Merge pull request #1846 from edx/max/refactor-xqwatcher

Refactor xqwatcher for edx_service

Merge pull request #1846 from edx/max/refactor-xqwatcher
Refactor xqwatcher for edx_service
63565290 · Max Rothman · 085013da · f41a1947 · 63565290 · 085013da
Commit 63565290 authored Feb 17, 2015 by Max Rothman
13 changed files
--- a/playbooks/roles/xqwatcher/defaults/main.yml
+++ b/playbooks/roles/xqwatcher/defaults/main.yml
@@ -51,10 +51,17 @@ XQWATCHER_COURSES:
          KWARGS:
            grader_root: "../data/exampleX-202x/graders/"

-XQWATCHER_GIT_IDENTITY: |
-  -----BEGIN RSA PRIVATE KEY-----
-  Your key if you need to access any private repositories
-  -----END RSA PRIVATE KEY-----
+XQWATCHER_GIT_IDENTITY: !!null
+XQWATCHER_VERSION: "master"
+
+XQWATCHER_REPOS:
+  - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"
+    DOMAIN: "{{ COMMON_GIT_MIRROR }}"
+    PATH: "{{ COMMON_GIT_PATH }}"
+    REPO: xqueue-watcher.git
+    VERSION: "{{ XQWATCHER_VERSION }}"
+    DESTINATION: "{{ xqwatcher_code_dir }}"
+    SSH_KEY: "{{ XQWATCHER_GIT_IDENTITY }}"

 # depends upon Newrelic being enabled via COMMON_ENABLE_NEWRELIC
 # and a key being provided via NEWRELIC_LICENSE_KEY
@@ -64,25 +71,23 @@ XQWATCHER_PIP_EXTRA_ARGS: "-i {{ COMMON_PYPI_MIRROR_URL }}"
 #
 # vars are namespace with the module name.
 #
-xqwatcher_role_name: "xqwatcher"
 xqwatcher_service_name: "xqwatcher"
-xqwatcher_user: "xqwatcher"
-xqwatcher_module: "xqueue_watcher"
-
+xqwatcher_user: "{{ xqwatcher_service_name }}"
 xqwatcher_app_dir: "{{ COMMON_APP_DIR }}/{{ xqwatcher_service_name }}"
 xqwatcher_app_data: "{{ xqwatcher_app_dir }}/data"
-xqwatcher_venv_base: "{{ xqwatcher_app_dir }}/venvs"
-xqwatcher_venv_dir: "{{ xqwatcher_venv_base }}/{{ xqwatcher_service_name }}"
 xqwatcher_code_dir: "{{ xqwatcher_app_dir }}/src"
-xqwatcher_conf_dir: "{{ xqwatcher_app_dir }}"

-xqwatcher_source_repo: "git@{{ COMMON_GIT_MIRROR }}:edx/xqueue-watcher.git"
-xqwatcher_git_ssh_opts: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i {{ xqwatcher_git_identity }}"
-XQWATCHER_VERSION: "master"
-xqwatcher_git_identity: "{{ xqwatcher_app_dir }}/git-identity"
+#change this to /edx/etc after pulling xqwatcher.json out
+xqwatcher_conf_dir: "{{ xqwatcher_app_dir }}"

 xqwatcher_requirements_file: "{{ xqwatcher_code_dir }}/requirements.txt"
 xqwatcher_log_dir: "{{ COMMON_LOG_DIR }}/{{ xqwatcher_service_name }}"
+xqwatcher_module: "xqueue_watcher"
+
+#Do not reference these outside of this file
+xqwatcher_venv_base: "{{ xqwatcher_app_dir }}/venvs"
+xqwatcher_venv_dir: "{{ xqwatcher_venv_base }}/{{ xqwatcher_service_name }}"
+

 #
 # supervisor related config

--- a/playbooks/roles/xqwatcher/handlers/main.yml
+++ b/playbooks/roles/xqwatcher/handlers/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://github.com/edx/configuration/wiki
-# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-#
-#
-# Handlers for role xqwatcher
-#
-# Overview:
-#
-#
- name: restart xqwatcher
-  supervisorctl_local: >
-    state=restarted
-    supervisorctl_path={{ xqwatcher_supervisor_ctl }}
-    config={{ xqwatcher_supervisor_app_dir }}/supervisord.conf
-    name={{ xqwatcher_service_name }}
-  when: not disable_edx_services
--- a/playbooks/roles/xqwatcher/meta/main.yml
+++ b/playbooks/roles/xqwatcher/meta/main.yml
@@ -14,8 +14,10 @@
 # random corners of ansible/jinga/python variable expansion.
 dependencies:
  - role: edx_service
-    edx_role_name: "{{ xqwatcher_role_name }}"
    edx_service_name: "{{ xqwatcher_service_name }}"
+    edx_service_repos: "{{ XQWATCHER_REPOS }}"
+    edx_service_user: "{{ xqwatcher_user }}"
+    edx_service_home: "{{ xqwatcher_app_dir }}"
  - role: supervisor
    supervisor_app_dir: "{{ xqwatcher_supervisor_app_dir }}"
    supervisor_data_dir: "{{ xqwatcher_supervisor_data_dir }}"

--- a/playbooks/roles/xqwatcher/tasks/code_jail.yml
+++ b/playbooks/roles/xqwatcher/tasks/code_jail.yml
@@ -31,27 +31,27 @@

 - name: create jail virtualenv
  shell: >
-    /usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
+    /usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
  with_items: XQWATCHER_COURSES

 - name: write out requirements.txt
  template: >
    src=edx/app/xqwatcher/data/requirements.txt.j2
-    dest={{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
+    dest={{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
    mode=0440 owner=root group=root
  with_items: XQWATCHER_COURSES

 - name : install course specific python requirements
  pip: >
    requirements="{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
-    virtualenv="{{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
    state=present
    extra_args="{{ XQWATCHER_PIP_EXTRA_ARGS }}"
  with_items: XQWATCHER_COURSES

 - name: give other read permissions to the virtualenv
  shell: >
-    chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
+    chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
  with_items: XQWATCHER_COURSES

 - name: start apparmor service

--- a/playbooks/roles/xqwatcher/tasks/deploy.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy.yml
- name: install read-only ssh key
-  copy: >
-    content="{{ XQWATCHER_GIT_IDENTITY }}" dest={{ xqwatcher_git_identity }}
-    owner={{ xqwatcher_user }} group={{ xqwatcher_user }} mode=0600
-
+#TODO: remove once xqwatcher.json can be pulled out into /edx/etc/
 - name: write out watcher config file
  template: >
    src=edx/app/xqwatcher/xqwatcher.json.j2
@@ -16,6 +12,3 @@
 - include: deploy_courses.yml
  tags:
    - deploy-courses
\ No newline at end of file
-
- name: remove read-only ssh key for the content repo
-  file: path={{ xqwatcher_git_identity }} state=absent
--- a/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
@@ -4,7 +4,7 @@

 - name: checkout grader code
  git: >
-    dest={{ xqwatcher_app_data }}/{{ item.COURSE }} repo={{ item.GIT_REPO }}
+    dest={{ xqwatcher_app_dir }}/data/{{ item.COURSE }} repo={{ item.GIT_REPO }}
    version={{ item.GIT_REF }}
    ssh_opts="{{ xqwatcher_git_ssh_opts }}"
  with_items: XQWATCHER_COURSES
--- a/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
@@ -2,17 +2,10 @@
 # The watcher can watch one or many queues and dispatch submissions
 # to the appropriate grader which lives in a separate SCM repository.

