diff --git a/deployment/roles/init_app_bdd/tasks/check_auth.yml b/deployment/roles/init_app_bdd/tasks/check_auth.yml index f1b7df2392e..a86445e10ba 100644 --- a/deployment/roles/init_app_bdd/tasks/check_auth.yml +++ b/deployment/roles/init_app_bdd/tasks/check_auth.yml @@ -1,7 +1,7 @@ --- - name: Check if authent is enabled - command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" + command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false no_log: "{{ hide_passwords_during_deploy }}" @@ -27,7 +27,7 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" + mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet" when: "mongo_authent_enabled.rc == 0" no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml b/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml index f1b7df2392e..a86445e10ba 100644 --- a/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml +++ b/deployment/roles/init_archive_search_app_bdd/tasks/check_mongo_auth.yml @@ -1,7 +1,7 @@ --- - name: Check if authent is enabled - command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" + command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false no_log: "{{ hide_passwords_during_deploy }}" @@ -27,7 +27,7 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" + mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet" when: "mongo_authent_enabled.rc == 0" no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml b/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml index f1b7df2392e..a86445e10ba 100644 --- a/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml +++ b/deployment/roles/init_ingest_app_bdd/tasks/check_mongo_auth.yml @@ -1,7 +1,7 @@ --- - name: Check if authent is enabled - command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" + command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false no_log: "{{ hide_passwords_during_deploy }}" @@ -27,7 +27,7 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" + mongo_credentials: " -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet" when: "mongo_authent_enabled.rc == 0" no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/mongo-express/templates/env.sh.j2 b/deployment/roles/mongo-express/templates/env.sh.j2 index cadfbb7a79e..0e3fd9ca14d 100644 --- a/deployment/roles/mongo-express/templates/env.sh.j2 +++ b/deployment/roles/mongo-express/templates/env.sh.j2 @@ -4,7 +4,7 @@ ME_CONFIG_MONGODB_PORT="{{ mongodb.mongod_port }}" ME_CONFIG_SITE_BASEURL="{{ mongo_express.baseuri | default('/') }}" ME_CONFIG_MONGODB_ENABLE_ADMIN="true" ME_CONFIG_MONGODB_ADMINUSERNAME="{{ mongodb.admin.user }}" -ME_CONFIG_MONGODB_ADMINPASSWORD="{{ mongodb.admin.password }}" +ME_CONFIG_MONGODB_ADMINPASSWORD="{{ mongodb.admin.password | urlencode | regex_replace('/', '%2F') }}" VCAP_APP_HOST="{{ ip_admin }}" VCAP_APP_PORT="{{ mongo_express.port | default('8081') }}" {% if mongo_express.basicauth.username != '' %} diff --git a/deployment/roles/mongo/tasks/check_auth.yml b/deployment/roles/mongo/tasks/check_auth.yml index 7bb1c3f94a3..af990170baa 100644 --- a/deployment/roles/mongo/tasks/check_auth.yml +++ b/deployment/roles/mongo/tasks/check_auth.yml @@ -1,7 +1,7 @@ --- - name: Check if authent is enabled - command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" + command: "mongosh {{ ip_service }}:{{ mongodb.mongod_port }}/admin -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false no_log: "{{ hide_passwords_during_deploy }}" @@ -17,7 +17,7 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}" + mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet" mongo_no_auth: false when: mongo_authent_enabled.rc == 0 no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/mongo/templates/keyfile.j2 b/deployment/roles/mongo/templates/keyfile.j2 index d066f46982f..d5173a56d92 100644 --- a/deployment/roles/mongo/templates/keyfile.j2 +++ b/deployment/roles/mongo/templates/keyfile.j2 @@ -1 +1 @@ -{{ mongodb.passphrase }} +{{ mongodb.passphrase | b64encode }} diff --git a/deployment/roles/mongo/templates/local-user.js.j2 