Skip to content

C
configuration
Commit c2309072 by Edward Zarecor
Options

Merge pull request #2511 from edx/e0d/docker-artifacts 

E0d/docker artifacts
parents dd5b8484 bc66763d
Showing with 880 additions and 46 deletions
docker/README.md 0 → 100644
# Docker Support
## Introduction
Docker support for edX services is volatile and experimental. We welcome interested testers and contributors. If you are interested in paticipating, please join us on Slack at https://openedx.slack.com/messages/docker.
We do not and may never run run these images in production. They are not currently suitable for production use.
docker/build/analytics_api/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="hack2015/docker"
USER docker
RUN sudo apt-get update
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo git reset --hard origin/${CONFIGURATION_VERSION}
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
COPY ansible_overrides.yml /
# Remove when branch is pushed
COPY analytics_api-temp.yml /edx/app/edx_ansible/edx_ansible/docker/plays/analytics_api.yml
RUN sudo ansible-playbook analytics_api.yml -i '127.0.0.1,' -c local -t "install:base,install:system-requirements,install:configuration,install:app-requirements,install:code" -e@/ansible_overrides.yml
CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord -n --configuration /edx/app/supervisor/supervisord.conf"]
EXPOSE 443 80
docker/build/analytics_api/analytics_api_tmp.yml 0 → 120000
../../plays/analytics_api.yml
\ No newline at end of file
docker/build/analytics_api/ansible_overrides.yml 0 → 100644
---
DOCKER_TLD: "edx"
ANALYTICS_API_DATABASES:
# rw user
default:
ENGINE: 'django.db.backends.mysql'
NAME: '{{ ANALYTICS_API_DEFAULT_DB_NAME }}'
USER: 'api001'
PASSWORD: 'password'
HOST: 'db.{{ DOCKER_TLD }}'
PORT: '3306'
# read-only user
reports:
ENGINE: 'django.db.backends.mysql'
NAME: '{{ ANALYTICS_API_REPORTS_DB_NAME }}'
USER: 'reports001'
PASSWORD: 'password'
HOST: "db.{{ DOCKER_TLD }}"
PORT: '3306'
docker/build/course-discovery/Dockerfile
......@@ -7,7 +7,7 @@
# This allows the dockerfile to update /edx/app/edx_ansible/edx_ansible
# with the currently checked-out configuration repo.
FROM edxops/trusty-common
FROM edxops/trusty-common:hacking
MAINTAINER edxops
ARG COURSE_DISCOVERY_VERSION=master
......
docker/build/edxapp/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="hack2015/docker"
USER docker
RUN sudo apt-get update
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo git reset --hard origin/${CONFIGURATION_VERSION}
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
COPY ansible_overrides.yml /
RUN sudo ansible-playbook edxapp.yml -i '127.0.0.1,' -c local -e "EDXAPP_PYTHON_SANDBOX=false" -t "install:base,install:configuration,install:app-requirements,install:code" -e@/ansible_overrides.yml
USER root
WORKDIR /edx/app
CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord", "-n", "--configuration", "/edx/app/supervisor/supervisord.conf"]
EXPOSE 8000 8010
docker/build/edxapp/ansible_overrides.ymml 0 → 100644
---
DOCKER_TLD: "edx"
EDXAPP_MYSQL_HOST: "db.{{ DOCKER_TLD }}"
EDXAPP_MONGO_HOSTS:
- "mongo.{{ DOCKER_TLD }}"
\ No newline at end of file
docker/build/elasticsearch/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
USER docker
WORKDIR /edx/app/edx_ansible
WORKDIR /edx/app/edx_ansible/edx_ansible/playbooks/edx-east
RUN sudo git checkout e0d/docker-latest
RUN sudo git reset --hard origin/e0d/docker-latest
RUN sudo git pull
RUN sudo ansible-playbook elasticsearch-docker.yml -c local
USER root
WORKDIR /etc/elasticsearch
CMD ["/usr/share/elasticsearch/bin/elasticsearch","-f"]
EXPOSE 9200 9300
docker/build/forums/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="hack2015/docker"
USER docker
RUN sudo apt-get update
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo git reset --hard origin/${CONFIGURATION_VERSION}
