renaming storage_base_dir to data_base_dir

playbooks/group_vars/all

@@ -2,9 +2,9 @@
 # This should only have variables
 # that are applicable to all edX roles
 
-storage_base_dir: /mnt
+data_base_dir: /mnt
 app_base_dir: /opt/wwc
-log_base_dir: "{{ storage_base_dir }}/logs"
+log_base_dir: "{{ data_base_dir }}/logs"
 venv_dir: /opt/edx
 os_name: ubuntu
 

playbooks/roles/common/tasks/create_github_users.yml

----
-
-# Overview:
-# 
-# Creates OS accounts for users based on their github credential.
-# Expects to find a list in scope named GITHUB_USERS with
-# the following structure:
-#
-# GITHUB_USERS:
-#   - user: me_at_github
-#     groups:
-#     - adm
-#   - user: otheruser
-#     groups: 
-#     - users
-#
-
-- name: common | create local user for github user
-  user: 
-    name={{ item.user }} 
-    groups={{ ",".join(item.groups) }}
-    shell=/bin/bash
-  with_items: GITHUB_USERS
-  tags:
-    - users
-    - update
-
-- name: common | create .ssh directory
-  file: 
-    path=/home/{{ item.user }}/.ssh state=directory mode=0700 
-    owner={{ item.user }} group={{ item.user }}
-  with_items: GITHUB_USERS
-  tags:
-    - users
-    - update
-
-- name: common | copy github key[s] to .ssh/authorized_keys
-  get_url: 
-    url=https://github.com/{{ item.user }}.keys 
-    dest=/home/{{ item.user }}/.ssh/authorized_keys mode=0600 
-    owner={{ item.user }} group={{ item.user }}
-  with_items: GITHUB_USERS
-  tags:
-    - users
-    - update

playbooks/roles/common/tasks/create_users.yml

----
-- name: common | Create 'edx' users group
-  group: name=edx state=present
-  tags:
-  - users
-  - admin_users
-  - update
-
-- name: common | Add user 'ubuntu' to 'edx' group
-  # This is a temporary measure for initial configuration; after the last 
-  # play is run and we've got a good set of users, ubuntu should no longer be used
-  user: name=ubuntu append=yes groups="edx"
-  tags:
-  - users
-  - admin_users
-  - update
-
-- name: common | Creating admin users
-  # Admin users, by definition, should be able to sudo w/ password, and read adm-only files
-  user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
-  with_items: admin_users
-  when: admin_users is defined
-  tags:
-  - users
-  - admin_users
-  - update
-
-- name: common | Copying ssh keys for admin users
-  authorized_key: user={{item.user}} key="{{ lookup('file', item.path ) }}"
-  with_items: admin_keys
-  when: admin_keys is defined
-  tags:
-  - users
-  - admin_users
-  - update
-
-- name: common | Creating env users
-  user: name={{ item.user }} {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %} shell=/bin/bash
-  with_items: ENV_USERS
-  when: ENV_USERS is defined
-  tags:
-  - users
-  - update
-
-- name: common | Copying ssh keys for env users
-  authorized_key: user={{ item.user }} key="{{ lookup('file', item.path ) }}"
-  with_items: env_keys
-  when: env_keys is defined
-  tags:
-  - users
-  - update
-
-- name: common | Group adm passwordless sudo
-  copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
-  tags:
-  - users
-  - admin_users
-  - update

playbooks/roles/common/tasks/main.yml

 ---
-- include: create_users.yml
-- include: create_github_users.yml
-  when: GITHUB_USERS is defined
-
 - name: common | Add user www-data
-  # This user should be created on the system by default
+  # This is the default user for nginx and gunicorn
   user: name=www-data
   tags:
   - pre_install
@@ -12,7 +8,7 @@
 
 - name: common | Create the base directory for storage
   file: >
-    path={{ storage_base_dir }}
+    path={{ data_base_dir }}
       state=directory
       owner=root
       group=root
@@ -20,7 +16,7 @@
 
 - name: common | Create application root
   # In the future consider making group edx r/t adm
-  file: path={{ app_base_dir }} state=directory owner=root group=adm mode=2775 
+  file: path={{ app_base_dir }} state=directory owner=root group=adm mode=2775
   tags:
   - pre_install
   - update
@@ -36,13 +32,13 @@
   tags:
   - pre_install
   - update
-  
+
 - name: common | Create staticfiles dir
-  file: path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775 
+  file: path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775
   tags:
   - pre_install
   - update
-  
+
 - name: common | Install role-independent useful system packages
   # do this before log dir setup; rsyslog package guarantees syslog user present
   apt: pkg={{','.join(common_debian_pkgs)}} install_recommends=yes state=present update_cache=yes
@@ -70,7 +66,7 @@
   - logging
   - update
 
-- name: common | Touch edx log file into place 
+- name: common | Touch edx log file into place
   # This is done for the benefit of the rake commands, which expect it
   command: touch -a {{log_base_dir}}/edx.log creates={{log_base_dir}}/edx.log
   tags:

playbooks/roles/edxapp/defaults/main.yml

@@ -158,7 +158,7 @@ generic_env_config:  &edxapp_generic_env
   WIKI_ENABLED: true
   SYSLOG_SERVER:  $EDXAPP_SYSLOG_SERVER
   SITE_NAME:  $EDXAPP_SITE_NAME
-  LOG_DIR:  "{{ storage_base_dir }}/logs/edx"
+  LOG_DIR:  "{{ data_base_dir }}/logs/edx"
   MEDIA_URL:  $EDXAPP_MEDIA_URL
   ANALYTICS_SERVER_URL:  $EDXAPP_ANALYTICS_SERVER_URL
   FEEDBACK_SUBMISSION_EMAIL: $EDXAPP_FEEDBACK_SUBMISSION_EMAIL

playbooks/roles/edxlocal/tasks/main.yml

@@ -59,11 +59,11 @@
 - name: edxlocal | stop mongo service
   service: name=mongodb state=stopped
 
-- name: edxlocal | move mongodb to {{ storage_base_dir }}
-  command: mv /var/lib/mongodb  {{ storage_base_dir }}/.  creates={{ storage_base_dir }}/mongodb
+- name: edxlocal | move mongodb to {{ data_base_dir }}
+  command: mv /var/lib/mongodb  {{ data_base_dir }}/.  creates={{ data_base_dir }}/mongodb
 
 - name: edxlocal | create mongodb symlink
-  file: src={{ storage_base_dir }}/mongodb dest=/var/lib/mongodb state=link
+  file: src={{ data_base_dir }}/mongodb dest=/var/lib/mongodb state=link
 
 - name: edxlocal | start mongo service
   service: name=mongodb state=started

playbooks/roles/gh_users/tasks/main.yml

 ---
 
 # gh_users
-# 
+#
 # Creates OS accounts for users based on their github credential.
 # Takes a list gh_users as a parameter which is a list of users
 #
 # roles:
 #   - role: gh_users
 #     gh_users:
-#      - user: github_admin_username
-#        groups: 
-#        - adm
-#      - user: another_github_username
-#        groups: !!null
-         
+#      - joe
+#      - mark
+
 
 - fail: gh_users list must be defined for this parameterized role
   when: not gh_users
 
-- name: gh_users | create local user for github user
+- name: gh_users | create gh group
+  group: name=gh state=present
+
+# TODO: give limited sudo access to this group
+- name: gh_users | grant full sudo access to gh group
+  copy: >
+    content="%adm ALL=(ALL) NOPASSWD:ALL"
+    dest=/etc/sudoers.d/gh
+    owner=root
+    group=root
+    mode=0440
+    validate='visudo -cf %s'
+
+- name: gh_users | create github users
   user:
-    name={{ item.user }}
-    groups={{ ",".join(item.groups) }}
+    name={{ item }}
+    group=gh
     shell=/bin/bash
   with_items: gh_users
 
 - name: gh_users | create .ssh directory
   file:
-    path=/home/{{ item.user }}/.ssh state=directory mode=0700
-    owner={{ item.user }} group={{ item.user }}
+    path=/home/{{ item }}/.ssh state=directory mode=0700
+    owner={{ item }} group={{ item }}
   with_items: gh_users
 
 - name: gh_users | copy github key[s] to .ssh/authorized_keys

playbooks/roles/jenkins_master/defaults/main.yml

-jenkins_home: "{{ storage_base_dir }}/jenkins"
+jenkins_home: "{{ data_base_dir }}/jenkins"
 jenkins_user: "jenkins"
 jenkins_group: "edx"
 jenkins_server_name: "jenkins.testeng.edx.org"

playbooks/roles/jenkins_master/tasks/main.yml

@@ -34,7 +34,7 @@
   file: path={{ jenkins_home }} recurse=yes state=directory
         owner={{ jenkins_user }} group={{ jenkins_group }}
 
-# Symlink /var/lib/jenkins to {{ storage_base_dir }}/jenkins
+# Symlink /var/lib/jenkins to {{ data_base_dir }}/jenkins
 # since Jenkins will expect its files to be in /var/lib/jenkins
 - name: jenkins_master | Symlink /var/lib/jenkins
   file: src={{ jenkins_home }} dest=/var/lib/jenkins state=link

playbooks/roles/jenkins_worker/defaults/main.yml

 ---
-jenkins_workspace: "{{ storage_base_dir }}/jenkins"
+jenkins_workspace: "{{ data_base_dir }}/jenkins"
 jenkins_phantomjs_url: https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2
 jenkins_phantomjs_archive: phantomjs-1.9.1-linux-x86_64.tar.bz2
 jenkins_phantomjs_folder: phantomjs-1.9.1-linux-x86_64
@@ -48,10 +48,10 @@ jscover_url: "http://superb-dca2.dl.sourceforge.net/project/jscover/JSCover-1.0.
 jscover_version: "1.0.2"
 
 # Mongo config
-mongo_dir: "{{ storage_base_dir }}/mongodb"
-mongo_log_dir: "{{ storage_base_dir }}/logs/mongodb"
+mongo_dir: "{{ data_base_dir }}/mongodb"
+mongo_log_dir: "{{ data_base_dir }}/logs/mongodb"
 
 # URL of S3 bucket containing pre-compiled Python packages
 python_pkg_url: "https://s3.amazonaws.com/jenkins.python_pkgs"
-python_download_dir: "{{ storage_base_dir }}/python_pkgs"
-python_virtualenv: "{{ storage_base_dir}}/venv"
+python_download_dir: "{{ data_base_dir }}/python_pkgs"
+python_virtualenv: "{{ data_base_dir}}/venv"

playbooks/roles/jenkins_worker/tasks/mongo.yml

 ---
 
-# Configure Mongo to use {{ storage_base_dir }} so we don't
+# Configure Mongo to use {{ data_base_dir }} so we don't
 # run out of disk space
 - name: jenkins_worker | Stop mongo service
   service: name=mongodb state=stopped

playbooks/roles/mongo/tasks/main.yml

@@ -12,12 +12,12 @@
   service: name=mongodb state=stopped
   tags: mongo
 
-- name: mongo | move mongodb to {{ storage_base_dir }}
-  command: mv /var/lib/mongodb  {{ storage_base_dir}}/.  creates={{ storage_base_dir }}/mongodb
+- name: mongo | move mongodb to {{ data_base_dir }}
+  command: mv /var/lib/mongodb  {{ data_base_dir}}/.  creates={{ data_base_dir }}/mongodb
   tags: mongo
 
 - name: mongo | create mongodb symlink
-  file: src={{ storage_base_dir }}/mongodb dest=/var/lib/mongodb state=link
+  file: src={{ data_base_dir }}/mongodb dest=/var/lib/mongodb state=link
   tags: mongo
 
 - name: mongo | copy configuration template

playbooks/roles/notifier/defaults/main.yml

@@ -38,7 +38,7 @@ NOTIFIER_USER_SERVICE_HTTP_AUTH_USER: "guido"
 NOTIFIER_USER_SERVICE_HTTP_AUTH_PASS: "vanrossum"
 NOTIFIER_CELERY_BROKER_URL: "django://"
 
-NOTIFIER_SUPERVISOR_LOG_DEST: "{{ storage_base_dir }}/logs/supervisor"
+NOTIFIER_SUPERVISOR_LOG_DEST: "{{ data_base_dir }}/logs/supervisor"
 
 NOTIFER_REQUESTS_CA_BUNDLE: "/etc/ssl/certs/ca-certificates.crt"
 

playbooks/roles/s3fs/tasks/main.yml

@@ -23,7 +23,7 @@
 # Assuming the following config
 #
 # my_role_s3fs_mounts:
-#   - { bucket: "my_bucket", mount_point: "{{ storage_base_dir}}/s3/my_bucket", owner: "root", group: "adm", mode: "0755" }
+#   - { bucket: "my_bucket", mount_point: "{{ data_base_dir}}/s3/my_bucket", owner: "root", group: "adm", mode: "0755" }
 #
 # The role would need to include tasks like the following
 #

playbooks/roles/xqueue/defaults/main.yml

@@ -49,7 +49,7 @@ xqueue_env_config:
   XQUEUE_WORKERS_PER_QUEUE: 12
   LOGGING_ENV : $XQUEUE_LOGGING_ENV
   SYSLOG_SERVER: $XQUEUE_SYSLOG_SERVER
-  LOG_DIR : "{{ storage_base_dir }}/logs/xqueue"
+  LOG_DIR : "{{ data_base_dir }}/logs/xqueue"
   RABBIT_HOST : $XQUEUE_RABBITMQ_HOSTNAME
   S3_BUCKET : $XQUEUE_S3_BUCKET
   S3_PATH_PREFIX: $XQUEUE_S3_PATH_PREFIX

playbooks/roles/xserver/defaults/main.yml

@@ -18,7 +18,7 @@ xserver_env_config:
   RUN_URL: $RABBIT_RUN_URL
   GRADER_ROOT: $RABBIT_GRADER_ROOT
   LOGGING_ENV: $RABBIT_LOGGING_ENV
-  LOG_DIR: "{{ storage_base_dir }}/logs/xserver"
+  LOG_DIR: "{{ data_base_dir }}/logs/xserver"
   SYSLOG_SERVER: $RABBIT_SYSLOG_SERVER
   SANDBOX_PYTHON: '/opt/edx_apparmor_sandbox/bin/python'