Commit bd2cc5e0 by John Jarvis

Merge pull request #198 from edx/jarv/add-prefix

Jarv/add prefix
parents 0f36b98c b5619024
--- ---
- name: restart apache - name: apache | restart apache
service: name=apache2 state=restarted service: name=apache2 state=restarted
# Requires nginx package # Requires nginx package
--- ---
- name: Copying apache config {{ site_name }} - name: apache | Copying apache config {{ site_name }}
template: src={{ item }} dest=/etc/apache2/sites-available/{{ site_name }} template: src={{ item }} dest=/etc/apache2/sites-available/{{ site_name }}
first_available_file: first_available_file:
- "{{ local_dir }}/apache/templates/{{ site_name }}.j2" - "{{ local_dir }}/apache/templates/{{ site_name }}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir # seems like paths in first_available_file must be relative to the playbooks dir
- "roles/apache/templates/{{ site_name }}.j2" - "roles/apache/templates/{{ site_name }}.j2"
notify: restart apache notify: apache | restart apache
when_set: $apache_role_run when_set: $apache_role_run
tags: tags:
- apache - apache
- update - update
- name: Creating apache2 config link {{ site_name }} - name: apache | Creating apache2 config link {{ site_name }}
file: src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root file: src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify: restart apache notify: apache | restart apache
when_set: $apache_role_run when_set: $apache_role_run
tags: tags:
- apache - apache
......
#Installs apache and runs the lms wsgi #Installs apache and runs the lms wsgi
--- ---
- name: Installs apache and mod_wsgi from apt - name: apache | Installs apache and mod_wsgi from apt
apt: pkg={{item}} install_recommends=no state=present update_cache=yes apt: pkg={{item}} install_recommends=no state=present update_cache=yes
with_items: with_items:
- apache2 - apache2
- libapache2-mod-wsgi - libapache2-mod-wsgi
notify: restart apache notify: apache | restart apache
tags: tags:
- apache - apache
- install - install
- name: disables default site - name: apache | disables default site
command: a2dissite 000-default command: a2dissite 000-default
notify: restart apache notify: apache | restart apache
tags: tags:
- apache - apache
- install - install
- name: rewrite apache ports conf - name: apache | rewrite apache ports conf
template: dest=/etc/apache2/ports.conf src=ports.conf.j2 owner=root group=root template: dest=/etc/apache2/ports.conf src=ports.conf.j2 owner=root group=root
notify: restart apache notify: apache | restart apache
tags: tags:
- apache - apache
- install - install
- name: Register the fact that apache role has run - name: apache | Register the fact that apache role has run
command: echo True command: echo True
register: apache_role_run register: apache_role_run
tags: tags:
......
--- ---
- name: restart rsyslogd - name: common | restart rsyslogd
service: name=rsyslog state=restarted service: name=rsyslog state=restarted
sudo: True sudo: True
--- ---
- name: Create 'edx' users group - name: common | Create 'edx' users group
group: name=edx state=present group: name=edx state=present
tags: tags:
- users - users
- admin_users - admin_users
- update - update
- name: Add user 'ubuntu' to 'edx' group - name: common | Add user 'ubuntu' to 'edx' group
# This is a temporary measure for initial configuration; after the last # This is a temporary measure for initial configuration; after the last
# play is run and we've got a good set of users, ubuntu should no longer be used # play is run and we've got a good set of users, ubuntu should no longer be used
user: name=ubuntu append=yes groups="edx" user: name=ubuntu append=yes groups="edx"
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
- admin_users - admin_users
- update - update
- name: Creating admin users - name: common | Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files # Admin users, by definition, should be able to sudo w/ password, and read adm-only files
user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
with_items: admin_users with_items: admin_users
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
- admin_users - admin_users
- update - update
- name: Copying ssh keys for admin users - name: common | Copying ssh keys for admin users
authorized_key: user={{item.user}} key="{{ lookup('file', item.path ) }}" authorized_key: user={{item.user}} key="{{ lookup('file', item.path ) }}"
with_items: admin_keys with_items: admin_keys
when: admin_keys is defined when: admin_keys is defined
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
- admin_users - admin_users
- update - update
- name: Creating env users - name: common | Creating env users
user: name={{ item.user }} {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %} shell=/bin/bash user: name={{ item.user }} {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %} shell=/bin/bash
with_items: env_users with_items: env_users
when: env_users is defined when: env_users is defined
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
- users - users
- update - update
- name: Copying ssh keys for env users - name: common | Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path ) }}" authorized_key: user={{ item.user }} key="{{ lookup('file', item.path ) }}"
with_items: env_keys with_items: env_keys
when: env_keys is defined when: env_keys is defined
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
- users - users
- update - update
- name: Group adm passwordless sudo - name: common | Group adm passwordless sudo
copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440 copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
tags: tags:
- users - users
......
--- ---
# create the 'edx' virtual environment in /opt so that roles can populate it # create the 'edx' virtual environment in /opt so that roles can populate it
- name: Install python and pip - name: common | Install python and pip
apt: pkg={{item}} install_recommends=yes state=present update_cache=yes apt: pkg={{item}} install_recommends=yes state=present update_cache=yes
with_items: with_items:
- python2.7 - python2.7
...@@ -10,31 +10,31 @@ ...@@ -10,31 +10,31 @@
- pre_install - pre_install
- install - install
- name: pip install virtualenv - name: common | pip install virtualenv
pip: name=virtualenv state=present pip: name=virtualenv state=present
tags: tags:
- venv_base - venv_base
- install - install
- name: pip install virtualenvwrapper - name: common | pip install virtualenvwrapper
pip: name=virtualenvwrapper state=present pip: name=virtualenvwrapper state=present
tags: tags:
- venv_base - venv_base
- install - install
- name: create edx virtualenv directory - name: common | create edx virtualenv directory
file: path={{ venv_dir }} owner=ubuntu group=adm mode=2775 state=directory file: path={{ venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
tags: tags:
- venv_base - venv_base
- install - install
- name: create the edx virtualenv directory initial contents - name: common | create the edx virtualenv directory initial contents
command: /usr/local/bin/virtualenv {{ venv_dir }} --distribute creates=$venv_dir/bin/activate command: /usr/local/bin/virtualenv {{ venv_dir }} --distribute creates=$venv_dir/bin/activate
tags: tags:
- venv_base - venv_base
- install - install
- name: pip install gunicorn - name: common | pip install gunicorn
pip: name=gunicorn virtualenv="{{venv_dir}}" state=present pip: name=gunicorn virtualenv="{{venv_dir}}" state=present
tags: tags:
- gunicorn - gunicorn
......
--- ---
- name: Install rsyslog configuration for edX - name: common | Install rsyslog configuration for edX
template: dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644 template: dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644
notify: restart rsyslogd notify: common | restart rsyslogd
tags: tags:
- logging - logging
- update - update
- name: Install logrotate configuration for edX - name: common | Install logrotate configuration for edX
template: dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644 template: dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644
tags: tags:
- logging - logging
- update - update
- name: Touch tracking file into existence - name: common | Touch tracking file into existence
command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
tags: tags:
- logging - logging
- update - update
- name: Set permissions on tracking file - name: common | Set permissions on tracking file
file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640 file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640
tags: tags:
- logging - logging
- update - update
- name: Install logrotate configuration for tracking file - name: common | Install logrotate configuration for tracking file
template: dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644 template: dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644
tags: tags:
- logging - logging
......
