Skip to content

C
configuration
Commit a77bc30e by vik
Options

Merge remote-tracking branch 'origin/master' into vik/ml-api 

Conflicts:
	playbooks/roles/common/tasks/main.yml
	playbooks/roles/lms/tasks/main.yml
parents 7f55f488 a1c93cb6
Showing with 489 additions and 132 deletions
README.md
......@@ -39,6 +39,46 @@ version instead of the official v1.1 release._
## Organization
### Secure vs. Insecure data
As a general policy we want to protect the following data:
* Usernames
* Public keys (keys are ok to be public, but can be used to figure out usernames)
* Hostnames
* Passwords, api keys
The folowing yml files and examples serve as templates that should be overridden with your own
environment specific configuration:
* vars in `secure_example/vars`
* files in `secure_example/files`
Directory structure for the secure repo:
```
ansible
├── files
├── keys
└── vars
```
The same directory structure, required yml files and files are
in the secure_example dir:
```
secure_example/
├── files
├── keys
└── vars
```
The default `secure\_dir` is set in `group\_vars/all` and can be overridden by
adding another file in group_vars that corresponds to a deploy group name.
The directory structure should follow Ansible best practices.
http://ansible.cc/docs/bestpractices.html
......@@ -84,8 +124,9 @@ Example users are in the `vars/secure` directory:
```
cloudformation_templates <-- official edX cloudformation templates
│   └── examples <-- example templates
└── playbooks
   └── examples <-- example templates
playbooks
└──
edxapp_prod.yml <-- example production environment playbook
edxapp_stage.yml <-- example stage environment playbook
edxapp_custom.yml <-- example custom environment playbook
......@@ -108,7 +149,7 @@ cloudformation_templates <-- official edX cloudformation templates
│   └── templates
│   (etc)
└── vars <-- public variable definitions
└── secure <-- secure variables (example)
└── secure_example <-- secure variables (example)
```
......@@ -170,9 +211,44 @@ If that works fine, then you can add an export of PYTHONPATH to
* Creates base directories
* Creates the lms json configuration files
Because the reference architecture makes use of an Amazon VPC, you will not be able
to address the hosts in the private subnets directly. However, you can easily set
up a transparent "jumpbox" so that for all hosts in your vpc, connections are
tunneled.
Add something like the following to your `~/.ssh/config` file.
```
Host *.us-west-1.compute-internal
ProxyCommand ssh -W %h:%p vpc-00000000-jumpbox
IdentityFile /path/to/aws/key.pem
ForwardAgent yes
User ubuntu
Host vpc-00000000-jumpbox
HostName 54.236.224.226
IdentityFile /path/to/aws/key.pem
ForwardAgent yes
User ubuntu
```
This assumes that you only have one VPC in the ```us-west-1``` region
that you're trying to ssh into. Internal DNS names aren't qualified
any further than that, so to support multiple VPC's you'd have to get
creative with subnets, for example ip-10-1 and ip-10-2...
Test this by typing `ssh ip-10-0-10-1.us-west-1.compute.internal`,
(of coruse using a hostname exists in your environment.) If things
are configured correctly you will ssh to 10.0.10.1, jumping
transparently via your basion host.
Assuming that the edxapp_stage.yml playbook targets hosts in your vpc
for which there are entiries in your `.ssh/config`, do the
following to run your playbook.
```
cd playbooks
ansible-playbook -v --user=ubuntu edxapp_stage.yml -i ./ec2.py --private-key=/path/to/aws/key.pem
ansible-playbook -v --user=ubuntu edxapp_stage.yml -i ./ec2.py -c ssh
```
*Note: this assumes the group used for the edx stack was "edxapp_stage"*
......
cloudformation_templates/edx-reference-architecture.json
......@@ -4,7 +4,7 @@
"Parameters":{
"EnvironmentTag":{
"Type":"String",
"Description":"A tag value applied to the hosts in the VPC indicating which environment to use during the configuration phase, e.g., development, stage, production",
"Description":"A tag value applied to the hosts in the VPC indicating which environment to use during the configuration phase, e.g., dev, stage, prod",
"Default":"stage"
},
"KeyName":{
......@@ -1330,6 +1330,14 @@
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
}
]
}
......@@ -1653,7 +1661,7 @@
"Ref":"EdxappServer"
},
"MinSize":"1",
"MaxSize":"2",
"MaxSize":"6",
"DesiredCapacity":{
"Ref":"EdxappDesiredCapacity"
},
......@@ -3131,64 +3139,53 @@
}
},
"ElasticCacheCreateSubnetGroupCommand":{
"Description":"Commands to be run to create the elatic cache. Creation isn't fully supported in CF today.",
"Description":"MANUAL COMMAND #1: create subnet group. (these commands have to be run by hand because they aren't supported by CloudFormation yet.",
"Value":{
"Fn::Join":[
"",
[
"elasticache-create-cache-subnet-group",
" ",
{
"Ref":"EdxVPC"
},
"-ElasticCacheSubnetGroup --description 'VPC ElasticCache Subnet Group'",
" --subnet-ID-list",
" ",
{
"Ref":"Cache01"
},
",",
{
"Ref":"Cache02"
}
"elasticache-create-cache-subnet-group ", { "Ref":"EdxVPC" }, "-ElasticCacheSubnetGroup ",
"--description 'VPC ElasticCache Subnet Group' ",
"--subnet-ID-list ", { "Ref":"Cache01" }, ",", { "Ref":"Cache02" }
]
]
}
},
"ElasticCacheCreateCacheClusterCommand":{
"Description":"Foo",
"Description":"MANUAL COMMAND #2: Create cache cluster.",
"Value":{
"Fn::Join":[
"",
[
"elasticache-create-cache-cluster",
" ",
{
"Ref":"EdxVPC"
},
"-Cache --num-cache-nodes ",
{
"Ref":"NumberOfCacheNodes"
},
" --cache-node-type ",
{
"Ref":"CacheNodeType"
},
" --engine memcached --engine-version 1.4.5 --port 12345 --preferred-availability-zone ",
{
"Fn::FindInMap":[
"elasticache-create-cache-cluster ", { "Ref":"EdxVPC" }, "-Cache ",
"--num-cache-nodes ", { "Ref":"NumberOfCacheNodes" }, " ",
"--cache-node-type ", { "Ref":"CacheNodeType" }, " ",
"--engine memcached ",
"--engine-version 1.4.5 ",
"--port 12345 ",
"--preferred-availability-zone ",
{ "Fn::FindInMap":[
"MapRegionsToAvailZones",
{ "Ref":"AWS::Region" },
"AZone0"
]
},
" --cache-parameter-group-name default.memcached1.4 --auto-minor-version-upgrade true",
" --cache-subnet-group-name ElasticCacheSubnetGroup",
" ",
{
"Ref":"EdxVPC"
},
"-ElasticCacheSubnetGroup"
}, " ",
"--cache-parameter-group-name default.memcached1.4 ",
"--auto-minor-version-upgrade true ",
"--cache-subnet-group-name ", { "Ref":"EdxVPC" },"-ElasticCacheSubnetGroup"
]
]
}
},
"EnableDNSHostnamesForVPCCommand":{
"Description":"MANUAL COMMAND #3: Change VPC setting to enable automatic DNS hostname resolution from within the VPC. Setting not supported in Cloudformation yet.",
"Value":{
"Fn::Join":[
"",
[
"ec2-modify-vpc-attribute ",
"-c ", { "Ref":"EdxVPC" }, " ",
"-d true"
]
]
}
......
playbooks/bastion.yml deleted 100644 → 0
- hosts: tag_group_mlapi-bastion
vars_files:
- ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
- ["{{ secure_file_dir }}/bastion_users.yml"]
roles:
- common
- bastion
\ No newline at end of file
playbooks/ec2.ini
[ec2]
regions=all
destination_variable=public_dns_name
vpc_destination_variable=ip_address
vpc_destination_variable=private_dns_name
cache_path=/tmp
cache_max_age=300
playbooks/edxapp_custom.yml
- hosts: tag_Group_edxapp_custom
vars_files:
# using conditional loading to override defaults for site-specific installs
- ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
- ["{{ secure_file_dir }}/edxapp_custom_vars.yml", "vars/secure_default/edxapp_custom_vars.yml"]
- ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
- ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/edxapp_custom_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_stage_users.yml"
roles:
- common
- nginx
......
playbooks/edxapp_prod.yml
- hosts: tag_Group_edxapp_prod
vars_files:
- ["{{ secure_file_dir }}/edxapp_prod_vars.yml", "vars/secure_default/edxapp_prod_vars.yml"]
- ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
- ["{{ secure_file_dir }}/edxapp_prod_users.yml", "vars/secure_default/edxapp_prod_users.yml"]
- "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_prod_users.yml"
roles:
- common
- nginx
- lms
- ruby
playbooks/edxapp_rolling_example.yml
# ansible-playbook -v --user=ubuntu edxapp_rolling_example.yml -i ./ec2.py --private-key=/path/to/deployment.pem
- hosts: tag_Group_anothermulti
serial: 1
serial: 2
vars_files:
- ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
- ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
- ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
pre_tasks:
- name: Gathering ec2 facts
ec2_facts:
......@@ -21,6 +20,7 @@
- common
- nginx
- lms
# - ruby
post_tasks:
- local_action: command util/elb_reg.py -e {{ ",".join(elbs[ansible_ec2_instance_id]) }} -i {{ ansible_ec2_instance_id }} register
# Register will pass in the same elb list and the same instance id
......
playbooks/edxapp_stage.yml
- hosts: tag_Group_edxapp_stage
vars_files:
- ["{{ secure_file_dir }}/edxapp_stage_vars.yml", "vars/secure_default/edxapp_stage_vars.yml"]
- ["{{ secure_file_dir }}/users.yml", "vars/secure_default/users.yml"]
- ["{{ secure_file_dir }}/edxapp_stage_users.yml", "vars/secure_default/edxapp_stage_users.yml"]
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_stage_users.yml"
roles:
- common
- nginx
- lms
- ruby
playbooks/group_vars/all
---
app_base_dir: /opt/wwc
venv_dir: /opt/edx
#where are the secure files on the deploying machine?
secure_file_dir: ../../edx-secret/ansible/vars/
# these pathes are relative to the playbook dir
# directory for secret settings (keys, etc)
secure_dir: 'secure_example'
# this indicates the path to site-specific (with precedence)
# things like nginx template files
local_dir: '../../ansible_local'
\ No newline at end of file
playbooks/group_vars/tag_Group_anothermulti 0 → 100644
---
# this path is relative to the playbook dir
secure_dir: '../../configuration-secure/ansible'
playbooks/group_vars/tag_Group_edxapp_prod
---
edxapp_prod: true
secure_dir: '../../configuration-secure/ansible'
\ No newline at end of file
playbooks/roles/bastion/tasks/main.yml deleted 100644 → 0
# requires:
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
# Check out mitx repo to $app_base_dir
- name: Create virtualenv dir
sudo: True
file: path=/opt/edx state=directory owner=ubuntu group=ubuntu
- name: set permissions on $app_base_dir sgid for edx
file: path=$app_base_dir owner=root group=edx mode=2775 state=directory
file: path=$app_base_dir owner=ubuntu group=edx mode=2775 state=directory
file: path=/opt/edx owner=ubuntu group=edx mode=2775 state=directory
sudo: True
- name: install git and its recommends
apt: pkg=git state=installed install_recommends=yes force=yes
sudo: True
- name : install python and its recommends
apt: pkg=python state=installed install_recommends=yes force=yes
sudo: True
- name : install python-dev and its recommends
apt: pkg=python-dev state=installed install_recommends=yes force=yes
sudo: True
- name : install python pip and its recommends
apt: pkg=python-pip state=installed install_recommends=yes force=yes
sudo: True
- name : install python virtualenv and its recommends
apt: pkg=python-virtualenv state=installed install_recommends=yes force=yes
sudo: True
- name : install gccand its recommends
apt: pkg=gcc state=installed install_recommends=yes force=yes
sudo: True
- name: git checkout configuration repo into $app_base_dir
git: dest=$app_base_dir/configuration repo=git@github.com:edx/configuration.git version=vik/ml-api
- name: install requirements in python using pip
pip: requirements=$app_base_dir/configuration/ansible-requirements.txt virtualenv=/opt/edx
- name: uploads any needed secret config files
file: src=../../../../../edx-secret dest=$app_base_dir/edx-secret owner=ubuntu group=edx state=file
\ No newline at end of file
playbooks/roles/common/tasks/create_users.yml
......@@ -2,15 +2,28 @@
- name: Create 'edx' users group
group: name=edx state=present
sudo: True
tags:
- users
- admin_users
- name: Add user 'ubuntu' to 'edx' group
# This is a temporary measure for initial configuration; after the last
# play is run and we've got a good set of users, ubuntu should no longer be used
user: name=ubuntu append=yes groups="edx"
sudo: True
tags:
- users
- admin_users
- name: Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files
user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: admin_users
when: admin_users is defined
tags:
- users
- admin_users
- name: Copying ssh keys for admin users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
sudo: True
with_items: admin_keys
tags:
......@@ -20,11 +33,13 @@
user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: env_users
when: env_users is defined
tags:
- users
- name: Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
sudo: True
with_items: env_keys
when: env_keys is defined
tags:
- users
playbooks/roles/common/tasks/create_venv.yml 0 → 100644
---
# create the 'edx' virtual environment in /opt so that roles can populate it
- name: easy_install pip
easy_install: name=pip
sudo: True
tags:
- venv_base
- name: pip install virtualenv
pip: name=virtualenv state=latest
sudo: True
tags:
- venv_base
- name: pip install virtualenvwrapper
pip: name=virtualenvwrapper state=latest
sudo: True
tags:
- venv_base
- name: create edx virtualenv directory
file: path=$venv_dir owner=ubuntu group=edx mode=2775 state=directory
sudo: True
tags:
- venv_base
- name: create the edx virtualenv directory initial contents
command: /usr/local/bin/virtualenv $venv_dir creates=$venv_dir/bin/activate
tags:
- venv_base
playbooks/roles/common/tasks/main.yml
---
- include: create_users.yml
- name: Create application root
sudo: True
file: path=$app_base_dir state=directory owner=root group=root
- name: Create log directory
sudo: True
- name: Create log directory
file: path=/mnt/logs state=directory
- name: Fix EC2 packages in VPC
sudo: True
command: sed -i -e 's/us-west-2.ec2/us/' /etc/apt/sources.list
- name: Update apt cache
sudo: True
apt: update_cache=yes
sudo: True
- include: create_venv.yml
- name: Install role-independent useful system packages
apt: pkg={{item}} install_recommends=yes state=present
with_items:
- mosh
- tmux
sudo: True
\ No newline at end of file
playbooks/roles/lms/files/git_ssh.sh 0 → 100644
#!/bin/sh
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"
playbooks/roles/lms/tasks/main.yml
# requires:
# - group_vars/all
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms.env.json
sudo: True
tags:
- lms
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
sudo: True
tags:
- lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
# Install ssh keys for ubuntu account to be able to check out from mitx
# Temprory behavior, not needed after June 1. Perhaps still useful as a recipe.
# {{ secure_dir }} is relative to the top-level playbooks dir so there is some
# ugly relative pathing here
- name: install read-only ssh key for mitx repo (private)
copy: src={{ secure_file_dir }}/ssh_deploy_private dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
- name: install read-only ssh key for mitx repo (public)
copy: src={{ secure_file_dir }}/ssh_deploy_public dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
- name: install read-only ssh key for mitx repo (host github known)
copy: src={{ secure_file_dir }}/ssh_deploy_known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=root group=edx mode=640
sudo: True
tags:
- lms
- cms
- name: upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=edx mode=750
sudo: True
tags:
- lms
- cms
# Check out mitx repo to $app_base_dir
- name: set permissions on $app_base_dir sgid for edx
