UNCLASSIFIED

Skip to content

GitLab

Commit 3f41bcbf authored by Al Fontaine's avatar Al Fontaine
Browse files

Merge branch 'development' into 'master' 

Development

See merge request !5
parents 8785ac7d fe6770d7
Pipeline #185002 failed with stages
in 17 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 500 additions and 1 deletion
Dockerfile 0 → 100644
View file @ 3f41bcbf
ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_IMAGE=redhat/ubi/ubi7
ARG BASE_TAG=7.8
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
ARG RELEASE=1.5.3
ARG TARBALL=mongodb-enterprise-operator-binaries-release-${RELEASE}.tar.gz
ENV MMS_HOME /mongodb-automation
ENV MMS_LOG_DIR /var/log/mongodb-mms-automation
ENV MDB_DIR /var/lib/mongodb-mms-automation/downloads
ARG MDB_URL
ARG BINARY_NAME
ARG AA_DOWNLOAD_URL
ARG AA_VERSION
LABEL name="MongoDB Enterprise Database" \
version="1.5.3" \
summary="MongoDB Enterprise Database Image" \
description="MongoDB Enterprise Database Image" \
vendor="MongoDB" \
release="1" \
maintainer="support@mongodb.com"
COPY LICENSE /licenses/mongodb-enterprise-database
RUN yum update -y && yum install \
libpcap \
lm_sensors-libs \
net-snmp \
net-snmp-agent-libs \
rpm-libs \
tcp_wrappers-libs \
nss_wrapper; \
yum clean all; \
ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2
# TODO: remove once database is using init container
COPY scripts/ "${MMS_HOME}"/files/
# Copy readinessprobe and set the required permissions
WORKDIR /opt
COPY ${TARBALL} .
RUN tar -zxf ./${TARBALL} \
&& mv ./readinessprobe "${MMS_HOME}"/files/ \
&& rm -rfv /opt/* /var/cache/yum \
&& mkdir -p "${MMS_LOG_DIR}" \
&& chmod 0775 "${MMS_LOG_DIR}" \
&& mkdir -p /var/lib/mongodb-mms-automation \
&& chmod 0775 /var/lib/mongodb-mms-automation \
&& mkdir -p /data \
&& chmod 0775 /data \
&& mkdir -p /journal \
&& chmod 0775 /journal \
&& chmod -R 0775 "${MMS_HOME}"
# USER needs to be set for this image to pass RedHat verification. Some customers have these requirements as well
# It does not matter what number it is, as long as it is set to something.
# However, OpenShift will run the container as a random user,
# and the number in this configuration is not relevant.
USER 2000
# TODO: make entrypoint be a sleep infinity once MDB is using init container
ENTRYPOINT ["/mongodb-automation/files/agent-launcher.sh"]
# TODO: switch this to actually run the probe
HEALTHCHECK --timeout=30s CMD ls "${MMS_HOME}"/files/probe.sh || exit 1
Jenkinsfile 0 → 100644
View file @ 3f41bcbf
@Library('DCCSCR@master') _
dccscrPipeline(version: "1.5.3")
LICENSE 0 → 100644
View file @ 3f41bcbf
# MongoDB Enterprise Advanced (EA) - Customer Agreement #
By agreeing to an Order Form that references this Customer Agreement (this “Agreement”), or by downloading our Software for a free trial, you agree to this Agreement. If you represent an organization, you represent and warrant that you have the authority to agree to this Agreement on behalf of your organization.
1. Definitions. The following terms have the following meanings:
“Affiliate” means an organization that controls, is controlled by, or is under common control with, a party, where “control” means direct or indirect ownership of more than 50% of the voting interests of the organization.
“Confidential Information” means information a party designates as confidential or reasonably considers as confidential, and includes pricing information on an Order Form. “Confidential Information” excludes information that is (a) or becomes publicly available through no fault of the recipient, (b) received from a third party without a duty of confidentiality, (c) independently developed by the receiving party without breaching this Agreement, or (d) rightfully known or lawfully in the possession of the receiving party prior to disclosure from the other party.
“Consulting Services” means the consulting or professional services included in your Subscription.
“Customer,” “you” and “your” means the organization that agrees to an Order Form or downloads the Software for a free trial.
“Deliverable” means a work provided to you as a part of the Consulting Services, including any report.
“Documentation” means the instructions, specifications and information regarding the Software available at https://docs.mongodb.com/.
“MongoDB,” “we,” “our” and “us” means the MongoDB company that agrees to an Order Form.
“Order Form” means an ordering document for Subscriptions signed by both parties that refers to this Agreement.
“Server” means each unit of RAM as specified on an Order Form of: (a) a physical machine, dedicated server or server blade that stores data; or (b) an instance that stores data in a public or private cloud, where “cloud” includes any type of virtualized or containerized environment (e.g., simple operating systems, virtual machines, CGroups).
“Software” means the MongoDB Enterprise database software, MongoDB Ops Manager, MongoDB Charts, MongoDB Connector for Business Intelligence, and any other software included with a Subscription, including any generally available updates to such software, but excluding open source software components, each of which has its copyright notice and license included in the license file and Documentation.
“Subscription” means a subscription for our Software, Support, or Consulting Services set forth in an Order Form.
“Support” means support, if any, included in a Subscription.
2. Subscriptions.
(a) Generally. We will provide you with the Software, Support and Consulting Services included in the Subscription. We will provide you with Support in accordance with the applicable support policy available on our website, currently available at https://www.mongodb.com/support-policy. While we may modify our support policy from time to time, we will not modify it in a way that materially and adversely affects your Support. Your Affiliates may purchase Subscriptions directly from us by signing an Order Form and you may allow an Affiliate to use your Subscriptions as long as you are responsible for the Affiliate’s compliance with this Agreement.
(b) Free Evaluation and Development. MongoDB grants you a royalty-free, nontransferable and nonexclusive license to use and reproduce the Software in your internal environment for evaluation and development purposes. You will not use the Software for any other purpose, including testing, quality assurance or production purposes without purchasing an Enterprise Advanced Subscription. We provide the free evaluation and development license of our Software on an “AS-IS” basis without any warranty.
(c) Enterprise Advanced Subscription. MongoDB grants you a nontransferable and nonexclusive license during the term of the Subscription to use and reproduce the Software in your internal environment for the purposes and on the number of Servers stated on the Order Form. You will cover each Server used by an application with an Enterprise Advanced Subscription.
3. Consulting Services. You will provide MongoDB with reasonable assistance and information to facilitate scheduling and performance of Consulting Services. You will also appoint an engagement manager to help ensure effective delivery of the Consulting Services. Consulting Services and any Deliverables are accepted when delivered unless otherwise set forth in an Order Form. We may engage qualified subcontractors to provide the Consulting Services, and we are responsible for any subcontractor’s compliance with this Agreement. We grant you a royalty-free, perpetual, nontransferable and nonexclusive license to use and reproduce any Deliverables for your internal business purposes, except for training materials, which may only be used by the individual employees who attended the training session.
4. Your Responsibilities. As a condition to your use of the Software, you will not, and will not allow any third party to: (a) decompile, disassemble, translate, reverse engineer or attempt to derive source code from any portion of the Software; (b) sell, sublicense, rent, lease, distribute, market, or commercialize the Software, your Subscription or any Deliverables, provided that you may use the Software in connection with an application available to your end customers as long as they cannot access the Software directly; (c) directly or indirectly circumvent or violate the technical restrictions of the Software; (d) remove any identification, proprietary, copyright or other notices in the Software, Documentation or Deliverables; (e) modify or create a derivative work of any portion of the Software; (f) publicly disseminate performance information about, or analysis of, the Software, including benchmarking test results, or your Subscription; (g) use the Software on more Servers than licensed on an Order Form; (h) use Support or Ops Manager, Cloud Manager, MongoDB Charts, or MongoDB Connector for Business Intelligence in connection with any application that is not covered by an Enterprise Advanced Subscription; or (i) access or use the Software in a way intended to avoid incurring fees or exceeding usage limits or quotas. You will comply with applicable laws in connection with your use of Software, Deliverables, Consulting Services and your Subscriptions, including any applicable U.S. export regulations and anti-corruption laws.
5. Payment and Taxes. You will pay undisputed fees and reimburse any business expenses as set forth on and in accordance with an Order Form. Your payment for Subscriptions is non-refundable and you may not terminate or cancel an Order Form except as stated in this Agreement. Our fees exclude and you will pay applicable taxes and similar charges, including sales, usage, excise and value added taxes. Nothing in this Agreement requires either party to pay any income taxes or similar charges of the other party. If applicable law requires you to withhold any amount from your payment, you will provide us with copies of documents related to your withholding upon our request.
6. Confidentiality. This Agreement supersedes any applicable non-disclosure agreement between the parties with respect to your use of the Software. The receiving party will use the disclosing party’s Confidential Information only in connection with this Agreement and protect the disclosing party’s Confidential Information by using the same degree of care used to protect its own confidential information, but not less than a reasonable degree of care. The receiving party will limit disclosure of the disclosing party’s Confidential Information to its and its Affiliates’ directors, officers, employees and contractors bound to confidentiality obligations at least as protective as the confidentiality provisions in this Agreement and who have a need to know the Confidential Information. The receiving party will not disclose the disclosing party’s Confidential Information to a any other third party without the disclosing party's consent, except where required to comply with applicable law or a compulsory legal order or process, provided that the receiving party will, if legally permitted, promptly notify the disclosing party. Each party will return or destroy the other party’s Confidential Information upon written request from the other party.
7. Intellectual Property. This Agreement does not transfer any right, title or interest in any intellectual property to any party, except as expressly set forth in this Agreement. You are not obligated to provide us with any suggestions or other feedback, but if you do, we may use and modify this feedback without any restriction or payment.
8. Warranties. MongoDB represents and warrants that: (a) the Software will perform substantially in accordance with the Documentation, and (b) it will perform Consulting Services and Support in a diligent and workmanlike manner consistent with industry standards. Your exclusive remedy for MongoDB’s material breach of warranty is to terminate any affected Subscription in accordance with Section 11 and receive a refund of any prepaid fees for unused Subscriptions. Except as set forth in this Section, we provide the Software, Consulting Services and Support on an “AS-IS” basis. To the fullest extent not prohibited by law, MongoDB disclaims and this Agreement excludes any implied or statutory warranty, including any warranty of title, non-infringement, merchantability or fitness for a particular purpose.
9. Limitation of Liability.
(a) Neither party will be liable to the other for any incidental or consequential damages, including lost profits or business opportunities, or any special or punitive damages.
(b) Except as set forth in Section 9(c) and 9(d), each party’s cumulative liability will not exceed the total fees payable to MongoDB by Customer under this Agreement during the 12-month period before the event giving rise to the liability.
(c) Each party’s cumulative liability under Section 10 will not exceed $3,000,000.
(d) Nothing in this Agreement limits either party’s liability for: (i) fraud or fraudulent misrepresentation; (ii) death or personal injury caused by negligence, gross negligence or intentional misconduct; (iii) Customer’s payment obligations; or (iv) any liability which cannot legally be limited.