--- ---
- include: create_users.yml - include: create_users.yml
- name: Add user www-data - name: common | Add user www-data
# This user should be created on the system by default # This user should be created on the system by default
user: name=www-data user: name=www-data
tags: tags:
- pre_install - pre_install
- update - update
- name: Create application root - name: common | Create application root
# In the future consider making group edx r/t adm # In the future consider making group edx r/t adm
file: path={{ app_base_dir }} state=directory owner=root group=adm mode=2775 file: path={{ app_base_dir }} state=directory owner=root group=adm mode=2775
tags: tags:
- pre_install - pre_install
- update - update
- name: Create upload directory - name: common | Create upload directory
file: path={{ app_base_dir }}/uploads mode=2775 state=directory owner=root group=adm file: path={{ app_base_dir }}/uploads mode=2775 state=directory owner=root group=adm
tags: tags:
- pre_install - pre_install
- update - update
- name: Create data dir - name: common | Create data dir
file: path={{ app_base_dir }}/data state=directory owner=www-data group=root file: path={{ app_base_dir }}/data state=directory owner=www-data group=root
tags: tags:
- pre_install - pre_install
- update - update
- name: Create staticfiles dir - name: common | Create staticfiles dir
file: path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775 file: path={{ app_base_dir }}/staticfiles state=directory owner=www-data group=adm mode=2775
tags: tags:
- pre_install - pre_install
- update - update
- name: Install role-independent useful system packages - name: common | Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present # do this before log dir setup; rsyslog package guarantees syslog user present
apt: pkg={{','.join(common_debian_pkgs)}} install_recommends=yes state=present update_cache=yes apt: pkg={{','.join(common_debian_pkgs)}} install_recommends=yes state=present update_cache=yes
tags: tags:
- pre_install - pre_install
- update - update
- name: Create log directory - name: common | Create log directory
file: path=$log_base_dir state=directory mode=2770 group=adm owner=syslog file: path=$log_base_dir state=directory mode=2770 group=adm owner=syslog
tags: tags:
- pre_install - pre_install
- update - update
- name: Create alias from app_base_dir to the log_base_dir - name: common | Create alias from app_base_dir to the log_base_dir
file: state=link src=$log_base_dir path=$app_base_dir/log file: state=link src=$log_base_dir path=$app_base_dir/log
tags: tags:
- pre_install - pre_install
- logging - logging
- update - update
- name: Create convenience link from log_base_dir to system logs - name: common | Create convenience link from log_base_dir to system logs
file: state=link src=/var/log path=$log_base_dir/system file: state=link src=/var/log path=$log_base_dir/system
tags: tags:
- pre_install - pre_install
- logging - logging
- update - update
- name: Touch edx log file into place - name: common | Touch edx log file into place
# This is done for the benefit of the rake commands, which expect it # This is done for the benefit of the rake commands, which expect it
command: touch -a {{log_base_dir}}/edx.log creates={{log_base_dir}}/edx.log command: touch -a {{log_base_dir}}/edx.log creates={{log_base_dir}}/edx.log
tags: tags:
...@@ -68,7 +68,7 @@ ...@@ -68,7 +68,7 @@
- logging - logging
- install - install
- name: Set permissions on edx log file - name: common | Set permissions on edx log file
# This is done for the benefit of the rake commands, which expect it # This is done for the benefit of the rake commands, which expect it
file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640 file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640
tags: tags:
...@@ -76,7 +76,7 @@ ...@@ -76,7 +76,7 @@
- logging - logging
- update - update
- name: upload sudo config for key forwarding as root - name: common | upload sudo config for key forwarding as root
copy: src=ssh_key_forward dest=/etc/sudoers.d/ssh_key_forward validate='visudo -c -f %s' owner=root group=root mode=0440 copy: src=ssh_key_forward dest=/etc/sudoers.d/ssh_key_forward validate='visudo -c -f %s' owner=root group=root mode=0440
- include: create_venv.yml - include: create_venv.yml
......
--- ---
- name: edx-update.sh, manual lms/cms update script - name: common | edx-update.sh, manual lms/cms update script
template: src=edx-update.sh.j2 dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775 template: src=edx-update.sh.j2 dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775
tags: tags:
- release - release
......
--- ---
- name: restart discern - name: discern | restart discern
service: name=discern state=restarted service: name=discern state=restarted
- name: restart celery - name: discern | restart celery
service: name=celery state=restarted service: name=celery state=restarted
- name: restart nginx - name: discern | restart nginx
service: name=nginx state=restarted service: name=nginx state=restarted
--- ---
#Create the templates for upstart services #Create the templates for upstart services
- name: render celery service from template - name: discern | render celery service from template
template: src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664 template: src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664
notify: restart celery notify: discern | restart celery
- name: render discern service from template - name: discern | render discern service from template
template: src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664 template: src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664
notify: restart discern notify: discern | restart discern
#Allows us to recover from a bad sudoers file #Allows us to recover from a bad sudoers file
- name: Install policykit - name: discern | Install policykit
apt: pkg=policykit-1 install_recommends=yes state=present update_cache=yes apt: pkg=policykit-1 install_recommends=yes state=present update_cache=yes
#Discern user is admin #Discern user is admin
- name: Create discern user - name: discern | Create discern user
user: name={{ discern_user }} append=yes groups="adm,edx" shell=/bin/bash user: name={{ discern_user }} append=yes groups="adm,edx" shell=/bin/bash
- name: upload sudoers template to /tmp/sudoers - name: discern | upload sudoers template to /tmp/sudoers
copy: src=sudoers-discern dest=/tmp/{{site_name}} owner=root group=root mode=0440 copy: src=sudoers-discern dest=/tmp/{{site_name}} owner=root group=root mode=0440
#Verify file and move to sudoers.d folder #Verify file and move to sudoers.d folder
- name: move temp file to sudoers.d - name: discern | move temp file to sudoers.d
shell: visudo -q -c -f /tmp/{{site_name}} && cp /tmp/{{site_name}} /etc/sudoers.d/{{site_name}} shell: visudo -q -c -f /tmp/{{site_name}} && cp /tmp/{{site_name}} /etc/sudoers.d/{{site_name}}
#Upload config files for django (auth and env) #Upload config files for django (auth and env)
- name: create discern application config env.json file - name: discern | create discern application config env.json file
template: src=env.json.j2 dest={{app_base_dir}}/env.json owner={{discern_user}} group=edx mode=0640 template: src=env.json.j2 dest={{app_base_dir}}/env.json owner={{discern_user}} group=edx mode=0640
notify: notify:
- restart celery - discern | restart celery
- restart discern - discern | restart discern
- name: create discern auth file auth.json - name: discern | create discern auth file auth.json
template: src=auth.json.j2 dest={{app_base_dir}}/auth.json owner={{discern_user}} group=edx mode=0640 template: src=auth.json.j2 dest={{app_base_dir}}/auth.json owner={{discern_user}} group=edx mode=0640
notify: notify:
- restart celery - discern | restart celery
- restart discern - discern | restart discern
#Needed if using redis to prevent memory issues #Needed if using redis to prevent memory issues
- name: change memory commit settings -- needed for redis - name: discern | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1 command: sysctl vm.overcommit_memory=1
- name: set permissions on app_base_dir sgid for edx - name: discern | set permissions on app_base_dir sgid for edx
file: path={{app_base_dir}} owner=root group=edx mode=2775 state=directory file: path={{app_base_dir}} owner=root group=edx mode=2775 state=directory
file: path={{venv_dir}} owner=root group=edx mode=2775 state=directory file: path={{venv_dir}} owner=root group=edx mode=2775 state=directory
- name: Install git so that we can clone repos - name: discern | Install git so that we can clone repos
apt: pkg=git install_recommends=yes state=present apt: pkg=git install_recommends=yes state=present
#Create directories for repos #Create directories for repos
- name: create discern and ease directories and set permissions - name: discern | create discern and ease directories and set permissions
file: path={{item}} owner={{discern_user}} group=edx mode=2775 state=directory file: path={{item}} owner={{discern_user}} group=edx mode=2775 state=directory
with_items: with_items:
- ${discern_dir} - ${discern_dir}
- ${ease_dir} - ${ease_dir}
#Grab both repos or update #Grab both repos or update
- name: git checkout discern repo into discern_dir - name: discern | git checkout discern repo into discern_dir
git: dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}} git: dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}}
notify: notify:
- restart celery - discern | restart celery
- restart discern - discern | restart discern
- name: git checkout ease repo into ease_dir - name: discern | git checkout ease repo into ease_dir
git: dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}} git: dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}}
notify: notify:
- restart celery - discern | restart celery
- restart discern - discern | restart discern
#Install system packages #Install system packages
- name: install discern and ease apt packages - name: discern | install discern and ease apt packages
command: xargs -a {{item}}/apt-packages.txt apt-get install -y command: xargs -a {{item}}/apt-packages.txt apt-get install -y
with_items: with_items:
- ${discern_dir} - ${discern_dir}
...@@ -87,19 +87,19 @@ ...@@ -87,19 +87,19 @@
- ${discern_dir} - ${discern_dir}
- ${ease_dir} - ${ease_dir}
- name: install ease python package - name: discern | install ease python package
shell: command="{{venv_dir}}/bin/activate; cd {{ease_dir}}; python setup.py install" shell: command="{{venv_dir}}/bin/activate; cd {{ease_dir}}; python setup.py install"
#Needed for the ease package to work #Needed for the ease package to work
- name: install nltk data using rendered shell script - name: discern | install nltk data using rendered shell script
shell: command="{{venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all" shell: command="{{venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
- name: set permissions on nltk data directory - name: discern | set permissions on nltk data directory
file: path={{nltk_data_dir}} owner={{discern_user}} group=edx mode=2775 state=directory file: path={{nltk_data_dir}} owner={{discern_user}} group=edx mode=2775 state=directory
#Run this instead of using the ansible module because the ansible module only support syncdb of these three, and does not #Run this instead of using the ansible module because the ansible module only support syncdb of these three, and does not
#support virtualenvs as of this comment #support virtualenvs as of this comment
- name: django syncdb, migrate, and collectstatic for discern - name: discern | django syncdb, migrate, and collectstatic for discern
shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py {{item}} --noinput --settings={{discern_settings}} --pythonpath={{discern_dir}} shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py {{item}} --noinput --settings={{discern_settings}} --pythonpath={{discern_dir}}
with_items: with_items:
- syncdb - syncdb
...@@ -107,22 +107,22 @@ ...@@ -107,22 +107,22 @@
- collectstatic - collectstatic
#Have this separate from the other three because it doesn't take the noinput flag #Have this separate from the other three because it doesn't take the noinput flag
- name: django update_index for discern - name: discern | django update_index for discern
shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_dir}} shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_dir}}
- name: create nginx directory and set perms - name: discern | create nginx directory and set perms
file: path=/etc/nginx/sites-available owner=root group=edx mode=2775 state=directory file: path=/etc/nginx/sites-available owner=root group=edx mode=2775 state=directory
#Install nginx sites available #Install nginx sites available
#remove default link, render template, link template to sites-enabled to activate #remove default link, render template, link template to sites-enabled to activate
- name: Removing default nginx config - name: discern | Removing default nginx config
file: path=/etc/nginx/sites-enabled/default state=absent file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx notify: discern | restart nginx
- name: render nginx sites available - name: discern | render nginx sites available
template: src=nginx-discern.j2 dest=/etc/nginx/sites-available/{{ site_name }} template: src=nginx-discern.j2 dest=/etc/nginx/sites-available/{{ site_name }}
notify: restart nginx notify: discern | restart nginx
- name: Creating nginx config link {{ site_name }} - name: discern | Creating nginx config link {{ site_name }}
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state=link owner=root group=root file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state=link owner=root group=root
notify: restart nginx notify: discern | restart nginx
...@@ -11,64 +11,64 @@ ...@@ -11,64 +11,64 @@
# http://downloads.mysql.com/archives/mysql-5.1/mysql-5.1.62.tar.gz # http://downloads.mysql.com/archives/mysql-5.1/mysql-5.1.62.tar.gz
# #
--- ---
- name: install python-pymongo (req for ansible) - name: edxlocal | install python-pymongo (req for ansible)
pip: name=pymongo pip: name=pymongo
- name: install python-mysqldb (req for ansible) - name: edxlocal | install python-mysqldb (req for ansible)
apt: pkg=python-mysqldb state=present apt: pkg=python-mysqldb state=present
- name: install mysql server and recommends - name: edxlocal | install mysql server and recommends
apt: pkg=mysql-server-5.5 state=present install_recommends=yes apt: pkg=mysql-server-5.5 state=present install_recommends=yes
- name: create a database for edxapp - name: edxlocal | create a database for edxapp
mysql_db: > mysql_db: >
db=edxapp db=edxapp
state=present state=present
encoding=utf8 encoding=utf8
- name: create a database for xqueue - name: edxlocal | create a database for xqueue
mysql_db: > mysql_db: >
db=xqueue db=xqueue
state=present state=present
encoding=utf8 encoding=utf8
- name: create a database for ora - name: edxlocal | create a database for ora
mysql_db: > mysql_db: >
db=ora db=ora
state=present state=present
encoding=utf8 encoding=utf8
- name: install mongo server and recommends - name: edxlocal | install mongo server and recommends
apt: pkg=mongodb-server state=present install_recommends=yes apt: pkg=mongodb-server state=present install_recommends=yes
- name: stop mongo service - name: edxlocal | stop mongo service
service: name=mongodb state=stopped service: name=mongodb state=stopped
- name: move mongodb to /mnt - name: edxlocal | move mongodb to /mnt
command: mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb command: mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb
- name: create mongodb symlink - name: edxlocal | create mongodb symlink
file: src=/mnt/mongodb dest=/var/lib/mongodb state=link file: src=/mnt/mongodb dest=/var/lib/mongodb state=link
- name: start mongo service - name: edxlocal | start mongo service
service: name=mongodb state=started service: name=mongodb state=started
- name: wait for mongo server to start - name: edxlocal | wait for mongo server to start
wait_for: port=27017 delay=2 wait_for: port=27017 delay=2
- name: create a mongodb user for edxapp - name: edxlocal | create a mongodb user for edxapp
mongodb_user: > mongodb_user: >
database=edxapp database=edxapp
name=edxapp name=edxapp
password=password password=password
state=present state=present
- name: create a mongodb user for forums - name: edxlocal | create a mongodb user for forums
mongodb_user: > mongodb_user: >
database=cs_comments_service database=cs_comments_service
name=cs_comments_service name=cs_comments_service
password=password password=password
state=present state=present
- name: install memcached - name: edxlocal | install memcached
apt: pkg=memcached state=present apt: pkg=memcached state=present
# Launches an ec2 instance and blocks until the instance is up # Launches an ec2 instance and blocks until the instance is up
# adds it to the host group # adds it to the host group
- name: Launch instance - name: launch_instance | Launch instance
local_action: local_action:
module: ec2 module: ec2
keypair: "{{keypair}}" keypair: "{{keypair}}"
...@@ -13,10 +13,10 @@ ...@@ -13,10 +13,10 @@
instance_tags: "{{instance_tags}}" instance_tags: "{{instance_tags}}"
register: ec2 register: ec2
- name: Add new instance to host group - name: launch_instance | Add new instance to host group
local_action: add_host hostname=${item.public_ip} groupname=launched local_action: add_host hostname=${item.public_ip} groupname=launched
with_items: ${ec2.instances} with_items: ${ec2.instances}
- name: Wait for SSH to come up - name: launch_instance | Wait for SSH to come up
local_action: wait_for host=${item.public_dns_name} port=22 delay=60 timeout=320 state=started local_action: wait_for host=${item.public_dns_name} port=22 delay=60 timeout=320 state=started
with_items: ${ec2.instances} with_items: ${ec2.instances}
--- ---
- name: install python-pymongo (req for ansible) - name: mongo | install python-pymongo (req for ansible)
pip: name=pymongo pip: name=pymongo
- name: install mongo server and recommends - name: mongo | install mongo server and recommends
apt: pkg=mongodb-server state=present install_recommends=yes apt: pkg=mongodb-server state=present install_recommends=yes
- name: stop mongo service - name: mongo | stop mongo service
service: name=mongodb state=stopped service: name=mongodb state=stopped
- name: move mongodb to /mnt - name: mongo | move mongodb to /mnt
command: mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb command: mv /var/lib/mongodb /mnt/. creates=/mnt/mongodb
- name: create mongodb symlink - name: mongo | create mongodb symlink
file: src=/mnt/mongodb dest=/var/lib/mongodb state=link file: src=/mnt/mongodb dest=/var/lib/mongodb state=link
- name: start mongo service - name: mongo | start mongo service
service: name=mongodb state=started service: name=mongodb state=started
- name: wait for mongo server to start - name: mongo | wait for mongo server to start
wait_for: port=27017 delay=2 wait_for: port=27017 delay=2
- name: create a mongodb user - name: mongo | create a mongodb user
mongodb_user: > mongodb_user: >
database=cs_comments_service database=cs_comments_service
name=cs_comments_service name=cs_comments_service
......
--- ---
- name: restart nginx - name: nginx | restart nginx
service: name=nginx state=restarted service: name=nginx state=restarted
sudo: True sudo: True
# requires: # requires:
# - common/tasks/main.yml # - common/tasks/main.yml
--- ---
- name: Install nginx - name: nginx | Install nginx
apt: pkg=nginx state={{ pkgs.nginx.state }} apt: pkg=nginx state={{ pkgs.nginx.state }}
notify: restart nginx notify: nginx | restart nginx
tags: tags:
- nginx - nginx
- install - install
...@@ -14,13 +14,13 @@ ...@@ -14,13 +14,13 @@
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release - include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth - include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
- name: Write out default htpasswd file - name: nginx | Write out default htpasswd file
copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd owner=www-data group=www-data mode=0600 copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd owner=www-data group=www-data mode=0600
tags: tags:
- nginx - nginx
- update - update
- name: Create nginx log file location (just in case) - name: nginx | Create nginx log file location (just in case)
file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770 file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
tags: tags:
- nginx - nginx
...@@ -28,34 +28,34 @@ ...@@ -28,34 +28,34 @@
- update - update
# removing default link # removing default link
- name: Removing default nginx config and restart (enabled) - name: nginx | Removing default nginx config and restart (enabled)
file: path=/etc/nginx/sites-enabled/default state=absent file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx notify: nginx | restart nginx
tags: tags:
- nginx - nginx
- update - update
# Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good # Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
- name: Set up nginx access log rotation - name: nginx | Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644 template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
tags: tags:
- logging - logging
- update - update
- name: Set up nginx access log rotation - name: nginx | Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644 template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
tags: tags:
- logging - logging
- update - update
- name: Removing default nginx config (available) - name: nginx | Removing default nginx config (available)
file: path=/etc/nginx/sites-available/default state=absent file: path=/etc/nginx/sites-available/default state=absent
tags: tags:
- nginx - nginx
- update - update
- name: Register the fact that nginx has run - name: nginx | Register the fact that nginx has run
command: echo True command: echo True
register: nginx_role_run register: nginx_role_run
tags: tags:
...@@ -65,5 +65,5 @@ ...@@ -65,5 +65,5 @@
# If tasks that notify restart nginx don't change the state of the remote system # If tasks that notify restart nginx don't change the state of the remote system
# their corresponding notifications don't get run. If nginx has been stopped for # their corresponding notifications don't get run. If nginx has been stopped for
# any reason, this will ensure that it is started up again. # any reason, this will ensure that it is started up again.
- name: make sure nginx has started - name: nginx | make sure nginx has started
service: name=nginx state=started service: name=nginx state=started
# Requires nginx package # Requires nginx package
--- ---
- name: Copying nginx config {{ site_name }} - name: nginx | Copying nginx config {{ site_name }}
template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }} template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
first_available_file: first_available_file:
- "{{ local_dir }}/nginx/templates/{{ site_name }}.j2" - "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
# seems like paths in first_available_file must be relative to the playbooks dir # seems like paths in first_available_file must be relative to the playbooks dir
- "roles/nginx/templates/{{ site_name }}.j2" - "roles/nginx/templates/{{ site_name }}.j2"
notify: restart nginx notify: nginx | restart nginx
when_set: $nginx_role_run when_set: $nginx_role_run
tags: tags:
- nginx - nginx
...@@ -15,9 +15,9 @@ ...@@ -15,9 +15,9 @@
- nginx-env - nginx-env
- update - update
- name: Creating nginx config link {{ site_name }} - name: nginx | Creating nginx config link {{ site_name }}
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify: restart nginx notify: nginx | restart nginx
when_set: $nginx_role_run when_set: $nginx_role_run
tags: tags:
- nginx - nginx
......
