mongodb_user - Adds or removes a user from a MongoDB database.
Synopsis
Adds or removes a user from a MongoDB database.
Requirements (on host that executes module)
- pymongo
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| database |
yes | The name of the database to add/remove the user from | ||
| login_database (added in 2.0) |
no | The database where login credentials are stored | ||
| login_host |
no | localhost | The host running the database | |
| login_password |
no | The password used to authenticate with | ||
| login_port |
no | 27017 | The port to connect to | |
| login_user |
no | The username used to authenticate with | ||
| name |
yes | The name of the user to add or remove aliases: user | ||
| password |
no | The password to use for the user | ||
| replica_set (added in 1.6) |
no | Replica set to connect to (automatically connects to primary for writes) | ||
| roles (added in 1.3) |
no | readWrite | The database user roles valid values could either be one or more of the following strings: 'read', 'readWrite', 'dbAdmin', 'userAdmin', 'clusterAdmin', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'dbAdminAnyDatabase' Or the following dictionary '{ db: DATABASE_NAME, role: ROLE_NAME }'. This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required. | |
| ssl (added in 1.8) |
no | Whether to use an SSL connection when connecting to the database | ||
| state |
no | present |
|
The database user state |
| update_password (added in 2.1) |
no | always |
|
always will update passwords if they differ. on_create will only set the password for newly created users. |
Examples
# Create 'burgers' database user with name 'bob' and password '12345'. - mongodb_user: database=burgers name=bob password=12345 state=present # Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly) - mongodb_user: database=burgers name=bob password=12345 state=present ssl=True # Delete 'burgers' database user with name 'bob'. - mongodb_user: database=burgers name=bob state=absent # Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style) - mongodb_user: database=burgers name=ben password=12345 roles='read' state=present - mongodb_user: database=burgers name=jim password=12345 roles='readWrite,dbAdmin,userAdmin' state=present - mongodb_user: database=burgers name=joe password=12345 roles='readWriteAnyDatabase' state=present # add a user to database in a replica set, the primary server is automatically discovered and written to - mongodb_user: database=burgers name=bob replica_set=belcher password=12345 roles='readWriteAnyDatabase' state=present # add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is usefull for oplog access (MONGO_OPLOG_URL). # please notice the credentials must be added to the 'admin' database because the 'local' database is not syncronized and can't receive user credentials # To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin" # This syntax requires mongodb 2.6+ and pymongo 2.5+ - mongodb_user: login_user: root login_password: root_password database: admin user: oplog_reader password: oplog_reader_password state: present replica_set: belcher roles: - { db: "local" , role: "read" }
Notes
Note
Requires the pymongo Python package on the remote host, version 2.4.2+. This can be installed using pip or the OS package manager. @see http://api.mongodb.org/python/current/installation.html
This is an Extras Module
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.