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
COPY ansible_overrides.yml /
RUN sudo ansible-playbook forum.yml -i '127.0.0.1,' -c local -t "install:base,install:configuration,application-requirements,install:code" -e@/ansible_overrides.yml
WORKDIR /edx/app
CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord", "-n", "--configuration", "/edx/app/supervisor/supervisord.conf"]
EXPOSE 4567
\ No newline at end of file
docker/build/forums/ansible_overrides.yml 0 → 100644
---
FLOCK_TLD: "edx"
FORUM_MONGO_HOSTS:
- mongo.{{ FLOCK_TLD }}
FORUM_ELASTICSEARCH_HOST: "es.{{ FLOCK_TLD }}"
forum_source_repo: "https://github.com/open-craft/cs_comments_service.git"
forum_version: "mongoid5"
FORUM_USE_TCP: "true"
FORUM_RACK_ENV: "staging"
FORUM_SINATRA_ENV: "staging"
\ No newline at end of file
docker/build/insights/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="hack2015/docker"
USER docker
RUN sudo apt-get update
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo git reset --hard origin/${CONFIGURATION_VERSION}
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
COPY ansible_overrides.yml /
# Remove when branch is pushed
COPY insights-temp.yml /edx/app/edx_ansible/edx_ansible/docker/plays/insights.yml
RUN sudo ansible-playbook insights.yml -i '127.0.0.1,' -c local -t "install:base,install:system-requirements,install:configuration,install:app-requirements,install:code" -e@/ansible_overrides.yml
CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord -n --configuration /edx/app/supervisor/supervisord.conf"]
EXPOSE 8110 18110
docker/build/insights/ansible_overrides.yml 0 → 100644
---
DOCKER_TLD: "edx"
INSIGHTS_LMS_BASE: "http://lms.{{ DOCKER_TLD }}:8000"
INSIGHTS_CMS_BASE: "http://cms.{{ DOCKER_TLD }}:8010"
INSIGHTS_BASE_URL: "http://insights.{{ DOCKER_TLD }}:8110"
INSIGHTS_MEMCACHE:
- "memcache.{{ DOCKER_TLD }}:11211"
ANALYTICS_API_ENDPOINT: "http://analtyicsapi.{{ DOCKER_TLD }}:8100/api/v0"
INSIGHTS_DATABASES:
# rw user
default:
ENGINE: 'django.db.backends.mysql'
NAME: '{{ INSIGHTS_DATABASE_NAME }}'
USER: 'rosencrantz'
PASSWORD: 'secret'
HOST: "db.{{ DOCKER_TLD }}"
PORT: '3306'
docker/build/insights/insights-temp.yml 0 → 100644
- name: Deploy Insights
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- insights
docker/build/nginx/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
USER docker
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout e0d/docker-latest
RUN sudo git reset --hard origin/e0d/docker-latest
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
RUN sudo ansible-playbook nginx.yml -c local \
-i '127.0.0.1,' \
-e@roles/edxapp/defaults/main.yml \
-e@roles/xqueue/defaults/main.yml \
-e@roles/ora/defaults/main.yml \
-e@roles/certs/defaults/main.yml
USER root
RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf
WORKDIR /etc/nginx
CMD ["/usr/sbin/nginx"]
EXPOSE 18000 48000 18010 48010 18020
docker/build/precise-common/Dockerfile 0 → 100644
FROM ubuntu:precise
MAINTAINER edxops
ENV ANSIBLE_REPO="https://github.com/edx/ansible"
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="e0d/docker-artifacts"
# system bootstrap
RUN apt-get update
RUN apt-get -y install software-properties-common python-software-properties
RUN add-apt-repository ppa:fkrull/deadsnakes-python2.7
RUN apt-get update
RUN apt-get -y install sudo
RUN useradd docker && echo "docker:docker" | chpasswd
RUN echo "docker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN mkdir -p /home/docker && chown -R docker:docker /home/docker
RUN apt-get install -y \
git \
libmysqlclient-dev \
python-apt \
python-jinja2 \
python-pip \
python-yaml \
python2.7 \
python2.7-dev
# Temporary hacking related to an SELinux bug. This issue causes, at least,
# useradd to fail silently when the -m flag is passed in. The bug affects
# Ubuntu precise and is tracked here:
#
# https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1424795
RUN apt-get install wget
