Commit a704f356 by John Jarvis

Merge pull request #86 from edx/jarv/edxapp

consolidating lms/cms/lms-preview into edxapp role
parents 87a5986a 6fb2c148
......@@ -7,9 +7,7 @@
- common
- nginx
- gunicorn
- lms
- cms
- lms-preview
- edxapp
- ruby
- npm
# run this role last
......@@ -16,7 +16,7 @@
- common
- nginx
- lms
- edxapp
- ruby
- name: Adding instance back to the ELB
# variables common to the cms role, automatically loaded
# when the role is included
cms_auth_config: {}
cms_env_config: {}
......@@ -4,14 +4,14 @@
# - nginx/tasks/main.yml
- name: create cms application config
template: src=env.json.j2 dest=$app_base_dir/cms.env.json mode=640 owner=www-data group=adm
template: src=cms.env.json.j2 dest=$app_base_dir/cms.env.json mode=640 owner=www-data group=adm
- cms-env
- cms
- update
- name: create cms auth file
template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json mode=640 owner=www-data group=adm
template: src=cms.auth.json.j2 dest=$app_base_dir/cms.auth.json mode=640 owner=www-data group=adm
- cms-env
- cms
......@@ -4,13 +4,13 @@
# - nginx/tasks/main.yml
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms-preview.env.json mode=640 owner=www-data group=adm
template: src=lms-preview.env.json.j2 dest=$app_base_dir/lms-preview.env.json mode=640 owner=www-data group=adm
- lms-preview
- lms-preview-env
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms-preview.auth.json mode=640 owner=www-data group=adm
template: src=lms-preview.auth.json.j2 dest=$app_base_dir/lms-preview.auth.json mode=640 owner=www-data group=adm
- lms-preview
- lms-preview-env
# requires:
# - group_vars/all
# - common/tasks/main.yml
# - nginx/tasks/main.yml
- name: create lms-xml application config
template: src=lms-xml.env.json.j2 dest=$app_base_dir/lms-xml.env.json mode=640 owner=www-data group=adm
- cms-env
- cms
- update
- name: create lms-xml auth file
template: src=lms-xml.auth.json.j2 dest=$app_base_dir/lms-xml.auth.json mode=640 owner=www-data group=adm
- cms-env
- cms
- update
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-xml
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-xml-backend
# Creates upstart file
- include: ../../gunicorn/tasks/upstart.yml service_variant=lms-xml
- name: create lms application config
template: src=lms.env.json.j2 dest=$app_base_dir/lms.env.json mode=640 owner=www-data group=adm
- lms
- lms-env
- update
- name: create lms auth file
template: src=lms.auth.json.j2 dest=$app_base_dir/lms.auth.json mode=640 owner=www-data group=adm
- lms
- lms-env
- update
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
# Creates LMS upstart file
- include: ../../gunicorn/tasks/upstart.yml service_variant=lms
......@@ -3,23 +3,6 @@
# - common/tasks/main.yml
# - nginx/tasks/main.yml
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms.env.json mode=640 owner=www-data group=adm
- lms
- lms-env
- update
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json mode=640 owner=www-data group=adm
- lms
- lms-env
- update
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
- name: Change permissions on datadir
file: path={{ app_base_dir }}/data state=directory owner=www-data group=www-data
......@@ -90,43 +73,6 @@
- cms
- install
## Install the debian package requirements system-wide
- name: store remote apt_repos list for ansible use
command: cat {{ apt_sources_file }}
register: apt_repos_list
- lms
- cms
- install
- name: add apt_repos to the remote hosts
apt_repository: repo="$item"
with_items: "{{apt_repos_list.stdout.split()}}"
