Merge pull request #1449 from edx/e0d/minos

minos role and play updates

playbooks/edx-east/edxapp.yml

@@ -20,3 +20,5 @@
       when: COMMON_ENABLE_SPLUNKFORWARDER
     - role: newrelic
       when: COMMON_ENABLE_NEWRELIC
+    - role: minos
+      when: COMMON_ENABLE_MINOS

playbooks/edx-east/worker.yml

@@ -12,3 +12,6 @@
       when: COMMON_ENABLE_SPLUNKFORWARDER
     - role: newrelic
       when: COMMON_ENABLE_NEWRELIC
+    - role: minos
+      when: COMMON_ENABLE_MINOS
+      
\ No newline at end of file

playbooks/roles/common/defaults/main.yml

@@ -56,6 +56,7 @@ COMMON_ENABLE_DATADOG: False
 COMMON_ENABLE_NGINXTRA: False
 COMMON_ENABLE_SPLUNKFORWARDER: False
 COMMON_ENABLE_NEWRELIC: False
+COMMON_ENABLE_MINOS: False
 COMMON_TAG_EC2_INSTANCE: False
 common_debian_pkgs:
   - ntp

playbooks/roles/minos/defaults/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Defaults for role minos
+# 
+MINOS_GIT_IDENTITY: !!null
+
+#
+# vars are namespace with the module name.
+#
+minos_role_name: minos
+minos_service_name: "{{ minos_role_name }}"
+minos_data_dir: "{{ COMMON_DATA_DIR }}/minos"
+minos_app_dir: "{{ COMMON_APP_DIR }}/minos"
+minos_venv_dir: "{{ minos_app_dir }}/venvs/"
+minos_log_dir: "{{ COMMON_LOG_DIR }}/minos"
+minos_cfg_file: "{{ COMMON_CFG_DIR }}/minos/minos.yml"
+minos_voter_cfg: "{{ COMMON_CFG_DIR }}/minos/conf.d/"
+minos_git_ssh: "/tmp/git.sh"
+minos_git_identity: "{{ minos_app_dir }}/minos-git-identity"
+minos_edx_server_tools_repo: "git@github.com/edx-ops/edx-minos.git"
+minos_edx_server_tools_version: "release"
+minos_requirement: "git+ssh://{{ minos_edx_server_tools_repo }}@{{ minos_edx_server_tools_version }}#egg=edx-minos"
+  
+#
+# OS packages
+#
+
+minos_debian_pkgs: []
+
+minos_redhat_pkgs: []

playbooks/roles/minos/handlers/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Handlers for role minos
+# 
+# Overview:
+# 
+#
+- name: notify me
+  debug: msg="stub handler"

playbooks/roles/minos/meta/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Role includes for role minos
+# 
+# Example:
+#
+# dependencies:
+#   - {
+#   role: my_role 
+#   my_role_var0: "foo"
+#   my_role_var1: "bar"
+# }
+dependencies:
+  - role: edx_service
+    edx_role_name: "{{ minos_role_name }}"
+    edx_service_name: "{{ minos_service_name }}"
\ No newline at end of file

playbooks/roles/minos/tasks/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role minos
+# 
+# Overview:
+#
+# Install the, currently private, minos application
+# which determines whether or not it is safe to retire
+# a server
+#
+# Dependencies:
+#
+# Relies on the common role.
+# 
+# Example play:
+#
+# - name: Deploy minos
+#   hosts: all
+#   sudo: True
+#   gather_facts: True
+#   vars:
+#     COMMON_ENABLE_MINOS: True
+#   roles:
+#     - common
+#     - minos 
+#
+
+- name: gather ec2 facts
+  action: ec2_facts
+
+- name: create minos config directory
+  file: >
+    path={{ minos_voter_cfg }}
+    state=directory
+    owner=root
+    group=root
+    mode=0755
+
+- name: create minos config
+  template: >
+    dest={{ minos_cfg_file }}
+    src=edx/etc/minos/minos.yml.j2
+    mode=0755 owner=root group=root
+  
+- name: create minos voters configs
+  template: >
+    dest={{ minos_voter_cfg }}/{{ item }}.yml
+    src=edx/etc/minos/conf.d/{{ item }}.yml.j2
+    mode=0755 owner=root group=root
+  with_items:
+    - "BellwetherVoter"
+    - "ProccessQuienscenceVoterCelery"
+    - "ProccessQuienscenceVoterGunicorn"
+    - "TrackingLogVoter"
+
+    # Optional auth for git
+- name: create ssh script for git (not authenticated)
+  template: >
+    src=tmp/git-identity.sh.j2 dest={{ minos_git_ssh }}
+    mode=750
+  when:
+    - MINOS_GIT_IDENTITY is not defined
+
+- name: create ssh script for git (authenticated)
+  template: >
+    src=tmp/git-identity.sh.j2 dest={{ minos_git_ssh }}
+    mode=750
+  when:
+    - MINOS_GIT_IDENTITY is defined
+
+- name: install read-only ssh key
+  copy: >
+    content="{{ COMMON_GIT_IDENTITY }}" dest="{{ minos_git_identity }}"
+    force=yes mode=0600
+
+- name : install python custom-requirements
+  pip: >
+    name="{{ item }}"
+    virtualenv="{{ minos_venv_dir }}"
+    state=present
+    extra_args="--exists-action w"
+  environment:
+    GIT_SSH: "{{ minos_git_ssh }}"
+  with_items:
+    - "{{ minos_requirement }}"

playbooks/roles/minos/templates/edx/etc/minos/conf.d/BellwetherVoter.yml.j2

+BellwetherVoter:
+  config:
\ No newline at end of file

playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2

+ProccessQuiescenceVoter:
+  config:
+    process_name: 'celery'
\ No newline at end of file

playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2

+ProccessQuiescenceVoter:
+  config:
+    process_name: 'gunicorn'
\ No newline at end of file

playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2

+ProccessQuiescenceVoter:
+  config:
+    process_name: 'celery'
\ No newline at end of file

playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2

+ProccessQuiescenceVoter:
+  config:
+    process_name: 'gunicorn'
\ No newline at end of file

playbooks/roles/minos/templates/edx/etc/minos/conf.d/TrackingLogVoter.yml.j2

+TrackingLogVoter:
+  config:
+    aws_profile: !!null
+    local_directory: '{{ COMMON_LOG_DIR }}/tracking'
+    s3_bucket: 'edx-{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }}'
+    bucket_path_prefix: 'logs/tracking'

playbooks/roles/minos/templates/edx/etc/minos/minos.yml.j2

+---
+
+aws_profile: !!null
+s3_bucket: 'edx-{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }}'
+bucket_path: 'lifecycle/minos'
+voter_conf_d: '{{ minos_voter_cfg }}'

playbooks/roles/minos/templates/tmp/git-identity.sh.j2

+#!/bin/sh
+exec /usr/bin/ssh -o StrictHostKeyChecking=no {% if COMMON_GIT_IDENTITY %}-i {{ minos_git_identity }}{% endif %} "$@"