RUN wget http://mirrors.kernel.org/ubuntu/pool/main/libs/libselinux/libselinux1_2.2.2-1_amd64.deb && dpkg -i libselinux1_2.2.2-1_amd64.deb && rm -f libselinux1_2.2.2-1_amd64.deb
# end hack
USER docker
# ansible bootstrap
RUN sudo git clone --recursive ${ANSIBLE_REPO} /tmp/ansible
WORKDIR /tmp/ansible
ENV PATH /tmp/ansible/bin:/bin:/sbin:/usr/sbin:/usr/bin
# Install the configuration repository to install
# edx-ansible role
RUN sudo git clone ${CONFIGURATION_REPO} /tmp/configuration
WORKDIR /tmp/configuration
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo pip install -r pre-requirements.txt
RUN sudo pip install -r requirements.txt
WORKDIR /tmp/configuration/playbooks/edx-east
RUN sudo /tmp/ansible/bin/ansible-playbook edx_ansible.yml -i '127.0.0.1,' -c local -e "configuration_version=${CONFIGURATION_VERSION}"
WORKDIR /edx/app/edx_ansible
# cleanup
RUN sudo rm -rf /tmp/ansible
RUN sudo rm -rf /tmp/configuration
docker/build/trusty-common/Dockerfile 0 → 100644
FROM ubuntu:trusty
MAINTAINER edxops
ENV ANSIBLE_REPO="https://github.com/edx/ansible"
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="e0d/docker-artifacts"
# system bootstrap
RUN apt-get update
RUN apt-get -y install software-properties-common python-software-properties
RUN add-apt-repository ppa:fkrull/deadsnakes-python2.7
RUN apt-get update
RUN apt-get -y install sudo
RUN useradd docker && echo "docker:docker" | chpasswd
RUN echo "docker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN mkdir -p /home/docker && chown -R docker:docker /home/docker
RUN apt-get install -y \
git \
libmysqlclient-dev \
python-apt \
python-jinja2 \
python-pip \
python-yaml \
python2.7 \
python2.7-dev
USER docker
# ansible bootstrap
RUN sudo git clone --recursive ${ANSIBLE_REPO} /tmp/ansible
WORKDIR /tmp/ansible
ENV PATH /tmp/ansible/bin:/bin:/sbin:/usr/sbin:/usr/bin
# Install the configuration repository to install
# edx-ansible role
RUN sudo git clone ${CONFIGURATION_REPO} /tmp/configuration
WORKDIR /tmp/configuration
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo pip install -r pre-requirements.txt
RUN sudo pip install -r requirements.txt
WORKDIR /tmp/configuration/playbooks/edx-east
RUN sudo /tmp/ansible/bin/ansible-playbook edx_ansible.yml -i '127.0.0.1,' -c local -e "configuration_version=${CONFIGURATION_VERSION}"
WORKDIR /edx/app/edx_ansible
# cleanup
RUN sudo rm -rf /tmp/ansible
RUN sudo rm -rf /tmp/configuration
docker/build/xqueue/Dockerfile 0 → 100644
FROM edxops/precise-common:latest
MAINTAINER edxops
ENV CONFIGURATION_REPO="https://github.com/edx/configuration.git"
ENV CONFIGURATION_VERSION="hack2015/docker"
USER docker
RUN sudo apt-get update
WORKDIR /edx/app/edx_ansible/edx_ansible
RUN sudo git fetch --all
RUN sudo git checkout ${CONFIGURATION_VERSION}
RUN sudo git reset --hard origin/${CONFIGURATION_VERSION}
RUN sudo git pull
WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
COPY ansible_overrides.yml /
RUN sudo ansible-playbook xqueue.yml -i '127.0.0.1,' -c local -t "install:base,install:system-requirements,install:configuration,install:application-requirements,install:code" -e@/ansible_overrides.yml
USER root
COPY docker-run.sh /
ENTRYPOINT ["/docker-run.sh"]
EXPOSE 8110 18110
docker/build/xqueue/ansible_overrides.yml 0 → 100644
---
DOCKER_TLD: "xqueue"
CONFIGURATION_REPO: "https://github.com/edx/configuration.git"
CONFIGURATION_VERSION: "hack2015/docker"
XQUEUE_SYSLOG_SERVER: "localhost"
XQUEUE_RABBITMQ_HOSTNAME: "rabbit.{{ DOCKER_TLD }}"
XQUEUE_MYSQL_HOST: "db.{{ DOCKER_TLD }}"
docker/build/xqueue/docker-run.sh 0 → 100755
#!/bin/bash
set -e
/usr/sbin/rsyslogd
/edx/app/supervisor/venvs/supervisor/bin/supervisord --nodaemon --configuration /edx/app/supervisor/supervisord.conf
docker/compose/edx/docker-compose.yml 0 → 100644
#
# Single Docker Compose cluster that will eventually start
# all edX services in a single flock of coordinated containers
#
# This work is currently experimental and a number of services
# are missing entirely. Containers that are present will not
# currently work without manual steps. We are working on
# addressing that.
#
# When running compose you must pass in two environment variables
#
# DOCKER_EDX_ROOT which points to the directory into which you checkout
# your edX source code. For example, assuming the following directory
# structure under /home/me
#
# |-- edx-src
# | |-- course-discovery
# | |-- cs_comments_service
# | |-- edx_course_discovery
# | |-- edx-platform
# | |-- xqueue
# you would define DOCKER_EDX_ROOT="/home/me/edx-src"
#
# DOCKER_DATA_ROOT is the location on your host machine where Docker
# guests can access your local filesystem for storing persistent data
# files, say MongoDB or MySQL data files.
#
db:
container_name: db
image: mysql:5.6
environment:
- MYSQL_ROOT_PASSWORD='password'
#- MYSQL_DATABASE=''
- MYSQL_USER='migrate'
- MYSQL_PASSWORD='password'
volumes:
- ${DOCKER_DATA_ROOT}/mysql/data:/data
ports:
- 3306:3306
mongo:
container_name: mongo
image: mongo:3.0
volumes:
- ${DOCKER_DATA_ROOT}/mongo/data:/data
ports:
- 27017:27017
# Need to build our own for ES 0.9
es:
container_name: es
image: edxops/elasticsearch:v1
volumes:
- ${DOCKER_DATA_ROOT}/elasticsearch/data:/data
ports:
- 9100:9100
- 9200:9200
- 9300:9300
memcache:
container_name: memcache
image: memcached:1.4.24
volumes:
- ${DOCKER_DATA_ROOT}/memcache/data:/data
ports:
- 11211:11211
nginx:
container_name: nginx
image: edxops/nginx:v1
ports:
- 80:80
- 443:443
rabbitmq:
container_name: rabbitmq
image: rabbitmq:3.5.3
volumes:
- ${DOCKER_DATA_ROOT}/rabbitmq/data:/data
ports:
- 5672:5672
forums:
container_name: forums
# Image built from the opencraft fork as it fixes
# an auth bug. Update when the change merges
# upstream
image: edxops/forums:opencraft-v2
volumes:
- ${DOCKER_EDX_ROOT}/cs_comments_service:/edx/app/forum/cs_comments_service
ports:
- 4567:4567
xqueue:
container_name: xqueue
image: edxops/xqueue:v1
ports:
- 8040:8040
- 18040:18040
volumes:
- ${DOCKER_EDX_ROOT}/xqueue:/edx/app/edxapp/xqueue
lms:
container_name: lms
image: edxops/edxapp:v2
ports:
- 8000:8000
- 18000:18000
volumes:
- ${DOCKER_EDX_ROOT}/edx-platform:/edx/app/edxapp/edx-platform
cms:
container_name: cms
image: edxops/edxapp:v2
ports:
- 8010:8010
- 18010:18010
volumes:
- ${DOCKER_EDX_ROOT}/edx-platform:/edx/app/edxapp/edx-platform
docker/plays/analytics_api.yml 0 → 100644
- name: Deploy Analytics API
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- analytics_api
docker/plays/edxapp.yml 0 → 100644
- name: Deploy edxapp
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- edxapp
docker/plays/forum.yml 0 → 100644
- name: Deploy forum
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- forum
docker/plays/insights.yml 0 → 100644
- name: Deploy Insights
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- insights
docker/plays/library 0 → 120000
../../playbooks/library/
\ No newline at end of file
docker/plays/nginx.yml 0 → 100644
- name: Deploy nginx
hosts: all
sudo: True
gather_facts: True
vars:
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common_vars
- docker
- role: nginx
nginx_sites:
- lms
- cms
- xqueue
- certs
nginx_default_sites:
- lms
nginx_extra_sites: "{{ NGINX_EDXAPP_EXTRA_SITES }}"
nginx_extra_configs: "{{ NGINX_EDXAPP_EXTRA_CONFIGS }}"
nginx_redirects: "{{ NGINX_EDXAPP_CUSTOM_REDIRECTS }}"
docker/plays/roles 0 → 120000
../../playbooks/roles/
\ No newline at end of file
docker/plays/xqueue.yml 0 → 100644
- name: Deploy xqueue
hosts: all
sudo: True
gather_facts: True
roles:
- common_vars
- docker
- xqueue
playbooks/edx-east/aide.yml
......@@ -6,6 +6,7 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- aide
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/alton.yml
......@@ -7,4 +7,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- alton
playbooks/edx-east/analytics_single.yml
......@@ -9,6 +9,7 @@
ENABLE_SPLUNKFORWARDER: False
ENABLE_NEWRELIC: False
roles:
- aws
- mysql
- edxlocal
- analytics_api
......
playbooks/edx-east/analyticsapi.yml
......@@ -8,10 +8,10 @@
ENABLE_NEWRELIC: False
CLUSTER_NAME: 'analytics-api'
roles:
- aws
- role: nginx
nginx_sites:
- analytics_api
- aws
- analytics_api
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/antivirus.yml
......@@ -3,6 +3,7 @@
sudo: True
gather_facts: True
roles:
- aws
- antivirus
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/aws.yml
......@@ -6,4 +6,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common
- aws
playbooks/edx-east/course_discovery.yml
......@@ -8,10 +8,10 @@
ENABLE_NEWRELIC: False
CLUSTER_NAME: 'course-discovery'
roles:
- aws
- role: nginx
nginx_default_sites:
- course-discovery
- aws
- course_discovery
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/deploy_nginx_all_roles.yml
......@@ -8,6 +8,7 @@
- roles/xserver/defaults/main.yml
roles:
- common
- aws
- role: nginx
nginx_sites:
- cms
......