register: apt_repos_list_repo_adds
sudo: True
- lms
- cms
- install
- name: update apt cache (if necessary)
apt: update_cache=yes
sudo: True
only_if: "{{apt_repos_list_repo_adds.changed}}"
- lms
- cms
- install
- name: store remote apt_packages list for ansible use
command: cat {{ apt_packages_file }}
register: apt_packages_list
- lms
- cms
- install
- name: install a bunch of system packages on which LMS and CMS rely
apt: pkg={{item}} state=present
with_items: lms_debian_pkgs
......@@ -147,10 +93,10 @@
- cms
- install
# Install the python post requirements into {{ venv_dir }}
- name : install python post-requirements
pip: requirements="{{ post_requirements_file }}" virtualenv="{{ venv_dir }}" state=present
pip: requirements="{{post_requirements_file}}" virtualenv="{{venv_dir}}" state=present
- lms
- cms
......@@ -170,7 +116,13 @@
- lms
- cms
- install
# Creates LMS upstart file
- include: ../../gunicorn/tasks/upstart.yml service_variant=lms
- include: lms.yml
when: "'lms' in service_variants_enabled"
- include: lms-xml.yml
when: "'lms-xml' in service_variants_enabled"
- include: cms.yml
when: "'cms' in service_variants_enabled"
- include: lms-preview.yml
when: "'lms-preview' in service_variants_enabled"
{{ lms_xml_auth_config | to_nice_json }}
{{ lms_xml_env_config | to_nice_json }}
# variables common to the lms role, automatically loaded
# when the role is included
# These vars are for creating the application json config
# files. There are two for each service that uses the
# 'edx-platform' code. Defining them will create the upstart
# job and nginx configuration for the corresponding service.
# It will also enable the corresponding section in the
# 'edxapp' upstart job.
- lms
- lms-xml
- cms
- lms-preview
lms_auth_config: {}
lms_env_config: {}
lms_preview_auth_config: {}
lms_preview_env_config: {}
cms_auth_config: {}
cms_env_config: {}
lms_xml_auth_config: {}
lms_xml_env_config: {}
lms_version: 'HEAD'
apt_sources_file: "{{ platform_code_dir }}/requirements/system/{{os_name}}/apt-repos.txt"
apt_packages_file: "{{ platform_code_dir }}/requirements/system/{{os_name}}/apt-packages.txt"
local_requirements_file: "{{ platform_code_dir }}/requirements/edx/local.txt"
post_requirements_file: "{{ platform_code_dir }}/requirements/edx/post.txt"
base_requirements_file: "{{ platform_code_dir }}/requirements/edx/base.txt"
......@@ -59,6 +76,7 @@ lms_debian_pkgs:
- mongodb
- mongodb-clients
- mysql-client
- npm
- ntp
- openjdk-7-jdk
- openjdk-7-jre
......@@ -4,3 +4,10 @@
- gunicorn
- install
- name: creating edxapp upstart script
sudo: True
template: src=edxapp.conf.j2 dest=/etc/init/edxapp.conf owner=root group=root
- upstart
- gunicorn
- update
......@@ -6,7 +6,6 @@
- "{{ local_dir }}/gunicorn/templates/{{ service_variant }}.conf.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
- "roles/gunicorn/templates/{{ service_variant }}.conf.j2"
notify: restart {{ service_variant }}
- upstart
- gunicorn
......@@ -4,15 +4,15 @@
description "gunicorn server"
author "Calen Pennington <>"
start on runlevel [2345]
stop on runlevel [!2345]
start on started edxapp
stop on stopped edxapp
respawn limit 3 30
env PID=/var/tmp/
#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
#env NEWRELIC=${venv_dir}/bin/newrelic-admin
#env NEW_RELIC_CONFIG_FILE={{app_base_dir}}/newrelic.ini
#env NEWRELIC={{venv_dir}}/bin/newrelic-admin
env WORKERS={{ ansible_processor_cores * 2 }}
env PORT=8010
env LANG=en_US.UTF-8
description "Starts and stops multiple edX services, e.g., lms, cms, etc., installed in a stacked configuration."
start on runlevel [2345]
stop on runlevel [!2345]
## Each awaited service is responsible for ensuring that it is ready
## for service when it returns.
pre-start script
{% if 'lms-xml' in service_variants_enabled %}
if [ -e /etc/init/lms-xml.conf ]; then
start wait-for-state WAIT_FOR=lms-xml WAITER=$UPSTART_JOB
{% endif %}
{% if 'lms' in service_variants_enabled %}
if [ -e /etc/init/lms.conf ]; then
start wait-for-state WAIT_FOR=lms WAITER=$UPSTART_JOB
{% endif %}
{% if 'lms-preview' in service_variants_enabled %}
if [ -e /etc/init/lms-preview.conf ]; then
start wait-for-state WAIT_FOR=lms-preview WAITER=$UPSTART_JOB
{% endif %}
{% if 'cms' in service_variants_enabled %}
if [ -e /etc/init/cms.conf ]; then
start wait-for-state WAIT_FOR=cms WAITER=$UPSTART_JOB
{% endif %}
end script
# Noop process for other edX components to take their
# marching orders from. In the edxapp deployment,
# lms, cms, etc. will listen for this process to start
# and stop and follow suit.
while true
logger -t $0 "edX App Shell Daemon is running..."
sleep 600
end script
pre-stop script
{% if 'lms-xml' in service_variants_enabled %}
if [ -e /etc/init/lms-xml.conf ]; then
start wait-for-state WAIT_FOR=lms-xml WAITER=$UPSTART_JOB TARGET_GOAL="stop"
{% endif %}
{% if 'lms' in service_variants_enabled %}
if [ -e /etc/init/lms.conf ]; then
start wait-for-state WAIT_FOR=lms WAITER=$UPSTART_JOB TARGET_GOAL="stop"
{% endif %}
{% if 'lms-preview' in service_variants_enabled %}
if [ -e /etc/init/lms-preview.conf ]; then
start wait-for-state WAIT_FOR=lms-preview WAITER=$UPSTART_JOB TARGET_GOAL="stop"
{% endif %}
{% if 'cms' in service_variants_enabled %}
if [ -e /etc/init/cms.conf ]; then
start wait-for-state WAIT_FOR=cms WAITER=$UPSTART_JOB TARGET_GOAL="stop"
{% endif %}
end script
......@@ -3,15 +3,15 @@
description "gunicorn server"
author "Calen Pennington <>"
start on runlevel [2345]
stop on runlevel [!2345]
start on started edxapp
stop on stopped edxapp
respawn limit 3 30
env PID=/var/tmp/
#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
#env NEWRELIC=${venv_dir}/bin/newrelic-admin
#env NEW_RELIC_CONFIG_FILE={{app_base_dir}}/newrelic.ini
#env NEWRELIC={{venv_dir}}/bin/newrelic-admin
env WORKERS={{ ansible_processor_cores * 2 }}
env PORT=8020
env LANG=en_US.UTF-8
......@@ -21,7 +21,7 @@ env SERVICE_VARIANT="lms-preview"
chdir {{platform_code_dir}}
setuid www-data
exec ${venv_dir}/bin/gunicorn --preload -b$PORT -w $WORKERS --timeout=300 --pythonpath={{platform_code_dir}} lms.wsgi
exec {{venv_dir}}/bin/gunicorn --preload -b$PORT -w $WORKERS --timeout=300 --pythonpath={{platform_code_dir}} lms.wsgi
post-start script
while true
# gunicorn
description "gunicorn server"
author "Calen Pennington <>"
start on started edxapp
stop on stopped edxapp
respawn limit 3 30
env PID=/var/tmp/
#env NEW_RELIC_CONFIG_FILE={{app_base_dir}}/newrelic.ini
#env NEWRELIC={{venv_dir}}/bin/newrelic-admin
env WORKERS={{ ansible_processor_cores * 4 }}
env PORT=8030
env LANG=en_US.UTF-8
env SERVICE_VARIANT="lms-xml"
chdir {{platform_code_dir}}
setuid www-data
exec {{venv_dir}}/bin/gunicorn --preload -b$PORT -w $WORKERS --timeout=300 --pythonpath={{platform_code_dir}} lms.wsgi
post-start script
while true
if $(curl -s -i localhost:$PORT/heartbeat | egrep -q '200 OK'); then
sleep 1;
end script
......@@ -3,15 +3,15 @@
description "gunicorn server"
author "Calen Pennington <>"
start on runlevel [2345]
stop on runlevel [!2345]
start on started edxapp
stop on stopped edxapp
respawn limit 3 30
env PID=/var/tmp/
#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
#env NEWRELIC=${venv_dir}/bin/newrelic-admin
#env NEW_RELIC_CONFIG_FILE={{app_base_dir}}/newrelic.ini
#env NEWRELIC={{venv_dir}}/bin/newrelic-admin
env WORKERS={{ ansible_processor_cores * 2 }}
env PORT=8000
env LANG=en_US.UTF-8
......@@ -21,7 +21,7 @@ env SERVICE_VARIANT="lms"
chdir {{platform_code_dir}}
setuid www-data
exec ${venv_dir}/bin/gunicorn --preload -b$PORT -w $WORKERS --timeout=300 --pythonpath={{platform_code_dir}} lms.wsgi
exec {{venv_dir}}/bin/gunicorn --preload -b$PORT -w $WORKERS --timeout=300 --pythonpath={{platform_code_dir}} lms.wsgi
post-start script
while true
upstream lms-xml-backend {
# For a TCP configuration:
server fail_timeout=0;
server {
# LMS-preview configuration file for nginx, templated by ansible
listen 80;
server_name trace-lms-preview.*;
# Send error response when request host isn't under our control
# We will no longer respond to proxy attempts like this with
# anything.
# curl -i -A '' -x --proxy-negotiate -U u:p -u u:p
set $reject 'no';
#if ($host !~* (|$ ) {
# set $reject 'yes';
if ($request_uri ~ ^(/heartbeat)$) {
set $reject 'no';
if ( $reject = 'yes' ) {
return 444;
# CS184 requires uploads of up to 4MB for submitting screenshots.
# CMS requires larger value for course assest, values provided
# via hiera.
client_max_body_size 4M;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
location @proxy_to_lms-preview_app {
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://lms-preview-backend;
location / {
try_files $uri @proxy_to_lms-preview_app;
# No basic auth security on the github_service_hook url, so that github can use it for cms
location /github_service_hook {
try_files $uri @proxy_to_lms-preview_app;
# No basic auth security on the heartbeat url, so that ELB can use it
location /heartbeat {
try_files $uri @proxy_to_lms-preview_app;
# Check security on this
location ~ /static/(?P<file>.*) {
root {{app_base_dir}};
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
# in the staticfiles directory
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
return 403;
# Set django-pipelined files to maximum cache time
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
expires max;
# Without this try_files, files that have been run through
# django-pipeline return 404s
try_files /staticfiles/$collected /course_static/$collected =404;
# Expire other static files immediately (there should be very few / none of these)
expires epoch;
# Forward to HTTPS if we're an HTTP request...
if ($http_x_forwarded_proto = "http") {
set $do_redirect "true";
# Run our actual redirect...
if ($do_redirect = "true") {
rewrite ^ https://$host$request_uri? permanent;
# Monitoring support for datadog.
location /nginx_status {
stub_status on;
access_log off;
deny all;
......@@ -2,8 +2,8 @@
# - common/tasks/main.yml
# - ruby/tasks/main.yml
- name: Install nodejs, and by extension npm
apt: pkg=nodejs state=present install_recommends=no
- name: Install npm
apt: pkg=npm state=present install_recommends=no
- npm
- install
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment