ibm-mas · terenceq · Sep 6, 2024 · Jul 10, 2024 · Jul 16, 2024 · Aug 26, 2024
@@ -80,6 +80,7 @@ mongo_extras_version: "{{ lookup('env', 'MONGODB_VERSION') | default(mongo_extra
 mongo_extras_version_4: 4.4.21
 mongo_extras_version_5: 5.0.23
 mongo_extras_version_6: 6.0.12
+mongo_extras_version_7: 7.0.12
 
 # Extra Images for Db2u
 # ------------------------------------------------------------------------------

@@ -16,6 +16,7 @@
     mirror_mongoce_v4: "{{ lookup('env', 'MIRROR_MONGOCE_V4') | default ('False', True) | bool }}"
     mirror_mongoce_v5: "{{ lookup('env', 'MIRROR_MONGOCE_V5') | default ('False', True) | bool }}"
     mirror_mongoce_v6: "{{ lookup('env', 'MIRROR_MONGOCE_V6') | default ('False', True) | bool }}"
+    mirror_mongoce_v7: "{{ lookup('env', 'MIRROR_MONGOCE_V7') | default ('False', True) | bool }}"
 
     # 3. CPFS
     # -------------------------------------------------------------------------
@@ -152,6 +153,21 @@
         manifest_version: "{{ mongo_extras_version_6 }}"
 
 
+    # Mirror Mongo v7 specifically when requested
+    - name: ibm.mas_devops.mirror_extras_prepare
+      when:
+        - mirror_mode != "from-filesystem"
+        - mirror_mongoce_v7
+      vars:
+        extras_name: mongoce
+        extras_version: "{{ mongo_extras_version_7 }}"
+
+    - name: ibm.mas_devops.mirror_images
+      when: mirror_mongoce_v7
+      vars:
+        manifest_name: extras_mongoce
+        manifest_version: "{{ mongo_extras_version_7 }}"
+
     # 3. IBM Cloud Pak Foundation Services
     # -------------------------------------------------------------------------
     # Just mirror IBM Cloud Pak Foundation Services images 'mirror_common_svcs' is set, or if CPD 4.8+ is being mirrored

@@ -8,7 +8,7 @@ extra_images:
   - name: mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook
     registry: quay.io
     tag: 1.0.8
-    digest: sha256:641ecd0798cd5b49a060df50ad60dc75d964430d6cf9b3d3e91ebc9b19a67a34 # 1.0.8-b20231215T000000Z
+    digest: sha256:893527c88d7b7acc2a5f6fe4e38d8cac5ee99bf5a8c2e4405d2fc6ed4e509bbc # 1.0.8-b20240710T152800Z
 
   - name: mongodb/mongodb-agent
     registry: quay.io
@@ -17,8 +17,8 @@ extra_images:
 
   - name: mongodb/mongodb-kubernetes-readinessprobe
     registry: quay.io
-    tag: 1.0.17
-    digest: sha256:99013fbeb1dccde1f4995adba188b95ce14b336d587730146d3695cb175fcf03 # 1.0.17-b20231215T000000Z
+    tag: 1.0.19
+    digest: sha256:169c1f047b58134b82da6646c4fb75f3fd30599ccc3d54fffd16e56e61e8c01f # 1.0.19-b20240710T152800Z
 
   - name: ibmmas/mongo
     registry: quay.io

@@ -0,0 +1,26 @@
+---
+extra_images:
+  - name: mongodb/mongodb-kubernetes-operator
+    registry: quay.io
+    tag: 0.9.0
+    digest: sha256:4e1e6f82d33211ffd164a28d811b106d02546a1ce84c95625404f30a80a0c2d1 # 0.9.0-b20240710T152800Z
+
+  - name: mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook
+    registry: quay.io
+    tag: 1.0.8
+    digest: sha256:893527c88d7b7acc2a5f6fe4e38d8cac5ee99bf5a8c2e4405d2fc6ed4e509bbc # 1.0.8-b20240710T152800Z
+
+  - name: mongodb/mongodb-agent
+    registry: quay.io
+    tag: 107.0.1.8507-1
+    digest: sha256:d5b34afd48568f5a6a9fce03c78660cbf8d3a96e7fd9a6fbe1d028b01112840f # 107.0.1.8507-1
+
+  - name: mongodb/mongodb-kubernetes-readinessprobe
+    registry: quay.io
+    tag: 1.0.19
+    digest: sha256:169c1f047b58134b82da6646c4fb75f3fd30599ccc3d54fffd16e56e61e8c01f # 1.0.19-b20240710T152800Z
+
+  - name: ibmmas/mongo
+    registry: quay.io
+    tag: 7.0.12
+    digest: sha256:33aab919ee0106de3569cac6c99530c5ab66e3ef532a40fcdabe8c9f42a52395 # quay.io/mongodb/mongodb-community-server:7.0.12-ubi9-20240705T083914Z
@@ -66,7 +66,7 @@ The namespace where the operator and MongoDb cluster will be deployed.
 - Default Value: `mongoce`
 
 ### mongodb_version
-Defines the specific mongo version to be used. Best practice would be to use the version associated with the current Maximo Application Suite catalog. However, this value can currently be overridden to 4.4.21, 5.0.21, 5.0.23, 6.0.10 or 6.0.12
+Defines the specific mongo version to be used. Best practice would be to use the version associated with the current Maximo Application Suite catalog. However, this value can currently be overridden to 4.4.21, 5.0.21, 5.0.23, 6.0.10, 6.0.12, 7.0.12
 
 !!! important
     It is advised to never attempt a downgrade a MongoDB instance managed by the MAS Devops Ansible Collection. Also best practices should include creating scheduled backups of any MongoDB instance.
@@ -140,7 +140,14 @@ Set this to `true` to confirm you want to upgrade your existing Mongo instance f
 Set this to `true` to confirm you want to upgrade your existing Mongo instance from version 5 to version 6.
 
 - Optional
-- Environment Variable: `MONGODB_V5_UPGRADE`
+- Environment Variable: `MONGODB_V6_UPGRADE`
+- Default Value: `false`
+
+### mongodb_v7_upgrade
+Set this to `true` to confirm you want to upgrade your existing Mongo instance from version 6 to version 7.
+
+- Optional
+- Environment Variable: `MONGODB_V7_UPGRADE`
 - Default Value: `false`
 
 ### masbr_confirm_cluster

@@ -120,6 +120,7 @@ custom_labels: "{{ lookup('env', 'CUSTOM_LABELS') | default(None, true) | string
 # the following flags must be set to confirm the upgrades otherwise the role will fail and not proceed with the upgrade.
 mongodb_v5_upgrade: "{{ lookup('env', 'MONGODB_V5_UPGRADE') | default(false, true) | bool }}"
 mongodb_v6_upgrade: "{{ lookup('env', 'MONGODB_V6_UPGRADE') | default(false, true) | bool }}"
+mongodb_v7_upgrade: "{{ lookup('env', 'MONGODB_V7_UPGRADE') | default(false, true) | bool }}"
 
 # This matrix will define and validate the mongodb upgrade compatibility mapping version.
 # Therefore this must be updated whenever a new mongodb version is supported.
@@ -144,8 +145,12 @@ mongo_compatible_target_version:
     - "6.0.12"
   "6.0.10":
     - "6.0.12"
+    - "7.0.12"
   "6.0.12":
     - "6.0.12"
+    - "7.0.12"
+  "7.0.12":
+    - "7.0.12"
 
 # destroy-data vars
 # -----------------------------------------------------------------------------

@@ -50,3 +50,12 @@
   assert:
     that: mongodb_v6_upgrade
     fail_msg: "Your current mongo version is {{ existing_mongo_version }}, in order to upgrade to version {{ target_mongodb_version }}, you must set 'mongodb_v6_upgrade': true"
+
+# This would validate that we only upgrade to v7.0 if 'target_mongodb_version' matches v7.0 minor version and 'mongodb_v7_upgrade: true'
+- name: "Assert that the Mongo v7 upgrade has been triggered"
+  when:
+    - existing_mongo_minor_version is version_compare('7.0', '<')
+    - target_mongodb_version | regex_search('(?<=)(.*)(?=...)') == '7.0'
+  assert:
+    that: mongodb_v7_upgrade
+    fail_msg: "Your current mongo version is {{ existing_mongo_version }}, in order to upgrade to version {{ target_mongodb_version }}, you must set 'mongodb_v7_upgrade': true"
@@ -0,0 +1,87 @@
+---
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: mas-mongo-ce
+  namespace: "{{ mongodb_namespace }}"
+spec:
+  members: {{ mongodb_replicas }}
+  type: ReplicaSet
+{% if controlled_upgrade %}
+  version: "{{ current_mongodb_version }}"
+{% else %}
+  version: "{{ target_mongodb_version }}"
+  featureCompatibilityVersion: "{{ mongodb_feature_compatibility_version }}"
+{% endif %}
+  security:
+    tls:
+      enabled: true
+      certificateKeySecretRef:
+        name: mongo-server-cert
+      caConfigMapRef:
+        name: mas-mongo-ce-cert-map
+    authentication:
+      modes:
+        # Note: MAS 8.5 and earlier only support SCRAM-SHA-1
+        - SCRAM-SHA-256
+        - SCRAM-SHA-1
+  prometheus:
+    username: metrics-endpoint-user
+    passwordSecretRef:
+      name: mas-mongo-ce-metrics-endpoint-secret
+  users:
+    - name: admin
+      db: admin
+      passwordSecretRef:
+        name: mas-mongo-ce-admin-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
+        - name: dbOwner
+          db: admin
+        - name: readWriteAnyDatabase
+          db: admin
+      scramCredentialsSecretName: mas-mongo-ce-scram
+  additionalMongodConfig:
+    storage.wiredTiger.engineConfig.journalCompressor: snappy
+    net.tls.allowInvalidCertificates: true
+    net.tls.allowInvalidHostnames: true
+  statefulSet:
+    spec:
+      serviceName: mas-mongo-ce-svc
+      selector: {}
+      template:
+        spec:
+          containers:
+            - name: mongod
+{% if controlled_upgrade %}
+              image: "{{ current_mongodb_image }}"
+{% else %}
+              image: "{{ target_mongodb_image }}"
+{% endif %}
+              resources:
+                limits:
+                  cpu: "{{ mongodb_cpu_limits }}"
+                  memory: "{{ mongodb_mem_limits }}"
+                requests:
+                  cpu: "{{ mongodb_cpu_requests }}"
+                  memory: "{{ mongodb_mem_requests }}"
+      volumeClaimTemplates:
+        - metadata:
+            name: data-volume
+          spec:
+            accessModes: [ "ReadWriteOnce" ]
+            storageClassName: "{{ mongodb_storage_class }}"
+            resources:
+              requests:
+                storage: "{{ mongodb_storage_capacity_data }}"
+        - metadata:
+            name: logs-volume
+          spec:
+            accessModes: [ "ReadWriteOnce" ]
+            storageClassName: "{{ mongodb_storage_class }}"
+            resources:
+              requests:
+                storage: "{{ mongodb_storage_capacity_logs }}"