Moving previous secure directory to secure_default directory.

Also changed top level playbook ymlv var search to follow a path, first
over {{ secure_file_dir }} set in group_vars/all then at
vars/secure_default

playbooks/edxapp_custom.yml

 - hosts: tag_Group_edxapp_custom
   vars_files:
-    - "vars/secure/edxapp_stage_vars.yml"
-    - "vars/secure/edxapp_custom_vars.yml"
-    - "vars/secure/users.yml"
-    - "vars/secure/edxapp_stage_users.yml"
+  # using conditional loading to override defaults for site-specific installs
+    - ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
+    - ["{{ secure_file_dir }}/edxapp_custom_vars.yml", "vars/secure_default/edxapp_custom_vars.yml"]
+    - ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
+    - ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
   roles:
     - common
     - nginx

playbooks/edxapp_prod.yml

 - hosts: tag_Group_edxapp_prod
   vars_files:
-    - "vars/secure/edxapp_prod_vars.yml"
-    - "vars/secure/users.yml"
-    - "vars/secure/edxapp_prod_users.yml"
-
+    - ["{{ secure_file_dir }}/edxapp_prod_vars.yml", "vars/secure_default/edxapp_prod_vars.yml"]
+    - ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
+    - ["{{ secure_file_dir }}/edxapp_prod_users.yml", "vars/secure_default/edxapp_prod_users.yml"]
   roles:
     - common
     - nginx

playbooks/edxapp_rolling_example.yml

@@ -3,9 +3,9 @@
 - hosts: tag_Group_anothermulti
   serial: 1
   vars_files:
-    - "vars/secure/edxapp_stage_vars.yml"
-    - "vars/secure/users.yml"
-    - "vars/secure/edxapp_stage_users.yml"
+    - ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
+    - ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
+    - ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
   pre_tasks:
     - name: Gathering ec2 facts 
       ec2_facts: 

playbooks/edxapp_stage.yml

 - hosts: tag_Group_edxapp_stage
   vars_files:
-    - "vars/secure/edxapp_stage_vars.yml"
-    - "vars/secure/users.yml"
-    - "vars/secure/edxapp_stage_users.yml"
+    - ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
+    - ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
+    - ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
   roles:
     - common
     - nginx

playbooks/group_vars/all

 ---
 app_base_dir: /opt/wwc
+
+#where are the secure files on the deploying machine?
+secure_file_dir: vars/secure
+

playbooks/roles/lms/tasks/main.yml

@@ -16,11 +16,11 @@
 # Install ssh keys for ubuntu account to be able to check out from mitx
 # Temprory behavior, not needed after June 1. Perhaps still useful as a recipe.
 - name: install read-only ssh key for mitx repo (private)
-  copy: src=vars/secure/ssh_deploy_private dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
+  copy: src={{ secure_file_dir }}/ssh_deploy_private dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
 - name: install read-only ssh key for mitx repo (public)
-  copy: src=vars/secure/ssh_deploy_public dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
+  copy: src={{ secure_file_dir }}/ssh_deploy_public dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
 - name: install read-only ssh key for mitx repo (host github known)
-  copy: src=vars/secure/ssh_deploy_known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
+  copy: src={{ secure_file_dir }}/ssh_deploy_known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
 
 # Check out mitx repo to $app_base_dir
 - name: set permissions on $app_base_dir sgid for edx

playbooks/vars/.gitignore

+secure