b/deployment/roles/mongo/templates/local-user.js.j2 index 0680a2c0cdc..3ceabb89639 100644 --- a/deployment/roles/mongo/templates/local-user.js.j2 +++ b/deployment/roles/mongo/templates/local-user.js.j2 @@ -31,7 +31,7 @@ if (!admin.getUser("{{ mongodb.localadmin.user }}")) { admin.createUser( { user: "{{ mongodb.localadmin.user }}", - pwd: "{{ mongodb.localadmin.password }}", + pwd: {{ mongodb.localadmin.password | to_json }}, roles: [ { role: "clusterAdmin", db: "admin" }, { role: "dbAdmin", db: "logbook" }, @@ -47,7 +47,7 @@ if (!admin.getUser("{{ mongodb.localadmin.user }}")) { admin.updateUser( "{{ mongodb.localadmin.user }}", { - pwd: "{{ mongodb.localadmin.password }}", + pwd: {{ mongodb.localadmin.password | to_json }}, roles: [ { role: "clusterAdmin", db: "admin" }, { role: "dbAdmin", db: "logbook" }, diff --git a/deployment/roles/mongo/templates/restore-mongod.js.j2 b/deployment/roles/mongo/templates/restore-mongod.js.j2 index c6af478fdba..4940b78dc25 100644 --- a/deployment/roles/mongo/templates/restore-mongod.js.j2 +++ b/deployment/roles/mongo/templates/restore-mongod.js.j2 @@ -7,13 +7,13 @@ use admin // Authenticate as root user -db.auth("{{ mongodb.admin.user }}", "{{ mongodb.admin.password }}") +db.auth("{{ mongodb.admin.user }}", {{ mongodb.admin.password | to_json }}) // Create system user -db.createUser({user: "{{ mongodb.system.user }}", pwd: "{{ mongodb.system.password }}", roles: [ "__system" ]}) +db.createUser({user: "{{ mongodb.system.user }}", pwd: {{ mongodb.system.password | to_json }}, roles: [ "__system" ]}) // Authenticate as system user -db.auth("{{ mongodb.system.user }}", "{{ mongodb.system.password }}") +db.auth("{{ mongodb.system.user }}", {{ mongodb.system.password | to_json }}) // Update system.version collections db.system.version.deleteOne( { "_id": "minOpTimeRecovery" } ) @@ -40,7 +40,7 @@ db.dropDatabase() // Remove system user use admin // Authenticate as root user -db.auth("{{ mongodb.admin.user }}","{{ mongodb.admin.password }}") +db.auth("{{ mongodb.admin.user }}", {{ mongodb.admin.password | to_json }}) db.removeUser("{{ mongodb.system.user }}") diff --git a/deployment/roles/mongo_backup/tasks/set_auth.yml b/deployment/roles/mongo_backup/tasks/set_auth.yml index 85fa2bcf76f..214684e7e71 100644 --- a/deployment/roles/mongo_backup/tasks/set_auth.yml +++ b/deployment/roles/mongo_backup/tasks/set_auth.yml @@ -12,5 +12,5 @@ - name: Set mongodb authentication credentials set_fact: - mongo_credentials: " -u {{ login }} -p {{ password }} --quiet" + mongo_credentials: " -u {{ login }} -p {{ password | quote }} --quiet" no_log: true diff --git a/deployment/roles/mongo_configure/tasks/main.yml b/deployment/roles/mongo_configure/tasks/main.yml index bd449397e9a..fb219520c91 100644 --- a/deployment/roles/mongo_configure/tasks/main.yml +++ b/deployment/roles/mongo_configure/tasks/main.yml @@ -3,7 +3,7 @@ - name: Set mongo connection & credentials set_fact: mongo_connection: "--host {{ ip_service }} --port {{ mongodb.mongod_port }} --quiet" - mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }}" + mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }}" no_log: "{{ hide_passwords_during_deploy }}" tags: update_mongodb_configuration diff --git a/deployment/roles/mongo_init/tasks/check_auth.yml b/deployment/roles/mongo_init/tasks/check_auth.yml index 87415df212f..0897a094f3b 100644 --- a/deployment/roles/mongo_init/tasks/check_auth.yml +++ b/deployment/roles/mongo_init/tasks/check_auth.yml @@ -7,7 +7,7 @@ - block: - name: Check if authentication is enabled - command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'" + command: "mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'" register: mongo_authent_enabled failed_when: false no_log: "{{ hide_passwords_during_deploy }}" @@ -20,7 +20,7 @@ - block: - name: Check if authentication is enabled (docker) - shell: "docker exec {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet --eval 'db.help()'\"" + shell: "docker exec {{ mongodb.docker.image_name }} /bin/bash -c \"mongosh mongodb://{{ mongod_uri }}/admin?replicaSet={{ mongod_replicaset_name }} -u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet --eval 'db.help()'\"" failed_when: false register: mongo_authent_enabled @@ -33,6 +33,6 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --authenticationDatabase {{ mongodb.admin.db }}" + mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --authenticationDatabase {{ mongodb.admin.db }}" when: not mongo_no_auth no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/mongo_restore/tasks/set_auth.yml b/deployment/roles/mongo_restore/tasks/set_auth.yml index 30566832097..242b1f6cc44 100644 --- a/deployment/roles/mongo_restore/tasks/set_auth.yml +++ b/deployment/roles/mongo_restore/tasks/set_auth.yml @@ -13,5 +13,5 @@ # When authentication is required, we set mongodb admin credentials - name: Set mongodb authentication credentials set_fact: - mongo_credentials: " -u {{ login }} -p {{ password }} --quiet" + mongo_credentials: " -u {{ login }} -p {{ password | quote }} --quiet" no_log: true diff --git a/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml b/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml index c0aae381d8f..256ce9f67b2 100644 --- a/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml +++ b/deployment/roles/mongodb_check_feature_compatibility/tasks/main.yml @@ -19,7 +19,7 @@ mode: "{{ vitamui_defaults.folder.conf_permission }}" - name: "Check compatibility version with mongo {{ mongo_compatibility_list }}" - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_compatibility_version.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_compatibility_version.js" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # To properly catch output on the next task register: output_compatibility_version diff --git a/deployment/roles/mongodb_check_replica_state/tasks/main.yml b/deployment/roles/mongodb_check_replica_state/tasks/main.yml index 3baa348865c..ac2bc5db4b3 100644 --- a/deployment/roles/mongodb_check_replica_state/tasks/main.yml +++ b/deployment/roles/mongodb_check_replica_state/tasks/main.yml @@ -9,7 +9,7 @@ mode: "{{ vitamui_defaults.folder.conf_permission }}" - name: Check replica state - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_replica_state.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/check_replica_state.js" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # To properly catch output on the next task register: output_replica_state diff --git a/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml b/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml index e00dcd5bfff..1a32ffa587f 100644 --- a/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml +++ b/deployment/roles/mongodb_migration_v5/tasks/reconfig.yml @@ -2,7 +2,7 @@ # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output - name: Check if the member is primary of the replicaset or not - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.isMaster().ismaster'" register: primary_test_command no_log: "{{ hide_passwords_during_deploy }}" @@ -16,7 +16,7 @@ when: primary_test_command.stdout == 'true' - name: "Reconfigure replicaset for {{ mongo_type }}" - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/{{ mongo_type }}/reconfig.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/{{ mongo_type }}/reconfig.js" no_log: "{{ hide_passwords_during_deploy }}" when: - primary_test_command.stdout == 'true' diff --git a/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml b/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml index 5159e306463..fa5d71d47c6 100644 --- a/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml +++ b/deployment/roles/mongodb_set_feature_compatibility/tasks/main.yml @@ -19,5 +19,5 @@ mode: "{{ vitamui_defaults.folder.conf_permission | default('0440') }}" - name: "Set_feature_compatibility to {{ mongo_version }}" - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/mongod/set_feature_compatibility.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path | default('/vitamui') }}/script/mongod/set_feature_compatibility.js" no_log: "{{ hide_passwords_during_deploy }}" diff --git a/deployment/roles/mongodb_set_members_groups/tasks/main.yml b/deployment/roles/mongodb_set_members_groups/tasks/main.yml index 4ea99669272..88d43a8eb73 100644 --- a/deployment/roles/mongodb_set_members_groups/tasks/main.yml +++ b/deployment/roles/mongodb_set_members_groups/tasks/main.yml @@ -2,7 +2,7 @@ # https://www.mongodb.com/docs/v4.2/reference/command/isMaster/#output - name: Check if the member is primary of the replicaset or not - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.isMaster().ismaster'" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.isMaster().ismaster'" register: primary_test_command no_log: "{{ hide_passwords_during_deploy }}" @@ -18,4 +18,3 @@ is_primary: false when: - primary_test_command.stdout != 'true' - diff --git a/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml b/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml index 6e64f2a9faa..69c7b8f6db4 100644 --- a/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml +++ b/deployment/roles/mongodb_upgrade_package/tasks/update_packages_mongod.yml @@ -18,12 +18,12 @@ - block: # https://www.mongodb.com/docs/manual/reference/method/rs.stepDown/ - name: Step down the member (elect a new primary member) - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --eval 'rs.stepDown();'" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --eval 'rs.stepDown();'" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # as we are brutally disconnected by the server (because reboot) - name: Wait until this member is not primary anymore - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script//{{ mongo_type }}/wait_until_not_master.js" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # To properly catch output on the next task register: output_not_master @@ -38,7 +38,7 @@ - groups['hosts_vitamui_mongod'] | length > 1 - name: Graceful shutdown of node - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/shutdown.js" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # as we are brutally disconnected by the server (because of shutdown) @@ -92,7 +92,7 @@ timeout: "{{ vitamui_defaults.services.start_timeout }}" - name: Wait for node to join the cluster and reach "secondary" or "primary" status - command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js" + command: "mongosh --host {{ ip_service }} --port {{ mongo_port }} -u {{ mongodb.localadmin.user }} -p {{ mongodb.localadmin.password | quote }} --quiet --file {{ vitamui_defaults.folder.root_path }}/script/{{ mongo_type }}/wait_until_proper_node_state.js" no_log: "{{ hide_passwords_during_deploy }}" ignore_errors: true # To properly catch output on the next task register: output_node_state diff --git a/deployment/roles/reinit_security_certificates/tasks/main.yml b/deployment/roles/reinit_security_certificates/tasks/main.yml index 444deb214a0..63bb6b7c052 100644 --- a/deployment/roles/reinit_security_certificates/tasks/main.yml +++ b/deployment/roles/reinit_security_certificates/tasks/main.yml @@ -13,7 +13,7 @@ - name: Set Mongo URI and credentials set_fact: mongod_uri: "{{ mongo_nodes | join(',') }}" - mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password }} --quiet" + mongo_credentials: "-u {{ mongodb.admin.user }} -p {{ mongodb.admin.password | quote }} --quiet" no_log: "{{ hide_passwords_during_deploy }}" - name: Compute security.populate_certificates script diff --git a/deployment/roles/vitamui/templates/archive-search/application.yml.j2 b/deployment/roles/vitamui/templates/archive-search/application.yml.j2 index f69d559ec6e..422496c7228 100644 --- a/deployment/roles/vitamui/templates/archive-search/application.yml.j2 +++ b/deployment/roles/vitamui/templates/archive-search/application.yml.j2 @@ -15,7 +15,7 @@ spring: instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port} data: mongodb: - uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }} + uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }} cas.tenant.identifier: {{ vitamui_platform_informations.cas_tenant }} diff --git a/deployment/roles/vitamui/templates/cas-server/application.yml.j2 b/deployment/roles/vitamui/templates/cas-server/application.yml.j2 index 2e4425a5fa0..1437dec26d0 100644 --- a/deployment/roles/vitamui/templates/cas-server/application.yml.j2 +++ b/deployment/roles/vitamui/templates/cas-server/application.yml.j2 @@ -102,10 +102,10 @@ cas.server.prefix: {{ url_prefix }}/cas {% endif %} login.url: ${cas.server.prefix}/login -cas.service-registry.mongo.client-uri: "mongodb://{{ mongodb.cas.user }}:{{ mongodb.cas.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port | default(27017) }}/{{ mongodb.cas.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" +cas.service-registry.mongo.client-uri: "mongodb://{{ mongodb.cas.user }}:{{ mongodb.cas.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port | default(27017) }}/{{ mongodb.cas.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" cas.service-registry.mongo.collection: services cas.service-registry.mongo.user-id: {{ mongodb.cas.user }} -cas.service-registry.mongo.password: {{ mongodb.cas.password }} +cas.service-registry.mongo.password: {{ mongodb.cas.password | quote }} cas.authn.surrogate.separator: "," cas.authn.surrogate.sms.attribute-name: fakeNameToBeSureToFindNoAttributeAndNeverSendAnSMS diff --git a/deployment/roles/vitamui/templates/collect/application.yml.j2 b/deployment/roles/vitamui/templates/collect/application.yml.j2 index a244895706e..5e88c5870b9 100644 --- a/deployment/roles/vitamui/templates/collect/application.yml.j2 +++ b/deployment/roles/vitamui/templates/collect/application.yml.j2 @@ -15,7 +15,7 @@ spring: instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port} data: mongodb: - uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }} + uri: mongodb://{{ mongodb.archivesearch.user }}:{{ mongodb.archivesearch.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.archivesearch.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }} servlet: multipart: max-file-size: -1 diff --git a/deployment/roles/vitamui/templates/iam/application.yml.j2 b/deployment/roles/vitamui/templates/iam/application.yml.j2 index a9740042e82..2827dee4fcf 100644 --- a/deployment/roles/vitamui/templates/iam/application.yml.j2 +++ b/deployment/roles/vitamui/templates/iam/application.yml.j2 @@ -15,7 +15,7 @@ spring: instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port} data: mongodb: - uri: "mongodb://{{ mongodb.iam.user }}:{{ mongodb.iam.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.iam.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" + uri: "mongodb://{{ mongodb.iam.user }}:{{ mongodb.iam.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.iam.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" logging: config: {{ vitamui_folder_conf }}/logback.xml diff --git a/deployment/roles/vitamui/templates/security/application.yml.j2 b/deployment/roles/vitamui/templates/security/application.yml.j2 index a99ae7418b7..2c609edfd2a 100644 --- a/deployment/roles/vitamui/templates/security/application.yml.j2 +++ b/deployment/roles/vitamui/templates/security/application.yml.j2 @@ -15,7 +15,7 @@ spring: instanceId: ${spring.application.name}-${spring.cloud.client.hostname}-${server.port} data: mongodb: - uri: "mongodb://{{ mongodb.security.user }}:{{ mongodb.security.password }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.security.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" + uri: "mongodb://{{ mongodb.security.user }}:{{ mongodb.security.password | urlencode | regex_replace('/', '%2F') }}@{{ mongodb.host }}:{{ mongodb.mongod_port }}/{{ mongodb.security.db }}?replicaSet={{ mongod_replicaset_name }}&connectTimeoutMS={{ mongod_client_connect_timeout_ms }}" logging: config: {{ vitamui_folder_conf }}/logback.xml diff --git a/deployment/scripts/mongod/0.0.0/06_users-admin.js.j2 b/deployment/scripts/mongod/0.0.0/06_users-admin.js.j2 index 905672e58e1..3f0660f83c2 100644 --- a/deployment/scripts/mongod/0.0.0/06_users-admin.js.j2 +++ b/deployment/scripts/mongod/0.0.0/06_users-admin.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.admin.user }}")) { db.createUser( { user: "{{ mongodb.admin.user }}", - pwd: "{{ mongodb.admin.password }}", + pwd: {{ mongodb.admin.password | to_json }}, roles: {{ mongodb.admin.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.admin.user }}", { - pwd: "{{ mongodb.admin.password }}", + pwd: {{ mongodb.admin.password | to_json }}, roles: {{ mongodb.admin.roles }} } ) diff --git a/deployment/scripts/mongod/0.0.0/07_users-cas.js.j2 b/deployment/scripts/mongod/0.0.0/07_users-cas.js.j2 index 9e2b7df27af..8ea8d46c303 100644 --- a/deployment/scripts/mongod/0.0.0/07_users-cas.js.j2 +++ b/deployment/scripts/mongod/0.0.0/07_users-cas.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.cas.user }}")) { db.createUser( { user: "{{ mongodb.cas.user }}", - pwd: "{{ mongodb.cas.password }}", + pwd: {{ mongodb.cas.password | to_json }}, roles: {{ mongodb.cas.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.cas.user }}", { - pwd: "{{ mongodb.cas.password }}", + pwd: {{ mongodb.cas.password | to_json }}, roles: {{ mongodb.cas.roles }} } ) diff --git a/deployment/scripts/mongod/0.0.0/08_users-iam.js.j2 b/deployment/scripts/mongod/0.0.0/08_users-iam.js.j2 index 1a639a27021..04f52bb4f62 100644 --- a/deployment/scripts/mongod/0.0.0/08_users-iam.js.j2 +++ b/deployment/scripts/mongod/0.0.0/08_users-iam.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.iam.user }}")) { db.createUser( { user: "{{ mongodb.iam.user }}", - pwd: "{{ mongodb.iam.password }}", + pwd: {{ mongodb.iam.password | to_json }}, roles: {{ mongodb.iam.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.iam.user }}", { - pwd: "{{ mongodb.iam.password }}", + pwd: {{ mongodb.iam.password | to_json }}, roles: {{ mongodb.iam.roles }} } ) diff --git a/deployment/scripts/mongod/0.0.0/10_users-security.js.j2 b/deployment/scripts/mongod/0.0.0/10_users-security.js.j2 index fa8a883bf37..a4acad3f796 100644 --- a/deployment/scripts/mongod/0.0.0/10_users-security.js.j2 +++ b/deployment/scripts/mongod/0.0.0/10_users-security.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.security.user }}")) { db.createUser( { user: "{{ mongodb.security.user }}", - pwd: "{{ mongodb.security.password }}", + pwd: {{ mongodb.security.password | to_json }}, roles: {{ mongodb.security.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.security.user }}", { - pwd: "{{ mongodb.security.password }}", + pwd: {{ mongodb.security.password | to_json }}, roles: {{ mongodb.security.roles }} } ) diff --git a/deployment/scripts/mongod/0.0.0/11_users-versioning.js.j2 b/deployment/scripts/mongod/0.0.0/11_users-versioning.js.j2 index 4ecc76d84e8..bd8b821fda3 100644 --- a/deployment/scripts/mongod/0.0.0/11_users-versioning.js.j2 +++ b/deployment/scripts/mongod/0.0.0/11_users-versioning.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.versioning.user }}")) { db.createUser( { user: "{{ mongodb.versioning.user }}", - pwd: "{{ mongodb.versioning.password }}", + pwd: {{ mongodb.versioning.password | to_json }}, roles: {{ mongodb.versioning.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.versioning.user }}", { - pwd: "{{ mongodb.versioning.password }}", + pwd: {{ mongodb.versioning.password | to_json }}, roles: {{ mongodb.versioning.roles }} } ) diff --git a/deployment/scripts/mongod/0.0.0/13_users-search.js.j2 b/deployment/scripts/mongod/0.0.0/13_users-search.js.j2 index 17df99aabd6..4fb0ee4b17b 100644 --- a/deployment/scripts/mongod/0.0.0/13_users-search.js.j2 +++ b/deployment/scripts/mongod/0.0.0/13_users-search.js.j2 @@ -7,7 +7,7 @@ if (! db.getUser("{{ mongodb.archivesearch.user }}")) { db.createUser( { user: "{{ mongodb.archivesearch.user }}", - pwd: "{{ mongodb.archivesearch.password }}", + pwd: {{ mongodb.archivesearch.password | to_json }}, roles: {{ mongodb.archivesearch.roles }} } ) @@ -16,7 +16,7 @@ else { db.updateUser( "{{ mongodb.archivesearch.user }}", { - pwd: "{{ mongodb.archivesearch.password }}", + pwd: {{ mongodb.archivesearch.password | to_json }}, roles: {{ mongodb.archivesearch.roles }} } )