Revert "WL-451: Clean up ansible services/roles for theming"

72461609 · Feanil Patel · 0d5fa4ae · 0d5fa4ae · 0d5fa4ae · 0d5fa4ae
Commit 72461609 authored May 24, 2016 by Feanil Patel
8 changed files
--- a/playbooks/roles/add-user/defaults/main.yml
+++ b/playbooks/roles/add-user/defaults/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
-# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-##
-# Defaults for role add-user
-#
--- a/playbooks/roles/add-user/tasks/main.yml
+++ b/playbooks/roles/add-user/tasks/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
-# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-#
-#
-# Tasks for role add-user
-#
-# Overview:
-#
-# This role performs the repetitive tasks that most edX roles
-# require in our default configuration.
-#
-# Example play:
-#
-# Rather than being included in the play, this role
-# is included as a dependency by other roles in the meta/main.yml
-# file.  The including role should add the following
-# dependency definition.
-#
-# dependencies:
-#   - role: add-user
-#     user_name: edx-themes
-#     user_home: /edx/etc/edx-themes
-#     group_name: edx-themes
-#     dirs:
-#       - {path: /edx/var/edx-themes, owner: 'edx-themes', group: "edx-themes", mode: "0646"}
-#       - {path: /edx/etc/edx-themes, owner: 'edx-themes', group: "edx-themes", mode: "0664"}
-#       - ...
-#
-# Generating an ssh key so users can do a git
-# clone over ssh for public repositories without any
-# additional configuration
- name: create application user
-  user:
-    name: "{{ user_name }}"
-    home: "{{ user_home }}"
-    createhome: yes
-    shell: /bin/false
-    generate_ssh_key: yes
-  tags:
-    - install
-    - install:base
-
-# Assumes that the home directory has been created above.
-# In some cases(vagrant boxes) the home directory gets created
-# but does not have the correct owner and group. In vagrant for
-# example we were seeing it defaulting to `root` for both.
-# Here we ensure that the ownership
-# of the home directory is always correct before proceeding.
- name: ensure correct ownership of home directory
-  file:
-    path: "{{ user_home }}"
-    state: directory
-    owner: "{{ user_name }}"
-    group: "{{ group_name }}"
-  tags:
-    - install
-    - install:base
-
- name: create dirs for the user
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode | default('0755') }}"
-  with_items: dirs
-  when: dirs is defined
-  tags:
-    - install
-    - install:base
--- a/playbooks/roles/edx-themes/meta/main.yml
+++ b/playbooks/roles/edx-themes/meta/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
-# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-##
-# Role includes for role edx-themes
-# 
-dependencies:
-  - role: add-user
-    user_name: "{{ themes_user }}"
-    user_home: "{{ themes_home }}"
-    group_name: "{{ themes_user }}"
-  - role: git-clone
-    repo_owner: "{{ themes_user }}"
-    repo_group: "{{ themes_user }}"
-    GIT_REPOS: "{{ THEMES_REPOS }}"
-    git_home: "{{ themes_home }}"
--- a/playbooks/roles/edx-themes/tasks/main.yml
+++ b/playbooks/roles/edx-themes/tasks/main.yml
@@ -27,3 +27,102 @@
 #   - role: themes
 #     when do_setup_themes
 #
+
+# Generating an ssh key so service users can do a git
+# clone over ssh for public repositories without any
+# additional configuration
+- name: create application user
+  user:
+    name: "{{ themes_user }}"
+    home: "{{ themes_home }}"
+    createhome: yes
+    shell: /bin/false
+    generate_ssh_key: yes
+  tags:
+    - install
+    - install:base
+
+# Assumes that the home directory has been created above.
+# In some cases(vagrant boxes) the home directory gets created
+# but does not have the current owner and group. In vagrant for
+# example we were seeing it defaulting it to `root` for both.
+# The item that is a blank string ("") ensures the ownership
+# of the home directory is always correct before proceeding.
+- name: create themes home dirs
+  file:
+    path: "{{ themes_home }}/{{ item }}"
+    state: directory
+    owner: "{{ themes_user }}"
+    group: "{{ common_web_group }}"
+  with_items:
+    - ""
+  tags:
+    - install
+    - install:base
+
+- name: set git fetch.prune to ignore deleted remote refs
+  shell: git config --global fetch.prune true
+  sudo_user: "{{ themes_user }}"
+  when: THEMES_REPOS is defined
+  tags:
+    - install
+    - install:code
+
+- name: validate git protocol
+  fail: msg='THEMES_REPOS.PROTOCOL must be "https" or "ssh"'
+  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: install read-only ssh key
+  copy:
+    dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+    content: "{{ item.SSH_KEY }}"
+    owner: "{{ themes_user }}"
+    group: "{{ themes_user }}"
+    mode: 0600
+  when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over ssh
+  git_2_0_1:
+    repo: "git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}"
+    dest: "{{ item.DESTINATION }}"
+    version: "{{ item.VERSION }}"
+    accept_hostkey: yes
+    key_file: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+  sudo_user: "{{ themes_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over https
+  git_2_0_1:
+    repo: "https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}"
+    dest: "{{ item.DESTINATION }}"
+    version: "{{ item.VERSION }}"
+  sudo_user: "{{ themes_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "https" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: remove read-only ssh key
+  file:
+    dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+    state: absent
+  when: THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
--- a/playbooks/roles/edx_service/meta/main.yml
+++ b/playbooks/roles/edx_service/meta/main.yml
@@ -18,14 +18,3 @@
 #   my_role_var0: "foo"
 #   my_role_var1: "bar"
 # }
-
-dependencies:
-  - role: add-user
-    user_name: "{{ edx_service_name }}"
-    user_home: "{{ edx_service_home }}"
-    group_name: "{{ common_web_group }}"
-  - role: git-clone
-    repo_owner: "{{ edx_service_user }}"
-    repo_group: "{{ edx_service_user }}"
-    GIT_REPOS: "{{ edx_service_repos }}"
-    git_home: "{{ edx_service_home }}"
--- a/playbooks/roles/edx_service/tasks/main.yml
+++ b/playbooks/roles/edx_service/tasks/main.yml
@@ -43,10 +43,25 @@
 #       debian: [ pkg1, pkg2, pkg3 ]      
 #       redhat: [ pkg4, pkg5 ]
 #
+
+# Generating an ssh key so service users can do a git
+# clone over ssh for public repositories without any
+# additional configuration
+- name: create application user
+  user: >
+    name="{{ edx_service_name }}"
+    home="{{ edx_service_home }}"
+    createhome=yes
+    shell=/bin/false
+    generate_ssh_key=yes
+  tags:
+    - install
+    - install:base
+
 # Assumes that the home directory has been created above.
 # In some cases(vagrant boxes) the home directory gets created
 # but does not have the corrent owner and group. In vagrant for
-# example we were seeing it defaulting to `root` for both.
+# example we were seeing it defaulting it to `root` for both.
 # The item that is a blank string("") ensures the ownership
 # of the home directory is always correct before proceeding.
 - name: create edx_service app, venv, data, and staticfiles dirs
@@ -120,6 +135,58 @@
    - install
    - install:system-requirements

+- name: set git fetch.prune to ignore deleted remote refs
+  shell: git config --global fetch.prune true
+  sudo_user: "{{ edx_service_user }}"
+  when: edx_service_repos is defined
+  tags:
+    - install
+    - install:code
+
+- name: validate git protocol
+  fail: msg='REPOS.PROTOCOL must be "https" or "ssh"'
+  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and edx_service_repos is defined
+  with_items: edx_service_repos
+  tags:
+    - install
+    - install:code
+
+- name: install read-only ssh key
+  copy: >
+    dest="{{ edx_service_home }}/.ssh/{{ item.REPO }}"
+    content="{{ item.SSH_KEY }}" owner={{ edx_service_user }}
+    group={{ edx_service_user }} mode=0600
+  when: item.PROTOCOL == "ssh" and edx_service_repos is defined
+  with_items: edx_service_repos
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over ssh
+  git_2_0_1: >
+    repo=git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}
+    dest={{ item.DESTINATION }}  version={{ item.VERSION }}
+    accept_hostkey=yes key_file={{ edx_service_home }}/.ssh/{{ item.REPO }}
+  sudo_user: "{{ edx_service_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "ssh" and edx_service_repos is defined
+  with_items: edx_service_repos
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over https
+  git_2_0_1: >
+    repo=https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}
+    dest={{ item.DESTINATION }}  version={{ item.VERSION }}
+  sudo_user: "{{ edx_service_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "https" and edx_service_repos is defined
+  with_items: edx_service_repos
+  tags:
+    - install
+    - install:code
+
 - name: get instance information
  action: ec2_facts
  tags:

--- a/playbooks/roles/git-clone/defaults/main.yml
+++ b/playbooks/roles/git-clone/defaults/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
-# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-##
-# Defaults for role git-clone
-#
--- a/playbooks/roles/git-clone/tasks/main.yml
+++ b/playbooks/roles/git-clone/tasks/main.yml
---
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
-# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-#
-#
-# Tasks for role git-clone
-#
-# Overview:
-#
-# This role performs the repetitive tasks that most edX roles
-# require in our default configuration.
-#
-#
- name: set git fetch.prune to ignore deleted remote refs
-  shell: git config --global fetch.prune true
-  sudo_user: "{{ repo_owner }}"
-  when: GIT_REPOS is defined
-  tags:
-    - install
-    - install:code
-
- name: validate git protocol
-  fail: msg='GIT_REPOS.PROTOCOL must be "https" or "ssh"'
-  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and GIT_REPOS is defined
-  with_items: GIT_REPOS
-  tags:
-    - install
-    - install:code
-
- name: install read-only ssh key
-  copy:
-    dest: "{{ git_home }}/.ssh/{{ item.REPO }}"
-    content: "{{ item.SSH_KEY }}"
-    owner: "{{ repo_owner }}"
-    group: "{{ repo_group }}"
-    mode: 0600
-  when: item.PROTOCOL == "ssh" and GIT_REPOS is defined
-  with_items: GIT_REPOS
-  tags:
-    - install
-    - install:code
-
- name: checkout code over ssh
-  git_2_0_1:
-    repo: "git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}"
-    dest: "{{ item.DESTINATION }}"
-    version: "{{ item.VERSION }}"
-    accept_hostkey: yes
-    key_file: "{{ git_home }}/.ssh/{{ item.REPO }}"
-  sudo_user: "{{ repo_owner }}"
-  register: code_checkout
-  when: item.PROTOCOL == "ssh" and GIT_REPOS is defined
-  with_items: GIT_REPOS
-  tags:
-    - install
-    - install:code
-
- name: checkout code over https
-  git_2_0_1:
-    repo: "https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}"
-    dest: "{{ item.DESTINATION }}"
-    version: "{{ item.VERSION }}"
-  sudo_user: "{{ repo_owner }}"
-  register: code_checkout
-  when: item.PROTOCOL == "https" and GIT_REPOS is defined
-  with_items: GIT_REPOS
-  tags:
-    - install
-    - install:code
-
- name: remove read-only ssh key
-  file:
-    dest: "{{ git_home }}/.ssh/{{ item.REPO }}"
-    state: absent
-  when: GIT_REPOS is defined
-  with_items: GIT_REPOS
-  tags:
-    - install
-    - install:code