Skip to content

C
configuration
Commit 82723b84 by John Jarvis
Options

adding "<role> | " prefix on every name and notify

parent 66a019af
Showing with 247 additions and 247 deletions
playbooks/roles/apache/handlers/main.yml
---
- name: restart apache
- name: apache | restart apache
service: name=apache2 state=restarted
playbooks/roles/apache/tasks/apache_site.yml
# Requires nginx package
---
- name: Copying apache config {{ site_name }}
- name: apache | Copying apache config {{ site_name }}
template: src={{ item }} dest=/etc/apache2/sites-available/{{ site_name }}
first_available_file:
- "{{ local_dir }}/apache/templates/{{ site_name }}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
- "roles/apache/templates/{{ site_name }}.j2"
notify: restart apache
notify: apache | restart apache
when_set: $apache_role_run
tags:
- apache
- update
- name: Creating apache2 config link {{ site_name }}
- name: apache | Creating apache2 config link {{ site_name }}
file: src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify: restart apache
notify: apache | restart apache
when_set: $apache_role_run
tags:
- apache
......
playbooks/roles/apache/tasks/main.yml
#Installs apache and runs the lms wsgi
---
- name: Installs apache and mod_wsgi from apt
- name: apache | Installs apache and mod_wsgi from apt
apt: pkg={{item}} install_recommends=no state=present update_cache=yes
with_items:
- apache2
- libapache2-mod-wsgi
notify: restart apache
notify: apache | restart apache
tags:
- apache
- install
- name: disables default site
- name: apache | disables default site
command: a2dissite 000-default
notify: restart apache
notify: apache | restart apache
tags:
- apache
- install
- name: rewrite apache ports conf
- name: apache | rewrite apache ports conf
template: dest=/etc/apache2/ports.conf src=ports.conf.j2 owner=root group=root
notify: restart apache
notify: apache | restart apache
tags:
- apache
- install
- name: Register the fact that apache role has run
- name: apache | Register the fact that apache role has run
command: echo True
register: apache_role_run
tags:
......
playbooks/roles/common/handlers/main.yml
---
- name: restart rsyslogd
- name: common | restart rsyslogd
service: name=rsyslog state=restarted
sudo: True
playbooks/roles/common/tasks/create_users.yml
---
- name: Create 'edx' users group
- name: common | Create 'edx' users group
group: name=edx state=present
tags:
- users
- admin_users
- update
- name: Add user 'ubuntu' to 'edx' group
- name: common | Add user 'ubuntu' to 'edx' group
# This is a temporary measure for initial configuration; after the last
# play is run and we've got a good set of users, ubuntu should no longer be used
user: name=ubuntu append=yes groups="edx"
......@@ -15,7 +15,7 @@
- admin_users
- update
- name: Creating admin users
- name: common | Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files
user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
with_items: admin_users
......@@ -25,7 +25,7 @@
- admin_users
- update
- name: Copying ssh keys for admin users
- name: common | Copying ssh keys for admin users
authorized_key: user={{item.user}} key="{{ lookup('file', item.path ) }}"
with_items: admin_keys
when: admin_keys is defined
......@@ -34,7 +34,7 @@
- admin_users
- update
- name: Creating env users
- name: common | Creating env users
user: name={{ item.user }} {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %} shell=/bin/bash
with_items: env_users
when: env_users is defined
......@@ -42,7 +42,7 @@
- users
- update
- name: Copying ssh keys for env users
- name: common | Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path ) }}"
with_items: env_keys
when: env_keys is defined
......@@ -50,7 +50,7 @@
- users
- update
- name: Group adm passwordless sudo
- name: common | Group adm passwordless sudo
copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
tags:
- users
......
playbooks/roles/common/tasks/create_venv.yml
---
# create the 'edx' virtual environment in /opt so that roles can populate it
- name: Install python and pip
- name: common | Install python and pip
apt: pkg={{item}} install_recommends=yes state=present update_cache=yes
with_items:
- python2.7
......@@ -10,31 +10,31 @@
- pre_install
- install
- name: pip install virtualenv
- name: common | pip install virtualenv
pip: name=virtualenv state=present
tags:
- venv_base
- install
- name: pip install virtualenvwrapper
- name: common | pip install virtualenvwrapper
pip: name=virtualenvwrapper state=present
tags:
- venv_base
- install
- name: create edx virtualenv directory
- name: common | create edx virtualenv directory
file: path={{ venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
tags:
- venv_base
- install
- name: create the edx virtualenv directory initial contents
- name: common | create the edx virtualenv directory initial contents
command: /usr/local/bin/virtualenv {{ venv_dir }} --distribute creates=$venv_dir/bin/activate
tags:
- venv_base
- install
- name: pip install gunicorn
- name: common | pip install gunicorn
pip: name=gunicorn virtualenv="{{venv_dir}}" state=present
tags:
- gunicorn
......
playbooks/roles/common/tasks/edx_logging_base.yml
---
- name: Install rsyslog configuration for edX
- name: common | Install rsyslog configuration for edX
template: dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644
notify: restart rsyslogd
notify: commong | restart rsyslogd
tags:
- logging
- update
- name: Install logrotate configuration for edX
- name: common | Install logrotate configuration for edX
template: dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644
tags:
- logging
- update
- name: Touch tracking file into existence
- name: common | Touch tracking file into existence
command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
tags:
- logging
- update
- name: Set permissions on tracking file
- name: common | Set permissions on tracking file
file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640
tags:
- logging
- update
- name: Install logrotate configuration for tracking file
- name: common | Install logrotate configuration for tracking file
template: dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644
tags:
- logging
......
playbooks/roles/common/tasks/main.yml
---
- include: create_users.yml
- name: Add user www-data
- name: common | Add user www-data
# This user should be created on the system by default
user: name=www-data
tags:
- pre_install
- update
- name: Create application root
- name: common | Create application root
# In the future consider making group edx r/t adm
file: path={{ app_base_dir }} state=directory owner=root group=adm mode=2775
tags:
- pre_install
- update
- name: Create upload directory
- name: common | Create upload directory
file: path={{ app_base_dir }}/uploads mode=2775 state=directory owner=root group=adm
tags:
- pre_install
- update
- name: Create data dir
- name: common | Create data dir
file: path={{ app_base_dir }}/data state=directory owner=www-data group=root
tags:
- pre_install
- update
- name: Create staticfiles dir
- name: common | Create staticfiles dir
file: path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775
tags:
- pre_install
- update
- name: Install role-independent useful system packages
- name: common | Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present
apt: pkg={{','.join(common_debian_pkgs)}} install_recommends=yes state=present update_cache=yes
tags:
- pre_install
- update
- name: Create log directory
- name: common | Create log directory
file: path=$log_base_dir state=directory mode=2770 group=adm owner=syslog
tags:
- pre_install
- update
- name: Create alias from app_base_dir to the log_base_dir
- name: common | Create alias from app_base_dir to the log_base_dir
file: state=link src=$log_base_dir path=$app_base_dir/log
tags:
- pre_install
- logging
- update
- name: Create convenience link from log_base_dir to system logs
- name: common | Create convenience link from log_base_dir to system logs
file: state=link src=/var/log path=$log_base_dir/system
tags:
- pre_install
- logging
- update
- name: Touch edx log file into place
- name: common | Touch edx log file into place
# This is done for the benefit of the rake commands, which expect it
command: touch -a {{log_base_dir}}/edx.log creates={{log_base_dir}}/edx.log
tags:
......@@ -68,7 +68,7 @@
- logging
- install
- name: Set permissions on edx log file
- name: common | Set permissions on edx log file
# This is done for the benefit of the rake commands, which expect it
file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640
tags:
......@@ -76,7 +76,7 @@
- logging
- update
- name: upload sudo config for key forwarding as root
- name: common | upload sudo config for key forwarding as root
copy: src=ssh_key_forward dest=/etc/sudoers.d/ssh_key_forward validate='visudo -c -f %s' owner=root group=root mode=0440
- include: create_venv.yml
......
playbooks/roles/common/tasks/software_update.yml
---
- name: edx-update.sh, manual lms/cms update script
- name: common | edx-update.sh, manual lms/cms update script
template: src=edx-update.sh.j2 dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775
tags:
- release
......
playbooks/roles/discern/handlers/main.yml
---
- name: restart discern
- name: discern | restart discern
service: name=discern state=restarted
- name: restart celery
- name: discern | restart celery
service: name=celery state=restarted
- name: restart nginx
- name: discern | restart nginx
service: name=nginx state=restarted
playbooks/roles/discern/tasks/main.yml
---
#Create the templates for upstart services
- name: render celery service from template
- name: discern | render celery service from template
template: src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664
notify: restart celery
notify: discern | restart celery
- name: render discern service from template
- name: discern | render discern service from template
template: src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664
notify: restart discern
notify: discern | restart discern
#Allows us to recover from a bad sudoers file
- name: Install policykit
- name: discern | Install policykit
apt: pkg=policykit-1 install_recommends=yes state=present update_cache=yes
#Discern user is admin
- name: Create discern user
- name: discern | Create discern user
user: name={{ discern_user }} append=yes groups="adm,edx" shell=/bin/bash
- name: upload sudoers template to /tmp/sudoers
- name: discern | upload sudoers template to /tmp/sudoers
copy: src=sudoers-discern dest=/tmp/{{site_name}} owner=root group=root mode=0440
#Verify file and move to sudoers.d folder
- name: move temp file to sudoers.d
- name: discern | move temp file to sudoers.d
shell: visudo -q -c -f /tmp/{{site_name}} && cp /tmp/{{site_name}} /etc/sudoers.d/{{site_name}}
#Upload config files for django (auth and env)
- name: create discern application config env.json file
- name: discern | create discern application config env.json file
template: src=env.json.j2 dest={{app_base_dir}}/env.json owner={{discern_user}} group=edx mode=0640
notify:
- restart celery
- restart discern
- discern | restart celery
- discern | restart discern
- name: create discern auth file auth.json
- name: discern | create discern auth file auth.json
template: src=auth.json.j2 dest={{app_base_dir}}/auth.json owner={{discern_user}} group=edx mode=0640
notify:
- restart celery
- restart discern
- discern | restart celery
- discern | restart discern
#Needed if using redis to prevent memory issues
- name: change memory commit settings -- needed for redis
- name: discern | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1
- name: set permissions on app_base_dir sgid for edx
- name: discern | set permissions on app_base_dir sgid for edx
file: path={{app_base_dir}} owner=root group=edx mode=2775 state=directory
file: path={{venv_dir}} owner=root group=edx mode=2775 state=directory
- name: Install git so that we can clone repos
- name: discern | Install git so that we can clone repos
apt: pkg=git install_recommends=yes state=present
#Create directories for repos
- name: create discern and ease directories and set permissions
- name: discern | create discern and ease directories and set permissions
file: path={{item}} owner={{discern_user}} group=edx mode=2775 state=directory
with_items:
- ${discern_dir}
- ${ease_dir}
#Grab both repos or update
- name: git checkout discern repo into discern_dir
- name: discern | git checkout discern repo into discern_dir
git: dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}}
notify:
- restart celery
- restart discern
- discern | restart celery
- discern | restart discern
- name: git checkout ease repo into ease_dir
- name: discern | git checkout ease repo into ease_dir
git: dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}}
notify:
- restart celery
- restart discern
- discern | restart celery
- discern | restart discern
#Install system packages
- name: install discern and ease apt packages
- name: discern | install discern and ease apt packages
command: xargs -a {{item}}/apt-packages.txt apt-get install -y
with_items:
- ${discern_dir}
......@@ -87,19 +87,19 @@
- ${discern_dir}
- ${ease_dir}
- name: install ease python package
- name: discern | install ease python package
shell: command="{{venv_dir}}/bin/activate; cd {{ease_dir}}; python setup.py install"
#Needed for the ease package to work
- name: install nltk data using rendered shell script
- name: discern | install nltk data using rendered shell script
shell: command="{{venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
- name: set permissions on nltk data directory
- name: discern | set permissions on nltk data directory
file: path={{nltk_data_dir}} owner={{discern_user}} group=edx mode=2775 state=directory
#Run this instead of using the ansible module because the ansible module only support syncdb of these three, and does not
#support virtualenvs as of this comment
- name: django syncdb, migrate, and collectstatic for discern
- name: discern | django syncdb, migrate, and collectstatic for discern
shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py {{item}} --noinput --settings={{discern_settings}} --pythonpath={{discern_dir}}
with_items:
- syncdb
......@@ -107,22 +107,22 @@
- collectstatic
#Have this separate from the other three because it doesn't take the noinput flag
- name: django update_index for discern
- name: discern | django update_index for discern
shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_dir}}
- name: create nginx directory and set perms
- name: discern | create nginx directory and set perms
file: path=/etc/nginx/sites-available owner=root group=edx mode=2775 state=directory
#Install nginx sites available
#remove default link, render template, link template to sites-enabled to activate
- name: Removing default nginx config
- name: discern | Removing default nginx config
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
notify: discern | restart nginx
- name: render nginx sites available
- name: discern | render nginx sites available
template: src=nginx-discern.j2 dest=/etc/nginx/sites-available/{{ site_name }}
notify: restart nginx
notify: discern | restart nginx
- name: Creating nginx config link {{ site_name }}
- name: discern | Creating nginx config link {{ site_name }}
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state=link owner=root group=root
notify: restart nginx
notify: discern | restart nginx
playbooks/roles/launch_instance/tasks/main.yml
# Launches an ec2 instance and blocks until the instance is up
# adds it to the host group
- name: Launch instance
- name: launch_instance | Launch instance
local_action:
module: ec2
keypair: "{{keypair}}"
......@@ -13,10 +13,10 @@
instance_tags: "{{instance_tags}}"
register: ec2
- name: Add new instance to host group
- name: launch_instance | Add new instance to host group
local_action: add_host hostname=${item.public_ip} groupname=launched
with_items: ${ec2.instances}
- name: Wait for SSH to come up
- name: launch_instance | Wait for SSH to come up
local_action: wait_for host=${item.public_dns_name} port=22 delay=60 timeout=320 state=started
with_items: ${ec2.instances}
playbooks/roles/mongo/tasks/main.yml
---
- name: install python-pymongo (req for ansible)
- name: mongo | install python-pymongo (req for ansible)
pip: name=pymongo
- name: install mongo server and recommends
- name: mongo | install mongo server and recommends
apt: pkg=mongodb-server state=present install_recommends=yes
- name: stop mongo service
- name: mongo | stop mongo service
service: name=mongodb state=stopped
- name: move mongodb to /mnt
- name: mongo | move mongodb to /mnt
command: mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb
- name: create mongodb symlink
- name: mongo | create mongodb symlink
file: src=/mnt/mongodb dest=/var/lib/mongodb state=link
- name: start mongo service
- name: mongo | start mongo service
service: name=mongodb state=started
- name: wait for mongo server to start
- name: mongo | wait for mongo server to start
wait_for: port=27017 delay=2
- name: create a mongodb user
- name: mongo | create a mongodb user
mongodb_user: >
database=cs_comments_service
name=cs_comments_service
......
playbooks/roles/nginx/handlers/main.yml
---
- name: restart nginx
- name: nginx | restart nginx
service: name=nginx state=restarted
sudo: True
playbooks/roles/nginx/tasks/main.yml
# requires:
# - common/tasks/main.yml
---
- name: Install nginx
- name: nginx | Install nginx
apt: pkg=nginx state={{ pkgs.nginx.state }}
notify: restart nginx
notify: nginx | restart nginx
tags:
- nginx
- install
......@@ -14,13 +14,13 @@
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
- name: Write out default htpasswd file
- name: nginx | Write out default htpasswd file
copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd owner=www-data group=www-data mode=0600
tags:
- nginx
- update
- name: Create nginx log file location (just in case)
- name: nginx | Create nginx log file location (just in case)
file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
tags:
- nginx
......@@ -28,34 +28,34 @@
- update
# removing default link
- name: Removing default nginx config and restart (enabled)
- name: nginx | Removing default nginx config and restart (enabled)
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
notify: nginx | restart nginx
tags:
- nginx
- update
# Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
- name: Set up nginx access log rotation
- name: nginx | Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
tags:
- logging
- update
- name: Set up nginx access log rotation
- name: nginx | Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
tags:
- logging
- update
- name: Removing default nginx config (available)
- name: nginx | Removing default nginx config (available)
file: path=/etc/nginx/sites-available/default state=absent
tags:
- nginx
- update
- name: Register the fact that nginx has run
- name: nginx | Register the fact that nginx has run
command: echo True
register: nginx_role_run
tags:
......@@ -65,5 +65,5 @@
# If tasks that notify restart nginx don't change the state of the remote system
# their corresponding notifications don't get run. If nginx has been stopped for
# any reason, this will ensure that it is started up again.
- name: make sure nginx has started
- name: nginx | make sure nginx has started
service: name=nginx state=started
playbooks/roles/nginx/tasks/nginx_site.yml
# Requires nginx package
---
- name: Copying nginx config {{ site_name }}
- name: nginx | Copying nginx config {{ site_name }}
template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
first_available_file:
- "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
- "roles/nginx/templates/{{ site_name }}.j2"
notify: restart nginx
notify: nginx | restart nginx
when_set: $nginx_role_run
tags:
- nginx
......@@ -15,9 +15,9 @@
- nginx-env
- update
- name: Creating nginx config link {{ site_name }}
- name: nginx | Creating nginx config link {{ site_name }}
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify: restart nginx
notify: nginx | restart nginx
when_set: $nginx_role_run
tags:
- nginx
......
playbooks/roles/ora/handlers/main.yml
---
- name: restart edx-ora
- name: ora | restart edx-ora
service: name=edx-ora state=restarted
- name: restart edx-ora-celery
- name: ora | restart edx-ora-celery
service: name=edx-ora-celery state=restarted
playbooks/roles/ora/tasks/deploy.yml
- name: See if edx-ora.conf is installed
- name: ora | See if edx-ora.conf is installed
shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
register: edx_ora_installed
tags:
- ora
- deploy
- name: See if edx-ora-celery.conf is installed
- name: ora | See if edx-ora-celery.conf is installed
shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
register: edx_ora_celery_installed
tags:
......@@ -13,38 +13,38 @@
- deploy
# Stop ora service.
- name: stop edx-ora service
- name: ora | stop edx-ora service
service: name=edx-ora state=stopped
when: edx_ora_installed.stdout == 'Found'
notify: restart edx-ora
notify: ora | restart edx-ora
tags:
- ora
- deploy
- name: stop edx-ora-celery service
- name: ora | stop edx-ora-celery service
service: name=edx-ora-celery state=stopped
when: edx_ora_celery_installed.stdout == 'Found'
notify: restart edx-ora-celery
notify: ora | restart edx-ora-celery
tags:
- ora
- deploy
# Do A Checkout
- name: git checkout ora repo into $app_base_dir
- name: ora | git checkout ora repo into $app_base_dir
git: dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}}
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- deploy
# Do Post Checkout Tasks.
- name: change permissions on ora code dir
- name: ora | change permissions on ora code dir
file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- deploy
......@@ -55,51 +55,51 @@
# Install the python pre requirements into {{ ora_venv_dir }}
- name: install python pre-requirements
- name: ora | install python pre-requirements
pip: requirements="{{ora_pre_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- deploy
# Install the python post requirements into {{ ora_venv_dir }}
- name: install python post-requirements
- name: ora | install python post-requirements
pip: requirements="{{ora_post_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- deploy
#Needed if using redis to prevent memory issues
- name: change memory commit settings -- needed for redis
- name: ora | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- deploy
- name: syncdb and migrate
- name: ora | syncdb and migrate
shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
when: migrate_db is defined and migrate_db|lower == "yes"
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- syncdb
- deploy
- name: create users
- name: ora | create users
shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
notify:
- restart edx-ora
- restart edx-ora-celery
- ora | restart edx-ora
- ora | restart edx-ora-celery
tags:
- ora
- syncdb
......
playbooks/roles/ora/tasks/ease.yml
- name: See if edx-ora.conf is installed
- name: ora | See if edx-ora.conf is installed
shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
register: edx_ora_installed
tags:
- ora
- deploy
- name: See if edx-ora-celery.conf is installed
- name: ora | See if edx-ora-celery.conf is installed
shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
register: edx_ora_celery_installed
tags:
......@@ -13,14 +13,14 @@
- deploy
# Stop ora service.
- name: stop edx-ora service
- name: ora | stop edx-ora service
service: name=edx-ora state=stopped
when: edx_ora_installed.stdout == 'Found'
tags:
- ora
- deploy
- name: stop edx-ora-celery service
- name: ora | stop edx-ora-celery service
service: name=edx-ora-celery state=stopped
when: edx_ora_celery_installed.stdout == 'Found'
tags:
......@@ -29,14 +29,14 @@
# Do A Checkout
- name: git checkout ease repo into its base dir
- name: ora | git checkout ease repo into its base dir
git: dest={{ease_code_dir}} repo={{ease_source_repo}} version={{ease_version}}
tags:
- ease
- deploy
# Do Post Checkout Tasks.
- name: change permissions on ease code dir
- name: ora | change permissions on ease code dir
file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
tags:
- ease
......@@ -46,7 +46,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here.
#
- name: install ease system packages
- name: ora | install ease system packages
apt: pkg={{item}} state=present
with_items: ease_debian_pkgs
tags:
......@@ -55,27 +55,27 @@
# Install the python pre requirements into {{ ease_venv_dir }}
- name: install ease python pre-requirements
- name: ora | install ease python pre-requirements
pip: requirements="{{ease_pre_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags:
- ease
- deploy
# Install the python post requirements into {{ ease_venv_dir }}
- name: install ease python post-requirements
- name: ora | install ease python post-requirements
pip: requirements="{{ease_post_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags:
- ease
- deploy
- name: install ease python package
- name: ora | install ease python package
shell: command="{{ease_venv_dir}}/bin/activate; cd {{ease_code_dir}}; python setup.py install"
tags:
- ease
- deploy
#Needed for the ease package to work
- name: check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
- name: ora | check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
register: nltk_data_installed
tags:
......@@ -83,14 +83,14 @@
- deploy
- name: install nltk data using rendered shell script
- name: ora | install nltk data using rendered shell script
command: "{{ease_venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
when: nltk_data_installed.stdout != "Found"
tags:
- ease
- deploy
- name: set permissions on nltk data directory
- name: ora | set permissions on nltk data directory
file: path={{nltk_data_dir}} owner=ubuntu group=adm mode=2775 state=directory
tags:
- ease
......
playbooks/roles/ora/tasks/main.yml
......@@ -3,54 +3,54 @@
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
- name: Change permissions on datadir
- name: ora | Change permissions on datadir
file: path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data
tags:
- ora
- name: Create ml_models directory
- name: ora | Create ml_models directory
file: path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data
tags:
- ora
# Check out ora repo to {{ora_code_dir}}
- name: install git and its recommends
- name: ora | install git and its recommends
apt: pkg=git state=present install_recommends=yes
tags:
- ora
- name: create ora application config
- name: ora | create ora application config
template: src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm
tags:
- ora
- name: create ora auth file
- name: ora | create ora auth file
template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm
tags:
- ora
- name: create ora upstart script
- name: ora | create ora upstart script
template: src=edx-ora.conf.j2 dest=/etc/init/edx-ora.conf mode=0640 owner=root group=adm
tags:
- ora
- name: create ora-celery upstart script
- name: ora | create ora-celery upstart script
template: src=edx-ora-celery.conf.j2 dest=/etc/init/edx-ora-celery.conf mode=0640 owner=root group=adm
tags:
- ora
- name: install debian packages that ora needs
- name: ora | install debian packages that ora needs
apt: pkg={{item}} state=present
with_items: ora_debian_pkgs
tags:
- ora
- name: create the ora virtual environment
- name: ora | create the ora virtual environment
file: path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory
tags:
- ora
- name: bootstrap the ora virtual environment
- name: ora | bootstrap the ora virtual environment
command: /usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate
tags:
- ora
......
playbooks/roles/rabbitmq/tasks/main.yml
......@@ -3,58 +3,58 @@
# There is a bug with initializing multiple nodes in the HA cluster at once
# http://rabbitmq.1065348.n5.nabble.com/Rabbitmq-boot-failure-with-quot-tables-not-present-quot-td24494.html
- name: trust rabbit repository
- name: rabbitmq | trust rabbit repository
apt_key: url={{rabbitmq_apt_key}} state=present
- name: install python-software-properties if debian
- name: rabbitmq | install python-software-properties if debian
apt: pkg={{",".join(rabbitmq_debian_pkgs)}} state=present
- name: add rabbit repository
- name: rabbitmq | add rabbit repository
apt_repository: repo="{{rabbitmq_repository}}" state=present
- name: install rabbitmq
- name: rabbitmq | install rabbitmq
apt: pkg={{rabbitmq_pkg}} state=present
- name: stop rabbit cluster
- name: rabbitmq | stop rabbit cluster
service: name=rabbitmq-server state=stopped
# Defaulting to /var/lib/rabbitmq
- name: create cookie directory
- name: rabbitmq | create cookie directory
file: path={{rabbitmq_cookie_dir}} owner=rabbitmq group=rabbitmq mode=0755 state=directory
- name: add rabbitmq erlang cookie
- name: rabbitmq | add rabbitmq erlang cookie
template: src=erlang.cookie.j2 dest={{rabbitmq_cookie_location}} owner=rabbitmq group=rabbitmq mode=0400
register: erlang_cookie
# Defaulting to /etc/rabbitmq
- name: create rabbitmq config directory
- name: rabbitmq | create rabbitmq config directory
file: path={{rabbitmq_config_dir}} owner=root group=root mode=0755 state=directory
- name: add rabbitmq environment configuration
- name: rabbitmq | add rabbitmq environment configuration
template: src=rabbitmq-env.conf.j2 dest={{rabbitmq_config_dir}}/rabbitmq-env.conf owner=root group=root mode=0644
- name: add rabbitmq cluster configuration
- name: rabbitmq | add rabbitmq cluster configuration
template: src=rabbitmq.config.j2 dest={{rabbitmq_config_dir}}/rabbitmq.config owner=root group=root mode=0644
register: cluster_configuration
- name: add the mangement plugin
- name: rabbitmq | add the mangement plugin
rabbitmq_plugin: names=rabbitmq_management state=enabled
# When rabbitmq starts up it creates a folder of metadata at '/var/lib/rabbitmq/mnesia'.
# This folder should be deleted before clustering is setup because it retains data
# that can conflict with the clustering information.
- name: remove mnesia configuration
- name: rabbitmq | remove mnesia configuration
file: path={{rabbitmq_mnesia_folder}} state=absent
when: erlang_cookie.changed or cluster_configuration.changed
- name: start rabbit nodes
- name: rabbitmq | start rabbit nodes
service: name=rabbitmq-server state=restarted
- name: remove guest user
- name: rabbitmq | remove guest user
rabbitmq_user: user="guest" state=absent
- name: add admin users
- name: rabbitmq | add admin users
rabbitmq_user: >
user='{{item.name}}'
password='{{item.password}}'
......
playbooks/roles/shibboleth/handlers/main.yml
---
- name: restart shibd
- name: shibboleth | restart shibd
service: name=shibd state=restarted
playbooks/roles/shibboleth/tasks/main.yml
#Install shibboleth
---
- name: Installs shib and dependencies from apt
- name: shibboleth | Installs shib and dependencies from apt
apt: pkg={{item}} install_recommends=no state=present update_cache=yes
with_items:
- shibboleth-sp2-schemas
......@@ -9,46 +9,46 @@
- libshibsp-doc
- libapache2-mod-shib2
- opensaml2-tools
notify: restart shibd
notify: shibboleth | restart shibd
tags:
- shib
- install
- name: Creates /etc/shibboleth/metadata directory
- name: shibboleth | Creates /etc/shibboleth/metadata directory
file: path=/etc/shibboleth/metadata state=directory mode=2774 group=_shibd owner=_shibd
tags:
- shib
- install
- name: Downloads metadata into metadata directory as backup
- name: shibboleth | Downloads metadata into metadata directory as backup
get_url: url=https://idp.stanford.edu/Stanford-metadata.xml dest=/etc/shibboleth/metadata/idp-metadata.xml mode=0640 group=_shibd owner=_shibd
tags:
- shib
- install
- name: writes out key and pem file
- name: shibboleth | writes out key and pem file
template: src=sp.{{item}}.j2 dest=/etc/shibboleth/sp.{{item}} group=_shibd owner=_shibd mode=0600
with_items:
- key
- pem
notify: restart shibd
notify: shibboleth | restart shibd
tags:
- shib
- install
- name: writes out configuration files
- name: shibboleth | writes out configuration files
template: src={{item}}.j2 dest=/etc/shibboleth/{{item}} group=_shibd owner=_shibd mode=0644
with_items:
- attribute-map.xml
- shibboleth2.xml
notify: restart shibd
notify: shibboleth | restart shibd
tags:
- shib
- install
- name: enables shib
- name: shibboleth | enables shib
command: a2enmod shib2
notify: restart shibd
notify: shibboleth | restart shibd
tags:
- shib
- install
......
playbooks/roles/xqueue/handlers/main.yml
- name: stop xqueue
- name: xqueue | stop xqueue
service: name=xqueue state=stopped
tags:
- xqueue
- deploy
- name: start xqueue
- name: xqueue | start xqueue
service: name=xqueue state=started
tags:
- xqueue
- deploy
- name: restart xqueue
- name: xqueue | restart xqueue
service: name=xqueue state=restarted
tags:
- xqueue
- deploy
- name: restart xqueue consumer
- name: xqueue | restart xqueue consumer
service: name=xqueue_consumer state=restarted
playbooks/roles/xqueue/tasks/deploy.yml
# Stop xqueue service.
- name: stop xqueue service
- name: xqueue | stop xqueue service
service: name=xqueue state=stopped
tags:
- xqueue
- deploy
- name: stop xqueue consumer service
- name: xqueue | stop xqueue consumer service
service: name=xqueue_consumer state=stopped
tags:
- xqueue
- deploy
# Do A Checkout
- name: git checkout xqueue repo into $app_base_dir
- name: xqueue | git checkout xqueue repo into $app_base_dir
git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}
tags:
- xqueue
- deploy
# Do Post Checkout Tasks.
- name: create xqueue code dir
- name: xqueue | create xqueue code dir
file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755
tags:
- xqueue
......@@ -29,7 +29,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here.
- name: sets permissions on xqueue code dir and contents
- name: xqueue | sets permissions on xqueue code dir and contents
file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes
# Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready.
# Look at the handlers/main.yml in this role for a description of the tasks stated below.
......@@ -51,7 +51,7 @@
- xqueue
- deploy
- name: syncdb and migrate
- name: xqueue | syncdb and migrate
shell: sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when: migrate_db is defined and migrate_db|lower == "yes"
tags:
......@@ -59,7 +59,7 @@
- syncdb
- deploy
- name: create users
- name: xqueue | create users
shell: sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when: update_users is defined
tags:
......@@ -67,19 +67,19 @@
- syncdb
- deploy
- name: stop xqueue
- name: xqueue | stop xqueue
service: name=xqueue state=stopped
tags:
- xqueue
- deploy
- name: start xqueue
- name: xqueue | start xqueue
service: name=xqueue state=started
tags:
- xqueue
- deploy
- name: start xqueue consumer
- name: xqueue | start xqueue consumer
service: name=xqueue_consumer state=started
tags:
- xqueue
......
playbooks/roles/xqueue/tasks/main.yml
......@@ -3,12 +3,12 @@
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
- name: Change permissions on datadir
- name: xqueue | Change permissions on datadir
file: path={{app_base_dir}}/data state=directory owner=www-data group=www-data
tags:
- xqueue
- name: create xqueue db
- name: xqueue | create xqueue db
mysql_db: >
name={{xqueue_auth_config.DATABASES.default.NAME}}
login_host={{xqueue_auth_config.DATABASES.default.HOST}}
......@@ -18,46 +18,46 @@
encoding=utf8
# Check out xqueue repo to {{xqueue_code_dir}}
- name: install git and its recommends
- name: xqueue | install git and its recommends
apt: pkg=git state=present install_recommends=yes
tags:
- xqueue
- name: install a bunch of system packages on which xqueue relies
- name: xqueue | install a bunch of system packages on which xqueue relies
apt: pkg={{','.join(xqueue_debian_pkgs)}} state=present
notify:
- restart xqueue
- restart xqueue consumer
- xqueue | restart xqueue
- xqueue | restart xqueue consumer
tags:
- xqueue
- name: create xqueue application config
- name: xqueue | create xqueue application config
template: src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm
notify:
- restart xqueue
- restart xqueue consumer
- xqueue | restart xqueue
- xqueue | restart xqueue consumer
tags:
- xqueue
- name: create xqueue auth file
- name: xqueue | create xqueue auth file
template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm
notify:
- restart xqueue
- restart xqueue consumer
- xqueue | restart xqueue
- xqueue | restart xqueue consumer
tags:
- xqueue
- name: creating xqueue upstart script
- name: xqueue | creating xqueue upstart script
template: src=xqueue.conf.j2 dest=/etc/init/xqueue.conf mode=0640 owner=root group=adm
notify:
- restart xqueue
- xqueue | restart xqueue
tags:
- xqueue
- name: create xqueue consumer upstart script
- name: xqueue | create xqueue consumer upstart script
template: src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm
notify:
- restart xqueue consumer
- xqueue | restart xqueue consumer
tags:
- xqueue
......
playbooks/roles/xserver/handlers/main.yml
- name: restart nginx
- name: xserver | restart nginx
service: name=nginx state=restarted
playbooks/roles/xserver/tasks/deploy.yml
- name: stop xserver
- name: xserver | stop xserver
service: name=xserver state=stopped
tags:
- deploy
- name: checkout code
- name: xserver | checkout code
git: dest={{xserver_code_dir}} repo={{xserver_source_repo}} version={{xserver_version}}
tags:
- deploy
- name: install requirements
- name: xserver | install requirements
pip: requirements="{{xserver_requirements_file}}" virtualenv="{{venv_dir}}" state=present
tags:
- deploy
- name: install sandbox requirements
- name: xserver | install sandbox requirements
pip: requirements="{{xserver_requirements_file}}" virtualenv="{{xserver_sandbox_venv_dir}}" state=present
tags:
- deploy
- name: create xserver application config
- name: xserver | create xserver application config
template: src=xserver.env.json.j2 dest={{app_base_dir}}/env.json mode=640 owner=www-data group=adm
tags:
- deploy
- name: install read-only ssh key for the content repo that is required for grading
- name: xserver | install read-only ssh key for the content repo that is required for grading
copy: src={{ xserver_git_identity_path }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60
tags:
- deploy
- name: checkout grader code
- name: xserver | checkout grader code
git: dest={{xserver_grader_dir}} repo={{xserver_grader_source}} version={{xserver_grader_version}}
environment:
GIT_SSH: /tmp/git_ssh.sh
......@@ -36,12 +36,12 @@
tags:
- deploy
- name: remove read-only ssh key for the content repo
- name: xserver | remove read-only ssh key for the content repo
file: path=/etc/git-identity state=absent
tags:
- deploy
- name: start xserver
- name: xserver | start xserver
service: name=xserver state=started
tags:
- deploy
playbooks/roles/xserver/tasks/main.yml
......@@ -3,54 +3,54 @@
# access to the edX 6.00x repo which is not public
---
- name: ensure sandbox group exists
- name: xserver | ensure sandbox group exists
group: name=sandbox
- name: ensure sandbox user exists
- name: xserver | ensure sandbox user exists
user: name=sandbox group=sandbox
- name: create sandbox python directory
- name: xserver | create sandbox python directory
file: path={{ xserver_sandbox_venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
- name: create sandbox sudoers file
- name: xserver | create sandbox sudoers file
template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
- name: create sandbox python
- name: xserver | create sandbox python
command: /usr/local/bin/virtualenv {{ xserver_sandbox_venv_dir }} --distribute creates={{ xserver_sandbox_venv_dir }}/bin/activate
# Make sure this line is in the common-session file.
- name: ensure pam-limits module is loaded
- name: xserver | ensure pam-limits module is loaded
lineinfile:
dest=/etc/pam.d/common-session
regexp="session required pam_limits.so"
line="session required pam_limits.so"
- name: set sandbox limits
- name: xserver | set sandbox limits
copy: src={{ item }} dest=/etc/security/limits.d/sandbox.conf
first_available_file:
- "{{ secure_dir }}/sandbox.conf"
- "sandbox.conf"
- name: ensure apparmor package
- name: xserver | ensure apparmor package
apt: pkg=apparmor-utils state=present
- name: load python-sandbox apparmor profile
- name: xserver | load python-sandbox apparmor profile
template: src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox
first_available_file:
- "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
- "usr.bin.python-sandbox.j2"
- name: enforce app-armor rules
- name: xserver | enforce app-armor rules
command: aa-enforce {{ xserver_sandbox_venv_dir }}
- name: setup upstart script
- name: xserver | setup upstart script
template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
- name: install system dependencies of xserver
- name: xserver | install system dependencies of xserver
apt: pkg={{ item }} state=present
with_items: xserver_debian_pkgs
- name: upload ssh script
- name: xserver | upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: nginx.yml
......
playbooks/roles/xserver/tasks/nginx.yml
- name: add xserver nginx configuration
- name: xserver | add xserver nginx configuration
template: src=simple-proxy.j2 dest=/etc/nginx/sites-available/simple-proxy
notify:
- restart nginx
- xserver | restart nginx
- name: enable xserver nginx configuration
- name: xserver | enable xserver nginx configuration
file: src=/etc/nginx/sites-available/simple-proxy dest=/etc/nginx/sites-enabled/simple-proxy state=link
notify:
- restart nginx
- xserver | restart nginx
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment