diff --git a/changelog.d/20221128_100809_regis_mongodb_ssl.md b/changelog.d/20221128_100809_regis_mongodb_ssl.md new file mode 100644 index 0000000..07d4ffb --- /dev/null +++ b/changelog.d/20221128_100809_regis_mongodb_ssl.md @@ -0,0 +1 @@ +- [Feature] Add support for MongoDB SSL, authentication source, mechanism and replica set via the `MONGODB_USE_SSL`, `MONGODB_AUTH_MECHANISM`, `MONGODB_AUTH_SOURCE`, `MONGODB_REPLICA_SET` settings. (by @zakum1 and @regisb) diff --git a/docs/configuration.rst b/docs/configuration.rst index fea8142..c3384cf 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -242,11 +242,17 @@ MongoDB ******* - ``RUN_MONGODB`` (default: ``true``) -- ``MONGODB_HOST`` (default: ``"mongodb"``) - ``MONGODB_DATABASE`` (default: ``"openedx"``) +- ``MONGODB_HOST`` (default: ``"mongodb"``) +- ``MONGODB_PASSWORD`` (default: ``""``) - ``MONGODB_PORT`` (default: ``27017``) - ``MONGODB_USERNAME`` (default: ``""``) -- ``MONGODB_PASSWORD`` (default: ``""``) +- ``MONGODB_USE_SSL`` (default: ``false``) +- ``MONGODB_REPLICA_SET`` (default: ``""``) +- ``MONGODB_AUTH_MECHANISM`` (default: ``""``) +- ``MONGODB_AUTH_SOURCE`` (default: ``"admin"``) + +Note that most of these settings will have to be modified to connect to a MongoDB cluster that runs separately of Tutor, such as `Atlas `__. In particular, the authentication source, mechanism and the SSL connection parameters should not be specified as part of the `host URI `__ but as separate Tutor settings. Supported values for ``MONGODB_AUTH_MECHANISM`` are the same as for pymongo (see the `pymongo documentation `__). Redis ***** diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py index 7f4368d..b225199 100644 --- a/tutor/templates/apps/openedx/settings/partials/common_all.py +++ b/tutor/templates/apps/openedx/settings/partials/common_all.py @@ -6,17 +6,16 @@ from xmodule.modulestore.modulestore_settings import update_module_store_setting # Mongodb connection parameters: simply modify `mongodb_parameters` to affect all connections to MongoDb. mongodb_parameters = { + "db": "{{ MONGODB_DATABASE }}", "host": "{{ MONGODB_HOST }}", "port": {{ MONGODB_PORT }}, - {% if MONGODB_USERNAME and MONGODB_PASSWORD %} - "user": "{{ MONGODB_USERNAME }}", - "password": "{{ MONGODB_PASSWORD }}", - {% else %} - "user": None, - "password": None, - {% endif %} - "db": "{{ MONGODB_DATABASE }}", - "replicaSet": None, + "user": {% if MONGODB_USERNAME %}"{{ MONGODB_USERNAME }}"{% else %}None{% endif %}, + "password": {% if MONGODB_PASSWORD %}"{{ MONGODB_PASSWORD }}"{% else %}None{% endif %}, + # Connection/Authentication + "ssl": {{ MONGODB_USE_SSL }}, + "authSource": "{{ MONGODB_AUTH_SOURCE }}", + "replicaSet": {% if MONGODB_REPLICA_SET %}"{{ MONGODB_REPLICA_SET }}"{% else %}None{% endif %}, + {% if MONGODB_AUTH_MECHANISM %}"authMechanism": "{{ MONGODB_AUTH_MECHANISM }}",{% endif %} } DOC_STORE_CONFIG = mongodb_parameters CONTENTSTORE = { diff --git a/tutor/templates/config/defaults.yml b/tutor/templates/config/defaults.yml index af9adfb..385013b 100644 --- a/tutor/templates/config/defaults.yml +++ b/tutor/templates/config/defaults.yml @@ -34,11 +34,15 @@ K8S_NAMESPACE: "openedx" LANGUAGE_CODE: "en" LMS_HOST: "www.myopenedx.com" LOCAL_PROJECT_NAME: "{{ TUTOR_APP }}_local" +MONGODB_AUTH_MECHANISM: "" +MONGODB_AUTH_SOURCE: "admin" MONGODB_HOST: "mongodb" MONGODB_DATABASE: "openedx" MONGODB_PORT: 27017 MONGODB_USERNAME: "" MONGODB_PASSWORD: "" +MONGODB_REPLICA_SET: "" +MONGODB_USE_SSL: false OPENEDX_AWS_ACCESS_KEY: "" OPENEDX_AWS_SECRET_ACCESS_KEY: "" OPENEDX_CACHE_REDIS_DB: 1