- name: checkout watcher code
-  git: >
-    dest={{ xqwatcher_code_dir }} repo={{ xqwatcher_source_repo }} version={{ XQWATCHER_VERSION }}
-    accept_hostkey=yes
-    ssh_opts="{{ xqwatcher_git_ssh_opts }}"
-  register: xqwatcher_checkout
-
 - name: install application requirements
  pip: >
    requirements="{{ xqwatcher_requirements_file }}"
-    virtualenv="{{ xqwatcher_venv_dir }}" state=present
+    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}" state=present
  sudo: true
  sudo_user: "{{ xqwatcher_user }}"

@@ -40,7 +33,12 @@
 - name: update supervisor configuration
  shell: "{{ xqwatcher_supervisor_ctl }} -c {{ xqwatcher_supervisor_app_dir }}/supervisord.conf update"
  when: not disable_edx_services
-  notify: restart xqwatcher

- include: tag_ec2.yml tags=deploy
-  when: COMMON_TAG_EC2_INSTANCE
+- name: restart xqwatcher
+  supervisorctl_local: >
+    state=restarted
+    supervisorctl_path={{ supervisor_ctl }}
+    config={{ supervisor_cfg }}
+    name={{ xqwatcher_service_name }}
+  when: not disable_edx_services
+  sudo_user: "{{ supervisor_service_user }}"
\ No newline at end of file
--- a/playbooks/roles/xqwatcher/tasks/main.yml
+++ b/playbooks/roles/xqwatcher/tasks/main.yml
@@ -100,12 +100,6 @@
    owner="{{ xqwatcher_user }}"
    group="{{ xqwatcher_user }}"

- name: create app data dir
-  file: >
-    path="{{ xqwatcher_app_data }}"
-    state=directory
-    owner="{{ xqwatcher_user }}"
-    group="{{ xqwatcher_user }}"

 - include: code_jail.yml CODE_JAIL_COMPLAIN=false


--- a/playbooks/roles/xqwatcher/tasks/tag_ec2.yml
+++ b/playbooks/roles/xqwatcher/tasks/tag_ec2.yml
---
-
- name: get instance information
-  action: ec2_facts
-
- name: tag instance
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
-  args:
-    tags:
-      "version:xqwatcher" : "{{ xqwatcher_source_repo }} {{ xqwatcher_checkout.after|truncate(7,True,'') }}"
-  when: xqwatcher_checkout.after is defined
--- a/playbooks/roles/xqwatcher/templates/edx/app/supervisor/conf.d/xqwatcher.conf.j2
+++ b/playbooks/roles/xqwatcher/templates/edx/app/supervisor/conf.d/xqwatcher.conf.j2
 ;  {{ ansible_managed }}
 ;

+{% set xqwatcher_venv_dir = xqwatcher_app_dir + '/venvs/' + xqwatcher_service_name %}
 {% if COMMON_ENABLE_NEWRELIC_APP %}
 {% set executable = xqwatcher_venv_dir + '/bin/newrelic-admin run-program ' + xqwatcher_venv_dir + '/bin/python' %}
 {% else %}

--- a/playbooks/roles/xqwatcher/templates/etc/apparmor.d/code.jail.j2
+++ b/playbooks/roles/xqwatcher/templates/etc/apparmor.d/code.jail.j2
 #include <tunables/global>

-{{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/bin/python {
+{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/bin/python {
    #include <abstractions/base>

-    {{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/** mr,
+    {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/** mr,
    #todo need a way of providing.
    # edxapp_code_dir /common/lib/sandbox-packages/** r,
    /tmp/codejail-*/ rix,

--- a/playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-course-sandbox.j2
+++ b/playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-course-sandbox.j2
-{{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=({{ item.QUEUE.HANDLERS[0].CODEJAIL.user }})  SETENV:NOPASSWD:{{ xqwatcher_venv_base }}/{{ item.QUEUE.HANDLERS[0].CODEJAIL.name }}/bin/python
+{{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=({{ item.QUEUE.HANDLERS[0].CODEJAIL.user }})  SETENV:NOPASSWD:{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE.HANDLERS[0].CODEJAIL.name }}/bin/python
 {{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=(ALL) NOPASSWD:/bin/kill
 {{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=(ALL) NOPASSWD:/usr/bin/pkill
--- a/playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-xqwatcher.j2
+++ b/playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-xqwatcher.j2
-{{ xqwatcher_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }})  SETENV:NOPASSWD:{{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/bin/python
+{{ xqwatcher_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }})  SETENV:NOPASSWD:{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/bin/python
 {{ xqwatcher_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}) NOPASSWD:/bin/kill
 {{ xqwatcher_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}) NOPASSWD:/usr/bin/pkill