initial commit for starting lms-preview role

playbooks/roles/lms-preview/tasks/main.yml

+# requires:
+#  - group_vars/all
+#  - common/tasks/main.yml
+#  - nginx/tasks/main.yml
+---
+- name: create lms application config
+  template: src=env.json.j2 dest=$app_base_dir/lms-preview.env.json
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- name: create lms auth file
+  template: src=auth.json.j2 dest=$app_base_dir/lms-preview.auth.json
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview-backend
+
+# Creates LMS Preview upstart file
+- include: ../../gunicorn/tasks/upstart.yml service_variant=lms-preview

playbooks/roles/lms-preview/templates/auth.json.j2

+{{ lms_auth_config | to_nice_json }}

playbooks/roles/lms-preview/templates/env.json.j2

+{{ lms_env_config | to_nice_json }}

playbooks/roles/lms-preview/vars/main.yml

+# variables common to the lms role, automatically loaded
+# when the role is included
+---
+lms_auth_config:
+  'CONTENTSTORE':
+    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
+  'MODULESTORE':
+    'default':
+      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
+ 
+lms_env_config:
+  'CACHES':
+    'default':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+    'general':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+    'mongo_metadata_inheritance':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'TIMEOUT': 300
+    'staticfiles':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+  'CERT_QUEUE':  'certificates'
+#  'COURSE_LISTINGS':
+#    'default': ['MITx/6.002x/2012_Fall']
+#    'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
+#    'stage-harvard': [ 'HarvardX/CS50/2012H']
+#    'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
+#    'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
+#    'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
+  'LOCAL_LOGLEVEL':  'INFO'
+#  'META_UNIVERSITIES':
+#    'UTx': [ 'UTAustinX']
+  'MITX_FEATURES':
+    'AUTH_USE_OPENID_PROVIDER': true
+    'CERTIFICATES_ENABLED': true
+    'ENABLE_DISCUSSION_SERVICE': true
+    'ENABLE_INSTRUCTOR_ANALYTICS': true
+    'ENABLE_PEARSON_HACK_TEST': false
+    'SUBDOMAIN_BRANDING': false
+    'SUBDOMAIN_COURSE_LISTINGS': false
+#  'SUBDOMAIN_BRANDING':
+#    'stage-berkeley':  'BerkeleyX'
+#    'stage-harvard':  'HarvardX'
+#    'stage-mit':  'MITx'
+#    'stage-num':  'MITx'
+#    'stage-sjsu':  'MITx'
+#  'VIRTUAL_UNIVERSITIES': []
+  'WIKI_ENABLED': true
+
+lms_source_repo: git@github.com:edx/mitx.git
+lms_debian_pkgs:
+  - apparmor-utils
+  - aspell
+  - build-essential
+  - curl
+  - dvipng
+  - fabric
+  - facter
+  - g++
+  - gcc
+  - gfortran
+  - ghostscript
+  - git
+  - github-cli
+  - graphviz
+  - graphviz-dev
+  - gunicorn
+  - inoticoming
+  - ipython
+  - libcrypt-ssleay-perl
+  - libcurl4-openssl-dev
+  - libdigest-sha-perl
+  - libfreetype6-dev
+  - libgeos-dev
+  - libgraphviz-dev
+  - libjpeg8-dev
+  - liblapack-dev
+  - liblwp-protocol-https-perl
+  - libmysqlclient-dev
+  - libnet-amazon-ec2-perl
+  - libpng12-dev
+  - libreadline-dev
+  - libreadline6-dev
+  - libssl-dev
+  - libswitch-perl
+  - libwww-perl
+  - libxml++2.6-dev
+  - libxml2-dev
+  - libxml2-utils
+  - libxslt1-dev
+  - maven2
+  - mongodb
+  - mongodb-clients
+  - mysql-client
+  - ntp
+  - openjdk-7-jdk
+  - openjdk-7-jre
+  - pep8
+  - perl
+  - pkg-config
+  - postfix
+  - pylint
+  - python-boto
+  - python-coverage-test-runner
+  - python-django-nose
+  - python-jenkins
+  - python-nose
+  - python-nosexcover
+  - python-numpy
+  - python-pip
+  - python-scipy
+  - rake
+  - reprepro
+  - rsyslog
+  - rubygems
+  - sqlite3
+  - super
+  - vagrant
+  - yui-compressor
+  - zip
+  - zlib1g-dev

playbooks/roles/nginx/templates/lms-preview-backend.j2

+upstream lms-preview-backend {
+    # For a TCP configuration:
+    server 127.0.0.1:8020 fail_timeout=0;
+}

playbooks/roles/nginx/templates/lms-preview.j2

+server {
+  # LMS-preview configuration file for nginx, templated by ansible
+
+  listen 80;
+
+  server_name trace-lms-preview.*
+              preview.lms-dev.m.edx.org;
+
+  #
+  # Send error response when request host isn't under our control
+  # We will no longer respond to proxy attempts like this with
+  # anything.
+  # curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
+  #
+
+  set $reject 'no';
+
+  #if ($host !~* (edx.org|edxonline.org)$ ) {
+  #  set $reject 'yes';
+  #}
+
+  if ($request_uri ~ ^(/heartbeat)$) {
+    set $reject 'no';
+  }
+
+  if ( $reject = 'yes' ) {
+    return 444;
+  }
+  # CS184 requires uploads of up to 4MB for submitting screenshots.
+  # CMS requires larger value for course assest, values provided
+  # via hiera.
+  client_max_body_size 4M;
+
+  rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
+
+  location @proxy_to_lms-preview_app {
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://lms-preview-backend;
+  }
+
+  location / {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the github_service_hook url, so that github can use it for cms
+  location /github_service_hook {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the heartbeat url, so that ELB can use it
+  location /heartbeat {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # Check security on this
+  location ~ /static/(?P<file>.*) {
+    root {{app_base_dir}};
+    try_files /staticfiles/$file /course_static/$file =404;
+
+    # return a 403 for static files that shouldn't be
+    # in the staticfiles directory
+    location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
+        return 403;
+    }
+    # Set django-pipelined files to maximum cache time
+    location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
+        expires max;
+        # Without this try_files, files that have been run through
+        # django-pipeline return 404s
+        try_files /staticfiles/$collected /course_static/$collected =404;
+    }
+
+    # Expire other static files immediately (there should be very few / none of these)
+    expires epoch;
+  }
+
+  # Forward to HTTPS if we're an HTTP request...
+  if ($http_x_forwarded_proto = "http") {
+    set $do_redirect "true";
+  }
+
+  # Run our actual redirect...
+  if ($do_redirect = "true") {
+    rewrite ^ https://$host$request_uri? permanent;
+  }
+
+  # Monitoring support for datadog.
+  location /nginx_status {
+    stub_status on;
+    access_log off;
+    allow 127.0.0.1/32;
+    deny all;
+  }
+}