changing inclusion strategy, adding template.

4994e440 · e0d · 1f23089b · 4994e440 · 4994e440 · 4994e440
Commit 4994e440 authored Jan 29, 2014 by e0d
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 9 deletions

playbooks/roles/automated/tasks/main.yml
+4 -5

playbooks/roles/edxapp/defaults/main.yml
+4 -1

playbooks/roles/edxapp/meta/main.yml
+2 -2

playbooks/roles/edxapp/tasks/deploy.yml
+1 -1

No files found.
--- a/playbooks/roles/automated/tasks/main.yml
+++ b/playbooks/roles/automated/tasks/main.yml
@@ -136,13 +136,12 @@
    owner={{ automated_user }} group={{ automated_user }}
    state=touch
    
- name: add authorized_keys
-  lineinfile:
-    line="{{ item }}" state=present
+- name: build authorized_keys file
+  template:
+    src=home/automator/.ssh/authorized_keys.j2
    dest={{ automated_home }}/.ssh/authorized_keys mode=0600 
    owner={{ automated_user }} group={{ automated_user }}
-  with_items: automated_authorized_keys
-    
+  
 - name: create allowed command links
  file:
    src={{ item }} dest={{ automated_home }}/bin/{{ item.split('/').pop() }}

--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -125,7 +125,10 @@ EDXAPP_SANDBOX_ENFORCE: true

 # Supply authorized keys used for remote management via the automated
 # role, see meta/main.yml.  Ensure you know what this does before
-# enabling.
+# enabling.  The boolean flag determines whether the role is included.
+# This is done to make it possible to disable remote access easily by
+# setting the flag to true and providing an empty array.
+EDXAPP_INCLUDE_AUTOMATOR_ROLE: true
 EDXAPP_AUTOMATOR_AUTHORIZED_KEYS: []

 #-------- Everything below this line is internal to the role ------------

--- a/playbooks/roles/edxapp/meta/main.yml
+++ b/playbooks/roles/edxapp/meta/main.yml
@@ -8,7 +8,7 @@ dependencies:
  - devpi
  - role: automated
    automated_rbash_links: "{{ edxapp_automated_rbash_links }}"
-    automated_sudoers_dest: '99-automator-edxapp'
+    automated_sudoers_dest: '99-automator-edxapp-server'
    automated_sudoers_template: 'roles/edxapp/templates/etc/sudoers.d/99-automator-edxapp-server.j2'
    automated_authorized_keys: "{{ EDXAPP_AUTOMATOR_AUTHORIZED_KEYS }}"
-    when: EDXAPP_AUTOMATOR_AUTHORIZED_KEYS|length > 0
+    when: EDXAPP_INCLUDE_AUTOMATOR_ROLE
--- a/playbooks/roles/edxapp/tasks/deploy.yml
+++ b/playbooks/roles/edxapp/tasks/deploy.yml
@@ -237,7 +237,7 @@
  # root access.
 - name: give other read permissions to the virtualenv
  command: chmod -R o+r "{{ edxapp_venv_dir }}"
-  sudo_user: "{{ edxapp_user }}"
+  #sudo_user: "{{ edxapp_user }}"
  notify:
  - "restart edxapp"
  - "restart edxapp_workers"