file: path=$app_base_dir owner=root group=edx mode=2775 state=directory
file: path=$app_base_dir owner=ubuntu group=edx mode=2775 state=directory
sudo: True
tags:
- lms
- cms
- name: install git and its recommends
apt: pkg=git state=installed install_recommends=yes
apt: pkg=git state=present install_recommends=yes
sudo: True
tags:
- lms
- cms
- name: git checkout mitx repo into $app_base_dir
git: dest=$app_base_dir/mitx repo=git@github.com:MITx/mitx.git
- name: Update apt cache
git: dest={{app_base_dir}}/mitx repo={{lms_source_repo}}
environment:
GIT_SSH: /tmp/git_ssh.sh
tags:
- lms
- cms
## Install the debian package requirements system-wide
- name: store remote apt_repos list for ansible use
command: cat {{app_base_dir}}/mitx/apt-repos.txt
register: apt_repos_list
tags:
- lms
- cms
- name: add apt_repos to the remote hosts
apt_repository: repo="$item"
with_items: "{{apt_repos_list.stdout.split()}}"
register: apt_repos_list_repo_adds
sudo: True
tags:
- lms
- cms
- name: update apt cache (if necessary)
apt: update_cache=yes
sudo: True
only_if: "{{apt_repos_list_repo_adds.changed}}"
tags:
- lms
- cms
- name: store remote apt_packages list for ansible use
command: cat {{app_base_dir}}/mitx/apt-packages.txt
register: apt_packages_list
tags:
- lms
- cms
- name: install a bunch of system packages on which LMS and CMS rely
apt: pkg={{item}} state=present
with_items: lms_debian_pkgs
sudo: True
tags:
- lms
- cms
# Install the python requirements into $venv_dir
- name : install python pre-requirements
pip: requirements="{{app_base_dir}}/mitx/pre-requirements.txt" virtualenv="{{venv_dir}}" state=present
tags:
- lms
- cms
# Install the python modules into $venv_dir
- name : install python pre-requirements
#pip: requirements="{{app_base_dir}}/mitx/requirements.txt" virtualenv="{{venv_dir}}"
# Need to use shell rather than pip so that we can maintain the context of our current working directory; some
# requirements are pathed relative to the mitx repo. Using the pip from inside the virtual environment implicitly
# installs everything into that virtual environment.
shell: cd {{app_base_dir}}/mitx && {{venv_dir}}/bin/pip install --use-mirrors -r {{app_base_dir}}/mitx/requirements.txt
tags:
- lms
- cms
playbooks/roles/lms/vars/main.yml
......@@ -43,3 +43,83 @@ env_config:
'stage-num': 'MITx', 'stage-sjsu': 'MITx'}
'VIRTUAL_UNIVERSITIES': []
'WIKI_ENABLED': true
lms_source_repo: git@github.com:edx/mitx.git
lms_debian_pkgs:
- apparmor-utils
- aspell
- build-essential
- curl
- dvipng
- fabric
- facter
- g++
- gcc
- gfortran
- ghostscript
- git
- github-cli
- graphviz
- graphviz-dev
- gunicorn
- inoticoming
- ipython
- libcrypt-ssleay-perl
- libcurl4-openssl-dev
- libdigest-sha-perl
- libfreetype6-dev
- libgeos-dev
- libgraphviz-dev
- libjpeg8-dev
- liblapack-dev
- liblwp-protocol-https-perl
- libmysqlclient-dev
- libnet-amazon-ec2-perl
- libpng12-dev
- libreadline-dev
- libreadline6-dev
- libssl-dev
- libswitch-perl
- libwww-perl
- libxml++2.6-dev
- libxml2-dev
- libxml2-utils
- libxslt1-dev
- maven2
- mongodb
- mongodb-clients
- mysql-client
- nodejs
- ntp
- openjdk-7-jdk
- openjdk-7-jre
- pep8
- perl
- pkg-config
- postfix
- puppet
- puppet-common
- puppet-lint
- puppetmaster
- puppetmaster-common
- pylint
- python-boto
- python-coverage-test-runner
- python-django-nose
- python-jenkins
- python-nose
- python-nosexcover
- python-numpy
- python-pip
- python-scipy
- rake
- reprepro
- rsyslog
- rubygems
- sqlite3
- super
- vagrant
- vim-puppet
- yui-compressor
- zip
- zlib1g-dev
playbooks/roles/nginx/tasks/nginx_site.yml
......@@ -2,10 +2,15 @@
---
- name: Copying nginx config {{ site_name }}
sudo: True
template: src={{ site_name }}.j2 dest=/etc/nginx/sites-available/{{ site_name }}
template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
first_available_file:
- "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
- "roles/nginx/templates/{{ site_name }}.j2"
notify: restart nginx
tags:
- nginx
- lms
- name: Creating nginx config link {{ site_name }}
sudo: True
......@@ -13,3 +18,4 @@
notify: restart nginx
tags:
- nginx
- lms
playbooks/roles/npm/tasks/main.yml 0 → 100644
# requires:
# - common/tasks/main.yml
# - ruby/tasks/main.yml
---
- name: Install nodejs, and by extension npm
sudo: True
apt: pkg=nodejs state=present install_recommends=no
tags:
- npm
- name: Install mitx npm dependencies
shell: npm install chdir=${app_base_dir}/mitx
tags:
- npm
playbooks/roles/ruby/tasks/main.yml 0 → 100644
#
#cribbed from https://github.com/mmoya/ansible-playbooks/blob/master/rbenv/main.yml
- name: Create 'www' user (replicating historical environment)
user: name=www state=present
sudo: True
- name: Create ruby base
sudo: True
file: path=$ruby_base state=directory owner=www group=www
- name: rbenv | install build depends
sudo: true
apt: pkg=$item state=present install_recommends=no
with_items:
- build-essential
- git
- libcurl4-openssl-dev
- libmysqlclient-dev
- libreadline-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- zlib1g-dev
- name: rbenv | update rbenv repo
sudo: true
git: repo=git://github.com/sstephenson/rbenv.git dest=$rbenv_root version=v0.4.0
- name: rbenv | add rbenv to path
sudo: true
file: path=/usr/local/bin/rbenv src=${rbenv_root}/bin/rbenv state=link
- name: rbenv | add rbenv initialization to profile
sudo: true
template: src=rbenv.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755
- name: rbenv | check ruby-build installed
sudo: true
command: test -x /usr/local/bin/ruby-build
register: rbuild_present
ignore_errors: yes
- name: rbenv | create temporary directory
command: mktemp -d
register: tempdir
when_failed: $rbuild_present
- name: rbenv | clone ruby-build repo
git: repo=git://github.com/sstephenson/ruby-build.git dest=${tempdir.stdout}/ruby-build
when_failed: $rbuild_present
- name: rbenv | install ruby-build
sudo: true
command: ./install.sh chdir=${tempdir.stdout}/ruby-build
when_failed: $rbuild_present
- name: rbenv | remove temporary directory
file: path=${tempdir.stdout} state=absent
when_failed: $rbuild_present
- name: rbenv | check ruby $ruby_version installed
shell: RBENV_ROOT=${rbenv_root} rbenv versions | grep $ruby_version
register: ruby_installed
ignore_errors: yes
- name: rbenv | install ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
sudo: true
when_failed: $ruby_installed
- name: rbenv | set global ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
sudo: true
when_failed: $ruby_installed
- name: rbenv | rehash
shell: RBENV_ROOT=${rbenv_root} rbenv rehash
sudo: true
when_failed: $ruby_installed
- name: gem | gem install bundler
shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${rbenv_root}/shims/gem install bundle chdir=${app_base_dir}/mitx
sudo: true
- name: bundle | bundle install
shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${gem_home}/bin/bundle install --deployment --binstubs chdir=${app_base_dir}/mitx
playbooks/roles/ruby/templates/rbenv.sh.j2 0 → 100644
export RBENV_ROOT="{{ rbenv_root }}"
export GEM_HOME="{{ gem_home }}"
eval "$(rbenv init -)"
playbooks/roles/ruby/vars/main.yml 0 → 100644
---
ruby_base: /opt/www
rbenv_root: "{{ ruby_base }}/.rbenv"
ruby_version: "1.9.3-p374"
gem_home: "{{ ruby_base }}/.gem"
playbooks/vars/secure_default/edxapp_stage_users.yml playbooks/secure_example/vars/edxapp_stage_users.yml
......@@ -9,4 +9,4 @@ env_users:
env_keys:
- user: frank
path: keys/frank.key
path: "{{ secure_dir }}/keys/frank.key"
playbooks/vars/secure_default/users.yml playbooks/secure_example/vars/users.yml
......@@ -10,4 +10,4 @@ admin_users:
admin_keys:
- user: joe
path: keys/joe.key
path: "{{ secure_dir }}/keys/joe.key"
playbooks/vars/secure_default/.gitignore deleted 100644 → 0
# Ignore git deployment ssh keys, which should never be checked into source
# control.
ssh_deploy*
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment