Merge remote-tracking branch 'origin/master' into vik/ml-api

Conflicts:
	playbooks/roles/common/tasks/edx_logging_base.yml
	playbooks/roles/common/tasks/main.yml

playbooks/edxapp_custom.yml

-- hosts: tag_Group_edxapp_custom
-  sudo: True
-  vars_files:
-  # using conditional loading to override defaults for site-specific installs
-    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
-    - "{{ secure_dir }}/vars/edxapp_custom_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - lms
-    - ruby
-    - npm

playbooks/edxapp_prod.yml → playbooks/edxapp_ref.yml

-- hosts: tag_Group_edxapp_prod
+- hosts: tag_Group_edxapp_ref
   sudo: True
   vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+    - "{{ secure_dir }}/vars/edxapp_ref_vars.yml"
+    - "{{ secure_dir }}/vars/edxapp_ref_users.yml"
   roles:
     - common
     - nginx
     - gunicorn
     - lms
     - cms
+    - lms-preview
     - ruby
     - npm
     # run this role last

playbooks/edxapp_stage.yml

-- hosts: tag_Group_edxapp_stage
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - lms
-    - ruby
-    - npm

playbooks/group_vars/tag_Group_anothermulti

----
-# this path is relative to the playbook dir
-secure_dir: '../../configuration-secure/ansible'

playbooks/group_vars/tag_Group_edxapp_prod

----
-edxapp_prod: true
-secure_dir: '../../configuration-secure/ansible'
\ No newline at end of file

playbooks/group_vars/tag_Group_edxapp_stage

----
-edxapp_stage: true

playbooks/roles/cms/tasks/main.yml

@@ -4,16 +4,18 @@
 #  - nginx/tasks/main.yml
 ---
 - name: create cms application config
-  template: src=env.json.j2 dest=$app_base_dir/cms.env.json mode=644
+  template: src=env.json.j2 dest=$app_base_dir/cms.env.json mode=640 owner=www-data group=adm
   tags:
   - cms-env
   - cms
+  - update
 
 - name: create cms auth file
-  template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json mode=644
+  template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json mode=640 owner=www-data group=adm
   tags:
   - cms-env
   - cms
+  - update
 
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms
   
@@ -25,6 +27,7 @@
   - cms 
   - cms-env
   - logging
+  - update
 
 # If we set up CMS, we have to set up edx logging
 - include: ../../common/tasks/edx_logging_base.yml

playbooks/roles/cms/vars/main.yml

 # variables common to the cms role, automatically loaded
 # when the role is included
 ---
-cms_auth_config:
-  'CONTENTSTORE':
-    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
-  'MODULESTORE':
-    'default':
-      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
- 
-cms_env_config:
-  'CACHES':
-    'default':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-      'KEY_PREFIX': 'cms.edx.org'
-      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
-    'mongo_metadata_inheritance':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-      'TIMEOUT': 300
-      'KEY_PREFIX': 'cms.edx.org'
-      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
-    'staticfiles':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-      'KEY_PREFIX': 'cms.edx.org'
-      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
-  'LOG_DIR': '{{log_base_dir}}/edx'
-  'LOGGING_ENV': 'cms-dev'
-  'SITE_NAME': 'studio.cms-dev.m.edx.org'
-  'SYSLOG_SERVER': 'syslog.a.m.i4x.org'
-  'LMS_BASE': 'cms-dev.m.edx.org'
-  'SESSION_COOKIE_DOMAIN': '.cms-dev.m.edx.org'
-
+cms_auth_config: {}
+cms_env_config: {}

playbooks/roles/common/tasks/create_users.yml

@@ -5,6 +5,7 @@
   tags:
   - users
   - admin_users
+  - update
 
 - name: Add user 'ubuntu' to 'edx' group
   # This is a temporary measure for initial configuration; after the last 
@@ -14,6 +15,7 @@
   tags:
   - users
   - admin_users
+  - update
 
 - name: Creating admin users
   # Admin users, by definition, should be able to sudo w/ password, and read adm-only files
@@ -24,6 +26,7 @@
   tags:
   - users
   - admin_users
+  - update
 
 - name: Copying ssh keys for admin users
   authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
@@ -32,6 +35,7 @@
   tags:
   - users
   - admin_users
+  - update
 
 - name: Creating env users
   user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
@@ -39,6 +43,7 @@
   when: env_users is defined
   tags:
   - users
+  - update
 
 - name: Copying ssh keys for env users
   authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
@@ -46,6 +51,7 @@
   when: env_keys is defined
   tags:
   - users
+  - update
 
 - name: Group adm passwordless sudo
   copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
@@ -53,4 +59,5 @@
   tags:
   - users
   - admin_users
+  - update
 

playbooks/roles/common/tasks/create_venv.yml

@@ -4,22 +4,31 @@
   easy_install: name=pip
   tags:
   - venv_base
+  - install
+
 - name: pip install virtualenv
   pip: name=virtualenv state=latest
   sudo: True
   tags:
   - venv_base
+  - install
+
 - name: pip install virtualenvwrapper
   pip: name=virtualenvwrapper state=latest
   sudo: True
   tags:
   - venv_base
+  - install
+
 - name: create edx virtualenv directory
   file: path=$venv_dir owner=ubuntu group=adm mode=2775 state=directory
   sudo: True
   tags:
   - venv_base
+  - install
+
 - name: create the edx virtualenv directory initial contents
   command: /usr/local/bin/virtualenv $venv_dir creates=$venv_dir/bin/activate
   tags:
   - venv_base
+  - install

playbooks/roles/common/tasks/edx_logging_base.yml

@@ -2,30 +2,30 @@
 - name: Install rsyslog configuration for edX
   template: dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644
   notify: restart rsyslogd
-  sudo: True
   tags:
   - logging
+  - update
 
 - name: Install logrotate configuration for edX
   template: dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644
-  sudo: True
   tags:
   - logging
+  - update
 
 - name: Touch tracking file into existence
-  command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
-  sudo: True
+  command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log 
   tags:
   - logging
+  - update
 
 - name: Set permissions on tracking file
-  file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=750
-  sudo: True
+  file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640
   tags:
   - logging
+  - update
 
 - name: Install logrotate configuration for tracking file
   template: dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644
-  sudo: True
   tags:
   - logging
+  - update

playbooks/roles/common/tasks/main.yml

 ---
 - include: create_users.yml
+
 - name: Create application root
   # In the future consider making group edx r/t adm
   file: path=$app_base_dir state=directory owner=root group=adm mode=2775 
-  sudo: True
   tags:
   - pre_install
+  - update
 
 - name: Create upload directory
   file: path=$app_base_dir/uploads mode=2775 state=directory owner=root group=adm
-  sudo: True
   tags:
   - pre_install
+  - update
 
 - name: Create data dir
   file: path={{ app_base_dir }}/data state=directory owner=root group=root
-  sudo: True
   tags:
   - pre_install
+  - update
   
 - name: Install role-independent useful system packages
   # do this before log dir setup; rsyslog package guarantees syslog user present
   apt: pkg={{item}} install_recommends=yes state=present update_cache=yes
-  sudo: True
   with_items:
   - ack-grep
   - lynx-cur
@@ -33,26 +33,27 @@
   - tree
   tags:
   - pre_install
+  - update
 
 - name: Create log directory
   file: path=$log_base_dir state=directory mode=2770 group=adm owner=syslog
-  sudo: True
   tags:
   - pre_install
+  - update
 
 - name: Create alias from app_base_dir to the log_base_dir
   file: state=link src=$log_base_dir path=$app_base_dir/log
-  sudo: True
   tags:
   - pre_install
   - logging
+  - update
 
 - name: Create convenience link from log_base_dir to system logs
   file: state=link src=/var/log path=$log_base_dir/system
-  sudo: True
   tags:
   - pre_install
   - logging
+  - update
 
 - name: Touch edx log file into place 
   # This is done for the benefit of the rake commands, which expect it
@@ -60,16 +61,17 @@
   tags:
   - pre_install
   - logging
+  - install
 
 - name: Set permissions on edx log file
   # This is done for the benefit of the rake commands, which expect it
-  file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=770
-  sudo: True
+  file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640
   tags:
   - pre_install
   - logging
+  - update
 
 - include: create_venv.yml
 - include: edx_logging_base.yml
 
-- include: software_update.yml
+- include: software_update.yml
\ No newline at end of file

playbooks/roles/common/tasks/software_update.yml

@@ -3,4 +3,5 @@
   copy: src=roles/common/files/edx-update.sh dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775
   sudo: True
   tags:
+  - release
   - update

playbooks/roles/gunicorn/handlers/main.yml

+---
+- name: restart lms
+  service: name=lms state=restarted
+  sudo: True
+
+- name: restart cms
+  service: name=cms state=restarted
+  sudo: True
+
+- name: restart lms-preview
+  service: name=lms-preview state=restarted
+  sudo: True

playbooks/roles/gunicorn/tasks/main.yml

@@ -3,3 +3,4 @@
   pip: name=gunicorn virtualenv="{{venv_dir}}" state=present
   tags:
   - gunicorn
+  - install

playbooks/roles/gunicorn/tasks/upstart.yml

@@ -6,6 +6,8 @@
   - "{{ local_dir }}/gunicorn/templates/{{ service_variant }}.conf.j2"
   # seems like paths in first_available_file must be relative to the playbooks dir
   - "roles/gunicorn/templates/{{ service_variant }}.conf.j2"
+  notify: restart {{ service_variant }}
   tags:
   - upstart
   - gunicorn
+  - update

playbooks/roles/gunicorn/templates/cms.conf.j2

@@ -17,8 +17,7 @@ env PORT=8010
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=cms.envs.aws
 env SERVICE_VARIANT="cms"
- 
- 
+  
 chdir ${app_base_dir}/mitx
 setuid www-data
  

