Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
configuration
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenEdx
configuration
Commits
926501bc
Commit
926501bc
authored
11 years ago
by
Joe Blaylock
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP Stanford playbook updates
parent
5556e728
Hide whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
98 additions
and
211 deletions
+98
-211
playbooks/edx-west/cme-prod-worker.yml
+17
-0
playbooks/edx-west/prod-jumpbox.yml
+11
-0
playbooks/edx-west/prod-worker.yml
+20
-15
playbooks/edx-west/stage-app.yml
+11
-0
playbooks/edx-west/stage-jumpbox.yml
+11
-0
playbooks/edx-west/stage-worker.yml
+28
-17
playbooks/roles/certificates/handlers/main.yml
+0
-2
playbooks/roles/certificates/tasks/main.yml
+0
-136
playbooks/roles/certificates/templates/certificates.auth.json.j2
+0
-1
playbooks/roles/certificates/templates/certificates.env.json.j2
+0
-1
playbooks/roles/certificates/templates/certifier-cert-agent-supervisor.j2
+0
-23
playbooks/roles/certificates/templates/certifier_shell_env.j2
+0
-7
playbooks/roles/certificates/templates/git_ssh.sh.j2
+0
-2
playbooks/roles/certificates/templates/notifier_env.j2
+0
-7
No files found.
playbooks/edx-west/cme-prod-worker.yml
View file @
926501bc
...
@@ -43,6 +43,23 @@
...
@@ -43,6 +43,23 @@
tags
:
xqueue
tags
:
xqueue
-
datadog
-
datadog
-
name
:
Deploy certs, notifier only to first util machine
hosts
:
~tag_Name_util(1)_cme
sudo
:
True
gather_facts
:
True
vars
:
secure_dir
:
'
../../../configuration-secure/ansible'
local_dir
:
"
{{secure_dir}}/local"
migrate_db
:
"
no"
vars_files
:
-
"
roles/common/defaults/main.yml"
-
"
roles/supervisor/defaults/main.yml"
-
"
{{
secure_dir
}}/vars/edxapp_cme_vars.yml"
-
"
{{
secure_dir
}}/vars/certs_cme_vars.yml"
roles
:
-
role
:
certs
tags
:
certs
# run the certificate agent on the first util machine only
# run the certificate agent on the first util machine only
#- hosts: ~tag_Name_util10_cme
#- hosts: ~tag_Name_util10_cme
# sudo: True
# sudo: True
...
...
This diff is collapsed.
Click to expand it.
playbooks/edx-west/prod-jumpbox.yml
View file @
926501bc
...
@@ -9,3 +9,14 @@
...
@@ -9,3 +9,14 @@
roles
:
roles
:
-
common
-
common
-
supervisor
-
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
This diff is collapsed.
Click to expand it.
playbooks/edx-west/prod-worker.yml
View file @
926501bc
...
@@ -24,6 +24,11 @@
...
@@ -24,6 +24,11 @@
-
sefk
-
sefk
-
jbau
-
jbau
-
jrbl
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
tags
:
users
-
role
:
'
common'
-
role
:
'
common'
tags
:
common
tags
:
common
...
@@ -46,21 +51,21 @@
...
@@ -46,21 +51,21 @@
#- splunkforwarder
#- splunkforwarder
# run the certificate agent on the first util machine only
# run the certificate agent on the first util machine only
#- hosts: ~tag_Name_util10
_prod
-
hosts
:
~tag_Name_util1
_prod
#
sudo: True
sudo
:
True
#
vars:
vars
:
#
secure_dir: '../../../configuration-secure/ansible'
secure_dir
:
'
../../../configuration-secure/ansible'
#
migrate_db: "no"
migrate_db
:
"
no"
#
vars_files:
vars_files
:
# - "{{ secure_dir }}/vars/edxapp_prod_vars
.yml"
-
"
roles/common/defaults/main
.yml"
# - "{{ secure_dir }}/vars/certifier_prod_vars
.yml"
-
"
roles/supervisor/defaults/main
.yml"
# roles:
-
"
{{
secure_dir
}}/vars/edxapp_prod_vars.yml"
# - common
-
"
{{
secure_dir
}}/vars/certs_prod_vars.yml"
# - role: virtualenv
roles
:
# virtualenv_user: "certifier"
-
role
:
gh_users
# gh_users var intentionally unspecified
# virtualenv_name: "certifier"
tags
:
users
# virtualenv_user_home: "/opt/wwc/certifier"
-
role
:
certs
# - certificate
s
tags
:
cert
s
#
#
# COMMENT OUT THE NOTIFIER UNTIL IT IS READY
# COMMENT OUT THE NOTIFIER UNTIL IT IS READY
...
...
This diff is collapsed.
Click to expand it.
playbooks/edx-west/stage-app.yml
View file @
926501bc
...
@@ -20,6 +20,17 @@
...
@@ -20,6 +20,17 @@
roles
:
roles
:
-
common
-
common
-
supervisor
-
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
dcadams
-
caesar2164
-
jinpa
-
gbruhns
tags
:
users
-
role
:
nginx
-
role
:
nginx
nginx_sites
:
nginx_sites
:
-
lms
-
lms
...
...
This diff is collapsed.
Click to expand it.
playbooks/edx-west/stage-jumpbox.yml
View file @
926501bc
...
@@ -8,3 +8,14 @@
...
@@ -8,3 +8,14 @@
local_dir
:
'
../../../configuration-secure/ansible/local'
local_dir
:
'
../../../configuration-secure/ansible/local'
roles
:
roles
:
-
common
-
common
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
This diff is collapsed.
Click to expand it.
playbooks/edx-west/stage-worker.yml
View file @
926501bc
...
@@ -18,6 +18,17 @@
...
@@ -18,6 +18,17 @@
tags
:
common
tags
:
common
-
role
:
'
supervisor'
-
role
:
'
supervisor'
tags
:
supervisor
tags
:
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
dcadams
-
caesar2164
-
jinpa
-
gbruhns
tags
:
users
-
role
:
'
edxapp'
-
role
:
'
edxapp'
celery_worker
:
True
celery_worker
:
True
devstack
:
false
devstack
:
false
...
@@ -33,23 +44,23 @@
...
@@ -33,23 +44,23 @@
tags
:
xqueue
tags
:
xqueue
#- name: Deploy certs, notifier only to first util machine
#- name: Deploy certs, notifier only to first util machine
#
hosts: ~tag_Name_util1_stage
hosts
:
~tag_Name_util1_stage
#
sudo: True
sudo
:
True
#
gather_facts: True
gather_facts
:
True
#
vars:
vars
:
#
secure_dir: '../../../configuration-secure/ansible'
secure_dir
:
'
../../../configuration-secure/ansible'
#
local_dir: "{{secure_dir}}/local"
local_dir
:
"
{{secure_dir}}/local"
#
migrate_db: "no"
migrate_db
:
"
no"
#
vars_files:
vars_files
:
# - "{{ secure_dir }}/vars/edxapp_stage_vars
.yml"
-
"
roles/common/defaults/main
.yml"
# - "{{ secure_dir }}/vars/notifier_stage_vars
.yml"
-
"
roles/supervisor/defaults/main
.yml"
# roles:
-
"
{{
secure_dir
}}/vars/edxapp_stage_vars.yml"
# - certs
-
"
{{
secure_dir
}}/vars/certs_stage_vars.yml"
# - role: virtualenv
roles
:
# virtualenv_user: "notifier"
-
role
:
gh_users
# gh_users var intentionally unspecified
# virtualenv_user_home: "/opt/wwc/notifier"
tags
:
users
# virtualenv_name: "notifier"
-
role
:
certs
# - notifier
tags
:
certs
#- name: Deploy certs to first util machine
#- name: Deploy certs to first util machine
# hosts: ~tag_Name_util1_stage
# hosts: ~tag_Name_util1_stage
...
...
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/handlers/main.yml
deleted
100644 → 0
View file @
5556e728
-
name
:
certifier | restart certificate-agent
supervisorctl
:
name=certificate-agent state=restarted
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/tasks/main.yml
deleted
100644 → 0
View file @
5556e728
# requires:
# - group_vars/all
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
-
name
:
certificates | create certificates user {{ certs_user }}
user
:
name={{certs_user}} state=present shell=/bin/bash home={{certs_home}} createhome=yes
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | create location for gpg information
file
:
state=directory path={{certs_home}}/.gpg mode=0700 owner={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | put gpg information in place
copy
:
src={{secure_dir}}/files/{{item}} dest={{cert_gpg}}/{{item}} mode=0400 owner={{certs_user}}
with_items
:
-
gpg.conf
-
pubring.gpg
-
secring.gpg
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | create certificates log location
file
:
state=directory path={{certs_logs_dir}} mode=0770 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | upload ssh script
template
:
src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | install read-only ssh key for the certs repo
copy
:
src={{secure_dir}}/files/git-identity dest=/{{certs_home}}/git-identity force=yes owner={{certs_user}} group=adm mode=600
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | checkout certificate code
git
:
dest={{certs_home}}/src repo={{certs_repo}} version={{certs_ver}}
environment
:
GIT_SSH
:
/tmp/git_ssh.sh
tags
:
-
certificates
-
install
-
deploy
-
name
:
certificates | fixup permissions on repo
# TODO: after remote_user is available in ansible dist, use that in the above task instead of manual perms fixup
file
:
path={{certs_home}}/src state=directory recurse=yes owner={{certs_user}} group=adm mode=755
tags
:
-
certificates
-
install
-
deploy
-
name
:
certificates | install prerequisites
pip
:
requirements={{certs_home}}/src/requirements.txt virtualenv={{certs_venv_dir}} state=present
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | install env
template
:
src=certificates.env.json.j2 dest={{certs_home}}/env.json mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certificates | install auth
template
:
src=certificates.auth.json.j2 dest={{certs_home}}/auth.json mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certifier | install bash_profile
copy
:
src=../../common/files/bash_profile dest={{certs_home}}/.bash_profile owner={{certs_user}} group={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certifier | setup certifier shell environment
template
:
src=certifier_shell_env.j2 dest={{certs_home}}/certifier_env owner={{certs_user}} group={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | ensure .bashrc exists and sources shell environment
lineinfile
:
dest={{certs_home}}/.bashrc create=yes state=present insertbefore=BOF
regexp='source {{certs_home}}/certifier_env' line='source {{certs_home}}/certifier_env'
mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | add source venv to .bashrc
lineinfile
:
dest={{certs_home}}/.bashrc create=yes state=present insertafter=EOF
regexp='source {{certs_venv_dir}}/bin/activate' line='source {{certs_venv_dir}}/bin/activate'
mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | supervisord config for certificate-agent
template
:
src=certifier-cert-agent-supervisor.j2 dest=/etc/supervisor/conf.d/certifier-cert-agent.conf
notify
:
certifier | restart certificate-agent
tags
:
-
certificates
-
install
-
update
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/certificates.auth.json.j2
deleted
100644 → 0
View file @
5556e728
{{ certs_auth_config | to_nice_json }}
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/certificates.env.json.j2
deleted
100644 → 0
View file @
5556e728
{{ certs_env_config | to_nice_json }}
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/certifier-cert-agent-supervisor.j2
deleted
100644 → 0
View file @
5556e728
;
; {{ ansible_managed }}
;
[program:certificate-agent]
command={{ certs_venv_dir }}/bin/python {{certs_home}}/src/certificate_agent.py
priority=999
user={{ certs_user }}
stdout_logfile={{certs_logs_dir}}/certificate-agent-stdout.log
stderr_logfile={{certs_logs_dir}}/certificate-agent-stderr.log
environment=PID='/var/tmp/certifier-certificate-agent.pid',LANG=en_US.UTF-8,
killasgroup=true
stopasgroup=true
startsecs=10
autostart=true
autorestart=true
directory={{certs_home}}
environment=PID='/var/tmp/certifier-certificate-agent.pid',LANG=en_US.UTF-8,
{%- for name,value in certs_shell_env_vars.items() -%}
{{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/certifier_shell_env.j2
deleted
100644 → 0
View file @
5556e728
# {{ ansible_managed }}
{% for name,value in certs_shell_env_vars.items() %}
{% if value %}
export {{ name }}="{{ value }}"
{% endif %}
{% endfor %}
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/git_ssh.sh.j2
deleted
100755 → 0
View file @
5556e728
#!/bin/sh
exec
/usr/bin/ssh
-o
StrictHostKeyChecking
=
no
-i
/
{{
certs_home
}}
/git-identity
"
$@
"
This diff is collapsed.
Click to expand it.
playbooks/roles/certificates/templates/notifier_env.j2
deleted
100644 → 0
View file @
5556e728
# {{ ansible_managed }}
{% for name,value in notifier_env_vars.items() %}
{% if value %}
export {{ name }}="{{ value }}"
{% endif %}
{% endfor %}
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment