Merge pull request #3241 from holta/mongodb-spring-cleaning

WIP: Tighten up roles/mongodb — runs 'apt-mark hold mongodb-org mongodb-org-server' on 64-bit RPi if installing MongoDB >= 5.0

roles/mongodb/defaults/main.yml

@@ -20,6 +20,12 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
+mongodb_64bit_version: 4.4    # 5.0 also works as of 2022-06-09, but can fail on
+# "pre-2011" CPU's lacking AVX.  VERIFY both X.Y versions exist (+ work!) below:
+#
+# 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com
+# 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu
+
 mongodb_conf: /etc/mongod.conf
 mongodb_db_path: "{{ content_base }}/dbdata/mongodb"    # /library/dbdata/mongodb
 mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock"

roles/mongodb/tasks/install.yml

@@ -1,4 +1,9 @@
-# 1. INSTALL MongoDB PACKAGES OR BINARIES
+# MongoDB Install Docs:
+# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/
+# https://www.mongodb.com/docs/manual/installation/
+
+
+# 1. INSTALL MongoDB PACKAGES AND/OR BINARIES
 
 # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so
 # https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is
@@ -52,62 +57,80 @@
       src: mongod.conf.j2
       dest: "{{ mongodb_conf }}"    # /etc/mongod.conf
 
+  - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)'
+    file:
+      state: directory
+      path: "{{ item }}"
+      owner: mongodb
+      group: mongodb
+    with_items:
+      - /var/lib/mongodb
+      - /var/log/mongodb
+
   # end block
   when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64")
 
 # 32-bit OS's are handled above: this should handle aarch32 including 32-bit
-# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit
+# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and
-# might fail untested, and 32-bit Intel might puke as this was orginally
+# 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was
-# deployed for Raspbian.  (Haven't seen bootable 32-bit Intel installers for a
+# orginally deployed for Raspbian.  (Haven't seen bootable 32-bit Intel
-# while now.)  64-bit OS's proceed below.
+# installers for a while now.)  64-bit OS's proceed below.
 
 - block:
-  - name: Add mongodb.org signing key (only 64-bit support available)
+  - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }}
-    shell: wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add -
+    shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add -
+    #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add -
     args:
       warn: false
 
-  - name: Use mongodb-org's Debian repo for Debian (only amd64 support available)
+  - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }}
     apt_repository:
-      # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only
+      # 2020-10-28 and 2022-06-09: http://repo.mongodb.org/apt/debian/dists/
-      # {buster 10, stretch 9, jessie 8, wheezy 7}
+      # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}.  So Bullseye
-      # so Debian 11 "Bullseye" (testing branch) can revert to buster for now:
+      # 11 and Bookworm 12 (testing branch) revert to buster for now:
-      repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main
+      repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main
       #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main
       state: present
       filename: mongodb-org
-    when: is_debian and (ansible_architecture == "x86_64")
+    when: is_debian and ansible_architecture == "x86_64"
 
-  # Debian 10 aarch64 might work below but is blocked in main.yml
+  - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }}
-  - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64
     apt_repository:
-      repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
+      repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse
       state: present
       filename: mongodb-org
-    when: is_raspbian and (ansible_architecture == "aarch64")
+    when: not (is_debian and ansible_architecture == "x86_64")
 
-  - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only
+  # # Debian 10 aarch64 might work below but is blocked in main.yml
-    apt_repository:
+  # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64
-      repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
+  #   apt_repository:
-      state: present
+  #     repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
-      filename: mongodb-org
+  #     state: present
-    when: is_linuxmint
+  #     filename: mongodb-org
+  #   when: is_raspbian and ansible_architecture == "aarch64"
 
-  - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only
+  # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only
-    apt_repository:
+  #   apt_repository:
-      # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only
+  #     repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
-      # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04}
+  #     state: present
-      # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo:
+  #     filename: mongodb-org
-      repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
+  #   when: is_linuxmint
-      #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse
+
-      state: present
+  # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only
-      filename: mongodb-org
+  #   apt_repository:
-    when: is_ubuntu and not is_linuxmint
+  #     # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only
+  #     # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04}
+  #     # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo:
+  #     repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse
+  #     #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse
+  #     state: present
+  #     filename: mongodb-org
+  #   when: is_ubuntu and not is_linuxmint
 
   - name: "Install packages: mongodb-org, mongodb-org-server"
     package:
       name:
-        - mongodb-org
+        - mongodb-org    # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?)
         - mongodb-org-server
       state: present
 
@@ -121,56 +144,73 @@
   - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand
     lineinfile:
       path: "{{ mongodb_conf }}"
-      regexp: '^\s*port:'    # \s = any whitespace char. stackoverflow.com/a/38491899
+      regexp: '^\s*port:'
       line: "  port: {{ mongodb_port }}"    # 27017
 
-  # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4 also reveals:
+  # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4...
-  # (1) dbPath fix in /etc/mongod.conf (~12 lines above) from /var/lib/mongodb
+  # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14
-  #     to /library/dbdata/mongodb
+  # ...as ARM v8-A < ARM v8.2-A ...also reveals:
-  # (2) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID
+  #
+  # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later.
+  #     For AMD x86_64, MongoDB 5.x requires Bulldozer or later.
+  #     Roughly speaking, this means post-2011 CPUs with AVX instructions:
+  #     https://github.com/docker-library/mongo/issues/485#issuecomment-891991814
+  # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from
+  #     /var/lib/mongodb to /library/dbdata/mongodb
+  # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID
   #     file (it may be zero bytes, but never goes away) as confirmed with
   #     MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64.  And now
   #     'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock
-  # (3) mongodb.service should really use a more graceful way to shut down
+  # (4) mongodb.service needed a more graceful way to shut down than
-  #     than 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period).
+  #     'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period).
-  # (4) MongoDB 6.0 is likely imminent but in the meantime a 2022-01-12 option
+  # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12
-  #     (stanza below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400:
+  #     lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400:
   # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz
   # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/
 
-  - name: OVERWRITING AN APT PACKAGE IS RISKY (IT MIGHT LATER UPDATE + OVERWRITE THIS!) BUT FOR NOW download & unzip 76MB http://download.iiab.io/packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin
+  - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future
+    command: apt-mark hold mongodb-org mongodb-org-server
+    when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=')
+
+  - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin
     unarchive:
       remote_src: yes
       src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz"
       dest: /usr/bin
-    when: rpi_model != "none"
+    when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=')
 
   # end block
   when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64"
 
 
-
 # 2. CONFIGURE MongoDB FOR IIAB
 
-- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
+# - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}'
+#   file:
+#     state: directory
+#     path: "{{ item }}"
+#     owner: mongodb
+#     group: mongodb
+#   with_items:
+#     #- { path: '/var/run/mongodb' }
+#     - /var/lib/mongodb
+#     - /var/log/mongodb
+#     - "{{ mongodb_db_path }}"    # /library/dbdata/mongodb
+
+- name: 'Create dir {{ mongodb_db_path }} (mongodb:mongodb)'
   file:
     state: directory
-    path: "{{ item }}"
+    path: "{{ mongodb_db_path }}"    # /library/dbdata/mongodb
     owner: mongodb
     group: mongodb
-  with_items:
-    #- { path: '/var/run/mongodb' }
-    - /var/lib/mongodb
-    - /var/log/mongodb
-    - "{{ mongodb_db_path }}"    # /library/dbdata/mongodb
 
 - name: Install mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock from templates
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: root
-    group: root
     mode: "{{ item.mode }}"
+    #owner: root
+    #group: root
   with_items:
     - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
     - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }

roles/mongodb/tasks/main.yml

@@ -35,18 +35,19 @@
 - debug:
     var: is_raspbian
 
-# might be able to lift this once we know using bionic would work
+# # might be able to lift this once we know using bionic would work
-- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64
+# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64
-  fail:    # FORCE IT RED THIS ONCE!
+#   fail:    # FORCE IT RED THIS ONCE!
-    msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream.  Nevertheless IIAB will continue (consider this a warning!)
+#     msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream.  Nevertheless IIAB will continue (consider this a warning!)
-  when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian
+#   when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian
-  ignore_errors: yes
+#   ignore_errors: yes
 
 # ELSE...
 
 - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
   include_tasks: install.yml
-  when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
+  when: mongodb_installed is undefined
+  # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian)
 
 
 - name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!)