--- ---
- name: restart edx-ora - name: ora | restart edx-ora
service: name=edx-ora state=restarted service: name=edx-ora state=restarted
- name: restart edx-ora-celery - name: ora | restart edx-ora-celery
service: name=edx-ora-celery state=restarted service: name=edx-ora-celery state=restarted
- name: See if edx-ora.conf is installed - name: ora | See if edx-ora.conf is installed
shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''" shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
register: edx_ora_installed register: edx_ora_installed
tags: tags:
- ora - ora
- deploy - deploy
- name: See if edx-ora-celery.conf is installed - name: ora | See if edx-ora-celery.conf is installed
shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''" shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
register: edx_ora_celery_installed register: edx_ora_celery_installed
tags: tags:
...@@ -13,38 +13,38 @@ ...@@ -13,38 +13,38 @@
- deploy - deploy
# Stop ora service. # Stop ora service.
- name: stop edx-ora service - name: ora | stop edx-ora service
service: name=edx-ora state=stopped service: name=edx-ora state=stopped
when: edx_ora_installed.stdout == 'Found' when: edx_ora_installed.stdout == 'Found'
notify: restart edx-ora notify: ora | restart edx-ora
tags: tags:
- ora - ora
- deploy - deploy
- name: stop edx-ora-celery service - name: ora | stop edx-ora-celery service
service: name=edx-ora-celery state=stopped service: name=edx-ora-celery state=stopped
when: edx_ora_celery_installed.stdout == 'Found' when: edx_ora_celery_installed.stdout == 'Found'
notify: restart edx-ora-celery notify: ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
# Do A Checkout # Do A Checkout
- name: git checkout ora repo into $app_base_dir - name: ora | git checkout ora repo into $app_base_dir
git: dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}} git: dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}}
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
# Do Post Checkout Tasks. # Do Post Checkout Tasks.
- name: change permissions on ora code dir - name: ora | change permissions on ora code dir
file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
...@@ -55,51 +55,51 @@ ...@@ -55,51 +55,51 @@
# Install the python pre requirements into {{ ora_venv_dir }} # Install the python pre requirements into {{ ora_venv_dir }}
- name: install python pre-requirements - name: ora | install python pre-requirements
pip: requirements="{{ora_pre_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present pip: requirements="{{ora_pre_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
# Install the python post requirements into {{ ora_venv_dir }} # Install the python post requirements into {{ ora_venv_dir }}
- name: install python post-requirements - name: ora | install python post-requirements
pip: requirements="{{ora_post_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present pip: requirements="{{ora_post_requirements_file}}" virtualenv="{{ora_venv_dir}}" state=present
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
#Needed if using redis to prevent memory issues #Needed if using redis to prevent memory issues
- name: change memory commit settings -- needed for redis - name: ora | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1 command: sysctl vm.overcommit_memory=1
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- deploy - deploy
- name: syncdb and migrate - name: ora | syncdb and migrate
shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}} shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
when: migrate_db is defined and migrate_db|lower == "yes" when: migrate_db is defined and migrate_db|lower == "yes"
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- syncdb - syncdb
- deploy - deploy
- name: create users - name: ora | create users
shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}} shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
notify: notify:
- restart edx-ora - ora | restart edx-ora
- restart edx-ora-celery - ora | restart edx-ora-celery
tags: tags:
- ora - ora
- syncdb - syncdb
......
- name: See if edx-ora.conf is installed - name: ora | See if edx-ora.conf is installed
shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''" shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
register: edx_ora_installed register: edx_ora_installed
tags: tags:
- ora - ora
- deploy - deploy
- name: See if edx-ora-celery.conf is installed - name: ora | See if edx-ora-celery.conf is installed
shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''" shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
register: edx_ora_celery_installed register: edx_ora_celery_installed
tags: tags:
...@@ -13,14 +13,14 @@ ...@@ -13,14 +13,14 @@
- deploy - deploy
# Stop ora service. # Stop ora service.
- name: stop edx-ora service - name: ora | stop edx-ora service
service: name=edx-ora state=stopped service: name=edx-ora state=stopped
when: edx_ora_installed.stdout == 'Found' when: edx_ora_installed.stdout == 'Found'
tags: tags:
- ora - ora
- deploy - deploy
- name: stop edx-ora-celery service - name: ora | stop edx-ora-celery service
service: name=edx-ora-celery state=stopped service: name=edx-ora-celery state=stopped
when: edx_ora_celery_installed.stdout == 'Found' when: edx_ora_celery_installed.stdout == 'Found'
tags: tags:
...@@ -29,14 +29,14 @@ ...@@ -29,14 +29,14 @@
# Do A Checkout # Do A Checkout
- name: git checkout ease repo into its base dir - name: ora | git checkout ease repo into its base dir
git: dest={{ease_code_dir}} repo={{ease_source_repo}} version={{ease_version}} git: dest={{ease_code_dir}} repo={{ease_source_repo}} version={{ease_version}}
tags: tags:
- ease - ease
- deploy - deploy
# Do Post Checkout Tasks. # Do Post Checkout Tasks.
- name: change permissions on ease code dir - name: ora | change permissions on ease code dir
file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
tags: tags:
- ease - ease
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain # TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here. # portions of the deploy needs to be incorporated here.
# #
- name: install ease system packages - name: ora | install ease system packages
apt: pkg={{item}} state=present apt: pkg={{item}} state=present
with_items: ease_debian_pkgs with_items: ease_debian_pkgs
tags: tags:
...@@ -55,27 +55,27 @@ ...@@ -55,27 +55,27 @@
# Install the python pre requirements into {{ ease_venv_dir }} # Install the python pre requirements into {{ ease_venv_dir }}
- name: install ease python pre-requirements - name: ora | install ease python pre-requirements
pip: requirements="{{ease_pre_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present pip: requirements="{{ease_pre_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags: tags:
- ease - ease
- deploy - deploy
# Install the python post requirements into {{ ease_venv_dir }} # Install the python post requirements into {{ ease_venv_dir }}
- name: install ease python post-requirements - name: ora | install ease python post-requirements
pip: requirements="{{ease_post_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present pip: requirements="{{ease_post_requirements_file}}" virtualenv="{{ease_venv_dir}}" state=present
tags: tags:
- ease - ease
- deploy - deploy
- name: install ease python package - name: ora | install ease python package
shell: command="{{ease_venv_dir}}/bin/activate; cd {{ease_code_dir}}; python setup.py install" shell: command="{{ease_venv_dir}}/bin/activate; cd {{ease_code_dir}}; python setup.py install"
tags: tags:
- ease - ease
- deploy - deploy
#Needed for the ease package to work #Needed for the ease package to work
- name: check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle - name: ora | check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''" shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
register: nltk_data_installed register: nltk_data_installed
tags: tags:
...@@ -83,14 +83,14 @@ ...@@ -83,14 +83,14 @@
- deploy - deploy
- name: install nltk data using rendered shell script - name: ora | install nltk data using rendered shell script
command: "{{ease_venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all" command: "{{ease_venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
when: nltk_data_installed.stdout != "Found" when: nltk_data_installed.stdout != "Found"
tags: tags:
- ease - ease
- deploy - deploy
- name: set permissions on nltk data directory - name: ora | set permissions on nltk data directory
file: path={{nltk_data_dir}} owner=ubuntu group=adm mode=2775 state=directory file: path={{nltk_data_dir}} owner=ubuntu group=adm mode=2775 state=directory
tags: tags:
- ease - ease
......