playbooks/edx-east/devpi.yml
......@@ -6,4 +6,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- devpi
playbooks/edx-east/ecommerce.yml
......@@ -8,12 +8,12 @@
ENABLE_NEWRELIC: False
CLUSTER_NAME: 'ecommerce'
roles:
- aws
- role: nginx
nginx_sites:
- ecommerce
nginx_default_sites:
- ecommerce
- aws
- ecommerce
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/edx_ansible.yml
......@@ -7,5 +7,4 @@
serial: "{{ serial_count }}"
roles:
- common
- aws
- edx_ansible
playbooks/edx-east/edx_jenkins_tests.yml
......@@ -14,6 +14,7 @@
- "{{ secure_dir }}/vars/edx_jenkins_tests.yml"
roles:
- common
- aws
- role: nginx
nginx_sites:
- lms
......
playbooks/edx-east/edx_notifier.yml
......@@ -6,6 +6,7 @@
- "{{ secure_dir }}/vars/users.yml"
gather_facts: True
roles:
- aws
- role: virtualenv
virtualenv_user: "notifier"
virtualenv_user_home: "/opt/wwc/notifier"
......@@ -20,6 +21,7 @@
- "{{ secure_dir }}/vars/users.yml"
gather_facts: True
roles:
- aws
- role: virtualenv
virtualenv_user: "notifier"
virtualenv_user_home: "/opt/wwc/notifier"
......@@ -34,6 +36,7 @@
- "{{ secure_dir }}/vars/users.yml"
gather_facts: True
roles:
- aws
- role: virtualenv
virtualenv_user: "notifier"
virtualenv_user_home: "/opt/wwc/notifier"
......@@ -48,6 +51,7 @@
- "{{ secure_dir }}/vars/users.yml"
gather_facts: True
roles:
- aws
- role: virtualenv
virtualenv_user: "notifier"
virtualenv_user_home: "/opt/wwc/notifier"
......@@ -63,6 +67,7 @@
gather_facts: True
vars:
roles:
- aws
- role: virtualenv
virtualenv_user: "notifier"
virtualenv_user_home: "/opt/wwc/notifier"
......
playbooks/edx-east/edx_provision.yml
......@@ -59,6 +59,7 @@
roles:
# rerun common to set the hostname, nginx to set basic auth
- common
- aws
- edx-sandbox
- role: nginx
nginx_sites:
......
playbooks/edx-east/elasticsearch.yml
......@@ -25,6 +25,7 @@
when: elb_pre_post
roles:
- common
- aws
- oraclejdk
- elasticsearch
post_tasks:
......
playbooks/edx-east/flower.yml
......@@ -6,4 +6,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- flower
playbooks/edx-east/insights.yml
......@@ -8,10 +8,10 @@
ENABLE_NEWRELIC: True
CLUSTER_NAME: 'insights'
roles:
- aws
- role: nginx
nginx_sites:
- insights
- aws
- insights
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/jenkins_admin.yml
......@@ -7,4 +7,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- jenkins_admin
playbooks/edx-east/jenkins_testeng_master.yml
......@@ -46,7 +46,7 @@
followSymlink: false
roles:
- common
- aws
- role: datadog
when: COMMON_ENABLE_DATADOG
- jenkins_master
......
playbooks/edx-east/jenkins_worker.yml
......@@ -17,6 +17,7 @@
- roles/xserver/defaults/main.yml
- roles/forum/defaults/main.yml
roles:
- aws
- mysql
- edxlocal
- mongo
......
playbooks/edx-east/jenkins_worker_sitespeedio.yml
......@@ -17,4 +17,5 @@
- roles/xserver/defaults/main.yml
- roles/forum/defaults/main.yml
roles:
- aws
- jenkins_worker
playbooks/edx-east/locust.yml
- name: Deploy Locust
hosts: all
sudo: True
gather_facts: True
roles:
- aws
- locust
playbooks/edx-east/minos.yml
......@@ -6,6 +6,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- common
- aws
- minos
playbooks/edx-east/mongo.yml
......@@ -3,6 +3,7 @@
sudo: True
gather_facts: True
roles:
- aws
- mongo
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/notes.yml
......@@ -7,10 +7,10 @@
ENABLE_SPLUNKFORWARDER: False
ENABLE_NEWRELIC: True
roles:
- aws
- role: nginx
nginx_sites:
- edx_notes_api
- aws
- edx_notes_api
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/programs.yml
......@@ -8,12 +8,12 @@
ENABLE_NEWRELIC: False
CLUSTER_NAME: 'programs'
roles:
- aws
- role: nginx
nginx_sites:
- programs
nginx_default_sites:
- programs
- aws
- programs
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/sitespeedio.yml
......@@ -3,4 +3,5 @@
sudo: True
gather_facts: True
roles:
- aws
- sitespeedio
playbooks/edx-east/snort.yml
......@@ -6,6 +6,7 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- snort
- role: datadog
when: COMMON_ENABLE_DATADOG
......
