Merge pull request #15 from edx/jrbl/feature/git_checkout

Jrbl/feature/git checkout

Merge pull request #15 from edx/jrbl/feature/git_checkout
Jrbl/feature/git checkout
4e5b6cf4 · jarv · 0fec6229 · 5b4d3323 · 4e5b6cf4 · 4e5b6cf4
Commit 4e5b6cf4 authored Apr 29, 2013 by jarv
11 changed files
--- a/playbooks/group_vars/all
+++ b/playbooks/group_vars/all
+---
+app_base_dir: /opt/wwc
--- a/playbooks/roles/common/tasks/create_users.yml
+++ b/playbooks/roles/common/tasks/create_users.yml
 ---
+- name: Create 'edx' users group
+  group: name=edx state=present
+  sudo: True
 - name: Creating admin users
-  user: name={{ item.user }} groups={{ ",".join(item.groups) }}
+  user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
  sudo: True
  with_items: admin_users
+  tags:
+  - users
+  - admin_users
 - name: Copying ssh keys for admin users
  authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
  sudo: True
  with_items: admin_keys
+  tags:
+  - users
+  - admin_users
 - name: Creating env users
-  user: name={{ item.user }} groups={{ ",".join(item.groups) }}
+  user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
  sudo: True
  with_items: env_users
+  tags:
+  - users
 - name: Copying ssh keys for env users
  authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
  sudo: True
  with_items: env_keys
+  tags:
+  - users
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
@@ -2,7 +2,7 @@
 - include: create_users.yml
 - name: Create application root
  sudo: True
-  file: path=/opt/wwc state=directory owner=root group=root
+  file: path=$app_base_dir state=directory owner=root group=root
 - name: Create log directory
  sudo: True
  file: path=/mnt/logs state=directory

--- a/playbooks/roles/common/vars/main.yml
+++ b/playbooks/roles/common/vars/main.yml
@@ -9,8 +9,8 @@ nginx_cfg:
    edx_release: link
  # path to version files for the basic
  # nginx configuration
-  version_html: /opt/wwc/versions.html
+  version_html: $app_base_dir/versions.html
-  version_json: /opt/wwc/versions.json
+  version_json: $app_base_dir/versions.json
  # default htpasswd contents set to edx/edx
  # this value can be overiden in vars/secure/<group>.yml
  htpasswd: |

--- a/playbooks/roles/lms/tasks/main.yml
+++ b/playbooks/roles/lms/tasks/main.yml
@@ -3,10 +3,32 @@
 #  - nginx/tasks/main.yml
 ---
 - name: create lms application config
-  template: src=env.json.j2 dest=/opt/wwc/lms.env.json
+  template: src=env.json.j2 dest=$app_base_dir/lms.env.json
  sudo: True
 - name: create lms auth file
-  template: src=auth.json.j2 dest=/opt/wwc/lms.auth.json
+  template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
  sudo: True
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
+# Install ssh keys for ubuntu account to be able to check out from mitx
+# Temprory behavior, not needed after June 1. Perhaps still useful as a recipe.
+- name: install read-only ssh key for mitx repo (private)
+  copy: src=vars/secure/ssh_deploy_private dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
+- name: install read-only ssh key for mitx repo (public)
+  copy: src=vars/secure/ssh_deploy_public dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
+- name: install read-only ssh key for mitx repo (host github known)
+  copy: src=vars/secure/ssh_deploy_known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
+# Check out mitx repo to $app_base_dir
+- name: set permissions on $app_base_dir sgid for edx
+  file: path=$app_base_dir owner=root group=edx mode=2775 state=directory
+  file: path=$app_base_dir owner=ubuntu group=edx mode=2775 state=directory
+  sudo: True
+- name: install git and its recommends
+  apt: pkg=git state=installed install_recommends=yes 
+  sudo: True
+- name: git checkout mitx repo into $app_base_dir
+  git: dest=$app_base_dir/mitx repo=git@github.com:MITx/mitx.git
--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@@ -5,11 +5,15 @@
  sudo: True
  apt: pkg=nginx state={{ pkgs.nginx.state }}
  notify: restart nginx
+  tags:
+  - nginx
 # removing default link
 - name: Removing default nginx config
  sudo: True
  file: path=/etc/nginx/sites-available/default state=absent
  notify: restart nginx
+  tags:
+  - nginx
 # Standard configuration that is common across all roles
 # Default values for these variables are set in group_vars/all
 # Note: remove spaces in {{..}}, otherwise you will get a template parsing error.
@@ -18,6 +22,10 @@
 # Default htpassword file, required for basic auth
 - copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
  sudo: True
+  tags:
+  - nginx
 - name: Ensuring that nginx is running
  sudo: True
  service: name=nginx state=started
+  tags:
+  - nginx
--- a/playbooks/roles/nginx/tasks/nginx_site.yml
+++ b/playbooks/roles/nginx/tasks/nginx_site.yml
@@ -4,8 +4,12 @@
  sudo: True
  template: src={{ site_name }}.j2 dest=/etc/nginx/sites-available/{{ site_name }}
  notify: restart nginx
+  tags:
+  - nginx
 - name: Creating nginx config link {{ site_name }}
  sudo: True
  file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
  notify: restart nginx
+  tags:
+  - nginx
--- a/playbooks/roles/nginx/templates/basic-auth.j2
+++ b/playbooks/roles/nginx/templates/basic-auth.j2
@@ -3,7 +3,7 @@ server {
  location / {
     auth_basic            "Restricted";
     auth_basic_user_file  /etc/nginx/nginx.htpasswd;
-     root /opt/wwc/main_static;
+     root {{app_base_dir}}/main_static;
     index index.html
     proxy_set_header X-Forwarded-Proto https;
  }

--- a/playbooks/roles/nginx/templates/lms.j2
+++ b/playbooks/roles/nginx/templates/lms.j2
 server {
+  # LMS configuration file for nginx, templated by ansible
  listen 80;
@@ -65,7 +66,7 @@ server {
  location ~ /static/(?P<file>.*) {
    auth_basic            "Restricted";
    auth_basic_user_file  /etc/nginx/lms.htpasswd;
-    root /opt/wwc;
+    root {{app_base_dir}};
    try_files /staticfiles/$file /course_static/$file =404;
    # return a 403 for static files that shouldn't be

--- a/playbooks/vars/secure/.gitignore
+++ b/playbooks/vars/secure/.gitignore
+# Ignore git deployment ssh keys, which should never be checked into source
+# control.
+ssh_deploy*
--- a/playbooks/vars/secure/users.yml
+++ b/playbooks/vars/secure/users.yml
 # administrator accounts, added to all roles
+# The create_users role task automatically adds all these users to the 
+# 'adm' and 'edx' system groups
 admin_users:
 - user: joe
  email: joe@example.com
  groups:
-  - adm
+  # But at least one group must be defined
+  - adm 
 admin_keys:
 - user: joe