rewrite ansible tasks using YAML style

182ddd9e · arbabnazar · 7c91ca75 · 182ddd9e · 182ddd9e · 182ddd9e
Unverified Commit 182ddd9e authored Jun 24, 2016 by arbabnazar
Showing with 166 additions and 116 deletions

playbooks/roles/xserver/handlers/main.yml
+6 -6

playbooks/roles/xserver/tasks/deploy.yml
+99 -65

playbooks/roles/xserver/tasks/ec2.yml
+9 -8

playbooks/roles/xserver/tasks/main.yml
+52 -37

No files found.
--- a/playbooks/roles/xserver/handlers/main.yml
+++ b/playbooks/roles/xserver/handlers/main.yml
@@ -15,10 +15,9 @@
 #

 - name: restart xserver
-  supervisorctl: >
-    name=xserver
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+  supervisorctl:
+    name: xserver
+    supervisorctl_path: "{{ supervisor_ctl }}"
+    config: "{{ supervisor_cfg }}"
+    state: restarted
  when: not disable_edx_services
\ No newline at end of file
-
--- a/playbooks/roles/xserver/tasks/deploy.yml
+++ b/playbooks/roles/xserver/tasks/deploy.yml
- name: "writing supervisor script"
-  template: >
-    src=xserver.conf.j2 dest={{ supervisor_available_dir }}/xserver.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+- name: Writing supervisor script
+  template:
+    src: xserver.conf.j2
+    dest: "{{ supervisor_available_dir }}/xserver.conf"
+    owner: "{{ supervisor_user }}"
+    group: "{{ common_web_user }}"
+    mode: "0644"

- name: "enable supervisor script"
-  file: >
-    src={{ supervisor_available_dir }}/xserver.conf
-    dest={{ supervisor_cfg_dir }}/xserver.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
-    state=link force=yes
+- name: Enable supervisor script
+  file:
+    src: "{{ supervisor_available_dir }}/xserver.conf"
+    dest: "{{ supervisor_cfg_dir }}/xserver.conf"
+    owner: "{{ supervisor_user }}"
+    group: "{{ common_web_user }}"
+    mode: "0644"
+    state: link
+    force: yes
  when: not disable_edx_services

- name: "add gunicorn configuration file"
-  template: >
-    src=xserver_gunicorn.py.j2 dest={{ xserver_app_dir }}/xserver_gunicorn.py
+- name: Add gunicorn configuration file
+  template:
+    src: xserver_gunicorn.py.j2
+    dest: "{{ xserver_app_dir }}/xserver_gunicorn.py"
  become_user: "{{ xserver_user }}"
  notify:
    - restart xserver

- name: checkout code
-  git_2_0_1: >
-    dest={{ xserver_code_dir }} repo={{ xserver_source_repo }} version={{xserver_version}}
-    accept_hostkey=yes
+- name: Checkout code
+  git_2_0_1:
+    dest: "{{ xserver_code_dir }}"
+    repo: "{{ xserver_source_repo }}"
+    version: "{{xserver_version}}"
+    accept_hostkey: yes
  become_user: "{{ xserver_user }}"
  register: xserver_checkout
-  notify: restart xserver
+  notify:
+    - restart xserver

- name: install requirements
-  pip: >
-    requirements="{{ xserver_requirements_file }}" virtualenv="{{ xserver_venv_dir }}" state=present
-    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+- name: Install requirements
+  pip:
+    requirements: "{{ xserver_requirements_file }}"
+    virtualenv: "{{ xserver_venv_dir }}"
+    state: present
+    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver

- name: install sandbox requirements
-  pip: >
-    requirements="{{ xserver_requirements_file }}" virtualenv="{{ xserver_venv_sandbox_dir }}" state=present
-    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+- name: Install sandbox requirements
+  pip:
+    requirements: "{{ xserver_requirements_file }}"
+    virtualenv: "{{ xserver_venv_sandbox_dir }}"
+    state: present
+    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver

- name: create xserver application config
-  template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json
+- name: Create xserver application config
+  template:
+    src: xserver.env.json.j2
+    dest: "{{ xserver_app_dir }}/env.json"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver

- name: install read-only ssh key for the content repo that is required for grading
-  copy: >
-    content="{{ XSERVER_GIT_IDENTITY }}" dest={{ xserver_git_identity }}
-    owner={{ xserver_user }} group={{ xserver_user }} mode=0600
-  notify: restart xserver
+- name: Install read-only ssh key for the content repo that is required for grading
+  copy:
+    content: "{{ XSERVER_GIT_IDENTITY }}"
+    dest: "{{ xserver_git_identity }}"
+    owner: "{{ xserver_user }}"
+    group: "{{ xserver_user }}"
+    mode: "0600"
+  notify:
+    - restart xserver

- name: upload ssh script
-  template: >
-    src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
-    owner={{ xserver_user }} mode=750
-  notify: restart xserver
+- name: Upload ssh script
+  template:
+    src: git_ssh.sh.j2
+    dest: "/tmp/git_ssh.sh"
+    owner: "{{ xserver_user }}"
+    mode: "750"
+  notify:
+    - restart xserver

- name: checkout grader code
-  git_2_0_1: >
-    dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
-    accept_hostkey=yes
+- name: Checkout grader code
+  git_2_0_1:
+    dest: "{{ XSERVER_GRADER_DIR }}"
+    repo: "{{ XSERVER_GRADER_SOURCE }}"
+    version: "{{ xserver_grader_version }}"
+    accept_hostkey: yes
  environment:
-    GIT_SSH: /tmp/git_ssh.sh
-  notify: restart xserver
+    GIT_SSH: "/tmp/git_ssh.sh"
+  notify: 
+    - restart xserver
  register: xserver_grader_checkout
  become_user: "{{ xserver_user }}"

- name: remove read-only ssh key for the content repo
-  file: path={{ xserver_git_identity }} state=absent
-  notify: restart xserver
+- name: Remove read-only ssh key for the content repo
+  file:
+    path: "{{ xserver_git_identity }}"
+    state: absent
+  notify:
+    - restart xserver

  # call supervisorctl update. this reloads
  # the supervisorctl config and restarts
  # the services if any of the configurations
  # have changed.
  #
- name: update supervisor configuration
+- name: Update supervisor configuration
  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
  register: supervisor_update
  changed_when: supervisor_update.stdout is defined and supervisor_update.stdout != ""
  when: not disable_edx_services

- name: ensure xserver is started
-  supervisorctl: >
-    name=xserver
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=started
+- name: Ensure xserver is started
+  supervisorctl:
+    name: xserver
+    supervisorctl_path: "{{ supervisor_ctl }}"
+    config: "{{ supervisor_cfg }}"
+    state: started
  when: not disable_edx_services

- name: create a symlink for venv python
-  file: >
-    src="{{ xserver_venv_bin }}/{{ item }}"
-    dest={{ COMMON_BIN_DIR }}/{{ item }}.xserver
-    state=link
+- name: Create a symlink for venv python
+  file:
+    src: "{{ xserver_venv_bin }}/{{ item }}"
+    dest: "{{ COMMON_BIN_DIR }}/{{ item }}.xserver"
+    state: link
  with_items:
    - python
    - pip

- name: enforce app-armor rules
-  command: aa-enforce {{ xserver_venv_sandbox_dir }}
+- name: Enforce app-armor rules
+  command: "aa-enforce {{ xserver_venv_sandbox_dir }}"

- include: ec2.yml tags=deploy
+- include: ec2.yml
  when: COMMON_TAG_EC2_INSTANCE
+  tags:
+    - deploy
--- a/playbooks/roles/xserver/tasks/ec2.yml
+++ b/playbooks/roles/xserver/tasks/ec2.yml
 ---
-
- name: get instance information
+- name: Get instance information
  action: ec2_facts

- name: tag instance for xserver
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
-  args:
+- name: Tag instance for xserver
+  ec2_tag:
+    resource: "{{ ansible_ec2_instance_id }}"
+    region: "{{ ansible_ec2_placement_region }}"
  tags:
    "version:xserver" : "{{ xserver_source_repo }} {{ xserver_checkout.after|truncate(7,True,'') }}"
  when: xserver_checkout.after is defined

- name: tag instance for xserver grader
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
-  args:
+- name: Tag instance for xserver grader
+  ec2_tag:
+    resource: "{{ ansible_ec2_instance_id }}"
+    region: "{{ ansible_ec2_placement_region }}"
  tags:
    "version:xserver_grader" : "{{ XSERVER_GRADER_SOURCE }} {{ xserver_grader_checkout.after|truncate(7,True,'') }}"
  when: xserver_grader_checkout.after is defined
--- a/playbooks/roles/xserver/tasks/main.yml
+++ b/playbooks/roles/xserver/tasks/main.yml
@@ -2,37 +2,39 @@
 # As of right now this role requires
 # access to the edX 6.00x repo which is not public
 ---
-
- name: checking for grader info
-  fail: msg="You must define XSERVER_GRADER_DIR"
+- name: Checking for grader info
+  fail:
+    msg: "You must define XSERVER_GRADER_DIR"
  when: XSERVER_GRADER_DIR|length == 0

- fail: msg="You must define XSERVER_GRADER_SOURCE"
+- fail:
+    msg: "You must define XSERVER_GRADER_SOURCE"
  when: XSERVER_GRADER_SOURCE|length == 0

- name: checking for git identity
-  fail: msg="You must define XSERVER_GIT_IDENTITY to use this role"
+- name: Checking for git identity
+  fail:
+    msg: "You must define XSERVER_GIT_IDENTITY to use this role"
  when: XSERVER_GIT_IDENTITY|length == 0

- name: create application user
-  user: >
-    name="{{ xserver_user }}"
-    home="{{ xserver_app_dir }}"
-    createhome=no
-    shell=/bin/false
+- name: Create application user
+  user:
+    name: "{{ xserver_user }}"
+    home: "{{ xserver_app_dir }}"
+    createhome: no
+    shell: /bin/false

- name: create application sandbox user
-  user: >
-    name="{{ xserver_sandbox_user }}"
-    createhome=no
-    shell=/bin/false
+- name: Create application sandbox user
+  user:
+    name: "{{ xserver_sandbox_user }}"
+    createhome: no
+    shell: /bin/false

- name: create xserver app and data dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ xserver_user }}"
-    group="{{ common_web_group }}"
+- name: Create xserver app and data dirs
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ xserver_user }}"
+    group: "{{ common_web_group }}"
  with_items:
    - "{{ xserver_app_dir }}"
    # needed for the ansible 1.5 git module
@@ -41,30 +43,43 @@
    - "{{ xserver_data_dir }}"
    - "{{ xserver_data_dir }}/data"

- name: create sandbox sudoers file
-  template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
+- name: Create sandbox sudoers file
+  template:
+    src: 99-sandbox.j2
+    dest: "/etc/sudoers.d/99-sandbox"
+    owner: root
+    group: root
+    mode: "0440"

 # Make sure this line is in the common-session file.
- name: ensure pam-limits module is loaded
+- name: Ensure pam-limits module is loaded
  lineinfile:
-    dest=/etc/pam.d/common-session
-    regexp="session required pam_limits.so"
-    line="session required pam_limits.so"
+    dest: /etc/pam.d/common-session
+    regexp: "session required pam_limits.so"
+    line: "session required pam_limits.so"

- name: set sandbox limits
-  template: src={{ item }} dest=/etc/security/limits.d/sandbox.conf
+- name: Set sandbox limits
+  template:
+    src: "{{ item }}"
+    dest: "/etc/security/limits.d/sandbox.conf"
  first_available_file:
    - "{{ secure_dir }}/sandbox.conf.j2"
    - "sandbox.conf.j2"

- name: install system dependencies of xserver
-  apt: pkg={{ item }} state=present
-  with_items: xserver_debian_pkgs
+- name: Install system dependencies of xserver
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ xserver_debian_pkgs }}"

- name: load python-sandbox apparmor profile
-  template: src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox
+- name: Load python-sandbox apparmor profile
+  template:
+    src: "{{ item }}"
+    dest: "/etc/apparmor.d/edx_apparmor_sandbox"
  first_available_file:
    - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
    - "usr.bin.python-sandbox.j2"

- include: deploy.yml tags=deploy
+- include: deploy.yml
+  tags:
+    - deploy