playbooks/edx-east/splunk.yml
......@@ -9,6 +9,7 @@
ENABLE_SPLUNKFORWARDER: True
ENABLE_NEWRELIC: True
roles:
- aws
- datadog
- splunkforwarder
- newrelic
playbooks/edx-east/tanaguru.yml
......@@ -3,5 +3,6 @@
sudo: True
gather_facts: True
roles:
- aws
- mysql
- tanaguru
playbooks/edx-east/tools-gp.yml
......@@ -10,4 +10,5 @@
serial_count: 1
serial: "{{ serial_count }}"
roles:
- aws
- ad_hoc_reporting
playbooks/edx-east/xqueue.yml
......@@ -30,7 +30,7 @@
- role: nginx
nginx_sites:
- xqueue
- role: xqueue
- xqueue
- role: datadog
when: COMMON_ENABLE_DATADOG
- role: splunkforwarder
......
playbooks/edx-east/xserver.yml
......@@ -10,7 +10,7 @@
- role: nginx
nginx_sites:
- xserver
- role: xserver
- xserver
- role: datadog
when: COMMON_ENABLE_DATADOG
- role: splunkforwarder
......
playbooks/edx-east/xsy.yml
......@@ -4,4 +4,5 @@
sudo: True
gather_facts: True
roles:
- aws
- xsy
playbooks/roles/ad_hoc_reporting/meta/main.yml
......@@ -11,8 +11,9 @@
# Role includes for role bastion
#
dependencies:
- common
- role: user
user_info: "{{ AD_HOC_REPORTING_USER_INFO }}"
tags:
- users
- aws
playbooks/roles/ad_hoc_reporting/tasks/main.yml
......@@ -14,7 +14,7 @@
# Creates users and scripts for ad-hoc reporting environments from your
# ansible var files. You would run this role as follows
#
# ansible-playbook -i 'reporting.example.com,' ./ad_hoc_reporting.yml -e@/var/path/common.yml -e@/vars/path/environnment-deployment.yml
# ansible-playbook -i 'reporting.example.com,' ./ad_hoc_reporting.yml -e@/var/path/common_vars.yml -e@/vars/path/environnment-deployment.yml
#
# Dependencies:
# - aws
......
playbooks/roles/alton/meta/main.yml
......@@ -20,5 +20,6 @@
# }
dependencies:
- common
- supervisor
- redis
playbooks/roles/analytics_api/meta/main.yml
......@@ -20,6 +20,8 @@
# }
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ analytics_api_service_name }}"
edx_service_config: "{{ ANALYTICS_API_SERVICE_CONFIG }}"
......@@ -29,4 +31,3 @@ dependencies:
edx_service_packages:
debian: "{{ analytics_api_debian_pkgs }}"
redhat: "{{ analytics_api_redhat_pkgs }}"
- supervisor
playbooks/roles/antivirus/meta/main.yml
......@@ -11,4 +11,4 @@
# Role includes for role antivirus
#
dependencies:
- aws
- common
\ No newline at end of file
playbooks/roles/aws/tasks/main.yml
......@@ -128,3 +128,35 @@
- "/usr/share/landscape/landscape-sysinfo.wrapper"
- "/etc/update-motd.d/51-cloudguest"
- "/etc/update-motd.d/91-release-upgrade"
- name: update /etc/dhcp/dhclient.conf
template:
src: etc/dhcp/dhclient.conf.j2
dest: /etc/dhcp/dhclient.conf
when: COMMON_CUSTOM_DHCLIENT_CONFIG
- name: copy the MOTD template in place
template:
dest: "{{ item.dest }}"
src: "{{ item.src }}"
owner: root
group: root
mode: "{{ item.mode | default(644) }}"
with_items:
- { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }
- name: Copy the sshd_config template in place
template:
dest: "{{ item.dest }}"
src: "{{ item.src }}"
owner: root
group: root
mode: "{{ item.mode | default(644) }}"
register: sshd_config
with_items:
- { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
- name: restart ssh
service: name=ssh state=restarted
sudo: True
when: sshd_config.changed
playbooks/roles/certs/meta/main.yml
dependencies:
- supervisor
- common
- supervisor
\ No newline at end of file
playbooks/roles/common/handlers/main.yml deleted 100644 → 0
---
- name: restart rsyslogd
service: name=rsyslog state=restarted
sudo: True
- name: restart ssh
service: name=ssh state=restarted
sudo: True
playbooks/roles/common/tasks/main.yml
......@@ -85,12 +85,6 @@
shell: hostname -F /etc/hostname
when: COMMON_HOSTNAME|length >0 and (etc_hosts.changed or etc_hostname.changed)
- name: update /etc/dhcp/dhclient.conf
template:
src: etc/dhcp/dhclient.conf.j2
dest: /etc/dhcp/dhclient.conf
when: COMMON_CUSTOM_DHCLIENT_CONFIG
- name: Copy the templates to their respestive destination
template:
dest: "{{ item.dest }}"
......@@ -98,13 +92,16 @@
owner: root
group: root
mode: "{{ item.mode | default(644) }}"
register: config_templates
with_items:
- { src: 'edx_rsyslog.j2', dest: '/etc/rsyslog.d/99-edx.conf' }
- { src: 'etc/logrotate.d/hourly/edx_logrotate.j2', dest: '/etc/logrotate.d/hourly/edx-services' }
- { src: 'etc/cron.hourly/logrotate.j2', dest: '/etc/cron.hourly/logrotate', mode: '555' }
- { src: 'etc/logrotate.d/hourly/edx_logrotate_tracking_log.j2', dest: '/etc/logrotate.d/hourly/tracking.log' }
- { src: '{{ COMMON_MOTD_TEMPLATE }}', dest: '/etc/motd.tail', mode: '755' }
- { src: 'sshd_config.j2', dest: '/etc/ssh/sshd_config' }
notify:
- restart ssh
- restart rsyslogd
# TODO: restarts no matter which template has changed, need to examine
# the results
- name: restart rsyslogd
service: name=rsyslog state=restarted
sudo: True
when: config_templates.changed
playbooks/roles/course_discovery/meta/main.yml
......@@ -19,6 +19,8 @@
# my_role_var1: "bar"
# }
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ course_discovery_service_name }}"
edx_service_config: "{{ COURSE_DISCOVERY_SERVICE_CONFIG }}"
......@@ -28,4 +30,3 @@ dependencies:
edx_service_packages:
debian: "{{ course_discovery_debian_pkgs }}"
redhat: "{{ course_discovery_redhat_pkgs }}"
- supervisor
playbooks/roles/devpi/meta/main.yml
---
dependencies:
- common
- role: supervisor
supervisor_app_dir: "{{ devpi_supervisor_app_dir }}"
supervisor_data_dir: "{{ devpi_supervisor_data_dir }}"
......
playbooks/roles/ecommerce/meta/main.yml
......@@ -11,6 +11,8 @@
# Role includes for role ecommerce
#
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ ecommerce_service_name }}"
edx_service_config: "{{ ECOMMERCE_SERVICE_CONFIG }}"
......@@ -20,5 +22,4 @@ dependencies:
edx_service_packages:
debian: "{{ ecommerce_debian_pkgs }}"
redhat: "{{ ecommerce_redhat_pkgs }}"
- supervisor
- oraclejdk
playbooks/roles/ecomworker/meta/main.yml
......@@ -12,6 +12,7 @@
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ ecommerce_worker_service_name }}"
edx_service_config: "{{ ECOMMERCE_WORKER_SERVICE_CONFIG }}"
......@@ -21,4 +22,4 @@ dependencies:
edx_service_packages:
debian: "{{ ecommerce_worker_debian_pkgs }}"
redhat: "{{ ecommerce_worker_redhat_pkgs }}"
- supervisor
playbooks/roles/edx_notes_api/meta/main.yml
......@@ -20,6 +20,8 @@
# }
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ edx_notes_api_service_name }}"
edx_service_config: "{{ edx_notes_api_service_config }}"
......@@ -29,4 +31,4 @@ dependencies:
edx_service_packages:
debian: "{{ edx_notes_api_debian_pkgs }}"
redhat: "{{ edx_notes_api_redhat_pkgs }}"
- supervisor
playbooks/roles/edxapp/meta/main.yml
---
dependencies:
- edxapp_common
- common
- supervisor
- edxapp_common
- role: rbenv
rbenv_user: "{{ edxapp_user }}"
rbenv_dir: "{{ edxapp_app_dir }}"
......
playbooks/roles/flower/meta/main.yml
---
dependencies:
- common
- supervisor
- devpi
playbooks/roles/forum/meta/main.yml
---
dependencies:
- common
- supervisor
- role: rbenv
# TODO: setting the rbenv ownership to
......
playbooks/roles/insights/meta/main.yml
......@@ -11,6 +11,8 @@
# Role includes for role insights
#
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ insights_service_name }}"
edx_service_config: "{{ INSIGHTS_CONFIG }}"
......@@ -20,4 +22,4 @@ dependencies:
edx_service_packages:
debian: "{{ insights_debian_pkgs }}"
redhat: "{{ insights_redhat_pkgs }}"
- supervisor
playbooks/roles/jenkins_admin/meta/main.yml
......@@ -20,7 +20,6 @@
# }
dependencies:
- common
- aws
- edxapp_common
- role: jenkins_master
jenkins_plugins: "{{ jenkins_admin_plugins }}"
......
playbooks/roles/locust/meta/main.yml
......@@ -11,6 +11,8 @@
# Role includes for role locust
#
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ locust_service_name }}"
edx_service_config: "{{ LOCUST_SERVICE_CONFIG }}"
......@@ -20,4 +22,4 @@ dependencies:
edx_service_packages:
debian: "{{ locust_debian_pkgs }}"
redhat: "{{ locust_redhat_pkgs }}"
- supervisor
playbooks/roles/notifier/meta/main.yml
---
dependencies:
- supervisor
- common
- supervisor
\ No newline at end of file
playbooks/roles/programs/meta/main.yml
......@@ -19,6 +19,8 @@
# my_role_var1: "bar"
# }
dependencies:
- common
- supervisor
- role: edx_service
edx_service_name: "{{ programs_service_name }}"
edx_service_config: "{{ PROGRAMS_SERVICE_CONFIG }}"
......@@ -28,4 +30,4 @@ dependencies:
edx_service_packages:
debian: "{{ programs_debian_pkgs }}"
redhat: "{{ programs_redhat_pkgs }}"
- supervisor
playbooks/roles/server_utils/meta/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://github.com/edx/configuration/wiki
# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Role includes for role insights
#
dependencies:
- common
playbooks/roles/sitespeedio/meta/main.yml
......@@ -12,6 +12,7 @@
#
dependencies:
- common
- role: oraclejdk
oraclejdk_version: "8u60"
oraclejdk_base: "jdk1.8.0_60"
......
playbooks/roles/vhost/defaults/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://github.com/edx/configuration/wiki
# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Defaults for role vhost
#
#
# vars are namespaced with the module name.
#
vhost_role_name: vhost
#
# OS packages
#
vhost_debian_pkgs: []
vhost_redhat_pkgs: []
playbooks/roles/vhost/meta/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://github.com/edx/configuration/wiki
# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Role includes for role vhost
#
# Example:
#
# dependencies:
# - {
# role: my_role
# my_role_var0: "foo"
# my_role_var1: "bar"
# }
playbooks/roles/vhost/tasks/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://github.com/edx/configuration/wiki
# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
#
#
# Tasks for role vhost
#
# Overview:
#
# This task is to contain tasks that should be run in vhost
# vitualation environments like AWS and Vagrant, but not in
# containers. You typically would not run this role
# independently
#
# Dependencies:
# - common
#
- name: Copy the templates to their respestive destination
template:
dest: "{{ item.dest }}"
src: "{{ item.src }}"
owner: root
group: root
mode: "{{ item.mode | default(644) }}"
register: config_templates
with_items:
- { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }
- { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
- name: restart ssh
service: name=ssh state=restarted
sudo: True
when: config_templates.changed
playbooks/roles/vhost/templates/etc/motd.tail.j2 0 → 100644
*******************************************************************
* _ __ __ *
* _ _| |\ \/ / This system is for the use of authorized *
* / -_) _` | > < users only. Usage of this system may be *
* \___\__,_|/_/\_\ monitored and recorded by system personnel. *
* *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide the *
* evidence from such monitoring to law enforcement officials. *
* *
*******************************************************************
playbooks/roles/vhost/templates/etc/ssh/sshd_config.j2 0 → 100644
# {{ ansible_managed }}
#
# Changes from the default Ubuntu ssh config:
# - LogLevel set to VERBOSE
#
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication {{ COMMON_SSH_PASSWORD_AUTH }}
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
playbooks/roles/xqueue/meta/main.yml
---
dependencies:
- common
- supervisor
playbooks/roles/xqwatcher/meta/main.yml
......@@ -13,6 +13,7 @@
# the role name are service name differ by _ and -, the latter isn't safe
# random corners of ansible/jinga/python variable expansion.
dependencies:
- common
- role: edx_service
edx_service_name: "{{ xqwatcher_service_name }}"
edx_service_repos: "{{ XQWATCHER_REPOS }}"
......
playbooks/roles/xserver/meta/main.yml
---
dependencies:
- common
- supervisor
playbooks/roles/xsy/meta/main.yml
......@@ -20,4 +20,5 @@
# }
dependencies:
- common
- supervisor
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment