Skip to content

C
configuration
Commit bfffaabf by Edward Zarecor
Options

Adding tags

parent dafcdc3a
Showing with 229 additions and 29 deletions
playbooks/roles/edxapp/tasks/deploy.yml
......@@ -3,34 +3,52 @@
src=edxapp_env.j2 dest={{ edxapp_app_dir }}/edxapp_env
owner={{ edxapp_user }} group={{ common_web_user }}
mode=0644
tags:
- install
- install:configuration
- name: create edxapp configuration dir
file: >
path="{{ EDXAPP_CFG_DIR }}" state=directory
owner="{{ edxapp_user }}" group="{{ common_web_group }}"
tags:
- install
- install:configuration
# Optional auth for git
- name: create ssh script for git (not authenticated)
template: >
src=git_ssh_noauth.sh.j2 dest={{ edxapp_git_ssh }}
owner={{ edxapp_user }} mode=750
when: not EDXAPP_USE_GIT_IDENTITY
tags:
- install
- install:base
- name: create ssh script for git (authenticated)
template: >
src=git_ssh_auth.sh.j2 dest={{ edxapp_git_ssh }}
owner={{ edxapp_user }} mode=750
when: EDXAPP_USE_GIT_IDENTITY
tags:
- install
- install:base
- name: install read-only ssh key
copy: >
content="{{ EDXAPP_GIT_IDENTITY }}" dest={{ edxapp_git_identity }}
force=yes owner={{ edxapp_user }} mode=0600
when: EDXAPP_USE_GIT_IDENTITY
tags:
- install
- install:base
- name: set git fetch.prune to ignore deleted remote refs
shell: git config --global fetch.prune true
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:base
# Do A Checkout
- name: checkout edx-platform repo into {{ edxapp_code_dir }}
......@@ -43,10 +61,16 @@
environment:
GIT_SSH: "{{ edxapp_git_ssh }}"
register: edxapp_platform_checkout
tags:
- install
- install:code
- name: git clean after checking out edx-platform
shell: cd {{ edxapp_code_dir }} && git clean -xdf
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
- name: checkout theme
git: >
......@@ -59,11 +83,17 @@
environment:
GIT_SSH: "{{ edxapp_git_ssh }}"
register: edxapp_theme_checkout
tags:
- install
- install:code
- name: Stat each requirements file to ensure it exists
stat: path="{{ item }}"
with_items: "{{ edxapp_requirements_with_github_urls }}"
register: requirement_file_stats
tags:
- install
- install:code
# Substitute github mirror in all requirements files
# This is run on every single deploy
......@@ -73,6 +103,9 @@
sudo_user: "{{ edxapp_user }}"
when: item.stat.exists
with_items: "{{ requirement_file_stats.results }}"
tags:
- install
- install:code
# Ruby plays that need to be run after platform updates.
- name: gem install bundler
......@@ -82,6 +115,9 @@
executable=/bin/bash
environment: "{{ edxapp_environment }}"
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
- name: bundle install
shell: >
......@@ -90,6 +126,9 @@
executable=/bin/bash
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
tags:
- install
- install:code
# Set the npm registry
# This needs to be done as root since npm is weird about
......@@ -99,19 +138,27 @@
npm config set registry '{{ COMMON_NPM_MIRROR_URL }}'
creates="{{ edxapp_app_dir }}/.npmrc"
environment: "{{ edxapp_environment }}"
tags:
- install
- install:code
# Set the npm registry permissions
- name: Set the npm registry permissions
file:
path="{{ edxapp_app_dir }}/.npmrc"
owner=edxapp group=edxapp
tags:
- install
- install:base
# Node play that need to be run after platform updates.
- name: Install edx-platform npm dependencies
shell: npm install chdir={{ edxapp_code_dir }}
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
tags:
- install
- install:code
# Install the python pre requirements into {{ edxapp_venv_dir }}
- name : install python pre-requirements
......@@ -122,6 +169,9 @@
extra_args="-i {{ COMMON_PYPI_MIRROR_URL }} --exists-action w"
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
tags:
- install
- install:code
# Install the python modules into {{ edxapp_venv_dir }}
- name : install python base-requirements
......@@ -133,11 +183,17 @@
chdir={{ edxapp_code_dir }}
environment: "{{ edxapp_environment }}"
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
- stat: path="{{ post_requirements_file }}"
register: post_requirements
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
# Install the python post requirements into {{ edxapp_venv_dir }}
- name : install python post-requirements
pip: >
......@@ -148,7 +204,10 @@
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
when: post_requirements.stat.exists
tags:
- install
- install:code
# Install the python paver requirements into {{ edxapp_venv_dir }}
- name : install python paver-requirements
pip: >
......@@ -158,13 +217,19 @@
extra_args="-i {{ COMMON_PYPI_MIRROR_URL }} --exists-action w"
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
tags:
- install
- install:code
# Install the python custom requirements into {{ edxapp_venv_dir }}
- stat: path="{{ custom_requirements_file }}"
register: custom_requirements
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
- name : install python custom-requirements
pip: >
requirements="{{ custom_requirements_file }}"
......@@ -174,7 +239,10 @@
sudo_user: "{{ edxapp_user }}"
environment: "{{ edxapp_environment }}"
when: custom_requirements.stat.exists
tags:
- install
- install:code
# Install the final python modules into {{ edxapp_venv_dir }}
- name : install python post-post requirements
# Need to use shell rather than pip so that we can maintain the context of our current working directory; some
......@@ -187,7 +255,10 @@
- "{{ github_requirements_file }}"
- "{{ local_requirements_file }}"
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
# Private requriements require a ssh key to install, use the same key as the private key for edx-platform
# If EDXAPP_INSTALL_PRIVATE_REQUIREMENTS is set to true EDXAPP_USE_GIT_IDENTITY must also be true
- name : install python private requirements
......@@ -203,7 +274,10 @@
environment:
GIT_SSH: "{{ edxapp_git_ssh }}"
when: EDXAPP_INSTALL_PRIVATE_REQUIREMENTS
tags:
- install
- install:code
# Install any custom extra requirements if defined in EDXAPP_EXTRA_REQUIREMENTS.
- name: install python extra requirements
pip: >
......@@ -214,7 +288,10 @@
state=present
with_items: EDXAPP_EXTRA_REQUIREMENTS
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
# If using CAS and you have a function for mapping attributes, install
# the module here. The next few tasks set up the python code sandbox
- name: install CAS attribute module
......@@ -225,7 +302,10 @@
extra_args="-i {{ COMMON_PYPI_MIRROR_URL }} --exists-action w"
sudo_user: "{{ edxapp_user }}"
when: EDXAPP_CAS_ATTRIBUTE_PACKAGE|length > 0
tags:
- install
- install:code
# Install the sandbox python modules into {{ edxapp_venv_dir }}
- name : install sandbox requirements into regular venv
# Need to use shell rather than pip so that we can maintain the context of our current working directory; some
......@@ -240,7 +320,10 @@
- "{{ sandbox_post_requirements }}"
sudo_user: "{{ edxapp_user }}"
when: not EDXAPP_PYTHON_SANDBOX
tags:
- install
- install:code
# The next few tasks set up the python code sandbox
# need to disable this profile, otherwise the pip inside the sandbox venv has no permissions
......@@ -250,6 +333,8 @@
when: EDXAPP_PYTHON_SANDBOX
tags:
- edxapp-sandbox
- install
- install:code
- name: code sandbox | Install base sandbox requirements and create sandbox virtualenv
pip: >
......@@ -261,6 +346,8 @@
when: EDXAPP_PYTHON_SANDBOX
tags:
- edxapp-sandbox
- install
- install:code
- name: code sandbox | Install sandbox requirements into sandbox venv
shell: >
......@@ -275,22 +362,32 @@
changed_when: sandbox_install_output.stdout is defined and 'installed' in sandbox_install_output.stdout
tags:
- edxapp-sandbox
- install
- install:code
- name: code sandbox | put code sandbox into aa-enforce or aa-complain mode, depending on EDXAPP_SANDBOX_ENFORCE
command: /usr/sbin/{{ edxapp_aa_command }} /etc/apparmor.d/code.sandbox
when: EDXAPP_PYTHON_SANDBOX
tags:
- edxapp-sandbox
- install
- install:code
- name: compiling all py files in the edx-platform repo
shell: "{{ edxapp_venv_bin }}/python -m compileall -x .git/.* {{ edxapp_code_dir }}"
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
# alternative would be to give {{ common_web_user }} read access
# to the virtualenv but that permission change will require
# root access.
- name: give other read permissions to the virtualenv
command: chmod -R o+r "{{ edxapp_venv_dir }}"
tags:
- install
- install:code
# https://code.launchpad.net/~wligtenberg/django-openid-auth/mysql_fix/+merge/22726
# This is necessary for when syncdb is run and the django_openid_auth module is installed,
......@@ -299,7 +396,10 @@
shell: sed -i -e 's/claimed_id = models.TextField(max_length=2047, unique=True/claimed_id = models.TextField(max_length=2047/' {{ edxapp_venv_dir }}/lib/python2.7/site-packages/django_openid_auth/models.py
when: openid_workaround is defined
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:code
# The next few tasks install xml courses.
# Install the xml courses from an s3 bucket
......@@ -311,7 +411,9 @@
expiration=30
when: not EDXAPP_XML_FROM_GIT and EDXAPP_XML_S3_BUCKET and EDXAPP_XML_S3_KEY
register: s3_one_time_url
tags:
- remove
- name: download from one time url
get_url:
url="{{ s3_one_time_url.url }}"
......@@ -319,12 +421,16 @@
mode=0600
when: not EDXAPP_XML_FROM_GIT and EDXAPP_XML_S3_BUCKET and EDXAPP_XML_S3_KEY
register: download_xml_s3
tags:
- remove
- name: unzip the data to the data dir
shell: >
tar xzf {{ edxapp_data_dir }}/{{ EDXAPP_XML_S3_KEY|basename }}
chdir="{{ edxapp_data_dir }}"
when: download_xml_s3.changed
tags:
- remove
# This currently has to be done because
# the course coffescript is compiled on the fly
......@@ -337,6 +443,8 @@
recurse=yes
owner="{{ common_web_user }}"
group="{{ edxapp_user }}"
tags:
- remove
# creates the supervisor jobs for the
# service variants configured, runs
......@@ -361,6 +469,8 @@
sudo_user: "{{ supervisor_service_user }}"
changed_when: supervisor_update.stdout is defined and supervisor_update.stdout != ""
when: not disable_edx_services
tags:
- manage
- name: ensure edxapp has started
supervisorctl: >
......@@ -371,6 +481,8 @@
sudo_user: "{{ supervisor_service_user }}"
when: celery_worker is not defined and not disable_edx_services
with_items: service_variants_enabled
tags:
- manage
- name: ensure edxapp_workers has started
supervisorctl: >
......@@ -381,6 +493,8 @@
when: celery_worker is defined and not disable_edx_services
with_items: edxapp_workers
sudo_user: "{{ supervisor_service_user }}"
tags:
- manage
- name: create symlinks from the venv bin dir
file: >
......@@ -391,6 +505,9 @@
- python
- pip
- django-admin.py
tags:
- install
- install:config
- name: create symlinks from the repo dir
file: >
......@@ -399,13 +516,23 @@
state=link
with_items:
- manage.py
tags:
- install
- install:config
- name: remove read-only ssh key
file: path={{ edxapp_git_identity }} state=absent
when: EDXAPP_USE_GIT_IDENTITY
tags:
- install
- install:config
- install:code
- include: tag_ec2.yml tags=deploy
when: COMMON_TAG_EC2_INSTANCE
tags:
- remove
- aws
- set_fact: edxapp_installed=true
......@@ -418,6 +545,8 @@
when: edxapp_installed is defined and celery_worker is not defined and not disable_edx_services
sudo_user: "{{ supervisor_service_user }}"
with_items: service_variants_enabled
tags:
- manage
- name: restart edxapp_workers
supervisorctl: >
......@@ -428,3 +557,5 @@
when: edxapp_installed is defined and celery_worker is defined and not disable_edx_services
with_items: edxapp_workers
sudo_user: "{{ common_web_user }}"
tags:
- manage
playbooks/roles/edxapp/tasks/main.yml
......@@ -6,6 +6,9 @@
user: >
name="{{ edxapp_user }}" home="{{ edxapp_app_dir }}"
createhome=no shell=/bin/false
tags:
- install
- install:base
- name: create edxapp user dirs
file: >
......@@ -20,12 +23,18 @@
- "{{ edxapp_staticfile_dir }}"
- "{{ edxapp_course_static_dir }}"
- "{{ edxapp_course_data_dir }}"
tags:
- install
- install:base
# var should have more permissive permissions than the rest
- name: create edxapp var dir
file: >
path={{ edxapp_data_dir }} state=directory mode=0775
owner="{{ edxapp_user }}" group="{{ common_web_group }}"
tags:
- install
- install:base
# directory to import the courses from github
- name: create directory to import the courses from github
......@@ -43,12 +52,18 @@
state=link
owner="{{ edxapp_user }}"
group="{{ common_web_group }}"
tags:
- install
- install:base
- name: create edxapp log dir
file: >
path="{{ edxapp_log_dir }}" state=directory
owner="{{ common_log_user }}" group="{{ common_log_user }}"
tags:
- install
- install:base
- name: create web-writable edxapp data dirs
file: >
path="{{ item }}" state=directory
......@@ -58,27 +73,42 @@
- "{{ edxapp_course_data_dir }}"
- "{{ edxapp_upload_dir }}"
- "{{ edxapp_media_dir }}"
tags:
- install
- install:base
# adding chris-lea nodejs repo
- name: add ppas for current versions of nodejs
apt_repository: repo="{{ edxapp_chrislea_ppa }}"
tags:
- install
- install:base
- name: install system packages on which LMS and CMS rely
apt: pkg={{','.join(edxapp_debian_pkgs)}} state=present update_cache=yes
tags:
- install
- install:base
- name: set up edxapp .npmrc
template:
src=.npmrc.j2 dest={{ edxapp_app_dir }}/.npmrc
owner={{ edxapp_user }} group={{ common_web_group }}
mode=0600
tags:
- install
- install:base
- name: create log directories for service variants
file: >
path={{ edxapp_log_dir }}/{{ item }} state=directory
owner={{ common_log_user }} group={{ common_log_user }}
mode=0750
with_items: service_variants_enabled
tags:
- install
- install:base
# Set up the python sandbox execution environment
- include: python_sandbox_env.yml tags=deploy
when: EDXAPP_PYTHON_SANDBOX
......
playbooks/roles/edxapp/tasks/service_variant_config.yml
......@@ -5,6 +5,9 @@
sudo_user: "{{ edxapp_user }}"
tags: edxapp_cfg
with_items: service_variants_enabled
tags:
- install
- install:configration
- name: "create {{ item }} auth file"
template: >
......@@ -13,6 +16,9 @@
sudo_user: "{{ edxapp_user }}"
tags: edxapp_cfg
with_items: service_variants_enabled
tags:
- install
- install:configration
- name: "create {{ item }} yaml application config"
template: >
......@@ -21,6 +27,9 @@
sudo_user: "{{ edxapp_user }}"
tags: edxapp_cfg
with_items: service_variants_enabled
tags:
- install
- install:configuration
- name: "create {{ item }} yaml auth file"
template: >
......@@ -29,7 +38,9 @@
sudo_user: "{{ edxapp_user }}"
tags: edxapp_cfg
with_items: service_variants_enabled
tags:
- install
- install:configuration
# write the supervisor scripts for the service variants
......@@ -40,6 +51,9 @@
group={{ supervisor_user }}
with_items: service_variants_enabled
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:configuration
- name: writing edxapp supervisor script
template: >
......@@ -47,12 +61,18 @@
owner={{ supervisor_user }}
group={{ supervisor_user }}
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:configuration
- name: "add gunicorn configuration files"
template: >
src={{ item }}_gunicorn.py.j2 dest={{ edxapp_app_dir }}/{{ item }}_gunicorn.py
with_items: service_variants_enabled
sudo_user: "{{ edxapp_user }}"
tags:
- install
- install:configuration
# write the supervisor script for celery workers
......@@ -62,6 +82,9 @@
owner={{ supervisor_user }}
group={{ supervisor_user }}
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:configuration
# Enable the supervisor jobs
- name: "enable {{ item }} supervisor script"
......@@ -73,6 +96,9 @@
with_items: service_variants_enabled
when: celery_worker is not defined and not disable_edx_services
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:config
- name: "enable edxapp supervisor script"
file: >
......@@ -82,6 +108,9 @@
force=yes
when: celery_worker is not defined and not disable_edx_services
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:config
- name: "enable celery worker supervisor script"
file: >
......@@ -91,6 +120,9 @@
force=yes
when: celery_worker is defined and not disable_edx_services
sudo_user: "{{ supervisor_user }}"
tags:
- install
- install:config
- name: create helper scripts for managing edxapp
template: >
......@@ -101,6 +133,9 @@
with_nested:
- edxapp_helper_scripts
- service_variants_enabled
tags:
- install
- install:config
# Syncdb with migrate when the migrate user is overridden in extra vars
- name: syncdb and migrate
......@@ -111,6 +146,8 @@
DB_MIGRATION_PASS: "{{ COMMON_MYSQL_MIGRATE_PASS }}"
EDX_PLATFORM_SETTINGS_OVERRIDE: "aws_migrate"
with_items: service_variants_enabled
tags:
- migrate
# Gather assets using paver if possible
......@@ -119,3 +156,5 @@
when: celery_worker is not defined and not devstack and item != "lms-preview"
tags: gather_static_assets
with_items: service_variants_enabled
tags:
- assets
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment