| parameter | required | default | choices | comments |
|---|---|---|---|---|
| database |
yes |
The name of the database to add/remove the user from
|
||
| login_database (added in 2.0) |
no |
The database where login credentials are stored
|
||
| login_host |
no | localhost |
The host running the database
|
|
| login_password |
no |
The password used to authenticate with
|
||
| login_port |
no | 27017 |
The port to connect to
|
|
| login_user |
no |
The username used to authenticate with
|
||
| name |
yes |
The name of the user to add or remove
aliases: user
|
||
| password |
no |
The password to use for the user
|
||
| replica_set (added in 1.6) |
no |
Replica set to connect to (automatically connects to primary for writes)
|
||
| roles (added in 1.3) |
no | readWrite |
The database user roles valid values could either be one or more of the following strings: 'read', 'readWrite', 'dbAdmin', 'userAdmin', 'clusterAdmin', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'dbAdminAnyDatabase'
Or the following dictionary '{ db: DATABASE_NAME, role: ROLE_NAME }'.
This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required.
|
|
| ssl (added in 1.8) |
no |
Whether to use an SSL connection when connecting to the database
|
||
| ssl_cert_reqs (added in 2.2) |
no | CERT_REQUIRED |
|
Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided.
|
| state |
no | present |
|
The database user state
|
| update_password (added in 2.1) |
no | always |
|
always will update passwords if they differ. on_create will only set the password for newly created users. |
# Create 'burgers' database user with name 'bob' and password '12345'. - mongodb_user: database: burgers name: bob password: 12345 state: present # Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly) - mongodb_user: database: burgers name: bob password: 12345 state: present ssl: True # Delete 'burgers' database user with name 'bob'. - mongodb_user: database: burgers name: bob state: absent # Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style) - mongodb_user: database: burgers name: ben password: 12345 roles: read state: present - mongodb_user: database: burgers name: jim password: 12345 roles: readWrite,dbAdmin,userAdmin state: present - mongodb_user: database: burgers name: joe password: 12345 roles: readWriteAnyDatabase state: present # add a user to database in a replica set, the primary server is automatically discovered and written to - mongodb_user: database: burgers name: bob replica_set: belcher password: 12345 roles: readWriteAnyDatabase state: present # add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL). # please notice the credentials must be added to the 'admin' database because the 'local' database is not syncronized and can't receive user credentials # To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin" # This syntax requires mongodb 2.6+ and pymongo 2.5+ - mongodb_user: login_user: root login_password: root_password database: admin user: oplog_reader password: oplog_reader_password state: present replica_set: belcher roles: - db: local role: read
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| user |
The name of the user to add or remove.
|
success | string |
Note
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.