10. Indemnification.
(a) Customer Indemnification. If a third party asserts a claim against MongoDB alleging that software, content or data used by Customer in connection with the Software or any Subscription, or provided to MongoDB in order for MongoDB to perform Consulting Services, infringes a third party’s intellectual property right (a “Claim Against Us”), Customer will defend MongoDB against the Claim Against Us at Customer’s expense, and indemnify MongoDB from any damages, reasonable legal fees and costs finally awarded against MongoDB to the extent resulting from the Claim Against Us or for amounts paid by MongoDB to settle the Claim Against Us. Customer will have no obligation to defend or indemnify MongoDB if the Claim Against Us is based on MongoDB’s unauthorized changes to Customer’s software, content, data or other information.
(b) MongoDB Indemnification. If a third party asserts a claim against Customer that the Software infringes a third party’s intellectual property right or any Deliverable infringes a third party’s copyright (a “Claim Against You”), MongoDB will defend Customer against the Claim Against You at MongoDB’s expense and indemnify Customer from any damages, reasonable legal fees and costs finally awarded against Customer to the extent resulting from the Claim Against You or for amounts paid by Customer to settle the Claim Against You. MongoDB will not be obligated to defend or indemnify Customer if the Claim Against You is based on: (i) combination of the Software with other software, content, data or business process not contemplated by Documentation; (ii) use of any older release of the Software when use of a newer version would have avoided the alleged or actual infringement; (iii) any modification of the Software made by anyone other than MongoDB; or (iv) MongoDB's compliance with any materials, designs, specifications or instructions provided by Customer.
(c) Infringement Remedies. In addition to MongoDB’s indemnity obligations, if the Software or any Deliverable becomes, or in MongoDB’s opinion is likely to become, the subject of an infringement claim, MongoDB may at its option and expense and as Customer’s sole and exclusive remedy: (i) procure for Customer the right to make continued use of the Software or Deliverable; (ii) replace or modify the Software or Deliverable so that it becomes non-infringing; or (iii) terminate Customer’s license to the Software or Deliverable and refund any prepaid fees for unused Subscriptions.
(d) Indemnification Procedures. Each party will provide the other with prompt notice of any claim. A party’s failure to provide prompt notice to the other party relieves the party of its obligation to defend and indemnify the other party only to the extent that the failure to provide notice materially harms the party’s ability to defend the claim. The indemnifying party will have sole control of the defense of the claim, including any settlement. The indemnified party will provide the indemnifying party with reasonable cooperation in connection with the defense of the claim, and may participate in the defense at its own expense. This Section 10 sets forth each party’s exclusive remedy for any third party infringement claim.
11. Term and Termination. The term of this Agreement commences when you agree to an Order Form, or you download our Software for a free trial, and will remain in effect until terminated in accordance with this Agreement. Either party may terminate this Agreement for convenience immediately upon notice if all Order Forms under this Agreement have expired or been terminated. Neither party may terminate an Order Form for convenience. If a party fails to cure a material breach of this Agreement within 30 days after receipt of written notice of the breach, the other party may terminate this Agreement and any affected Order Form. Upon termination of an Order Form or this Agreement, you will remove the Software from all Servers covered by the terminated Subscriptions. Provisions intended by their nature to survive termination of this Agreement survive termination. During the term of this Agreement and one year following termination, we may inspect your records relating to your use of the Software or Consulting Services for the purposes of verifying compliance with this Agreement.
12. General. Notices under this Agreement will be in writing and effective on the delivery date. The parties will deliver notices by personal delivery or courier to the address of the other party set forth on the Order Form. If you are located in North, Central or South America, New York law governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in New York, New York. For customers located elsewhere, the law of England and Wales governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in London, England. This Agreement does not create a partnership, agency relationship, or joint venture between the parties. The United Nations Convention for the International Sale of Goods does not apply to this Agreement. Unless you tell us otherwise in writing, we may refer to our relationship with you as a customer. Any assignment of this Agreement by you without our prior written consent will be null and void, except an assignment to an Affiliate or in connection with a merger or sale of all or substantially all of your assets or stock, provided that you may not assign this Agreement to a competitor of ours without our prior written consent. If any provision of this Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to effect the parties’ intention and the remaining provisions will not be affected. The parties may amend this Agreement only by a written amendment signed by both parties. This Agreement incorporates any addenda or exhibits, and any Order Form, and comprises the parties’ entire agreement relating to the subject matter of this Agreement. Neither party has entered into this Agreement in reliance on any representations or warranties other than those expressly set forth in this Agreement or in an applicable Order Form. If any conflict exists between the provisions in this Agreement and any Order Form, the Order Form controls, and if any conflict exists between this Agreement and any addenda, exhibit or other agreement, this Agreement controls. A purchase order is for convenience only and any terms that govern the purchase order are of no effect. Customer’s purchase of any Subscription is not contingent on, and Customer has not relied on, the delivery of any future functionality, regardless of any communication about our products. Neither party will be liable for failures or delays in performance due to causes beyond its reasonable control.
README.md
View file @ 3f41bcbf
### MongoDB Enterprise Database
\ No newline at end of file
# Before You Begin #
**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINER, CONTACT YOUR MONGODB SALES REPRESENTATIVE.** YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER. SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW. THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME.
# Contact Information #
For licensing and technical information, please use the following contact information:
Anton Hoffman, EAE USAF
781-996-8860
anton.hoffman@mongodb.com
Please also CC: publicsector@mongodb.com
# MongoDB Enterprise Database #
MongoDB is a general purpose, distributed document database designed for ease of development and scaling. Its key features include a flexible JSON-like document data model, high performance, a rich query language, high availability, and horizontal scalability.
This MongoDB Enterprise Database image is used by the MongoDB Enterprise Kubernetes Operator, and in conjunction with MongoDB Ops Manager, to provision and manage MongoDB database deployments (replica sets, sharded clusters, and standalone MongoDB instances) through Kubernetes and OpenShift. It contains an Automation Agent that connects to management services provided by Ops Manager. Together, the Enterprise Operator and Ops Manager provide a management and orchestration layer to run MongoDB Enterprise within Kubernetes and OpenShift clusters. Ops Manager can itself be deployed to the cluster or stood up separately.
For more information about MongoDB, please visit <https://www.mongodb.com>.
More information about MongoDB Ops Manager can be found at <https://www.mongodb.com/products/ops-manager>.
## Documentation ##
Documentation for the MongoDB Enterprise Kubernetes Operator is available at <https://docs.mongodb.com/kubernetes-operator>.
download.json 0 → 100755
View file @ 3f41bcbf
{
"resources": [
{
"url": "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.5.3.tar.gz",
"filename": "mongodb-enterprise-operator-binaries-release-1.5.3.tar.gz",
"validation": {
"type": "sha256",
"value": "251bf6aa9e6deeba3bd5366228ce81f6322c6a15aa8b07558cb23092d73333b8"
}
}
]
}
\ No newline at end of file
scripts/agent-launcher-lib.sh 0 → 100755
View file @ 3f41bcbf
#!/usr/bin/env bash
# This is a file containing all the functions which may be needed for other shell scripts
# see if jq is available for json logging
use_jq="$(command -v jq)"
# log stdout as structured json with given log type
json_log () {
if [ "$use_jq" ]; then
jq --unbuffered --null-input -c --raw-input "inputs | {\"logType\": \"$1\", \"contents\": .}";
else
echo "$1"
fi
}
# log a given message in json format
script_log () {
echo "$1" | json_log 'agent-launcher-script'
}
# the function reacting on SIGTERM command sent by the container on its shutdown. Makes sure all processes started (including
# mongodb) receive the signal. For MongoDB this results in graceful shutdown of replication (starting from 4.0.9) which may
# take some time. The script waits for all the processes to finish, otherwise the container would terminate as Kubernetes
# waits only for the process with pid #1 to end
cleanup () {
# Important! Keep this in sync with DefaultPodTerminationPeriodSeconds constant from constants.go
termination_timeout_seconds=600
script_log "Caught SIGTERM signal. Passing the signal to the automation agent and the mongod processes."
kill -15 "$agentPid"
wait "$agentPid"
mongoPid="$(cat /data/mongod.lock)"
kill -15 "$mongoPid"
script_log "Waiting until mongod process is shutdown. Note, that if mongod process fails to shutdown in the time specified by the 'terminationGracePeriodSeconds' property (default $termination_timeout_seconds seconds) then the container will be killed by Kubernetes."
# dev note: we cannot use 'wait' for the external processes, seems the spinning loop is the best option
while [ -e "/proc/$mongoPid" ]; do sleep 0.1; done
script_log "Mongod and automation agent processes are shutdown"
}
# ensure_certs_symlinks function checks if certificates and CAs are mounted and creates symlinks to them
ensure_certs_symlinks () {
# the paths inside the pod. Move to parameters if multiple usage is needed
secrets_dir="/var/lib/mongodb-automation/secrets"
custom_ca_dir="${secrets_dir}/ca"
pod_secrets_dir="/mongodb-automation"
if [ -d "${secrets_dir}/certs" ]; then
script_log "Found certificates in the host, will symlink to where the automation agent expects them to be"
podname=$(hostname)
if [ ! -f "${secrets_dir}/certs/${podname}-pem" ]; then
script_log "PEM Certificate file does not exist in ${secrets_dir}/certs/${podname}-pem. Check the Secret object with certificates is well formed."
exit 1
fi
ln -s "${secrets_dir}/certs/${podname}-pem" "${pod_secrets_dir}/server.pem"
fi
if [ -d "${custom_ca_dir}" ]; then
if [ -f "${custom_ca_dir}/ca-pem" ]; then
script_log "Using CA file provided by user"
ln -s "${custom_ca_dir}/ca-pem" "${pod_secrets_dir}/ca.pem"
else
script_log "Could not find CA file. The name of the entry on the Secret object should be 'ca-pem'"
exit 1
fi
else
script_log "Using Kubernetes CA file"
ln -s "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" "${pod_secrets_dir}/ca.pem"
fi
}
# download_agent function downloads and unpacks the Mongodb Agent
download_agent () {
script_log "Downloading a Mongodb Agent from ${base_url}"
pushd /tmp >/dev/null
curl_opts=(
"${base_url}/download/agent/automation/mongodb-mms-automation-agent-latest.linux_x86_64.tar.gz"
"--location" "--silent" "--retry" "3" "--fail" "-v"
"--output" "automation-agent.tar.gz"
)
if [ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" = "false" ]; then
# If we are not expecting valid certs, `curl` should be run with `--insecure` option.
# The default is NOT to accept insecure connections.
curl_opts+=("--insecure")
fi
if [ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]; then
curl_opts+=("--cacert" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}")
fi
if ! curl "${curl_opts[@]}" &> "${MMS_LOG_DIR}/agent-launcher-script.log"; then
script_log "Error while downloading the Mongodb agent"
cat "${MMS_LOG_DIR}/agent-launcher-script.log" | json_log 'agent-launcher-script'
exit 1
fi
script_log "The Mongodb Agent binary downloaded, unpacking"
tar -xzf automation-agent.tar.gz
AGENT_VERSION=$(find . -name mongodb-mms-automation-agent-* | awk -F"-" '{ print $5 }')
echo "${AGENT_VERSION}" > "${MMS_HOME}/files/agent-version"
mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent "${MMS_HOME}/files/"
chmod +x "${MMS_HOME}/files/mongodb-mms-automation-agent"
rm -rf automation-agent.tar.gz mongodb-mms-automation-agent-*.linux_x86_64
script_log "The Automation Agent was deployed at ${MMS_HOME}/files/mongodb-mms-automation-agent"
popd >/dev/null
}
#https://stackoverflow.com/a/4025065/614239
compare_versions () {
if [[ $1 == $2 ]]
then
return 0
fi
local IFS=.
local i ver1=($1) ver2=($2)
# fill empty fields in ver1 with zeros
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++))
do
ver1[i]=0
done
for ((i=0; i<${#ver1[@]}; i++))
do
if [[ -z ${ver2[i]} ]]
then
# fill empty fields in ver2 with zeros
ver2[i]=0
fi
if ((10#${ver1[i]} > 10#${ver2[i]}))
then
return 1
fi
if ((10#${ver1[i]} < 10#${ver2[i]}))
then
return 2
fi
done
return 0
}
scripts/agent-launcher.sh 0 → 100755
View file @ 3f41bcbf
#!/usr/bin/env bash
set -o nounset
set -o errexit
set -o pipefail
source "${MMS_HOME}/files/agent-launcher-lib.sh"
# The path to the automation config file in case the agent is run in headless mode
cluster_config_file="/var/lib/mongodb-automation/cluster-config.json"
# file required by Automation Agents of authentication is enabled.
keyfile_dir="/var/lib/mongodb-mms-automation"
mkdir -p ${keyfile_dir}
touch "${keyfile_dir}/keyfile"
chmod 600 "${keyfile_dir}/keyfile"
ensure_certs_symlinks
# Ensure that the user has an entry in /etc/passwd
current_uid=$(id -u)
declare -r current_uid
if ! grep -q "${current_uid}" /etc/passwd ; then
# Adding it here to avoid panics in the automation agent
sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd
echo "mongodb:x:$(id -u):$(id -g):,,,:/mongodb-automation:/bin/bash" >> /tmp/passwd
export LD_PRELOAD=libnss_wrapper.so
export NSS_WRAPPER_PASSWD=/tmp/passwd
export NSS_WRAPPER_GROUP=/etc/group
fi
# Create a symlink, after the volumes have been mounted
# If the journal directory already exists (this could be the migration of the existing MongoDB database) - we need
# to copy it to the correct location first and remove a directory
if [[ -d /data/journal ]] && [[ ! -L /data/journal ]]; then
script_log "The journal directory /data/journal already exists - moving its content to /journal"
if [[ $(ls -1 /data/journal | wc -l) -gt 0 ]]; then
mv /data/journal/* /journal
fi
rm -rf /data/journal
fi
ln -sf /journal /data/
script_log "Created symlink: /data/journal -> $(readlink -f /data/journal)"
# If it is a migration of the existing MongoDB - then there could be a mongodb.log in a default location -
# let's try to copy it to a new directory
if [[ -f /data/mongodb.log ]] && [[ ! -f "${MMS_LOG_DIR}/mongodb.log" ]]; then
script_log "The mongodb log file /data/mongodb.log already exists - moving it to ${MMS_LOG_DIR}"
mv /data/mongodb.log ${MMS_LOG_DIR}
fi
base_url="${BASE_URL-}" # If unassigned, set to empty string to avoid set-u errors
base_url="${base_url%/}" # Remove any accidentally defined trailing slashes
declare -r base_url
# Download the Automation Agent from Ops Manager
# Note, that it will be skipped if the agent is supposed to be run in headless mode
if [[ -n "${base_url}" ]]; then
download_agent
fi
AGENT_VERSION="$(cat ${MMS_HOME}/files/agent-version)"
# Start the Automation Agent
agentOpts=(
"-mmsGroupId" "${GROUP_ID-}"
"-pidfilepath" "${MMS_HOME}/mongodb-mms-automation-agent.pid"
"-maxLogFileDurationHrs" "24"
"-logLevel" "${LOG_LEVEL:-INFO}"
"-logFile" "${MMS_LOG_DIR}/automation-agent.log"
)
script_log "Automation Agent version: ${AGENT_VERSION}"
# this is the version of Automation Agent which has fixes for health file bugs
set +e
compare_versions "${AGENT_VERSION}" 10.2.3.5866-1
if [[ $? -le 1 ]]; then
agentOpts+=("-healthCheckFilePath" "${MMS_LOG_DIR}/agent-health-status.json")
fi
set -e
if [[ -n "${base_url}" ]]; then
agentOpts+=("-mmsBaseUrl" "${base_url}")
else
agentOpts+=("-cluster" "${cluster_config_file}")
# we need to open the web server on localhost even though we don't use it - otherwise Agent doesn't
# produce status information at all (we need it in health file)
agentOpts+=("-serveStatusPort" "5000")
script_log "Mongodb Agent is configured to run in \"headless\" mode using local config file"
fi
if [[ -n "${HTTP_PROXY-}" ]]; then
agentOpts+=("-httpProxy" "${HTTP_PROXY}")
fi
if [[ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]]; then
agentOpts+=("-sslTrustedMMSServerCertificate" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}")
fi
if [[ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" != "false" ]]; then
# Only set this option when valid certs are required. The default is false
agentOpts+=("-sslRequireValidMMSServerCertificates")
fi
script_log "Launching automation agent with following arguments: ${agentOpts[*]} -mmsApiKey ${AGENT_API_KEY+<hidden>}"
agentOpts+=("-mmsApiKey" "${AGENT_API_KEY-}")
# Note, that we do logging in subshell - this allows us to save the сorrect PID to variable (not the logging one)
"${MMS_HOME}/files/mongodb-mms-automation-agent" "${agentOpts[@]}" 2>> "${MMS_LOG_DIR}/automation-agent-stderr.log" > >(json_log "automation-agent-stdout") &
agentPid=$!
trap cleanup SIGTERM
# Note that we don't care about orphan processes as they will die together with container in case of any troubles
# tail's -F flag is equivalent to --follow=name --retry. Should we track log rotation events?
AGENT_VERBOSE_LOG="${MMS_LOG_DIR}/automation-agent-verbose.log" && touch "${AGENT_VERBOSE_LOG}"
AGENT_STDERR_LOG="${MMS_LOG_DIR}/automation-agent-stderr.log" && touch "${AGENT_STDERR_LOG}"
MONGODB_LOG="${MMS_LOG_DIR}/mongodb.log" && touch "${MONGODB_LOG}"
tail -F "${AGENT_VERBOSE_LOG}" 2> /dev/null | json_log 'automation-agent-verbose' &
tail -F "${AGENT_STDERR_LOG}" 2> /dev/null | json_log 'automation-agent-stderr' &
tail -F "${MONGODB_LOG}" 2> /dev/null | json_log 'mongodb' &
wait
scripts/probe.sh 0 → 100755
View file @ 3f41bcbf
#!/bin/bash
agent_pid=/mongodb-automation/mongodb-mms-automation-agent.pid
check_agent_pid () {
# the agent PID must exists always
# it it does not exists, we assume it is being updated
# so we have a failure threshold of a few minutes.
[ -f $agent_pid ]
}
baby_container () {
# returns 0 if host's uptime is less than 1 hour
# To check if container uptime is less than 1 hour,
# we check for how long the pid1 process has
# been running.
pid1_alive_secs=$(ps -o etimes= -p 1)
pid1_alive_mins=$((pid1_alive_secs / 60))
[ $pid1_alive_mins -lt 60 ]
}
check_mongod_alive () {
pgrep --exact 'mongod'
}
check_mongos_alive () {
pgrep --exact 'mongos'
}
check_mongo_process_alive () {
# the mongod process pid might not always exist
# 1. when the container is being created the mongod package needs to be
# downloaded. the agent will wait for 1 hour before giving up.
# 2. the mongod process might be getting updated, we'll set a
# failureThreshold on the livenessProbe to a few minutes before we
# give up.
baby_container || check_mongod_alive || check_mongos_alive
}
check_agent_pid && check_mongo_process_alive
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED