Added SSL support

Trent Nadeau · Trent Nadeau · commit 0fa1bb6a2209 · 2016-02-17T14:05:24.000-05:00
diff --git a/lib/puppet/provider/mongodb.rb b/lib/puppet/provider/mongodb.rb
@@ -41,6 +41,9 @@ def self.get_mongo_conf
       config_hash['bindip'] = config['net.bindIp']
       config_hash['port'] = config['net.port']
       config_hash['ipv6'] = config['net.ipv6']
+      config_hash['ssl'] = config['net.ssl.mode']
+      config_hash['sslcert'] = config['net.ssl.PEMKeyFile']
+      config_hash['sslca'] = config['net.ssl.CAFile']
       config_hash['auth'] = config['security.authorization']
       config_hash['shardsvr'] = config['sharding.clusterRole']
       config_hash['confsvr'] = config['sharding.clusterRole']
@@ -53,6 +56,9 @@ def self.get_mongo_conf
       config_hash['bindip'] = config['bind_ip']
       config_hash['port'] = config['port']
       config_hash['ipv6'] = config['ipv6']
+      config_hash['ssl'] = config['sslMode']
+      config_hash['sslcert'] = config['sslPEMKeyFile']
+      config_hash['sslca'] = config['sslCAFile']
       config_hash['auth'] = config['auth']
       config_hash['shardsvr'] = config['shardsvr']
       config_hash['confsvr'] = config['confsvr']
@@ -66,9 +72,28 @@ def self.ipv6_is_enabled(config=nil)
     config['ipv6']
   end
 
+  def self.ssl_is_enabled(config=nil)
+    config ||= get_mongo_conf
+    ssl_mode = config.fetch('ssl')
+    ssl_mode.nil? ? false : ssl_mode != 'disabled'
+  end
+
   def self.mongo_cmd(db, host, cmd)
+    config = get_mongo_conf
+
     args = [db, '--quiet', '--host', host]
-    args.push('--ipv6') if ipv6_is_enabled
+    args.push('--ipv6') if ipv6_is_enabled(config)
+
+    if ssl_is_enabled(config)
+      args.push('--ssl')
+      args += ['--sslPEMKeyFile', config['sslcert']]
+
+      ssl_ca = config['sslca']
+      unless ssl_ca.nil?
+        args += ['--sslCAFile', ssl_ca]
+      end
+    end
+
     args += ['--eval', cmd]
     mongo(args)
   end
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -132,6 +132,9 @@
       # - $shardsvr
       # - $slowms
       # - $smallfiles
+      # - $ssl
+      # - $ssl_ca
+      # - $ssl_key
       # - $syslog
       # - $verbose
       # - $verbositylevel
diff --git a/templates/mongodb.conf.2.6.erb b/templates/mongodb.conf.2.6.erb
@@ -102,6 +102,13 @@ net.maxIncomingConnections: <%= @maxconns %>
 <% if ! @nohttpinterface.nil? -%>
 net.http.enabled: <%= ! @nohttpinterface %>
 <% end -%>
+<% if @ssl -%>
+net.ssl.mode: requireSSL
+net.ssl.PEMKeyFile: <%= @ssl_key %>
+<% if @ssl_ca -%>
+net.ssl.CAFile: <%= @ssl_ca %>
+<% end -%>
+<% end -%>
 
 #Replication
 <% if @replset -%>
