#!/bin/bash # Copyright: 2023 Virtuozzo International GmbH # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. [ -n "${MONGOPASSWDLIB_VERSION:-}" ] && return 0; MONGOPASSWDLIB_VERSION="0.1"; include log; include output; mongo_conf='/etc/mongod.conf' $PROGRAM 'sed'; $PROGRAM 'mongo'; $PROGRAM 'grep'; if [ "${COMPUTE_TYPE_FULL_VERSION/./}" -ge "26" ] ; then ADMINDB='admin' else ADMINDB='admin test local' fi LOG_FILE=/var/log/mongoreset.log MONGOLOCK=/var/lib/mongo/mongod.lock function setPassword() { while [ "$1" != "" ]; do case $1 in -u ) shift local user=$1 ;; -p ) shift local password=$1 ;; esac shift done local tries=200; stopService ${SERVICE} >> $LOG_FILE 2>&1 while [ "$tries" -gt 0 ] do if ! ps aux | $GREP -v grep | $GREP -q 'mongod.conf' ; then break; fi sleep 1 tries=$(($tries-1)) done if ps aux | $GREP -v grep | $GREP -q mongo ; then /usr/bin/killall mongo 1>>$LOG_FILE 2>&1; fi if [ -e $MONGOLOCK ] then rm -f $MONGOLOCK 1>>$LOG_FILE 2>&1 echo "rm $MONGOLOCK 1 " 1>>$LOG_FILE 2>&1 fi val=$(sed 's/\.//' <<< $COMPUTE_TYPE_FULL_VERSION ) [ -z "$val" ] && val=0 ; if [ "x$COMPUTE_TYPE" == "xmongodb" -a $val -ge 32 ] ; then $SED -i '/authorization:/s/\s*enabled/ disabled/' $mongo_conf else $SED -i 's/^auth\s*=\s*true/\#auth = true/' $mongo_conf fi startService ${SERVICE} >> $LOG_FILE 2>&1 sleep 1 for ADB in $ADMINDB do tryresetcount=200 while [ $tryresetcount -gt 0 ] do $MONGO $ADB --eval "db.changeUserPassword(\"$user\",\"$password\")" >>$LOG_FILE 2>&1 resultcode=$? [ $resultcode -eq 0 ] && { break ; } || { if [ $resultcode -eq 252 ] ;then $MONGO $ADB --eval 'db.createUser({"user":"admin","pwd":"password","roles":[ { role: "root", db: "admin" }]})' >/dev/null 2>/dev/null $MONGO $ADB --eval 'db.createRole( { role: "manageRole", privileges: [ { resource: { anyResource:true } , actions: [ "anyAction" ] } ], roles: [] } )' > /dev/null 2>/dev/null $MONGO $ADB --eval 'db.grantRolesToUser("admin", [{role:"manageRole", db:"admin"} ])' >/dev/null 2>/dev/null fi sleep 2; } tryresetcount=$((tryresetcount-1)) done done sleep 5; stopService ${SERVICE} >> $LOG_FILE 2>&1 while [ $tries -gt 0 ] do if ! ps aux | $GREP -v grep | $GREP -q mongo ; then break; fi sleep 1 tries=$(($tries2-1)) done if ps aux | $GREP -v grep | $GREP -q mongo ; then /usr/bin/killall mongo 1>>$LOG_FILE 2>&1; fi if [ -e $MONGOLOCK ] then rm -f $MONGOLOCK 1>>$LOG_FILE 2>&1 echo "rm $MONGOLOCK 1 " 1>>$LOG_FILE 2>&1 fi if [ "x$COMPUTE_TYPE" == "xmongodb" -a $val -ge 32 ] ; then $SED -i '/authorization:/s/\s*disabled/ enabled/' $mongo_conf else $SED -i 's/^\#auth\s*=\s*true/auth = true/' $mongo_conf fi startService ${SERVICE} >> $LOG_FILE 2>&1 }