playbooks/roles/gunicorn/templates/lms-preview.conf.j2

+# gunicorn
+
+description "gunicorn server"
+author "Calen Pennington <cpennington@mitx.mit.edu>"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+respawn limit 3 30
+
+env PID=/var/tmp/lms.pid
+#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
+#env NEWRELIC=${venv_dir}/bin/newrelic-admin
+env WORKERS={{ ansible_processor_cores * 2 }}
+env PORT=8020
+env LANG=en_US.UTF-8
+env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env SERVICE_VARIANT="lms-preview"
+  
+chdir ${app_base_dir}/mitx
+setuid www-data
+
+exec ${venv_dir}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath=${app_base_dir}/mitx lms.wsgi
+
+post-start script
+  while true
+  do
+    if $(curl -s -i localhost:$PORT/heartbeat | egrep -q '200 OK'); then
+      break;
+    else
+      sleep 1;
+    fi
+  done
+end script
+

playbooks/roles/gunicorn/templates/lms.conf.j2

@@ -17,8 +17,7 @@ env PORT=8000
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=lms.envs.aws
 env SERVICE_VARIANT="lms"
-
-
+  
 chdir ${app_base_dir}/mitx
 setuid www-data
 

playbooks/roles/in_production/tasks/main.yml

@@ -9,10 +9,30 @@
 - name: Make sure LMS is running
   service: name=lms state=started
   tags:
+  - lms
+  - lms-env
   - production
+  - update
+
+- name: Make sure CMS is running
+  service: name=cms state=started
+  tags:
+  - cms
+  - cms-env
+  - production
+  - update
+
+- name: Make sure LMS-preview is running
+  service: name=lms-preview state=started
+  tags:
+  - lms-preview
+  - lms-preview-env
+  - production
+  - update
 
 - name: Disable HTTP Basic Auth on site
   file: path=/etc/nginx/sites-enabled/basic-auth state=absent
   notify: restart nginx
   tags:
   - production
+  - update

playbooks/roles/lms-preview/tasks/main.yml

+# requires:
+#  - group_vars/all
+#  - common/tasks/main.yml
+#  - nginx/tasks/main.yml
+---
+- name: create lms application config
+  template: src=env.json.j2 dest=$app_base_dir/lms-preview.env.json mode=640 owner=www-data group=adm
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- name: create lms auth file
+  template: src=auth.json.j2 dest=$app_base_dir/lms-preview.auth.json mode=640 owner=www-data group=adm
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview-backend
+
+# Creates LMS Preview upstart file
+- include: ../../gunicorn/tasks/upstart.yml service_variant=lms-preview

playbooks/roles/lms-preview/templates/auth.json.j2

+{{ lms_preview_auth_config | to_nice_json }}

playbooks/roles/lms-preview/templates/env.json.j2

+{{ lms_preview_env_config | to_nice_json }}

playbooks/roles/lms/tasks/main.yml

@@ -4,16 +4,18 @@
 #  - nginx/tasks/main.yml
 ---
 - name: create lms application config
-  template: src=env.json.j2 dest=$app_base_dir/lms.env.json
+  template: src=env.json.j2 dest=$app_base_dir/lms.env.json mode=640 owner=www-data group=adm
   tags:
   - lms
   - lms-env
+  - update
 
 - name: create lms auth file
-  template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
+  template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json mode=640 owner=www-data group=adm
   tags:
   - lms
   - lms-env
+  - update
 
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
@@ -24,6 +26,7 @@
   - cms
   - lms
   - lms-env
+  - update
 
 - name: Create lms log target directory
   file: path={{log_base_dir}}/lms state=directory owner=syslog group=adm mode=2770
@@ -31,6 +34,7 @@
   - lms
   - lms-env
   - logging
+  - update
 
 # If we set up LMS, we have to set up edx logging
 - include: ../../common/tasks/edx_logging_base.yml
@@ -45,12 +49,14 @@
   tags:
   - lms
   - cms
+  - update
 
 - name: upload ssh script
   copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
   tags:
   - lms
   - cms
+  - update
 
 # Check out mitx repo to $app_base_dir
 - name: install git and its recommends
@@ -58,13 +64,15 @@
   tags:
   - lms
   - cms
-- name: git checkout mitx repo into $app_base_dir
-  git: dest={{app_base_dir}}/mitx repo={{lms_source_repo}}
+
+- name: git checkout edx-platform repo into $app_base_dir
+  git: dest={{platform_code_dir}} repo={{lms_source_repo}}
   environment:
     GIT_SSH: /tmp/git_ssh.sh
   tags:
   - lms
   - cms
+  - install
 
 ## Install the debian package requirements system-wide
 - name: store remote apt_repos list for ansible use
@@ -73,6 +81,8 @@
   tags:
   - lms
   - cms
+  - install
+
 - name: add apt_repos to the remote hosts
   apt_repository: repo="$item"
   with_items: "{{apt_repos_list.stdout.split()}}"
@@ -81,6 +91,8 @@
   tags:
   - lms
   - cms
+  - install
+
 - name: update apt cache (if necessary)
   apt: update_cache=yes
   sudo: True
@@ -88,18 +100,23 @@
   tags:
   - lms
   - cms
+  - install
+
 - name: store remote apt_packages list for ansible use
   command: cat {{app_base_dir}}/mitx/apt-packages.txt
   register: apt_packages_list
   tags:
   - lms
   - cms
+  - install
+
 - name: install a bunch of system packages on which LMS and CMS rely
   apt: pkg={{item}} state=present
   with_items: lms_debian_pkgs
   tags:
   - lms
   - cms
+  - install
 
 # Install the python requirements into $venv_dir 
 - name : install python pre-requirements
@@ -107,6 +124,7 @@
   tags:
   - lms
   - cms
+  - install
 
 # Install the python modules into $venv_dir 
 - name : install python packages using the shell
@@ -118,6 +136,7 @@
   tags:
   - lms
   - cms
+  - install
   
 # Creates LMS upstart file
 - include: ../../gunicorn/tasks/upstart.yml service_variant=lms

playbooks/roles/lms/vars/main.yml

 # variables common to the lms role, automatically loaded
 # when the role is included
 ---
-lms_auth_config:
-  'CONTENTSTORE':
-    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
-  'MODULESTORE':
-    'default':
-      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
- 
-lms_env_config:
-  'CACHES':
-    'default':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-    'general':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-    'mongo_metadata_inheritance':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-      'TIMEOUT': 300
-    'staticfiles':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-  'CERT_QUEUE':  'certificates'
-#  'COURSE_LISTINGS':
-#    'default': ['MITx/6.002x/2012_Fall']
-#    'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
-#    'stage-harvard': [ 'HarvardX/CS50/2012H']
-#    'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
-#    'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
-#    'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
-  'LOCAL_LOGLEVEL':  'INFO'
-#  'META_UNIVERSITIES':
-#    'UTx': [ 'UTAustinX']
-  'MITX_FEATURES':
-    'AUTH_USE_OPENID_PROVIDER': true
-    'CERTIFICATES_ENABLED': true
-    'ENABLE_DISCUSSION_SERVICE': true
-    'ENABLE_INSTRUCTOR_ANALYTICS': true
-    'ENABLE_PEARSON_HACK_TEST': false
-    'SUBDOMAIN_BRANDING': false
-    'SUBDOMAIN_COURSE_LISTINGS': false
-#  'SUBDOMAIN_BRANDING':
-#    'stage-berkeley':  'BerkeleyX'
-#    'stage-harvard':  'HarvardX'
-#    'stage-mit':  'MITx'
-#    'stage-num':  'MITx'
-#    'stage-sjsu':  'MITx'
-#  'VIRTUAL_UNIVERSITIES': []
-  'WIKI_ENABLED': true
-
-lms_source_repo: git@github.com:edx/mitx.git
+lms_auth_config: {}
+lms_env_config: {}
+lms_source_repo: git@github.com:edx/edx-platform.git
 lms_debian_pkgs:
   - apparmor-utils
   - aspell

playbooks/roles/nginx/tasks/main.yml

@@ -6,45 +6,58 @@
   notify: restart nginx
   tags:
   - nginx
-# removing default link
-- name: Removing default nginx config (enabled)
-  file: path=/etc/nginx/sites-enabled/default state=absent
-  notify: restart nginx
-  tags:
-  - nginx
-- name: Removing default nginx config (available)
-  file: path=/etc/nginx/sites-available/default state=absent
-  tags:
-  - nginx
+  - install
+
 # Standard configuration that is common across all roles
 # Default values for these variables are set in group_vars/all
 # Note: remove spaces in {{..}}, otherwise you will get a template parsing error.
 - include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
 - include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
-# Default htpassword file, required for basic auth
-- copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
+
+- name: Write out default htpasswd file
+  copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
+  tags:
+  - nginx
+  - update
+
+- name: Create nginx log file location (just in case)
+  file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
+  tags:
+  - nginx
+  - logging
+  - update
+
+# removing default link
+- name: Removing default nginx config and restart (enabled)
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  notify: restart nginx
   tags:
   - nginx
+  - update
+
 - name: Ensuring that nginx is running
   service: name=nginx state=started
   tags:
   - nginx
+  - update
 
-- name: Create nginx log file location (just in case)
-  file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
+# Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
+
+- name: Set up nginx access log rotation
+  template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
   tags:
-  - nginx
   - logging
+  - update
+
+- name: Set up nginx access log rotation
+  template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
+  tags:
+  - logging
+  - update
+
+- name: Removing default nginx config (available)
+  file: path=/etc/nginx/sites-available/default state=absent
+  tags:
+  - nginx
+  - update
 
-# Commented out until default config has nginx log to {{log_base_dir}}/nginx
-# and also until default logrotate task 'nginx' gets removed
-###
-#- name: Set up nginx access log rotation
-#  template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
-#  tags:
-#  - logging
-#
-#- name: Set up nginx access log rotation
-#  template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
-#  tags:
-#  - logging

playbooks/roles/nginx/tasks/nginx_site.yml

@@ -12,6 +12,7 @@
   - lms
   - cms
   - nginx-env
+  - update
 
 - name: Creating nginx config link {{ site_name }}
   file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
@@ -21,3 +22,4 @@
   - lms
   - cms
   - nginx-env
+  - update

playbooks/roles/nginx/templates/cms.j2

@@ -5,13 +5,13 @@ server {
 
   server_name trace-cms.*
               studio.lms-dev.m.edx.org;
+  access_log {{log_base_dir}}/nginx/access.log;
+  error_log {{log_base_dir}}/nginx/error.log error;
 
-  #
   # Send error response when request host isn't under our control
   # We will no longer respond to proxy attempts like this with 
   # anything.
   # curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
-  #
 
   set $reject 'no';
 

playbooks/roles/nginx/templates/edx_logrotate_nginx_access.j2

+# Put in place by ansible
+
 {{log_base_dir}}/nginx/access.log {
   create
   compress

playbooks/roles/nginx/templates/edx_logrotate_nginx_error.j2

+# Put in place by ansible
+
 {{log_base_dir}}/nginx/error.log {
   create
   compress

playbooks/roles/nginx/templates/lms-preview-backend.j2

+upstream lms-preview-backend {
+    # For a TCP configuration:
+    server 127.0.0.1:8020 fail_timeout=0;
+}

playbooks/roles/nginx/templates/lms-preview.j2

+server {
+  # LMS-preview configuration file for nginx, templated by ansible
+
+  listen 80;
+
+  server_name trace-lms-preview.*
+              preview.lms-dev.m.edx.org;
+
+  #
+  # Send error response when request host isn't under our control
+  # We will no longer respond to proxy attempts like this with
+  # anything.
+  # curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
+  #
+
+  set $reject 'no';
+
+  #if ($host !~* (edx.org|edxonline.org)$ ) {
+  #  set $reject 'yes';
+  #}
+
+  if ($request_uri ~ ^(/heartbeat)$) {
+    set $reject 'no';
+  }
+
+  if ( $reject = 'yes' ) {
+    return 444;
+  }
+  # CS184 requires uploads of up to 4MB for submitting screenshots.
+  # CMS requires larger value for course assest, values provided
+  # via hiera.
+  client_max_body_size 4M;
+
+  rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
+
+  location @proxy_to_lms-preview_app {
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://lms-preview-backend;
+  }
+
+  location / {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the github_service_hook url, so that github can use it for cms
+  location /github_service_hook {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the heartbeat url, so that ELB can use it
+  location /heartbeat {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # Check security on this
+  location ~ /static/(?P<file>.*) {
+    root {{app_base_dir}};
+    try_files /staticfiles/$file /course_static/$file =404;
+
+    # return a 403 for static files that shouldn't be
+    # in the staticfiles directory
+    location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
+        return 403;
+    }
+    # Set django-pipelined files to maximum cache time
+    location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
+        expires max;
+        # Without this try_files, files that have been run through
+        # django-pipeline return 404s
+        try_files /staticfiles/$collected /course_static/$collected =404;
+    }
+
+    # Expire other static files immediately (there should be very few / none of these)
+    expires epoch;
+  }
+
+  # Forward to HTTPS if we're an HTTP request...
+  if ($http_x_forwarded_proto = "http") {
+    set $do_redirect "true";
+  }
+
+  # Run our actual redirect...
+  if ($do_redirect = "true") {
+    rewrite ^ https://$host$request_uri? permanent;
+  }
+
+  # Monitoring support for datadog.
+  location /nginx_status {
+    stub_status on;
+    access_log off;
+    allow 127.0.0.1/32;
+    deny all;
+  }
+}

playbooks/roles/nginx/templates/lms.j2

@@ -3,7 +3,9 @@ server {
 
   listen 80;
 
-  server_name *.edx.org
+  server_name *.edx.org;
+  access_log {{log_base_dir}}/nginx/access.log;
+  error_log {{log_base_dir}}/nginx/error.log error;
 
   #
   # Send error response when request host isn't under our control

playbooks/roles/npm/tasks/main.yml

@@ -6,9 +6,11 @@
   apt: pkg=nodejs state=present install_recommends=no
   tags:
   - npm
+  - install
   
 - name: Install mitx npm dependencies
   shell: npm install chdir=${app_base_dir}/mitx
   tags:
   - npm
+  - update
 

playbooks/roles/ruby/tasks/main.yml

@@ -4,10 +4,14 @@
   user: name=www state=present
   tags:
   - ruby
+  - update
+
 - name: Create ruby base
   file: path=$ruby_base state=directory owner=www group=www
   tags:
   - ruby
+  - update
+
 - name: rbenv | install build depends
   apt: pkg=$item state=present install_recommends=no
   with_items:
@@ -22,21 +26,25 @@
     - zlib1g-dev
   tags:
   - ruby
+  - install
 
 - name: rbenv | update rbenv repo
   git: repo=git://github.com/sstephenson/rbenv.git dest=$rbenv_root version=v0.4.0
   tags:
   - ruby
+  - install
 
 - name: rbenv | add rbenv to path
   file: path=/usr/local/bin/rbenv src=${rbenv_root}/bin/rbenv state=link
   tags:
   - ruby
+  - update
 
 - name: rbenv | add rbenv initialization to profile
   template: src=rbenv.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755
   tags:
   - ruby
+  - update
 
 - name: rbenv | check ruby-build installed
   command: test -x /usr/local/bin/ruby-build
@@ -44,6 +52,7 @@
   ignore_errors: yes
   tags:
   - ruby
+  - install
 
 - name: rbenv | create temporary directory
   command: mktemp -d
@@ -51,24 +60,28 @@
   when_failed: $rbuild_present
   tags:
   - ruby
+  - install
 
 - name: rbenv | clone ruby-build repo
   git: repo=git://github.com/sstephenson/ruby-build.git dest=${tempdir.stdout}/ruby-build
   when_failed: $rbuild_present
   tags:
   - ruby
+  - install
 
 - name: rbenv | install ruby-build
   command: ./install.sh chdir=${tempdir.stdout}/ruby-build
   when_failed: $rbuild_present
   tags:
   - ruby
+  - install
 
 - name: rbenv | remove temporary directory
   file: path=${tempdir.stdout} state=absent
   when_failed: $rbuild_present
   tags:
   - ruby
+  - install
 
 - name: rbenv | check ruby $ruby_version installed
   shell: RBENV_ROOT=${rbenv_root} rbenv versions | grep $ruby_version
@@ -76,31 +89,37 @@
   ignore_errors: yes
   tags:
   - ruby
+  - install
 
 - name: rbenv | install ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
   when_failed: $ruby_installed
   tags:
   - ruby
+  - install
 
 - name: rbenv | set global ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
   when_failed: $ruby_installed
   tags:
   - ruby
+  - install
 
 - name: rbenv | rehash
   shell: RBENV_ROOT=${rbenv_root} rbenv rehash
   when_failed: $ruby_installed
   tags:
   - ruby
+  - install
 
 - name: gem | gem install bundler
   shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${rbenv_root}/shims/gem install bundle chdir=${app_base_dir}/mitx
   tags:
   - ruby
+  - install
 
 - name: bundle | bundle install
   shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${gem_home}/bin/bundle install --binstubs chdir=${app_base_dir}/mitx
   tags:
   - ruby
+  - install

playbooks/secure_example/vars/edxapp_prod_users.yml

----
-# these user lists cannot be merged
-# because they are not hashes
-
-env_users: []
-
-env_keys: []
-             
\ No newline at end of file

playbooks/secure_example/vars/users.yml → playbooks/secure_example/vars/edxapp_ref_users.yml

+---
+# these user lists cannot be merged
+# because they are not hashes
+
+env_users: []
+
+env_keys: []
+
 # administrator accounts, added to all roles
 # The create_users role task automatically adds all these users to the 
 # 'adm' and 'edx' system groups
@@ -10,4 +18,4 @@ admin_users:
 
 admin_keys:
 - user: joe
-  path: "{{ secure_dir }}/keys/joe.key"
+  path: "{{ secure_dir }}/keys/joe.key"            

playbooks/secure_example/vars/edxapp_prod_vars.yml → playbooks/secure_example/vars/edxapp_ref_vars.yml

 ---
-lms_auth_config:
+#Use YAML references (& and *) and hash merge <<: to factor out shared settings
+#see http://atechie.net/2009/07/merging-hashes-in-yaml-conf-files/
+lms_auth_config:  &lms_auth
   'ANALYTICS_API_KEY':  'hidden-prod'
   'AWS_ACCESS_KEY_ID':  'hidden-prod'
   'AWS_SECRET_ACCESS_KEY':  'hidden-prod'
   'CONTENTSTORE':
+    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
     'OPTIONS':
       'db':  'hidden-prod'
       'host': [ 'hidden-prod',  'hidden-prod']
@@ -17,7 +20,8 @@ lms_auth_config:
       'USER':  'hidden-prod'}
   'MODULESTORE':
     'default':
-      'OPTIONS':
+      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
+      'OPTIONS':  &lms_modulestore_default_options
         'collection':  'hidden-prod'
         'db':  'hidden-prod'
         'default_class':  'hidden-prod'
@@ -39,7 +43,34 @@ lms_auth_config:
       'username':  'hidden-prod'}
     'url':  'hidden-prod'
  
-lms_env_config:
+lms_env_config:  &lms_env
+  'CERT_QUEUE':  'certificates'
+#  'COURSE_LISTINGS':
+#    'default': ['MITx/6.002x/2012_Fall']
+#    'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
+#    'stage-harvard': [ 'HarvardX/CS50/2012H']
+#    'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
+#    'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
+#    'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
+  'LOCAL_LOGLEVEL':  'INFO'
+#  'META_UNIVERSITIES':
+#    'UTx': [ 'UTAustinX']
+  'MITX_FEATURES':
+    'AUTH_USE_OPENID_PROVIDER': true
+    'CERTIFICATES_ENABLED': true
+    'ENABLE_DISCUSSION_SERVICE': true
+    'ENABLE_INSTRUCTOR_ANALYTICS': true
+    'ENABLE_PEARSON_HACK_TEST': false
+    'SUBDOMAIN_BRANDING': false
+    'SUBDOMAIN_COURSE_LISTINGS': false
+#  'SUBDOMAIN_BRANDING':
+#    'stage-berkeley':  'BerkeleyX'
+#    'stage-harvard':  'HarvardX'
+#    'stage-mit':  'MITx'
+#    'stage-num':  'MITx'
+#    'stage-sjsu':  'MITx'
+#  'VIRTUAL_UNIVERSITIES': []
+  'WIKI_ENABLED': true
   'SYSLOG_SERVER':  'hidden-prod'
   'SITE_NAME':  'hidden-prod'
   'LOG_DIR':  'hidden-prod'
@@ -51,20 +82,29 @@ lms_env_config:
   'ADMINS' : 
   - ['name', 'email']
   'TIME_ZONE': 'America/New_York'
-  'CACHES':
+  'CACHES':  &lms_caches
     'default':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
       'KEY_PREFIX':  'hidden-prod'
       'LOCATION': [ 'hidden-prod',
         'hidden-prod']
     'general':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
       'KEY_PREFIX':  'hidden-prod'
       'LOCATION': [ 'hidden-prod',
         'hidden-prod']
     'mongo_metadata_inheritance':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'TIMEOUT': 300
       'KEY_PREFIX':  'hidden-prod'
       'LOCATION': [ 'hidden-prod',
         'hidden-prod']
     'staticfiles':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
       'KEY_PREFIX':  'hidden-prod'
       'LOCATION': [ 'hidden-prod',
         'hidden-prod']
@@ -74,6 +114,11 @@ lms_env_config:
   'COMMENTS_SERVICE_KEY':  'hidden-prod'
 
 cms_auth_config:
+  'CONTENTSTORE':
+    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
+  'MODULESTORE':
+    'default':
+      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
   'AWS_ACCESS_KEY_ID':  'hidden-prod'
   'AWS_SECRET_ACCESS_KEY':  'hidden-prod'
   'CONTENTSTORE':
@@ -118,30 +163,53 @@ cms_auth_config:
 cms_env_config:
   'CACHES':
     'default':
-      'KEY_PREFIX':  'hidden-prod'
-      'LOCATION': [ 'hidden-prod',
-        'hidden-prod']
-    'general':
-      'KEY_PREFIX':  'hidden-prod'
-      'LOCATION': [ 'hidden-prod',
-        'hidden-prod']
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'KEY_PREFIX': 'cms.edx.org'
+      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
     'mongo_metadata_inheritance':
-      'KEY_PREFIX':  'hidden-prod'
-      'LOCATION': [ 'hidden-prod',
-        'hidden-prod']
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'TIMEOUT': 300
+      'KEY_PREFIX': 'cms.edx.org'
+      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
     'staticfiles':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'KEY_PREFIX': 'cms.edx.org'
+      'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
+    'general':
       'KEY_PREFIX':  'hidden-prod'
       'LOCATION': [ 'hidden-prod',
         'hidden-prod']
-  'LOG_DIR':  'hidden-prod'
-  'LOGGING_ENV': 'hidden-prod'
-  'SITE_NAME': 'hidden-prod'
-  'SYSLOG_SERVER': 'hidden-prod'
-  'LMS_BASE': 'hidden-prod'
-  'SESSION_COOKIE_DOMAIN': 'hidden-prod'
+  'LOG_DIR': '{{log_base_dir}}/edx'
+  'LOGGING_ENV': 'cms-dev'
+  'SITE_NAME': 'studio.cms-dev.m.edx.org'
+  'SYSLOG_SERVER': 'syslog.a.m.i4x.org'
+  'LMS_BASE': 'cms-dev.m.edx.org'
+  'SESSION_COOKIE_DOMAIN': '.cms-dev.m.edx.org'
   'SEGMENT_IO_KEY': 'hidden-prod'
   'MITX_FEATURES':
     'DISABLE_COURSE_CREATION': false
     'SEGMENT_IO': false
 
+lms_preview_auth_config:
+  <<: *lms_auth
+  'MODULESTORE':
+    'default':
+      'ENGINE': 'xmodule.modulestore.mongo.DraftMongoModuleStore'
+      'OPTIONS': *lms_modulestore_default_options
+
+lms_preview_env_config:
+  <<: *lms_env
+  'SITE_NAME':  'preview.class.stanford.edu'
+  'COMMENTS_SERVICE_KEY':  false
+  'CACHES': 
+    <<: *lms_caches
+    'general':
+      'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_PREFIX':  'preview.edx.org'
+      'KEY_FUNCTION': 'util.memcache.safe_key'
+      'LOCATION': [ 'vpc-974dbeff-cache.oyg26r.0001.usw1.cache.amazonaws.com:12345',
+                    'vpc-974dbeff-cache.oyg26r.0002.usw1.cache.amazonaws.com:12345' ]
 

playbooks/secure_example/vars/edxapp_stage_users.yml

-# these user lists cannot be merged
-# because they are not hashes
-
-env_users:
-- user: frank
-  email: frank@example.com
-  groups:
-  - adm
-
-env_keys:
-- user: frank
-  path: "{{ secure_dir }}/keys/frank.key"

playbooks/secure_example/vars/edxapp_stage_vars.yml

----
-lms_auth_config:
-  'ANALYTICS_API_KEY':  'hidden-stage'
-  'AWS_ACCESS_KEY_ID':  'hidden-stage'
-  'AWS_SECRET_ACCESS_KEY':  'hidden-stage'
-  'CONTENTSTORE':
-    'OPTIONS':
-      'db':  'hidden-stage'
-      'host': [ 'hidden-stage',  'hidden-stage']
-      'password':  'hidden-stage'
-      'port': 0000 
-      'user':  'hidden-stage'
-  'DATABASES':
-    'default': { 'ENGINE':  'hidden-stage',
-      'HOST':  'hidden-stage',  'NAME':  'hidden-stage',
-      'PASSWORD':  'hidden-stage',  'PORT': 0000,
-      'USER':  'hidden-stage'}
-  'MODULESTORE':
-    'default':
-      'OPTIONS':
-        'collection':  'hidden-stage'
-        'db':  'hidden-stage'
-        'default_class':  'hidden-stage'
-        'fs_root':  'hidden-stage'
-        'host': [ 'hidden-stage',  'hidden-stage']
-        'password':  'hidden-stage'
-        'port': 0000
-        'render_template':  'hidden-stage'
-        'user':  'hidden-stage'
-  'OPEN_ENDED_GRADING_INTERFACE': { 'hidden-stage':  'hidden-stage',
-    'password':  'hidden-stage',  'hidden-stage':  'hidden-stage',
-    'staff_grading':  'hidden-stage',  'hidden-stage':  'hidden-stage',
-    'username':  'hidden-stage'}
-  'PEARSON_TEST_PASSWORD':  'hidden-stage'
-  'SECRET_KEY':  'hidden-stage'
-  'XQUEUE_INTERFACE':
-    'basic_auth': [ 'hidden-stage',  'hidden-stage']
-    'django_auth': { 'password':  'hidden-stage',
-      'username':  'hidden-stage'}
-    'url':  'hidden-stage'
- 
-lms_env_config:
-  'SYSLOG_SERVER':  'hidden-stage'
-  'SITE_NAME':  'hidden-stage'
-  'LOG_DIR':  'hidden-stage'
-  'MEDIA_URL':  'hidden-stage'
-  'BOOK_URL':  'hidden-stage'
-  'ANALYTICS_SERVER_URL':  'hidden-stage'
-  'DEFAULT_FROM_EMAIL':  'hidden-stage'
-  'DEFAULT_FEEDBACK_EMAIL': 'hidden-stage'
-  'ADMINS' : 
-  - ['name', 'email']
-  'TIME_ZONE': 'America/New_York'
-  'CACHES':
-    'default':
-      'KEY_PREFIX':  'hidden-stage'
-      'LOCATION': [ 'hidden-stage',
-        'hidden-stage']
-    'general':
-      'KEY_PREFIX':  'hidden-stage'
-      'LOCATION': [ 'hidden-stage',
-        'hidden-stage']
-    'mongo_metadata_inheritance':
-      'KEY_PREFIX':  'hidden-stage'
-      'LOCATION': [ 'hidden-stage',
-        'hidden-stage']
-    'staticfiles':
-      'KEY_PREFIX':  'hidden-stage'
-      'LOCATION': [ 'hidden-stage',
-        'hidden-stage']
-  'COMMENTS_SERVICE_URL':  'hidden-stage'
-  'LOGGING_ENV':  'hidden-stage'
-  'SESSION_COOKIE_DOMAIN':  'hidden-stage'
-  'COMMENTS_SERVICE_KEY':  'hidden-stage'

playbooks/vars/lms_vars.yml

----
-lms_auth_config:
-  'CONTENTSTORE':
-    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
-  'MODULESTORE':
-    'default':
-      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
- 
-lms_env_config:
-  'CACHES':
-    'default':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-    'general':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-    'mongo_metadata_inheritance':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-      'TIMEOUT': 300
-    'staticfiles':
-      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
-      'KEY_FUNCTION':  'util.memcache.safe_key'
-  'CERT_QUEUE':  'certificates'
-  'COURSE_LISTINGS':
-    'default': ['MITx/6.002x/2012_Fall']
-    'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
-    'stage-harvard': [ 'HarvardX/CS50/2012H']
-    'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
-    'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
-    'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
-  'LOCAL_LOGLEVEL':  'INFO'
-  'META_UNIVERSITIES':
-    'UTx': [ 'UTAustinX']
-  'MITX_FEATURES': { 'AUTH_USE_OPENID_PROVIDER': true,
-    'CERTIFICATES_ENABLED': true,  'ENABLE_DISCUSSION_SERVICE': true,
-    'ENABLE_INSTRUCTOR_ANALYTICS': true,  'ENABLE_PEARSON_HACK_TEST': true,
-    'SUBDOMAIN_BRANDING': true,  'SUBDOMAIN_COURSE_LISTINGS': true}
-  'SUBDOMAIN_BRANDING': { 'stage-berkeley':  'BerkeleyX',
-    'stage-harvard':  'HarvardX',  'stage-mit':  'MITx',
-    'stage-num':  'MITx',  'stage-sjsu':  'MITx'}
-  'VIRTUAL_UNIVERSITIES': []
-  'WIKI_ENABLED': true