rewrite the tasks using YAML syntax

701a61c2 · arbabnazar · 1ab59651 · 701a61c2 · 701a61c2 · 701a61c2
Commit 701a61c2 authored Jun 21, 2016 by arbabnazar
5 changed files
--- a/playbooks/roles/xqwatcher/tasks/code_jail.yml
+++ b/playbooks/roles/xqwatcher/tasks/code_jail.yml
@@ -3,91 +3,98 @@
 # Tasks related to deploying the code jail for the XQWatcher
 #
 - name: Create sandboxed user
-  user: >
+  user:
-    name="{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}"
+    name: "{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}"
-    shell=/bin/false
+    shell: /bin/false
-    home="/dev/null"
+    home: "/dev/null"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:base
 #
-# Need to disable aa to update the virutalenv
+# Need to disable apparmor to update the virutalenv
- name: write out apparmor config
+- name: Write out apparmor config
-  template: >
+  template:
-    src=etc/apparmor.d/code.jail.j2
+    src: "etc/apparmor.d/code.jail.j2"
-    dest="/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+    dest: "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    mode=0644 owner=root group=root
+    owner: root
-  with_items: XQWATCHER_COURSES
+    group: root
+    mode: "0644"
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:configuration
- name: write out sudoers for watcher
+- name: Write out sudoers for watcher
-  template: >
+  template:
-    src=etc/sudoers.d/95-xqwatcher.j2
+    src: "etc/sudoers.d/95-xqwatcher.j2"
-    dest=/etc/sudoers.d/95-xqwatcher-{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user|replace('.', '') }}
+    dest: "/etc/sudoers.d/95-xqwatcher-{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user|replace('.', '') }}"
-    mode=0440 owner=root group=root validate='visudo -c -f %s'
+    owner: root
-  with_items: XQWATCHER_COURSES
+    group: root
+    mode: "0440"
+    validate: 'visudo -c -f %s'
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:configuration
 # see comment below as to why this is skipped.
- name: put code jail into aa-complain
+- name: Put code jail into aa-complain
  command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - manage
    - manage:sandbox
- name: create jail virtualenv
+- name: Create jail virtualenv
-  shell: >
+  shell: "/usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    /usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
+  with_items: "{{ XQWATCHER_COURSES }}"
-  with_items: XQWATCHER_COURSES
  tags:
    - install
    - install:code
- name: write out requirements.txt
+- name: Write out requirements.txt
-  template: >
+  template:
-    src=edx/app/xqwatcher/data/requirements.txt.j2
+    src: "edx/app/xqwatcher/data/requirements.txt.j2"
-    dest={{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
+    dest: "{{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
-    mode=0440 owner=root group=root
+    owner: root
-  with_items: XQWATCHER_COURSES
+    group: root
+    mode: "0440"
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:code
- name: install course specific python requirements
+- name: Install course specific python requirements
-  pip: >
+  pip:
-    requirements="{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
+    requirements: "{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
-    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+    virtualenv: "{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    state=present
+    state: present
-    extra_args="{{ XQWATCHER_PIP_EXTRA_ARGS }}"
+    extra_args: "{{ XQWATCHER_PIP_EXTRA_ARGS }}"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:code
- name: give other read permissions to the virtualenv
+- name: Give other read permissions to the virtualenv
-  shell: >
+  shell: "chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
+  with_items: "{{ XQWATCHER_COURSES }}"
-  with_items: XQWATCHER_COURSES
  tags:
    - install
    - install:code
- name: start apparmor service
+- name: Start apparmor service
-  service: name=apparmor state=started
+  service:
+    name: apparmor
+    state: started
  tags:
    - manage
    - manage:sandbox
- name: load code sandbox profile
+- name: Load code sandbox profile
  command: apparmor_parser -r "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - manage
    - manage:sandbox
@@ -96,20 +103,20 @@
 # Leaves aa in either complain or enforce depending upon the value of the
 # CODE_JAIL_COMPLAIN var.  Complain mode should never be run in an
 # environment where untrusted users can submit code
- name: put code jail into aa-complain
+- name: Put code jail into aa-complain
  command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  when: CODE_JAIL_COMPLAIN|bool
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  # AA having issues on 14.04
  # https://github.com/edx/codejail/issues/38
  tags:
    - manage
    - manage:sandbox
- name: put code sandbox into aa-enforce
+- name: Put code sandbox into aa-enforce
  command: /usr/sbin/aa-enforce "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  when: not CODE_JAIL_COMPLAIN|bool
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - manage
    - manage:sandbox
--- a/playbooks/roles/xqwatcher/tasks/deploy.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy.yml
- name: install courses ssh key
+- name: Install courses ssh key
-  copy: >
+  copy:
-    content="{{ XQWATCHER_GIT_IDENTITY }}"
+    content: "{{ XQWATCHER_GIT_IDENTITY }}"
-    dest={{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses
+    dest: "{{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses"
-    owner={{ xqwatcher_user }} group={{ xqwatcher_user }} mode=0600
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
+    mode: "0600"
  tags:
    - install
    - install:code
 #TODO: remove once xqwatcher.json can be pulled out into /edx/etc/
- name: write out watcher config file
+- name: Write out watcher config file
-  template: >
+  template:
-    src=edx/app/xqwatcher/xqwatcher.json.j2
+    src: "edx/app/xqwatcher/xqwatcher.json.j2"
-    dest={{ xqwatcher_conf_dir }}/xqwatcher.json
+    dest: "{{ xqwatcher_conf_dir }}/xqwatcher.json"
-    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
+    mode: "0644" 
  tags:
    - install
    - install:configuration

--- a/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
@@ -2,12 +2,13 @@
 # checking out the grader code from the repository specified on
 # a per queue basis.
- name: checkout grader code
+- name: Checkout grader code
-  git_2_0_1: >
+  git_2_0_1:
-    dest={{ xqwatcher_app_dir }}/data/{{ item.COURSE }} repo={{ item.GIT_REPO }}
+    repo: "{{ item.GIT_REPO }}"
-    version={{ item.GIT_REF }}
+    dest: "{{ xqwatcher_app_dir }}/data/{{ item.COURSE }}"
-    ssh_opts="{{ xqwatcher_course_git_ssh_opts }}"
+    version: "{{ item.GIT_REF }}"
-  with_items: XQWATCHER_COURSES
+    ssh_opts: "{{ xqwatcher_course_git_ssh_opts }}"
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:code
--- a/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
@@ -2,59 +2,63 @@
 # The watcher can watch one or many queues and dispatch submissions
 # to the appropriate grader which lives in a separate SCM repository.
- name: install application requirements
+- name: Install application requirements
-  pip: >
+  pip:
-    requirements="{{ xqwatcher_requirements_file }}"
+    requirements: "{{ xqwatcher_requirements_file }}"
-    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}" state=present
+    virtualenv: "{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}"
+    state: present
  become: true
  become_user: "{{ xqwatcher_user }}"
  tags:
    - install
    - install:app-requirements
- name: write out course config files
+- name: Write out course config files
-  template: >
+  template:
-    src=edx/app/xqwatcher/conf.d/course.json.j2
+    src: "edx/app/xqwatcher/conf.d/course.json.j2"
-    dest={{ xqwatcher_conf_dir }}/conf.d/{{ item.COURSE }}.json
+    dest: "{{ xqwatcher_conf_dir }}/conf.d/{{ item.COURSE }}.json"
-    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
+    owner: "{{ xqwatcher_user }}"
-  with_items: XQWATCHER_COURSES
+    group: "{{ xqwatcher_user }}"
+    mode: "0644"
+  with_items: "{{ XQWATCHER_COURSES }}"
  tags:
    - install
    - install:configuration
- name: write supervisord config
+- name: Write supervisord config
-  template: >
+  template:
-    src=edx/app/supervisor/conf.d/xqwatcher.conf.j2
+    src: "edx/app/supervisor/conf.d/xqwatcher.conf.j2"
-    dest="{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
+    dest: "{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
-    group={{ xqwatcher_user }} mode=0650
+    group: "{{ xqwatcher_user }}"
+    mode: "0650"
  tags:
    - install
    - install:configuration
- name: enable supervisor script
+- name: Enable supervisor script
-  file: >
+  file:
-    src={{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf
+    src: "{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
-    dest={{ xqwatcher_supervisor_cfg_dir }}/xqwatcher.conf
+    dest: "{{ xqwatcher_supervisor_cfg_dir }}/xqwatcher.conf"
-    state=link
+    state: link
-    force=yes
+    force: yes
  when: not disable_edx_services
  tags:
    - install
    - install:configuration
- name: update supervisor configuration
+- name: Update supervisor configuration
  shell: "{{ xqwatcher_supervisor_ctl }} -c {{ xqwatcher_supervisor_app_dir }}/supervisord.conf update"
  when: not disable_edx_services
  tags:
    - manage
    - manage:update
- name: restart xqwatcher
+- name: Restart xqwatcher
-  supervisorctl: >
+  supervisorctl:
-    state=restarted
+    name: "{{ xqwatcher_service_name }}"
-    supervisorctl_path={{ xqwatcher_supervisor_ctl }}
+    supervisorctl_path: "{{ xqwatcher_supervisor_ctl }}"
-    config={{ xqwatcher_supervisor_app_dir }}/supervisord.conf
+    config: "{{ xqwatcher_supervisor_app_dir }}/supervisord.conf"
-    name={{ xqwatcher_service_name }}
+    state: restarted
  when: not disable_edx_services
  become_user: "{{ xqwatcher_user }}"
  tags:

--- a/playbooks/roles/xqwatcher/tasks/main.yml
+++ b/playbooks/roles/xqwatcher/tasks/main.yml
@@ -86,26 +86,28 @@
 #   -----END RSA PRIVATE KEY-----
 #
- name: create conf dir
+- name: Create conf dir
-  file: >
+  file:
-    path="{{ xqwatcher_conf_dir }}"
+    path: "{{ xqwatcher_conf_dir }}"
-    state=directory
+    state: directory
-    owner="{{ xqwatcher_user }}"
+    owner: "{{ xqwatcher_user }}"
-    group="{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
  tags:
    - install
    - install:base
- name: create conf.d dir
+- name: Create conf.d dir
-  file: >
+  file:
-    path="{{ xqwatcher_conf_dir }}/conf.d"
+    path: "{{ xqwatcher_conf_dir }}/conf.d"
-    state=directory
+    state: directory
-    owner="{{ xqwatcher_user }}"
+    owner: "{{ xqwatcher_user }}"
-    group="{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
  tags:
    - install
    - install:base
 - include: code_jail.yml CODE_JAIL_COMPLAIN=false
- include: deploy.yml tags=deploy
+- include: deploy.yml
+  tags:
+    - deploy