...@@ -3,54 +3,54 @@ ...@@ -3,54 +3,54 @@
# - common/tasks/main.yml # - common/tasks/main.yml
# - nginx/tasks/main.yml # - nginx/tasks/main.yml
--- ---
- name: Change permissions on datadir - name: ora | Change permissions on datadir
file: path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data file: path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data
tags: tags:
- ora - ora
- name: Create ml_models directory - name: ora | Create ml_models directory
file: path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data file: path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data
tags: tags:
- ora - ora
# Check out ora repo to {{ora_code_dir}} # Check out ora repo to {{ora_code_dir}}
- name: install git and its recommends - name: ora | install git and its recommends
apt: pkg=git state=present install_recommends=yes apt: pkg=git state=present install_recommends=yes
tags: tags:
- ora - ora
- name: create ora application config - name: ora | create ora application config
template: src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm template: src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm
tags: tags:
- ora - ora
- name: create ora auth file - name: ora | create ora auth file
template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm
tags: tags:
- ora - ora
- name: create ora upstart script - name: ora | create ora upstart script
template: src=edx-ora.conf.j2 dest=/etc/init/edx-ora.conf mode=0640 owner=root group=adm template: src=edx-ora.conf.j2 dest=/etc/init/edx-ora.conf mode=0640 owner=root group=adm
tags: tags:
- ora - ora
- name: create ora-celery upstart script - name: ora | create ora-celery upstart script
template: src=edx-ora-celery.conf.j2 dest=/etc/init/edx-ora-celery.conf mode=0640 owner=root group=adm template: src=edx-ora-celery.conf.j2 dest=/etc/init/edx-ora-celery.conf mode=0640 owner=root group=adm
tags: tags:
- ora - ora
- name: install debian packages that ora needs - name: ora | install debian packages that ora needs
apt: pkg={{item}} state=present apt: pkg={{item}} state=present
with_items: ora_debian_pkgs with_items: ora_debian_pkgs
tags: tags:
- ora - ora
- name: create the ora virtual environment - name: ora | create the ora virtual environment
file: path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory file: path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory
tags: tags:
- ora - ora
- name: bootstrap the ora virtual environment - name: ora | bootstrap the ora virtual environment
command: /usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate command: /usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate
tags: tags:
- ora - ora
......
...@@ -3,58 +3,58 @@ ...@@ -3,58 +3,58 @@
# There is a bug with initializing multiple nodes in the HA cluster at once # There is a bug with initializing multiple nodes in the HA cluster at once
# http://rabbitmq.1065348.n5.nabble.com/Rabbitmq-boot-failure-with-quot-tables-not-present-quot-td24494.html # http://rabbitmq.1065348.n5.nabble.com/Rabbitmq-boot-failure-with-quot-tables-not-present-quot-td24494.html
- name: trust rabbit repository - name: rabbitmq | trust rabbit repository
apt_key: url={{rabbitmq_apt_key}} state=present apt_key: url={{rabbitmq_apt_key}} state=present
- name: install python-software-properties if debian - name: rabbitmq | install python-software-properties if debian
apt: pkg={{",".join(rabbitmq_debian_pkgs)}} state=present apt: pkg={{",".join(rabbitmq_debian_pkgs)}} state=present
- name: add rabbit repository - name: rabbitmq | add rabbit repository
apt_repository: repo="{{rabbitmq_repository}}" state=present apt_repository: repo="{{rabbitmq_repository}}" state=present
- name: install rabbitmq - name: rabbitmq | install rabbitmq
apt: pkg={{rabbitmq_pkg}} state=present apt: pkg={{rabbitmq_pkg}} state=present
- name: stop rabbit cluster - name: rabbitmq | stop rabbit cluster
service: name=rabbitmq-server state=stopped service: name=rabbitmq-server state=stopped
# Defaulting to /var/lib/rabbitmq # Defaulting to /var/lib/rabbitmq
- name: create cookie directory - name: rabbitmq | create cookie directory
file: path={{rabbitmq_cookie_dir}} owner=rabbitmq group=rabbitmq mode=0755 state=directory file: path={{rabbitmq_cookie_dir}} owner=rabbitmq group=rabbitmq mode=0755 state=directory
- name: add rabbitmq erlang cookie - name: rabbitmq | add rabbitmq erlang cookie
template: src=erlang.cookie.j2 dest={{rabbitmq_cookie_location}} owner=rabbitmq group=rabbitmq mode=0400 template: src=erlang.cookie.j2 dest={{rabbitmq_cookie_location}} owner=rabbitmq group=rabbitmq mode=0400
register: erlang_cookie register: erlang_cookie
# Defaulting to /etc/rabbitmq # Defaulting to /etc/rabbitmq
- name: create rabbitmq config directory - name: rabbitmq | create rabbitmq config directory
file: path={{rabbitmq_config_dir}} owner=root group=root mode=0755 state=directory file: path={{rabbitmq_config_dir}} owner=root group=root mode=0755 state=directory
- name: add rabbitmq environment configuration - name: rabbitmq | add rabbitmq environment configuration
template: src=rabbitmq-env.conf.j2 dest={{rabbitmq_config_dir}}/rabbitmq-env.conf owner=root group=root mode=0644 template: src=rabbitmq-env.conf.j2 dest={{rabbitmq_config_dir}}/rabbitmq-env.conf owner=root group=root mode=0644
- name: add rabbitmq cluster configuration - name: rabbitmq | add rabbitmq cluster configuration
template: src=rabbitmq.config.j2 dest={{rabbitmq_config_dir}}/rabbitmq.config owner=root group=root mode=0644 template: src=rabbitmq.config.j2 dest={{rabbitmq_config_dir}}/rabbitmq.config owner=root group=root mode=0644
register: cluster_configuration register: cluster_configuration
- name: add the mangement plugin - name: rabbitmq | add the mangement plugin
rabbitmq_plugin: names=rabbitmq_management state=enabled rabbitmq_plugin: names=rabbitmq_management state=enabled
# When rabbitmq starts up it creates a folder of metadata at '/var/lib/rabbitmq/mnesia'. # When rabbitmq starts up it creates a folder of metadata at '/var/lib/rabbitmq/mnesia'.
# This folder should be deleted before clustering is setup because it retains data # This folder should be deleted before clustering is setup because it retains data
# that can conflict with the clustering information. # that can conflict with the clustering information.
- name: remove mnesia configuration - name: rabbitmq | remove mnesia configuration
file: path={{rabbitmq_mnesia_folder}} state=absent file: path={{rabbitmq_mnesia_folder}} state=absent
when: erlang_cookie.changed or cluster_configuration.changed when: erlang_cookie.changed or cluster_configuration.changed
- name: start rabbit nodes - name: rabbitmq | start rabbit nodes
service: name=rabbitmq-server state=restarted service: name=rabbitmq-server state=restarted
- name: remove guest user - name: rabbitmq | remove guest user
rabbitmq_user: user="guest" state=absent rabbitmq_user: user="guest" state=absent
- name: add admin users - name: rabbitmq | add admin users
rabbitmq_user: > rabbitmq_user: >
user='{{item.name}}' user='{{item.name}}'
password='{{item.password}}' password='{{item.password}}'
......
--- ---
- name: restart shibd - name: shibboleth | restart shibd
service: name=shibd state=restarted service: name=shibd state=restarted
#Install shibboleth #Install shibboleth
--- ---
- name: Installs shib and dependencies from apt - name: shibboleth | Installs shib and dependencies from apt
apt: pkg={{item}} install_recommends=no state=present update_cache=yes apt: pkg={{item}} install_recommends=no state=present update_cache=yes
with_items: with_items:
- shibboleth-sp2-schemas - shibboleth-sp2-schemas
...@@ -9,46 +9,46 @@ ...@@ -9,46 +9,46 @@
- libshibsp-doc - libshibsp-doc
- libapache2-mod-shib2 - libapache2-mod-shib2
- opensaml2-tools - opensaml2-tools
notify: restart shibd notify: shibboleth | restart shibd
tags: tags:
- shib - shib
- install - install
- name: Creates /etc/shibboleth/metadata directory - name: shibboleth | Creates /etc/shibboleth/metadata directory
file: path=/etc/shibboleth/metadata state=directory mode=2774 group=_shibd owner=_shibd file: path=/etc/shibboleth/metadata state=directory mode=2774 group=_shibd owner=_shibd
tags: tags:
- shib - shib
- install - install
- name: Downloads metadata into metadata directory as backup - name: shibboleth | Downloads metadata into metadata directory as backup
get_url: url=https://idp.stanford.edu/Stanford-metadata.xml dest=/etc/shibboleth/metadata/idp-metadata.xml mode=0640 group=_shibd owner=_shibd get_url: url=https://idp.stanford.edu/Stanford-metadata.xml dest=/etc/shibboleth/metadata/idp-metadata.xml mode=0640 group=_shibd owner=_shibd
tags: tags:
- shib - shib
- install - install
- name: writes out key and pem file - name: shibboleth | writes out key and pem file
template: src=sp.{{item}}.j2 dest=/etc/shibboleth/sp.{{item}} group=_shibd owner=_shibd mode=0600 template: src=sp.{{item}}.j2 dest=/etc/shibboleth/sp.{{item}} group=_shibd owner=_shibd mode=0600
with_items: with_items:
- key - key
- pem - pem
notify: restart shibd notify: shibboleth | restart shibd
tags: tags:
- shib - shib
- install - install
- name: writes out configuration files - name: shibboleth | writes out configuration files
template: src={{item}}.j2 dest=/etc/shibboleth/{{item}} group=_shibd owner=_shibd mode=0644 template: src={{item}}.j2 dest=/etc/shibboleth/{{item}} group=_shibd owner=_shibd mode=0644
with_items: with_items:
- attribute-map.xml - attribute-map.xml
- shibboleth2.xml - shibboleth2.xml
notify: restart shibd notify: shibboleth | restart shibd
tags: tags:
- shib - shib
- install - install
- name: enables shib - name: shibboleth | enables shib
command: a2enmod shib2 command: a2enmod shib2
notify: restart shibd notify: shibboleth | restart shibd
tags: tags:
- shib - shib
- install - install
......
- name: stop xqueue - name: xqueue | stop xqueue
service: name=xqueue state=stopped service: name=xqueue state=stopped
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: start xqueue - name: xqueue | start xqueue
service: name=xqueue state=started service: name=xqueue state=started
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: restart xqueue - name: xqueue | restart xqueue
service: name=xqueue state=restarted service: name=xqueue state=restarted
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: restart xqueue consumer - name: xqueue | restart xqueue consumer
service: name=xqueue_consumer state=restarted service: name=xqueue_consumer state=restarted
# Stop xqueue service. # Stop xqueue service.
- name: stop xqueue service - name: xqueue | stop xqueue service
service: name=xqueue state=stopped service: name=xqueue state=stopped
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: stop xqueue consumer service - name: xqueue | stop xqueue consumer service
service: name=xqueue_consumer state=stopped service: name=xqueue_consumer state=stopped
tags: tags:
- xqueue - xqueue
- deploy - deploy
# Do A Checkout # Do A Checkout
- name: git checkout xqueue repo into $app_base_dir - name: xqueue | git checkout xqueue repo into $app_base_dir
git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}} git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}
tags: tags:
- xqueue - xqueue
- deploy - deploy
# Do Post Checkout Tasks. # Do Post Checkout Tasks.
- name: create xqueue code dir - name: xqueue | create xqueue code dir
file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755 file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755
tags: tags:
- xqueue - xqueue
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain # TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
# portions of the deploy needs to be incorporated here. # portions of the deploy needs to be incorporated here.
- name: sets permissions on xqueue code dir and contents - name: xqueue | sets permissions on xqueue code dir and contents
file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes
# Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready. # Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready.
# Look at the handlers/main.yml in this role for a description of the tasks stated below. # Look at the handlers/main.yml in this role for a description of the tasks stated below.
...@@ -51,7 +51,7 @@ ...@@ -51,7 +51,7 @@
- xqueue - xqueue
- deploy - deploy
- name: syncdb and migrate - name: xqueue | syncdb and migrate
shell: sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue shell: sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when: migrate_db is defined and migrate_db|lower == "yes" when: migrate_db is defined and migrate_db|lower == "yes"
tags: tags:
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
- syncdb - syncdb
- deploy - deploy
- name: create users - name: xqueue | create users
shell: sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue shell: sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
when: update_users is defined when: update_users is defined
tags: tags:
...@@ -67,19 +67,19 @@ ...@@ -67,19 +67,19 @@
- syncdb - syncdb
- deploy - deploy
- name: stop xqueue - name: xqueue | stop xqueue
service: name=xqueue state=stopped service: name=xqueue state=stopped
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: start xqueue - name: xqueue | start xqueue
service: name=xqueue state=started service: name=xqueue state=started
tags: tags:
- xqueue - xqueue
- deploy - deploy
- name: start xqueue consumer - name: xqueue | start xqueue consumer
service: name=xqueue_consumer state=started service: name=xqueue_consumer state=started
tags: tags:
- xqueue - xqueue
......
...@@ -3,12 +3,12 @@ ...@@ -3,12 +3,12 @@
# - common/tasks/main.yml # - common/tasks/main.yml
# - nginx/tasks/main.yml # - nginx/tasks/main.yml
--- ---
- name: Change permissions on datadir - name: xqueue | Change permissions on datadir
file: path={{app_base_dir}}/data state=directory owner=www-data group=www-data file: path={{app_base_dir}}/data state=directory owner=www-data group=www-data
tags: tags:
- xqueue - xqueue
- name: create xqueue db - name: xqueue | create xqueue db
mysql_db: > mysql_db: >
name={{xqueue_auth_config.DATABASES.default.NAME}} name={{xqueue_auth_config.DATABASES.default.NAME}}
login_host={{xqueue_auth_config.DATABASES.default.HOST}} login_host={{xqueue_auth_config.DATABASES.default.HOST}}
...@@ -18,46 +18,46 @@ ...@@ -18,46 +18,46 @@
encoding=utf8 encoding=utf8
# Check out xqueue repo to {{xqueue_code_dir}} # Check out xqueue repo to {{xqueue_code_dir}}
- name: install git and its recommends - name: xqueue | install git and its recommends
apt: pkg=git state=present install_recommends=yes apt: pkg=git state=present install_recommends=yes
tags: tags:
- xqueue - xqueue
- name: install a bunch of system packages on which xqueue relies - name: xqueue | install a bunch of system packages on which xqueue relies
apt: pkg={{','.join(xqueue_debian_pkgs)}} state=present apt: pkg={{','.join(xqueue_debian_pkgs)}} state=present
notify: notify:
- restart xqueue - xqueue | restart xqueue
- restart xqueue consumer - xqueue | restart xqueue consumer
tags: tags:
- xqueue - xqueue
- name: create xqueue application config - name: xqueue | create xqueue application config
template: src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm template: src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm
notify: notify:
- restart xqueue - xqueue | restart xqueue
- restart xqueue consumer - xqueue | restart xqueue consumer
tags: tags:
- xqueue - xqueue
- name: create xqueue auth file - name: xqueue | create xqueue auth file
template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm
notify: notify:
- restart xqueue - xqueue | restart xqueue
- restart xqueue consumer - xqueue | restart xqueue consumer
tags: tags:
- xqueue - xqueue
- name: creating xqueue upstart script - name: xqueue | creating xqueue upstart script
template: src=xqueue.conf.j2 dest=/etc/init/xqueue.conf mode=0640 owner=root group=adm template: src=xqueue.conf.j2 dest=/etc/init/xqueue.conf mode=0640 owner=root group=adm
notify: notify:
- restart xqueue - xqueue | restart xqueue
tags: tags:
- xqueue - xqueue
- name: create xqueue consumer upstart script - name: xqueue | create xqueue consumer upstart script
template: src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm template: src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm
notify: notify:
- restart xqueue consumer - xqueue | restart xqueue consumer
tags: tags:
- xqueue - xqueue
......
- name: restart nginx - name: xserver | restart nginx
service: name=nginx state=restarted service: name=nginx state=restarted
- name: stop xserver - name: xserver | stop xserver
service: name=xserver state=stopped service: name=xserver state=stopped
tags: tags:
- deploy - deploy
- name: checkout code - name: xserver | checkout code
git: dest={{xserver_code_dir}} repo={{xserver_source_repo}} version={{xserver_version}} git: dest={{xserver_code_dir}} repo={{xserver_source_repo}} version={{xserver_version}}
tags: tags:
- deploy - deploy
- name: install requirements - name: xserver | install requirements
pip: requirements="{{xserver_requirements_file}}" virtualenv="{{venv_dir}}" state=present pip: requirements="{{xserver_requirements_file}}" virtualenv="{{venv_dir}}" state=present
tags: tags:
- deploy - deploy
- name: install sandbox requirements - name: xserver | install sandbox requirements
pip: requirements="{{xserver_requirements_file}}" virtualenv="{{xserver_sandbox_venv_dir}}" state=present pip: requirements="{{xserver_requirements_file}}" virtualenv="{{xserver_sandbox_venv_dir}}" state=present
tags: tags:
- deploy - deploy
- name: create xserver application config - name: xserver | create xserver application config
template: src=xserver.env.json.j2 dest={{app_base_dir}}/env.json mode=640 owner=www-data group=adm template: src=xserver.env.json.j2 dest={{app_base_dir}}/env.json mode=640 owner=www-data group=adm
tags: tags:
- deploy - deploy
- name: install read-only ssh key for the content repo that is required for grading - name: xserver | install read-only ssh key for the content repo that is required for grading
copy: src={{ xserver_git_identity_path }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60 copy: src={{ xserver_git_identity_path }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60
tags: tags:
- deploy - deploy
- name: checkout grader code - name: xserver | checkout grader code
git: dest={{xserver_grader_dir}} repo={{xserver_grader_source}} version={{xserver_grader_version}} git: dest={{xserver_grader_dir}} repo={{xserver_grader_source}} version={{xserver_grader_version}}
environment: environment:
GIT_SSH: /tmp/git_ssh.sh GIT_SSH: /tmp/git_ssh.sh
...@@ -36,12 +36,12 @@ ...@@ -36,12 +36,12 @@
tags: tags:
- deploy - deploy
- name: remove read-only ssh key for the content repo - name: xserver | remove read-only ssh key for the content repo
file: path=/etc/git-identity state=absent file: path=/etc/git-identity state=absent
tags: tags:
- deploy - deploy
- name: start xserver - name: xserver | start xserver
service: name=xserver state=started service: name=xserver state=started
tags: tags:
- deploy - deploy
...@@ -3,54 +3,54 @@ ...@@ -3,54 +3,54 @@
# access to the edX 6.00x repo which is not public # access to the edX 6.00x repo which is not public
--- ---
- name: ensure sandbox group exists - name: xserver | ensure sandbox group exists
group: name=sandbox group: name=sandbox
- name: ensure sandbox user exists - name: xserver | ensure sandbox user exists
user: name=sandbox group=sandbox user: name=sandbox group=sandbox
- name: create sandbox python directory - name: xserver | create sandbox python directory
file: path={{ xserver_sandbox_venv_dir }} owner=ubuntu group=adm mode=2775 state=directory file: path={{ xserver_sandbox_venv_dir }} owner=ubuntu group=adm mode=2775 state=directory
- name: create sandbox sudoers file - name: xserver | create sandbox sudoers file
template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440 template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
- name: create sandbox python - name: xserver | create sandbox python
command: /usr/local/bin/virtualenv {{ xserver_sandbox_venv_dir }} --distribute creates={{ xserver_sandbox_venv_dir }}/bin/activate command: /usr/local/bin/virtualenv {{ xserver_sandbox_venv_dir }} --distribute creates={{ xserver_sandbox_venv_dir }}/bin/activate
# Make sure this line is in the common-session file. # Make sure this line is in the common-session file.
- name: ensure pam-limits module is loaded - name: xserver | ensure pam-limits module is loaded
lineinfile: lineinfile:
dest=/etc/pam.d/common-session dest=/etc/pam.d/common-session
regexp="session required pam_limits.so" regexp="session required pam_limits.so"
line="session required pam_limits.so" line="session required pam_limits.so"
- name: set sandbox limits - name: xserver | set sandbox limits
copy: src={{ item }} dest=/etc/security/limits.d/sandbox.conf copy: src={{ item }} dest=/etc/security/limits.d/sandbox.conf
first_available_file: first_available_file:
- "{{ secure_dir }}/sandbox.conf" - "{{ secure_dir }}/sandbox.conf"
- "sandbox.conf" - "sandbox.conf"
- name: ensure apparmor package - name: xserver | ensure apparmor package
apt: pkg=apparmor-utils state=present apt: pkg=apparmor-utils state=present
- name: load python-sandbox apparmor profile - name: xserver | load python-sandbox apparmor profile
template: src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox template: src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox
first_available_file: first_available_file:
- "{{ secure_dir }}/files/edx_apparmor_sandbox.j2" - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
- "usr.bin.python-sandbox.j2" - "usr.bin.python-sandbox.j2"
- name: enforce app-armor rules - name: xserver | enforce app-armor rules
command: aa-enforce {{ xserver_sandbox_venv_dir }} command: aa-enforce {{ xserver_sandbox_venv_dir }}
- name: setup upstart script - name: xserver | setup upstart script
template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
- name: install system dependencies of xserver - name: xserver | install system dependencies of xserver
apt: pkg={{ item }} state=present apt: pkg={{ item }} state=present
with_items: xserver_debian_pkgs with_items: xserver_debian_pkgs
- name: upload ssh script - name: xserver | upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750 copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: nginx.yml - include: nginx.yml
......
- name: add xserver nginx configuration - name: xserver | add xserver nginx configuration
template: src=simple-proxy.j2 dest=/etc/nginx/sites-available/simple-proxy template: src=simple-proxy.j2 dest=/etc/nginx/sites-available/simple-proxy
notify: notify:
- restart nginx - xserver | restart nginx
- name: enable xserver nginx configuration - name: xserver | enable xserver nginx configuration
file: src=/etc/nginx/sites-available/simple-proxy dest=/etc/nginx/sites-enabled/simple-proxy state=link file: src=/etc/nginx/sites-available/simple-proxy dest=/etc/nginx/sites-enabled/simple-proxy state=link
notify: notify:
- restart nginx - xserver | restart nginx
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment