Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
configuration
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenEdx
configuration
Commits
82723b84
Commit
82723b84
authored
Aug 01, 2013
by
John Jarvis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
adding "<role> | " prefix on every name and notify
parent
66a019af
Show whitespace changes
Inline
Side-by-side
Showing
30 changed files
with
247 additions
and
247 deletions
+247
-247
playbooks/roles/apache/handlers/main.yml
+1
-1
playbooks/roles/apache/tasks/apache_site.yml
+4
-4
playbooks/roles/apache/tasks/main.yml
+7
-7
playbooks/roles/common/handlers/main.yml
+1
-1
playbooks/roles/common/tasks/create_users.yml
+7
-7
playbooks/roles/common/tasks/create_venv.yml
+6
-6
playbooks/roles/common/tasks/edx_logging_base.yml
+6
-6
playbooks/roles/common/tasks/main.yml
+12
-12
playbooks/roles/common/tasks/software_update.yml
+1
-1
playbooks/roles/discern/handlers/main.yml
+3
-3
playbooks/roles/discern/tasks/main.yml
+37
-37
playbooks/roles/launch_instance/tasks/main.yml
+3
-3
playbooks/roles/mongo/tasks/main.yml
+8
-8
playbooks/roles/nginx/handlers/main.yml
+1
-1
playbooks/roles/nginx/tasks/main.yml
+11
-11
playbooks/roles/nginx/tasks/nginx_site.yml
+4
-4
playbooks/roles/ora/handlers/main.yml
+2
-2
playbooks/roles/ora/tasks/deploy.yml
+27
-27
playbooks/roles/ora/tasks/ease.yml
+13
-13
playbooks/roles/ora/tasks/main.yml
+10
-10
playbooks/roles/rabbitmq/tasks/main.yml
+15
-15
playbooks/roles/shibboleth/handlers/main.yml
+1
-1
playbooks/roles/shibboleth/tasks/main.yml
+10
-10
playbooks/roles/xqueue/handlers/main.yml
+4
-4
playbooks/roles/xqueue/tasks/deploy.yml
+10
-10
playbooks/roles/xqueue/tasks/main.yml
+16
-16
playbooks/roles/xserver/handlers/main.yml
+1
-1
playbooks/roles/xserver/tasks/deploy.yml
+9
-9
playbooks/roles/xserver/tasks/main.yml
+13
-13
playbooks/roles/xserver/tasks/nginx.yml
+4
-4
No files found.
playbooks/roles/apache/handlers/main.yml
View file @
82723b84
---
-
name
:
restart apache
-
name
:
apache |
restart apache
service
:
name=apache2 state=restarted
playbooks/roles/apache/tasks/apache_site.yml
View file @
82723b84
# Requires nginx package
---
-
name
:
Copying apache config {{ site_name }}
-
name
:
apache |
Copying apache config {{ site_name }}
template
:
src={{ item }} dest=/etc/apache2/sites-available/{{ site_name }}
first_available_file
:
-
"
{{
local_dir
}}/apache/templates/{{
site_name
}}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
-
"
roles/apache/templates/{{
site_name
}}.j2"
notify
:
restart apache
notify
:
apache |
restart apache
when_set
:
$apache_role_run
tags
:
-
apache
-
update
-
name
:
Creating apache2 config link {{ site_name }}
-
name
:
apache |
Creating apache2 config link {{ site_name }}
file
:
src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify
:
restart apache
notify
:
apache |
restart apache
when_set
:
$apache_role_run
tags
:
-
apache
...
...
playbooks/roles/apache/tasks/main.yml
View file @
82723b84
#Installs apache and runs the lms wsgi
---
-
name
:
Installs apache and mod_wsgi from apt
-
name
:
apache |
Installs apache and mod_wsgi from apt
apt
:
pkg={{item}} install_recommends=no state=present update_cache=yes
with_items
:
-
apache2
-
libapache2-mod-wsgi
notify
:
restart apache
notify
:
apache |
restart apache
tags
:
-
apache
-
install
-
name
:
disables default site
-
name
:
apache |
disables default site
command
:
a2dissite 000-default
notify
:
restart apache
notify
:
apache |
restart apache
tags
:
-
apache
-
install
-
name
:
rewrite apache ports conf
-
name
:
apache |
rewrite apache ports conf
template
:
dest=/etc/apache2/ports.conf src=ports.conf.j2 owner=root group=root
notify
:
restart apache
notify
:
apache |
restart apache
tags
:
-
apache
-
install
-
name
:
Register the fact that apache role has run
-
name
:
apache |
Register the fact that apache role has run
command
:
echo True
register
:
apache_role_run
tags
:
...
...
playbooks/roles/common/handlers/main.yml
View file @
82723b84
---
-
name
:
restart rsyslogd
-
name
:
common |
restart rsyslogd
service
:
name=rsyslog state=restarted
sudo
:
True
playbooks/roles/common/tasks/create_users.yml
View file @
82723b84
---
-
name
:
Create 'edx' users group
-
name
:
common |
Create 'edx' users group
group
:
name=edx state=present
tags
:
-
users
-
admin_users
-
update
-
name
:
Add user 'ubuntu' to 'edx' group
-
name
:
common |
Add user 'ubuntu' to 'edx' group
# This is a temporary measure for initial configuration; after the last
# play is run and we've got a good set of users, ubuntu should no longer be used
user
:
name=ubuntu append=yes groups="edx"
...
...
@@ -15,7 +15,7 @@
-
admin_users
-
update
-
name
:
Creating admin users
-
name
:
common |
Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files
user
:
name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
with_items
:
admin_users
...
...
@@ -25,7 +25,7 @@
-
admin_users
-
update
-
name
:
Copying ssh keys for admin users
-
name
:
common |
Copying ssh keys for admin users
authorized_key
:
user={{item.user}} key="{{ lookup('file', item.path ) }}"
with_items
:
admin_keys
when
:
admin_keys is defined
...
...
@@ -34,7 +34,7 @@
-
admin_users
-
update
-
name
:
Creating env users
-
name
:
common |
Creating env users
user
:
name={{ item.user }} {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %} shell=/bin/bash
with_items
:
env_users
when
:
env_users is defined
...
...
@@ -42,7 +42,7 @@
-
users
-
update
-
name
:
Copying ssh keys for env users
-
name
:
common |
Copying ssh keys for env users
authorized_key
:
user={{ item.user }} key="{{ lookup('file', item.path ) }}"
with_items
:
env_keys
when
:
env_keys is defined
...
...
@@ -50,7 +50,7 @@
-
users
-
update
-
name
:
Group adm passwordless sudo
-
name
:
common |
Group adm passwordless sudo
copy
:
content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
tags
:
-
users
...
...
playbooks/roles/common/tasks/create_venv.yml
View file @
82723b84
---
# create the 'edx' virtual environment in /opt so that roles can populate it
-
name
:
Install python and pip
-
name
:
common |
Install python and pip
apt
:
pkg={{item}} install_recommends=yes state=present update_cache=yes
with_items
:
-
python2.7
...
...
@@ -10,31 +10,31 @@
-
pre_install
-
install
-
name
:
pip install virtualenv
-
name
:
common |
pip install virtualenv
pip
:
name=virtualenv state=present
tags
:
-
venv_base
-
install
-
name
:
pip install virtualenvwrapper
-
name
:
common |
pip install virtualenvwrapper
pip
:
name=virtualenvwrapper state=present
tags
:
-
venv_base
-
install
-
name
:
create edx virtualenv directory
-
name
:
c
ommon | c
reate edx virtualenv directory
file
:
path={{ venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
tags
:
-
venv_base
-
install
-
name
:
create the edx virtualenv directory initial contents
-
name
:
c
ommon | c
reate the edx virtualenv directory initial contents
command
:
/usr/local/bin/virtualenv {{ venv_dir }} --distribute creates=$venv_dir/bin/activate
tags
:
-
venv_base
-
install
-
name
:
pip install gunicorn
-
name
:
common |
pip install gunicorn
pip
:
name=gunicorn virtualenv="{{venv_dir}}" state=present
tags
:
-
gunicorn
...
...
playbooks/roles/common/tasks/edx_logging_base.yml
View file @
82723b84
---
-
name
:
Install rsyslog configuration for edX
-
name
:
common |
Install rsyslog configuration for edX
template
:
dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644
notify
:
restart rsyslogd
notify
:
commong |
restart rsyslogd
tags
:
-
logging
-
update
-
name
:
Install logrotate configuration for edX
-
name
:
common |
Install logrotate configuration for edX
template
:
dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644
tags
:
-
logging
-
update
-
name
:
Touch tracking file into existence
-
name
:
common |
Touch tracking file into existence
command
:
touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
tags
:
-
logging
-
update
-
name
:
Set permissions on tracking file
-
name
:
common |
Set permissions on tracking file
file
:
path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640
tags
:
-
logging
-
update
-
name
:
Install logrotate configuration for tracking file
-
name
:
common |
Install logrotate configuration for tracking file
template
:
dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644
tags
:
-
logging
...
...
playbooks/roles/common/tasks/main.yml
View file @
82723b84
---
-
include
:
create_users.yml
-
name
:
Add user www-data
-
name
:
common |
Add user www-data
# This user should be created on the system by default
user
:
name=www-data
tags
:
-
pre_install
-
update
-
name
:
Create application root
-
name
:
common |
Create application root
# In the future consider making group edx r/t adm
file
:
path={{ app_base_dir }} state=directory owner=root group=adm mode=2775
tags
:
-
pre_install
-
update
-
name
:
Create upload directory
-
name
:
common |
Create upload directory
file
:
path={{ app_base_dir }}/uploads mode=2775 state=directory owner=root group=adm
tags
:
-
pre_install
-
update
-
name
:
Create data dir
-
name
:
common |
Create data dir
file
:
path={{ app_base_dir }}/data state=directory owner=www-data group=root
tags
:
-
pre_install
-
update
-
name
:
Create staticfiles dir
-
name
:
common |
Create staticfiles dir
file
:
path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775
tags
:
-
pre_install
-
update
-
name
:
Install role-independent useful system packages
-
name
:
common |
Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present
apt
:
pkg={{','.join(common_debian_pkgs)}} install_recommends=yes state=present update_cache=yes
tags
:
-
pre_install
-
update
-
name
:
Create log directory
-
name
:
common |
Create log directory
file
:
path=$log_base_dir state=directory mode=2770 group=adm owner=syslog
tags
:
-
pre_install
-
update
-
name
:
Create alias from app_base_dir to the log_base_dir
-
name
:
common |
Create alias from app_base_dir to the log_base_dir
file
:
state=link src=$log_base_dir path=$app_base_dir/log
tags
:
-
pre_install
-
logging
-
update
-
name
:
Create convenience link from log_base_dir to system logs
-
name
:
common |
Create convenience link from log_base_dir to system logs
file
:
state=link src=/var/log path=$log_base_dir/system
tags
:
-
pre_install
-
logging
-
update
-
name
:
Touch edx log file into place
-
name
:
common |
Touch edx log file into place
# This is done for the benefit of the rake commands, which expect it
command
:
touch -a {{log_base_dir}}/edx.log creates={{log_base_dir}}/edx.log
tags
:
...
...
@@ -68,7 +68,7 @@
-
logging
-
install
-
name
:
Set permissions on edx log file
-
name
:
common |
Set permissions on edx log file
# This is done for the benefit of the rake commands, which expect it
file
:
path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640
tags
:
...
...
@@ -76,7 +76,7 @@
-
logging
-
update
-
name
:
upload sudo config for key forwarding as root
-
name
:
common |
upload sudo config for key forwarding as root
copy
:
src=ssh_key_forward dest=/etc/sudoers.d/ssh_key_forward validate='visudo -c -f %s' owner=root group=root mode=0440
-
include
:
create_venv.yml
...
...
playbooks/roles/common/tasks/software_update.yml
View file @
82723b84
---
-
name
:
edx-update.sh, manual lms/cms update script
-
name
:
common |
edx-update.sh, manual lms/cms update script
template
:
src=edx-update.sh.j2 dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775
tags
:
-
release
...
...
playbooks/roles/discern/handlers/main.yml
View file @
82723b84
---
-
name
:
restart discern
-
name
:
discern |
restart discern
service
:
name=discern state=restarted
-
name
:
restart celery
-
name
:
discern |
restart celery
service
:
name=celery state=restarted
-
name
:
restart nginx
-
name
:
discern |
restart nginx
service
:
name=nginx state=restarted
playbooks/roles/discern/tasks/main.yml
View file @
82723b84
---
#Create the templates for upstart services
-
name
:
render celery service from template
-
name
:
discern |
render celery service from template
template
:
src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664
notify
:
restart celery
notify
:
discern |
restart celery
-
name
:
render discern service from template
-
name
:
discern |
render discern service from template
template
:
src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664
notify
:
restart discern
notify
:
discern |
restart discern
#Allows us to recover from a bad sudoers file
-
name
:
Install policykit
-
name
:
discern |
Install policykit
apt
:
pkg=policykit-1 install_recommends=yes state=present update_cache=yes
#Discern user is admin
-
name
:
Create discern user
-
name
:
discern |
Create discern user
user
:
name={{ discern_user }} append=yes groups="adm,edx" shell=/bin/bash
-
name
:
upload sudoers template to /tmp/sudoers
-
name
:
discern |
upload sudoers template to /tmp/sudoers
copy
:
src=sudoers-discern dest=/tmp/{{site_name}} owner=root group=root mode=0440
#Verify file and move to sudoers.d folder
-
name
:
move temp file to sudoers.d
-
name
:
discern |
move temp file to sudoers.d
shell
:
visudo -q -c -f /tmp/{{site_name}} && cp /tmp/{{site_name}} /etc/sudoers.d/{{site_name}}
#Upload config files for django (auth and env)
-
name
:
create discern application config env.json file
-
name
:
discern |
create discern application config env.json file
template
:
src=env.json.j2 dest={{app_base_dir}}/env.json owner={{discern_user}} group=edx mode=0640
notify
:
-
restart celery
-
restart discern
-
discern |
restart celery
-
discern |
restart discern
-
name
:
create discern auth file auth.json
-
name
:
discern |
create discern auth file auth.json
template
:
src=auth.json.j2 dest={{app_base_dir}}/auth.json owner={{discern_user}} group=edx mode=0640
notify
:
-
restart celery
-
restart discern
-
discern |
restart celery
-
discern |
restart discern
#Needed if using redis to prevent memory issues
-
name
:
change memory commit settings -- needed for redis
-
name
:
discern |
change memory commit settings -- needed for redis
command
:
sysctl vm.overcommit_memory=1
-
name
:
set permissions on app_base_dir sgid for edx
-
name
:
discern |
set permissions on app_base_dir sgid for edx
file
:
path={{app_base_dir}} owner=root group=edx mode=2775 state=directory
file
:
path={{venv_dir}} owner=root group=edx mode=2775 state=directory
-
name
:
Install git so that we can clone repos
-
name
:
discern |
Install git so that we can clone repos
apt
:
pkg=git install_recommends=yes state=present
#Create directories for repos
-
name
:
create discern and ease directories and set permissions
-
name
:
discern |
create discern and ease directories and set permissions
file
:
path={{item}} owner={{discern_user}} group=edx mode=2775 state=directory
with_items
:
-
${discern_dir}
-
${ease_dir}
#Grab both repos or update
-
name
:
git checkout discern repo into discern_dir
-
name
:
discern |
git checkout discern repo into discern_dir
git
:
dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}}
notify
:
-
restart celery
-
restart discern
-
discern |
restart celery
-
discern |
restart discern
-
name
:
git checkout ease repo into ease_dir
-
name
:
discern |
git checkout ease repo into ease_dir
git
:
dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}}
notify
:
-
restart celery
-
restart discern
-
discern |
restart celery
-
discern |
restart discern
#Install system packages
-
name
:
install discern and ease apt packages
-
name
:
discern |
install discern and ease apt packages
command
:
xargs -a {{item}}/apt-packages.txt apt-get install -y
with_items
:
-
${discern_dir}
...
...
@@ -87,19 +87,19 @@
-
${discern_dir}
-
${ease_dir}
-
name
:
install ease python package
-
name
:
discern |
install ease python package
shell
:
command="{{venv_dir}}/bin/activate; cd {{ease_dir}}; python setup.py install"
#Needed for the ease package to work
-
name
:
install nltk data using rendered shell script
-
name
:
discern |
install nltk data using rendered shell script
shell
:
command="{{venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
-
name
:
set permissions on nltk data directory
-
name
:
discern |
set permissions on nltk data directory
file
:
path={{nltk_data_dir}} owner={{discern_user}} group=edx mode=2775 state=directory
#Run this instead of using the ansible module because the ansible module only support syncdb of these three, and does not
#support virtualenvs as of this comment
-
name
:
django syncdb, migrate, and collectstatic for discern
-
name
:
d
iscern | d
jango syncdb, migrate, and collectstatic for discern
shell
:
${venv_dir}/bin/python {{discern_dir}}/manage.py {{item}} --noinput --settings={{discern_settings}} --pythonpath={{discern_dir}}
with_items
:
-
syncdb
...
...
@@ -107,22 +107,22 @@
-
collectstatic
#Have this separate from the other three because it doesn't take the noinput flag
-
name
:
django update_index for discern
-
name
:
d
iscern | d
jango update_index for discern
shell
:
${venv_dir}/bin/python {{discern_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_dir}}
-
name
:
create nginx directory and set perms
-
name
:
discern |
create nginx directory and set perms
file
:
path=/etc/nginx/sites-available owner=root group=edx mode=2775 state=directory
#Install nginx sites available
#remove default link, render template, link template to sites-enabled to activate
-
name
:
Removing default nginx config
-
name
:
discern |
Removing default nginx config
file
:
path=/etc/nginx/sites-enabled/default state=absent
notify
:
restart nginx
notify
:
discern |
restart nginx
-
name
:
render nginx sites available
-
name
:
discern |
render nginx sites available
template
:
src=nginx-discern.j2 dest=/etc/nginx/sites-available/{{ site_name }}
notify
:
restart nginx
notify
:
discern |
restart nginx
-
name
:
Creating nginx config link {{ site_name }}
-
name
:
discern |
Creating nginx config link {{ site_name }}
file
:
src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state=link owner=root group=root
notify
:
restart nginx
notify
:
discern |
restart nginx
playbooks/roles/launch_instance/tasks/main.yml
View file @
82723b84
# Launches an ec2 instance and blocks until the instance is up
# adds it to the host group
-
name
:
Launch instance
-
name
:
launch_instance |
Launch instance
local_action
:
module
:
ec2
keypair
:
"
{{keypair}}"
...
...
@@ -13,10 +13,10 @@
instance_tags
:
"
{{instance_tags}}"
register
:
ec2
-
name
:
Add new instance to host group
-
name
:
launch_instance |
Add new instance to host group
local_action
:
add_host hostname=${item.public_ip} groupname=launched
with_items
:
${ec2.instances}
-
name
:
Wait for SSH to come up
-
name
:
launch_instance |
Wait for SSH to come up
local_action
:
wait_for host=${item.public_dns_name} port=22 delay=60 timeout=320 state=started
with_items
:
${ec2.instances}
playbooks/roles/mongo/tasks/main.yml
View file @
82723b84
---
-
name
:
install python-pymongo (req for ansible)
-
name
:
mongo |
install python-pymongo (req for ansible)
pip
:
name=pymongo
-
name
:
install mongo server and recommends
-
name
:
mongo |
install mongo server and recommends
apt
:
pkg=mongodb-server state=present install_recommends=yes
-
name
:
stop mongo service
-
name
:
mongo |
stop mongo service
service
:
name=mongodb state=stopped
-
name
:
move mongodb to /mnt
-
name
:
mo
ngo | mo
ve mongodb to /mnt
command
:
mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb
-
name
:
create mongodb symlink
-
name
:
mongo |
create mongodb symlink
file
:
src=/mnt/mongodb dest=/var/lib/mongodb state=link
-
name
:
start mongo service
-
name
:
mongo |
start mongo service
service
:
name=mongodb state=started
-
name
:
wait for mongo server to start
-
name
:
mongo |
wait for mongo server to start
wait_for
:
port=27017 delay=2
-
name
:
create a mongodb user
-
name
:
mongo |
create a mongodb user
mongodb_user
:
>
database=cs_comments_service
name=cs_comments_service
...
...
playbooks/roles/nginx/handlers/main.yml
View file @
82723b84
---
-
name
:
restart nginx
-
name
:
nginx |
restart nginx
service
:
name=nginx state=restarted
sudo
:
True
playbooks/roles/nginx/tasks/main.yml
View file @
82723b84
# requires:
# - common/tasks/main.yml
---
-
name
:
Install nginx
-
name
:
nginx |
Install nginx
apt
:
pkg=nginx state={{ pkgs.nginx.state }}
notify
:
restart nginx
notify
:
nginx |
restart nginx
tags
:
-
nginx
-
install
...
...
@@ -14,13 +14,13 @@
-
include
:
nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
-
include
:
nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
-
name
:
Write out default htpasswd file
-
name
:
nginx |
Write out default htpasswd file
copy
:
content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd owner=www-data group=www-data mode=0600
tags
:
-
nginx
-
update
-
name
:
Create nginx log file location (just in case)
-
name
:
nginx |
Create nginx log file location (just in case)
file
:
path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
tags
:
-
nginx
...
...
@@ -28,34 +28,34 @@
-
update
# removing default link
-
name
:
Removing default nginx config and restart (enabled)
-
name
:
nginx |
Removing default nginx config and restart (enabled)
file
:
path=/etc/nginx/sites-enabled/default state=absent
notify
:
restart nginx
notify
:
nginx |
restart nginx
tags
:
-
nginx
-
update
# Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
-
name
:
Set up nginx access log rotation
-
name
:
nginx |
Set up nginx access log rotation
template
:
dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
tags
:
-
logging
-
update
-
name
:
Set up nginx access log rotation
-
name
:
nginx |
Set up nginx access log rotation
template
:
dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
tags
:
-
logging
-
update
-
name
:
Removing default nginx config (available)
-
name
:
nginx |
Removing default nginx config (available)
file
:
path=/etc/nginx/sites-available/default state=absent
tags
:
-
nginx
-
update
-
name
:
Register the fact that nginx has run
-
name
:
nginx |
Register the fact that nginx has run
command
:
echo True
register
:
nginx_role_run
tags
:
...
...
@@ -65,5 +65,5 @@
# If tasks that notify restart nginx don't change the state of the remote system
# their corresponding notifications don't get run. If nginx has been stopped for
# any reason, this will ensure that it is started up again.
-
name
:
make sure nginx has started
-
name
:
nginx |
make sure nginx has started
service
:
name=nginx state=started
playbooks/roles/nginx/tasks/nginx_site.yml
View file @
82723b84
# Requires nginx package
---
-
name
:
Copying nginx config {{ site_name }}
-
name
:
nginx |
Copying nginx config {{ site_name }}
template
:
src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
first_available_file
:
-
"
{{
local_dir
}}/nginx/templates/{{
site_name
}}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
-
"
roles/nginx/templates/{{
site_name
}}.j2"
notify
:
restart nginx
notify
:
nginx |
restart nginx
when_set
:
$nginx_role_run
tags
:
-
nginx
...
...
@@ -15,9 +15,9 @@
-
nginx-env
-
update
-
name
:
Creating nginx config link {{ site_name }}
-
name
:
nginx |
Creating nginx config link {{ site_name }}
file
:
src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify
:
restart nginx
notify
:
nginx |
restart nginx
when_set
:
$nginx_role_run
tags
:
-
nginx
...
...
playbooks/roles/ora/handlers/main.yml
View file @
82723b84
---
-
name
:
restart edx-ora
-
name
:
ora |
restart edx-ora
service
:
name=edx-ora state=restarted
-
name
:
restart edx-ora-celery
-
name
:
ora |
restart edx-ora-celery
service
:
name=edx-ora-celery state=restarted
playbooks/roles/ora/tasks/deploy.yml
View file @
82723b84
-
name
:
See if edx-ora.conf is installed
-
name
:
ora |
See if edx-ora.conf is installed
shell
:
"
[
-f
/etc/init/edx-ora.conf
]
&&
echo
'Found'
||
echo
''"
register
:
edx_ora_installed
tags
:
-
ora
-
deploy
-
name
:
See if edx-ora-celery.conf is installed
-
name
:
ora |
See if edx-ora-celery.conf is installed
shell
:
"
[
-f
/etc/init/edx-ora-celery.conf
]
&&
echo
'Found'
||
echo
''"
register
:
edx_ora_celery_installed
tags
:
...
...
@@ -13,38 +13,38 @@
-
deploy
# Stop ora service.
-
name
:
stop edx-ora service
-
name
:
ora |
stop edx-ora service
service
:
name=edx-ora state=stopped
when
:
edx_ora_installed.stdout == 'Found'
notify
:
restart edx-ora
notify
:
ora |
restart edx-ora
tags
:
-
ora
-
deploy
-
name
:
stop edx-ora-celery service
-
name
:
ora |
stop edx-ora-celery service
service
:
name=edx-ora-celery state=stopped
when
:
edx_ora_celery_installed.stdout == 'Found'
notify
:
restart edx-ora-celery
notify
:
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
# Do A Checkout
-
name
:
git checkout ora repo into $app_base_dir
-
name
:
ora |
git checkout ora repo into $app_base_dir
git
:
dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}}
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
# Do Post Checkout Tasks.
-
name
:
change permissions on ora code dir
-
name
:
ora |
change permissions on ora code dir
file
:
path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
...
...
@@ -55,51 +55,51 @@
# Install the python pre requirements into {{ ora_venv_dir }}
-
name
:
install python pre-requirements
-
name
:
ora |
install python pre-requirements
pip
:
requirements="{{ora_pre_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
# Install the python post requirements into {{ ora_venv_dir }}
-
name
:
install python post-requirements
-
name
:
ora |
install python post-requirements
pip
:
requirements="{{ora_post_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
#Needed if using redis to prevent memory issues
-
name
:
change memory commit settings -- needed for redis
-
name
:
ora |
change memory commit settings -- needed for redis
command
:
sysctl vm.overcommit_memory=1
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
deploy
-
name
:
syncdb and migrate
-
name
:
ora |
syncdb and migrate
shell
:
sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
when
:
migrate_db is defined and migrate_db|lower == "yes"
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
syncdb
-
deploy
-
name
:
create users
-
name
:
ora |
create users
shell
:
sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
notify
:
-
restart edx-ora
-
restart edx-ora-celery
-
ora |
restart edx-ora
-
ora |
restart edx-ora-celery
tags
:
-
ora
-
syncdb
...
...
playbooks/roles/ora/tasks/ease.yml
View file @
82723b84
-
name
:
See if edx-ora.conf is installed
-
name
:
ora |
See if edx-ora.conf is installed
shell
:
"
[
-f
/etc/init/edx-ora.conf
]
&&
echo
'Found'
||
echo
''"
register
:
edx_ora_installed
tags
:
-
ora
-
deploy
-
name
:
See if edx-ora-celery.conf is installed
-
name
:
ora |
See if edx-ora-celery.conf is installed
shell
:
"
[
-f
/etc/init/edx-ora-celery.conf
]
&&
echo
'Found'
||
echo
''"
register
:
edx_ora_celery_installed
tags
:
...
...
@@ -13,14 +13,14 @@
-
deploy
# Stop ora service.
-
name
:
stop edx-ora service
-
name
:
ora |
stop edx-ora service
service
:
name=edx-ora state=stopped
when
:
edx_ora_installed.stdout == 'Found'
tags
:
-
ora
-
deploy
-
name
:
stop edx-ora-celery service
-
name
:
ora |
stop edx-ora-celery service
service
:
name=edx-ora-celery state=stopped
when
:
edx_ora_celery_installed.stdout == 'Found'
tags
:
...
...
@@ -29,14 +29,14 @@
# Do A Checkout
-
name
:
git checkout ease repo into its base dir
-
name
:
ora |
git checkout ease repo into its base dir
git
:
dest={{ease_code_dir}} repo={{ease_source_repo}} version={{ease_version}}
tags
:
-
ease
-
deploy
# Do Post Checkout Tasks.
-
name
:
change permissions on ease code dir
-
name
:
ora |
change permissions on ease code dir
file
:
path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
tags
:
-
ease
...
...
@@ -46,7 +46,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here.
#
-
name
:
install ease system packages
-
name
:
ora |
install ease system packages
apt
:
pkg={{item}} state=present
with_items
:
ease_debian_pkgs
tags
:
...
...
@@ -55,27 +55,27 @@
# Install the python pre requirements into {{ ease_venv_dir }}
-
name
:
install ease python pre-requirements
-
name
:
ora |
install ease python pre-requirements
pip
:
requirements="{{ease_pre_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags
:
-
ease
-
deploy
# Install the python post requirements into {{ ease_venv_dir }}
-
name
:
install ease python post-requirements
-
name
:
ora |
install ease python post-requirements
pip
:
requirements="{{ease_post_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags
:
-
ease
-
deploy
-
name
:
install ease python package
-
name
:
ora |
install ease python package
shell
:
command="{{ease_venv_dir}}/bin/activate; cd {{ease_code_dir}}; python setup.py install"
tags
:
-
ease
-
deploy
#Needed for the ease package to work
-
name
:
check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
-
name
:
ora |
check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
shell
:
"
[
-f
{{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle
]
&&
echo
'Found'
||
echo
''"
register
:
nltk_data_installed
tags
:
...
...
@@ -83,14 +83,14 @@
-
deploy
-
name
:
install nltk data using rendered shell script
-
name
:
ora |
install nltk data using rendered shell script
command
:
"
{{ease_venv_dir}}/bin/python
-m
nltk.downloader
-d
{{nltk_data_dir}}
all"
when
:
nltk_data_installed.stdout != "Found"
tags
:
-
ease
-
deploy
-
name
:
set permissions on nltk data directory
-
name
:
ora |
set permissions on nltk data directory
file
:
path={{nltk_data_dir}} owner=ubuntu group=adm mode=2775 state=directory
tags
:
-
ease
...
...
playbooks/roles/ora/tasks/main.yml
View file @
82723b84
...
...
@@ -3,54 +3,54 @@
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
-
name
:
Change permissions on datadir
-
name
:
ora |
Change permissions on datadir
file
:
path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data
tags
:
-
ora
-
name
:
Create ml_models directory
-
name
:
ora |
Create ml_models directory
file
:
path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data
tags
:
-
ora
# Check out ora repo to {{ora_code_dir}}
-
name
:
install git and its recommends
-
name
:
ora |
install git and its recommends
apt
:
pkg=git state=present install_recommends=yes
tags
:
-
ora
-
name
:
create ora application config
-
name
:
ora |
create ora application config
template
:
src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm
tags
:
-
ora
-
name
:
create ora auth file
-
name
:
ora |
create ora auth file
template
:
src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm
tags
:
-
ora
-
name
:
create ora upstart script
-
name
:
ora |
create ora upstart script
template
:
src=edx-ora.conf.j2 dest=/etc/init/edx-ora.conf mode=0640 owner=root group=adm
tags
:
-
ora
-
name
:
create ora-celery upstart script
-
name
:
ora |
create ora-celery upstart script
template
:
src=edx-ora-celery.conf.j2 dest=/etc/init/edx-ora-celery.conf mode=0640 owner=root group=adm
tags
:
-
ora
-
name
:
install debian packages that ora needs
-
name
:
ora |
install debian packages that ora needs
apt
:
pkg={{item}} state=present
with_items
:
ora_debian_pkgs
tags
:
-
ora
-
name
:
create the ora virtual environment
-
name
:
ora |
create the ora virtual environment
file
:
path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory
tags
:
-
ora
-
name
:
bootstrap the ora virtual environment
-
name
:
ora |
bootstrap the ora virtual environment
command
:
/usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate
tags
:
-
ora
...
...
playbooks/roles/rabbitmq/tasks/main.yml
View file @
82723b84
...
...
@@ -3,58 +3,58 @@
# There is a bug with initializing multiple nodes in the HA cluster at once
# http://rabbitmq.1065348.n5.nabble.com/Rabbitmq-boot-failure-with-quot-tables-not-present-quot-td24494.html
-
name
:
trust rabbit repository
-
name
:
rabbitmq |
trust rabbit repository
apt_key
:
url={{rabbitmq_apt_key}} state=present
-
name
:
install python-software-properties if debian
-
name
:
rabbitmq |
install python-software-properties if debian
apt
:
pkg={{",".join(rabbitmq_debian_pkgs)}} state=present
-
name
:
add rabbit repository
-
name
:
rabbitmq |
add rabbit repository
apt_repository
:
repo="{{rabbitmq_repository}}" state=present
-
name
:
install rabbitmq
-
name
:
rabbitmq |
install rabbitmq
apt
:
pkg={{rabbitmq_pkg}} state=present
-
name
:
stop rabbit cluster
-
name
:
rabbitmq |
stop rabbit cluster
service
:
name=rabbitmq-server state=stopped
# Defaulting to /var/lib/rabbitmq
-
name
:
create cookie directory
-
name
:
rabbitmq |
create cookie directory
file
:
path={{rabbitmq_cookie_dir}} owner=rabbitmq group=rabbitmq mode=0755 state=directory
-
name
:
add rabbitmq erlang cookie
-
name
:
rabbitmq |
add rabbitmq erlang cookie
template
:
src=erlang.cookie.j2 dest={{rabbitmq_cookie_location}} owner=rabbitmq group=rabbitmq mode=0400
register
:
erlang_cookie
# Defaulting to /etc/rabbitmq
-
name
:
create rabbitmq config directory
-
name
:
rabbitmq |
create rabbitmq config directory
file
:
path={{rabbitmq_config_dir}} owner=root group=root mode=0755 state=directory
-
name
:
add rabbitmq environment configuration
-
name
:
rabbitmq |
add rabbitmq environment configuration
template
:
src=rabbitmq-env.conf.j2 dest={{rabbitmq_config_dir}}/rabbitmq-env.conf owner=root group=root mode=0644
-
name
:
add rabbitmq cluster configuration
-
name
:
rabbitmq |
add rabbitmq cluster configuration
template
:
src=rabbitmq.config.j2 dest={{rabbitmq_config_dir}}/rabbitmq.config owner=root group=root mode=0644
register
:
cluster_configuration
-
name
:
add the mangement plugin
-
name
:
rabbitmq |
add the mangement plugin
rabbitmq_plugin
:
names=rabbitmq_management state=enabled
# When rabbitmq starts up it creates a folder of metadata at '/var/lib/rabbitmq/mnesia'.
# This folder should be deleted before clustering is setup because it retains data
# that can conflict with the clustering information.
-
name
:
remove mnesia configuration
-
name
:
r
abbitmq | r
emove mnesia configuration
file
:
path={{rabbitmq_mnesia_folder}} state=absent
when
:
erlang_cookie.changed or cluster_configuration.changed
-
name
:
start rabbit nodes
-
name
:
rabbitmq |
start rabbit nodes
service
:
name=rabbitmq-server state=restarted
-
name
:
remove guest user
-
name
:
r
abbitmq | r
emove guest user
rabbitmq_user
:
user="guest" state=absent
-
name
:
add admin users
-
name
:
rabbitmq |
add admin users
rabbitmq_user
:
>
user='{{item.name}}'
password='{{item.password}}'
...
...
playbooks/roles/shibboleth/handlers/main.yml
View file @
82723b84
---
-
name
:
restart shibd
-
name
:
shibboleth |
restart shibd
service
:
name=shibd state=restarted
playbooks/roles/shibboleth/tasks/main.yml
View file @
82723b84
#Install shibboleth
---
-
name
:
Installs shib and dependencies from apt
-
name
:
shibboleth |
Installs shib and dependencies from apt
apt
:
pkg={{item}} install_recommends=no state=present update_cache=yes
with_items
:
-
shibboleth-sp2-schemas
...
...
@@ -9,46 +9,46 @@
-
libshibsp-doc
-
libapache2-mod-shib2
-
opensaml2-tools
notify
:
restart shibd
notify
:
shibboleth |
restart shibd
tags
:
-
shib
-
install
-
name
:
Creates /etc/shibboleth/metadata directory
-
name
:
shibboleth |
Creates /etc/shibboleth/metadata directory
file
:
path=/etc/shibboleth/metadata state=directory mode=2774 group=_shibd owner=_shibd
tags
:
-
shib
-
install
-
name
:
Downloads metadata into metadata directory as backup
-
name
:
shibboleth |
Downloads metadata into metadata directory as backup
get_url
:
url=https://idp.stanford.edu/Stanford-metadata.xml dest=/etc/shibboleth/metadata/idp-metadata.xml mode=0640 group=_shibd owner=_shibd
tags
:
-
shib
-
install
-
name
:
writes out key and pem file
-
name
:
shibboleth |
writes out key and pem file
template
:
src=sp.{{item}}.j2 dest=/etc/shibboleth/sp.{{item}} group=_shibd owner=_shibd mode=0600
with_items
:
-
key
-
pem
notify
:
restart shibd
notify
:
shibboleth |
restart shibd
tags
:
-
shib
-
install
-
name
:
writes out configuration files
-
name
:
shibboleth |
writes out configuration files
template
:
src={{item}}.j2 dest=/etc/shibboleth/{{item}} group=_shibd owner=_shibd mode=0644
with_items
:
-
attribute-map.xml
-
shibboleth2.xml
notify
:
restart shibd
notify
:
shibboleth |
restart shibd
tags
:
-
shib
-
install
-
name
:
enables shib
-
name
:
shibboleth |
enables shib
command
:
a2enmod shib2
notify
:
restart shibd
notify
:
shibboleth |
restart shibd
tags
:
-
shib
-
install
...
...
playbooks/roles/xqueue/handlers/main.yml
View file @
82723b84
-
name
:
stop xqueue
-
name
:
xqueue |
stop xqueue
service
:
name=xqueue state=stopped
tags
:
-
xqueue
-
deploy
-
name
:
start xqueue
-
name
:
xqueue |
start xqueue
service
:
name=xqueue state=started
tags
:
-
xqueue
-
deploy
-
name
:
restart xqueue
-
name
:
xqueue |
restart xqueue
service
:
name=xqueue state=restarted
tags
:
-
xqueue
-
deploy
-
name
:
restart xqueue consumer
-
name
:
xqueue |
restart xqueue consumer
service
:
name=xqueue_consumer state=restarted
playbooks/roles/xqueue/tasks/deploy.yml
View file @
82723b84
# Stop xqueue service.
-
name
:
stop xqueue service
-
name
:
xqueue |
stop xqueue service
service
:
name=xqueue state=stopped
tags
:
-
xqueue
-
deploy
-
name
:
stop xqueue consumer service
-
name
:
xqueue |
stop xqueue consumer service
service
:
name=xqueue_consumer state=stopped
tags
:
-
xqueue
-
deploy
# Do A Checkout
-
name
:
git checkout xqueue repo into $app_base_dir
-
name
:
xqueue |
git checkout xqueue repo into $app_base_dir
git
:
dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}
tags
:
-
xqueue
-
deploy
# Do Post Checkout Tasks.
-
name
:
create xqueue code dir
-
name
:
xqueue |
create xqueue code dir
file
:
path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755
tags
:
-
xqueue
...
...
@@ -29,7 +29,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here.
-
name
:
sets permissions on xqueue code dir and contents
-
name
:
xqueue |
sets permissions on xqueue code dir and contents
file
:
path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes
# Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready.
# Look at the handlers/main.yml in this role for a description of the tasks stated below.
...
...
@@ -51,7 +51,7 @@
-
xqueue
-
deploy
-
name
:
syncdb and migrate
-
name
:
xqueue |
syncdb and migrate
shell
:
sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when
:
migrate_db is defined and migrate_db|lower == "yes"
tags
:
...
...
@@ -59,7 +59,7 @@
-
syncdb
-
deploy
-
name
:
create users
-
name
:
xqueue |
create users
shell
:
sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when
:
update_users is defined
tags
:
...
...
@@ -67,19 +67,19 @@
-
syncdb
-
deploy
-
name
:
stop xqueue
-
name
:
xqueue |
stop xqueue
service
:
name=xqueue state=stopped
tags
:
-
xqueue
-
deploy
-
name
:
start xqueue
-
name
:
xqueue |
start xqueue
service
:
name=xqueue state=started
tags
:
-
xqueue
-
deploy
-
name
:
start xqueue consumer
-
name
:
xqueue |
start xqueue consumer
service
:
name=xqueue_consumer state=started
tags
:
-
xqueue
...
...
playbooks/roles/xqueue/tasks/main.yml
View file @
82723b84
...
...
@@ -3,12 +3,12 @@
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
-
name
:
Change permissions on datadir
-
name
:
xqueue |
Change permissions on datadir
file
:
path={{app_base_dir}}/data state=directory owner=www-data group=www-data
tags
:
-
xqueue
-
name
:
create xqueue db
-
name
:
xqueue |
create xqueue db
mysql_db
:
>
name={{xqueue_auth_config.DATABASES.default.NAME}}
login_host={{xqueue_auth_config.DATABASES.default.HOST}}
...
...
@@ -18,46 +18,46 @@
encoding=utf8
# Check out xqueue repo to {{xqueue_code_dir}}
-
name
:
install git and its recommends
-
name
:
xqueue |
install git and its recommends
apt
:
pkg=git state=present install_recommends=yes
tags
:
-
xqueue
-
name
:
install a bunch of system packages on which xqueue relies
-
name
:
xqueue |
install a bunch of system packages on which xqueue relies
apt
:
pkg={{','.join(xqueue_debian_pkgs)}} state=present
notify
:
-
restart xqueue
-
restart xqueue consumer
-
xqueue |
restart xqueue
-
xqueue |
restart xqueue consumer
tags
:
-
xqueue
-
name
:
create xqueue application config
-
name
:
xqueue |
create xqueue application config
template
:
src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm
notify
:
-
restart xqueue
-
restart xqueue consumer
-
xqueue |
restart xqueue
-
xqueue |
restart xqueue consumer
tags
:
-
xqueue
-
name
:
create xqueue auth file
-
name
:
xqueue |
create xqueue auth file
template
:
src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm
notify
:
-
restart xqueue
-
restart xqueue consumer
-
xqueue |
restart xqueue
-
xqueue |
restart xqueue consumer
tags
:
-
xqueue
-
name
:
creating xqueue upstart script
-
name
:
xqueue |
creating xqueue upstart script
template
:
src=xqueue.conf.j2 dest=/etc/init/xqueue.conf mode=0640 owner=root group=adm
notify
:
-
restart xqueue
-
xqueue |
restart xqueue
tags
:
-
xqueue
-
name
:
create xqueue consumer upstart script
-
name
:
xqueue |
create xqueue consumer upstart script
template
:
src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm
notify
:
-
restart xqueue consumer
-
xqueue |
restart xqueue consumer
tags
:
-
xqueue
...
...
playbooks/roles/xserver/handlers/main.yml
View file @
82723b84
-
name
:
restart nginx
-
name
:
xserver |
restart nginx
service
:
name=nginx state=restarted
playbooks/roles/xserver/tasks/deploy.yml
View file @
82723b84
-
name
:
stop xserver
-
name
:
xserver |
stop xserver
service
:
name=xserver state=stopped
tags
:
-
deploy
-
name
:
checkout code
-
name
:
xserver |
checkout code
git
:
dest={{xserver_code_dir}} repo={{xserver_source_repo}} version={{xserver_version}}
tags
:
-
deploy
-
name
:
install requirements
-
name
:
xserver |
install requirements
pip
:
requirements="{{xserver_requirements_file}}" virtualenv="{{venv_dir}}" state=present
tags
:
-
deploy
-
name
:
install sandbox requirements
-
name
:
xserver |
install sandbox requirements
pip
:
requirements="{{xserver_requirements_file}}" virtualenv="{{xserver_sandbox_venv_dir}}" state=present
tags
:
-
deploy
-
name
:
create xserver application config
-
name
:
xserver |
create xserver application config
template
:
src=xserver.env.json.j2 dest={{app_base_dir}}/env.json mode=640 owner=www-data group=adm
tags
:
-
deploy
-
name
:
install read-only ssh key for the content repo that is required for grading
-
name
:
xserver |
install read-only ssh key for the content repo that is required for grading
copy
:
src={{ xserver_git_identity_path }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60
tags
:
-
deploy
-
name
:
checkout grader code
-
name
:
xserver |
checkout grader code
git
:
dest={{xserver_grader_dir}} repo={{xserver_grader_source}} version={{xserver_grader_version}}
environment
:
GIT_SSH
:
/tmp/git_ssh.sh
...
...
@@ -36,12 +36,12 @@
tags
:
-
deploy
-
name
:
remove read-only ssh key for the content repo
-
name
:
xserver |
remove read-only ssh key for the content repo
file
:
path=/etc/git-identity state=absent
tags
:
-
deploy
-
name
:
start xserver
-
name
:
xserver |
start xserver
service
:
name=xserver state=started
tags
:
-
deploy
playbooks/roles/xserver/tasks/main.yml
View file @
82723b84
...
...
@@ -3,54 +3,54 @@
# access to the edX 6.00x repo which is not public
---
-
name
:
ensure sandbox group exists
-
name
:
xserver |
ensure sandbox group exists
group
:
name=sandbox
-
name
:
ensure sandbox user exists
-
name
:
xserver |
ensure sandbox user exists
user
:
name=sandbox group=sandbox
-
name
:
create sandbox python directory
-
name
:
xserver |
create sandbox python directory
file
:
path={{ xserver_sandbox_venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
-
name
:
create sandbox sudoers file
-
name
:
xserver |
create sandbox sudoers file
template
:
src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
-
name
:
create sandbox python
-
name
:
xserver |
create sandbox python
command
:
/usr/local/bin/virtualenv {{ xserver_sandbox_venv_dir }} --distribute creates={{ xserver_sandbox_venv_dir }}/bin/activate
# Make sure this line is in the common-session file.
-
name
:
ensure pam-limits module is loaded
-
name
:
xserver |
ensure pam-limits module is loaded
lineinfile
:
dest=/etc/pam.d/common-session
regexp="session required pam_limits.so"
line="session required pam_limits.so"
-
name
:
set sandbox limits
-
name
:
xserver |
set sandbox limits
copy
:
src={{ item }} dest=/etc/security/limits.d/sandbox.conf
first_available_file
:
-
"
{{
secure_dir
}}/sandbox.conf"
-
"
sandbox.conf"
-
name
:
ensure apparmor package
-
name
:
xserver |
ensure apparmor package
apt
:
pkg=apparmor-utils state=present
-
name
:
load python-sandbox apparmor profile
-
name
:
xserver |
load python-sandbox apparmor profile
template
:
src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox
first_available_file
:
-
"
{{
secure_dir
}}/files/edx_apparmor_sandbox.j2"
-
"
usr.bin.python-sandbox.j2"
-
name
:
enforce app-armor rules
-
name
:
xserver |
enforce app-armor rules
command
:
aa-enforce {{ xserver_sandbox_venv_dir }}
-
name
:
setup upstart script
-
name
:
xserver |
setup upstart script
template
:
src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
-
name
:
install system dependencies of xserver
-
name
:
xserver |
install system dependencies of xserver
apt
:
pkg={{ item }} state=present
with_items
:
xserver_debian_pkgs
-
name
:
upload ssh script
-
name
:
xserver |
upload ssh script
copy
:
src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
-
include
:
nginx.yml
...
...
playbooks/roles/xserver/tasks/nginx.yml
View file @
82723b84
-
name
:
add xserver nginx configuration
-
name
:
xserver |
add xserver nginx configuration
template
:
src=simple-proxy.j2 dest=/etc/nginx/sites-available/simple-proxy
notify
:
-
restart nginx
-
xserver |
restart nginx
-
name
:
enable xserver nginx configuration
-
name
:
xserver |
enable xserver nginx configuration
file
:
src=/etc/nginx/sites-available/simple-proxy dest=/etc/nginx/sites-enabled/simple-proxy state=link
notify
:
-
restart nginx
-
xserver |
restart nginx
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment