admin
    hosts:
      - host: mas-mongo-ce-0.mas-mongo-ce-svc.mongoce.svc.cluster.local
        port: 27017
      - host: mas-mongo-ce-1.mas-mongo-ce-svc.mongoce.svc.cluster.local
        port: 27017
      - host: mas-mongo-ce-2.mas-mongo-ce-svc.mongoce.svc.cluster.local
        port: 27017
  certificates:
    - alias: "part1"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIBwDCCAWagAwIBAgIRAO1iISQhNG5Yzf9IQGwzv7wwCgYIKoZIzj0EAwIwFzEV
        MBMGA1UEAxMMbW9uZ28tY2EtY3J0MB4XDTI0MDEyNzAyMDgyMFoXDTQ0MDEyMjAy
        MDgyMFowFzEVMBMGA1UEAxMMbW9uZ28tY2EtY3J0MFkwEwYHKoZIzj0CAQYIKoZI
        zj0DAQcDQgAE/ly2ZUq/ElJdGxaoAAy85SX4K0pfA0oe00jGmgB/TfklADa4OSTh
        EOgyprMs8rLRd++AwDBfS+OtX6TJrqr/faOBkjCBjzAOBgNVHQ8BAf8EBAMCAqQw
        DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu4efi0DwQNWyVFI4HQ5Piz9kWQUw
        TQYDVR0RBEYwRIIsKi5tYXMtbW9uZ28tY2Utc3ZjLm1vbmdvY2Uuc3ZjLmNsdXN0
        ZXIubG9jYWyCCTEyNy4wLjAuMYIJbG9jYWxob3N0MAoGCCqGSM49BAMCA0gAMEUC
        IHeUUBIgm1s+W3M0nLz8pZGVaxgPsbhXPIqOWMwiHvpKAiEA7DDuPlmZFDgvFGjD
        vKj8xqgmouuLQPqo903oHvwvSYw=
        -----END CERTIFICATE-----
whoiscnu commented 5 months ago

Perfect Thank you.

whoiscnu commented 5 months ago

Can you please validate sls setup with DocumentDB V5 as I get module error and works fine with V4 version of DocumentDB

whitfiea commented 5 months ago

@whoiscnu SLS should work against DocumentDB v5. We have verified it works (using a different deployment method, but the product still works). What is the module error? Was it the connection error?

whitfiea commented 5 months ago

@whoiscnu Did you ensure the retryWrites is set to false on the licenseservice config as docDB doesn't support retryWrites

whoiscnu commented 5 months ago

Yes , I did. The only way it got working is when I reverted to v4 docdb. I shall test out the latest release as it has fixed Cert’s issue too and shall provide the details.

Regards Srinivasa

On Wed, 1 May 2024 at 6:01 PM, Andrew Whitfield @.***> wrote:

@whoiscnu https://github.com/whoiscnu Did you ensure the retryWrites is set to false on the licenseservice config as docDB doesn't support retryWrites

— Reply to this email directly, view it on GitHub https://github.com/ibm-mas/ansible-devops/pull/1256#issuecomment-2088117446, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE5UE5T7V6TARRHADVGUCELZACOL3AVCNFSM6AAAAABFSM2LVGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBYGEYTONBUGY . You are receiving this because you were mentioned.Message ID: @.***>