creates supervisor config in main.yml and calls update to restart

services if it changes
deploy tasks no longer stop the service and will notify the restart
if any task changes

playbooks/roles/certs/handlers/main.yml

@@ -14,7 +14,7 @@
 # Overview:
 #
 
-- name: certs | restart the certs service
+- name: certs | restart certs
   supervisorctl: >
     name=certs
     supervisorctl_path={{ supervisor_ctl }}

playbooks/roles/certs/tasks/deploy.yml

 ---
 
-- name: certs | stop the certificates service
-  supervisorctl: >
-    name="certs"
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  tags: deploy
-
 - name: certs | create certificate application config
   template: >
     src=certs.env.json.j2
     dest={{ certs_app_dir }}/env.json
   sudo_user: "{{ certs_user }}"
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | create certificate auth file
@@ -20,25 +13,28 @@
     src=certs.auth.json.j2
     dest={{ certs_app_dir }}/auth.json
   sudo_user: "{{ certs_user }}"
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | writing supervisor script for certificates
   template: >
     src=certs.conf.j2 dest={{ supervisor_cfg_dir }}/certs.conf
     owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
-  notify: supervisor | reload supervisor
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | create ssh script for git
   template: >
     src={{ certs_git_ssh|basename }}.j2 dest={{ certs_git_ssh }}
     owner={{ certs_user }} mode=750
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | install read-only ssh key for the certs repo
   copy: >
     src={{ CERTS_LOCAL_GIT_IDENTITY }} dest={{ certs_git_identity }}
     force=yes owner={{ certs_user }} mode=0600
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | checkout certificates repo into {{ certs_code_dir }}
@@ -46,21 +42,16 @@
   sudo_user: "{{ certs_user }}"
   environment:
     GIT_SSH: "{{ certs_git_ssh }}"
+  notify: certs | restart certs
   tags: deploy
 
 - name: certs | remove read-only ssh key for the certs repo
   file: path={{ certs_git_identity }} state=absent
+  notify: certs | restart certs
   tags: deploy
 
 - name : install python requirements
   pip: requirements="{{ certs_requirements_file }}" virtualenv="{{ certs_venv_dir }}" state=present
   sudo_user: "{{ certs_user }}"
-  tags: deploy
-
-- name: certs | restart the certificate service
-  supervisorctl: >
-    name=certs
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+  notify: certs | restart certs
   tags: deploy

playbooks/roles/certs/tasks/main.yml

@@ -41,6 +41,7 @@
     home="{{ certs_app_dir }}"
     createhome=no
     shell=/bin/false
+  notify: certs | restart certs
 
 - name: certs | create certs app and data dirs
   file: >
@@ -48,6 +49,7 @@
     state=directory
     owner="{{ certs_user }}"
     group="{{ common_web_group }}"
+  notify: certs | restart certs
   with_items:
     - "{{ certs_app_dir }}"
     - "{{ certs_venvs_dir }}"
@@ -57,12 +59,14 @@
     path="{{ certs_gpg_dir }}" state=directory
     owner="{{ certs_user }}" group="{{ certs_user }}"
     mode=0700
+  notify: certs | restart certs
 
 - name: certs | copy the private gpg signing key
   copy: >
     src={{ CERTS_LOCAL_PRIVATE_KEY }}
     dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
     owner={{ certs_user }} mode=0600
+  notify: certs | restart certs
   register: certs_gpg_key
 
 
@@ -71,6 +75,7 @@
     /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
   sudo_user: "{{ certs_user }}"
   when: certs_gpg_key.changed
+  notify: certs | restart certs
 
 - include: deploy.yml
 
@@ -79,6 +84,20 @@
     src="{{ certs_venv_bin }}/{{ item }}"
     dest={{ COMMON_BIN_DIR }}/{{ item }}.certs
     state=link
+  notify: certs | restart certs
   with_items:
   - python
   - pip
+
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: certs | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""

playbooks/roles/common/tasks/main.yml

@@ -21,7 +21,7 @@
     group=syslog mode=0755
 
 # Need to install python-pycurl to use Ansible's apt_repository module
-- name: jenkins_worker | Install python-pycurl
+- name: common | Install python-pycurl
   apt: pkg=python-pycurl state=present update_cache=yes
 
 # Ensure that we get a current version of Git

playbooks/roles/devpi/handlers/main.yml

@@ -18,11 +18,3 @@
     config={{ devpi_supervisor_cfg }}
     name=devpi-server
   sudo_user: "{{ devpi_supervisor_user }}"
-
-- name: devpi | start devpi
-  supervisorctl: >
-    state=started
-    supervisorctl_path={{ devpi_supervisor_ctl }}
-    config={{ devpi_supervisor_cfg }}
-    name=devpi-server
-  sudo_user: "{{ devpi_supervisor_user }}"

playbooks/roles/devpi/tasks/main.yml

@@ -34,6 +34,7 @@
   user: >
     name={{ devpi_user }}
     shell=/bin/false createhome=no
+  notify: devpi | restart devpi
 
 - name: devpi | create devpi application directories
   file: >
@@ -41,10 +42,10 @@
     state=directory
     owner={{ devpi_user }}
     group={{ devpi_supervisor_user }}
-  notify: supervisor | restart supervisor
   with_items:
   - "{{ devpi_app_dir }}"
   - "{{ devpi_venv_dir }}"
+  notify: devpi | restart devpi
 
 - name: devpi | create the devpi data directory, needs write access by the service user
   file: >
@@ -55,6 +56,7 @@
   with_items:
   - "{{ devpi_data_dir }}"
   - "{{ devpi_mirror_dir }}"
+  notify: devpi | restart devpi
 
 - name: devpi | install devpi pip pkgs
   pip: >
@@ -63,19 +65,20 @@
     virtualenv={{ devpi_venv_dir }}
   sudo_user: "{{ devpi_user }}"
   with_items: devpi_pip_pkgs
-  notify: supervisor | restart supervisor
+  notify: devpi | restart devpi
 
 - name: devpi | writing supervisor script
   template: >
     src=devpi.conf.j2 dest={{ devpi_supervisor_cfg_dir }}/devpi.conf
     owner={{ devpi_user }} group={{ devpi_user }} mode=0644
-  notify: supervisor | restart supervisor
+  notify: devpi | restart devpi
 
 - name: devpi | create a symlink for venv python, pip
   file: >
     src="{{ devpi_venv_bin }}/{{ item }}"
     dest={{ COMMON_BIN_DIR }}/{{ item }}.devpi
     state=link
+  notify: devpi | restart devpi
   with_items:
   - python
   - pip
@@ -92,7 +95,10 @@
     dest={{ COMMON_CFG_DIR }}/supervisord.conf.devpi
     state=link
 
-# flush queued up handlers so that devpi
-# is restarted since downstream roles
-# will need to use it
-- meta: flush_handlers
+- name: devpi | ensure devpi is started
+  supervisorctl: >
+    state=started
+    supervisorctl_path={{ devpi_supervisor_ctl }}
+    config={{ devpi_supervisor_cfg }}
+    name=devpi-server
+  sudo_user: "{{ devpi_supervisor_user }}"

playbooks/roles/discern/tasks/deploy.yml

 ---
 
-
-- name: discern | See if supervisord config file `discern.conf` is installed
-  shell: "[ -f {{ supervisor_cfg_dir }}/discern.conf ] && echo 'Found' || echo ''"
-  register: discern_installed
-  tags:
-  - deploy
-
-- name: discern | See if supervisord `discern_celery.conf` is installed
-  shell: "[ -f {{ supervisor_cfg_dir }}/discern_celery.conf ] && echo 'Found' || echo ''"
-  register: discern_celery_installed
-  tags:
-  - deploy
-
-# Stop discern service.
-- name: discern | stop discern service
-  supervisorctl: >
-    name=discern
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  when: discern_installed.stdout == 'Found'
-  notify: discern | restart discern
-  tags:
-  - deploy
-
-- name: discern | stop discern_celery service
-  supervisorctl: >
-    name=discern_celery
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  when: discern_celery_installed.stdout == 'Found'
-  notify: discern | restart discern_celery
-  tags:
-  - deploy
-
-- name: discern | create supervisor scripts - discern, discern_celery
-  template: >
-    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
-  with_items: ['discern', 'discern_celery']
-  tags:
-  - deploy
-
 #Upload config files for django (auth and env)
 - name: discern | create discern application config env.json file
   template: src=env.json.j2 dest={{ discern_app_dir }}/env.json
@@ -85,6 +41,9 @@
 - name : install python pre-requirements for discern and ease
   pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
   sudo_user: "{{ discern_user }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items:
     - "{{ discern_pre_requirements_file }}"
     - "{{ discern_ease_pre_requirements_file }}"
@@ -94,6 +53,9 @@
 - name : install python requirements for discern and ease
   pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
   sudo_user: "{{ discern_user }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items:
     - "{{ discern_post_requirements_file }}"
     - "{{ discern_ease_post_requirements_file }}"
@@ -103,6 +65,9 @@
 - name: discern | install ease python package
   shell: >
     {{ discern_venv_dir }}/bin/activate; cd {{ discern_ease_code_dir }}; python setup.py install
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   tags:
     - deploy
 
@@ -111,6 +76,9 @@
   shell: >
     {{ discern_venv_dir }}/bin/python -m nltk.downloader -d {{ discern_nltk_data_dir }} all
   sudo_user: "{{ discern_user }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   tags:
     - deploy
 
@@ -121,6 +89,9 @@
     {{ discern_venv_dir }}/bin/python {{discern_code_dir}}/manage.py {{item}} --noinput --settings={{discern_settings}} --pythonpath={{discern_code_dir}}
       chdir={{ discern_code_dir }}
   sudo_user: "{{ discern_user }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items:
     - syncdb
     - migrate
@@ -133,5 +104,8 @@
     {{ discern_venv_dir}}/bin/python {{discern_code_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_code_dir}}
       chdir={{ discern_code_dir }}
   sudo_user: "{{ discern_user }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   tags:
     - deploy

playbooks/roles/discern/tasks/main.yml

@@ -5,6 +5,9 @@
     home="{{ discern_app_dir }}"
     createhome=no
     shell=/bin/false
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
 
 - name: discern | create discern app dirs owned by discern
   file: >
@@ -12,6 +15,9 @@
     state=directory
     owner="{{ discern_user }}"
     group="{{ common_web_group }}"
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items:
     - "{{ discern_app_dir }}"
     - "{{ discern_venvs_dir }}"
@@ -21,38 +27,60 @@
     path="{{ discern_data_dir }}" state=directory
     owner="{{ common_web_user }}" group="{{ discern_user  }}"
     mode=0775
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
 
 - name: discern | install debian packages that discern needs
   apt: pkg={{ item }} state=present
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items: discern_debian_pkgs
 
 - name: discern | install debian packages for ease that discern needs
   apt: pkg={{ item }} state=present
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
   with_items: discern_ease_debian_pkgs
 
-- name: discern | render celery service from template
-  template: >
-    src=celery.conf.j2 dest=/etc/init/celery.conf
-    owner=root group=root
-  notify: discern | restart discern_celery
-
-- name: discern | render discern service from template
-  template: >
-    src=discern.conf.j2 dest=/etc/init/discern.conf
-    owner=root group=root
-  notify: discern | restart discern
-
 - name: discern | copy sudoers file for discern
   copy: >
     src=sudoers-discern dest=/etc/sudoers.d/discern
     mode=0440 validate='visudo -cf %s' owner=root group=root
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
 
 #Needed if using redis to prevent memory issues
 - name: discern | change memory commit settings -- needed for redis
   command: sysctl vm.overcommit_memory=1
+  notify:
+    - discern | restart discern_celery
+    - discern | restart discern
+
+- name: discern | create supervisor scripts - discern, discern_celery
+  template: >
+    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
+    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+  with_items: ['discern', 'discern_celery']
 
 - include: deploy.yml
 
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: discern | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""
+
 - name: discern | create a symlink for venv python
   file: >
     src="{{ discern_venv_bin }}/python"

playbooks/roles/edxapp/handlers/main.yml

 ---
-- name: edxapp | start edxapp
-  service: name=edxapp state=started
-  tags:
-  - lms
-  - lms-preview
-  - cms
-  - deploy
+- name: "edxapp | restart edxapp:lms"
+  supervisorctl: >
+    state=restarted
+    supervisorctl_path={{ supervisor_ctl }}
+    config={{ supervisor_cfg }}
+    name="edxapp:lms"
+  sudo_user: "{{ supervisor_user }}"
+
+- name: "edxapp | restart edxapp:cms"
+  supervisorctl: >
+    state=restarted
+    supervisorctl_path={{ supervisor_ctl }}
+    config={{ supervisor_cfg }}
+    name="edxapp:cms"
+  sudo_user: "{{ supervisor_user }}"
 
-- name: edxapp | stop edxapp
-  service: name=edxapp state=stopped
-  tags:
-  - lms
-  - lms-preview
-  - cms
-  - deploy
 
-- name: edxapp | restart edxapp
-  service: name=edxapp state=restarted
-  tags:
-  - lms
-  - lms-preview
-  - cms
-  - deploy

playbooks/roles/edxapp/tasks/service_variant_config.yml

@@ -4,6 +4,7 @@
     dest={{ edxapp_app_dir }}/{{ item }}.env.json
   sudo_user: "{{ edxapp_user }}"
   with_items: service_variants_enabled
+  notify: "edxapp | restart edxapp:{{ item }}"
   tags:
   - deploy
 
@@ -12,12 +13,12 @@
     src={{ item }}.auth.json.j2
     dest={{ edxapp_app_dir }}/{{ item }}.auth.json
   sudo_user: "{{ edxapp_user }}"
+  notify: "edxapp | restart edxapp:{{ item }}"
   with_items: service_variants_enabled
   tags:
   - deploy
 
-# write the supervisor script for {{ service_variant }}
-# for non-celery servers
+# write the supervisor scripts for the service variants
 
 - name: "writing {{ item }} supervisor script"
   template: >
@@ -25,7 +26,6 @@
     owner={{ supervisor_user }}
   with_items: service_variants_enabled
   when: celery_worker is not defined
-  notify: supervisor | reload supervisor
   sudo_user: "{{ supervisor_user }}"
   tags:
   - deploy
@@ -35,21 +35,10 @@
     src=edxapp.conf.j2 dest={{ supervisor_cfg_dir }}/edxapp.conf
     owner={{ supervisor_user }}
   when: celery_worker is not defined
-  notify: supervisor | reload supervisor
   sudo_user: "{{ supervisor_user }}"
   tags:
   - deploy
 
-- name: "edxapp | ensuring edxapp is activated in supervisor"
-  supervisorctl: >
-    name="edxapp"
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=present
-  when: celery_worker is not defined
-  tags:
-    - deploy
-
 # write the supervisor script for celery workers
 
 - name: edxapp | writing celery worker supervisor script
@@ -57,20 +46,23 @@
     src=workers.conf.j2 dest={{ supervisor_cfg_dir }}/workers.conf
     owner={{ supervisor_user }}
   when: celery_worker is defined
-  notify: supervisor | reload supervisor
   sudo_user: "{{ supervisor_user }}"
   tags:
   - deploy
 
-- name: edxapp | ensuring edxapp_worker is activated in supervisor
-  supervisorctl: >
-    name="edxapp_worker"
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=present
-  when: celery_worker is defined
-  tags:
-    - deploy
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: edxapp | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""
+
 
 # Gather assets using rake if possible
 

playbooks/roles/forum/tasks/deploy.yml

@@ -6,12 +6,14 @@
     dest={{ forum_supervisor_wrapper }}
     mode=0755
   sudo_user: "{{ forum_user }}"
+  notify: forum | restart the forum service
   tags:
   - deploy
 
 - name:  forum | git checkout forum repo into {{ forum_code_dir }}
   git: dest={{ forum_code_dir }} repo={{ forum_source_repo }} version={{ forum_version }}
   sudo_user: "{{ forum_user }}"
+  notify: forum | restart the forum service
   tags:
   - deploy
 
@@ -22,6 +24,7 @@
   shell: bundle install chdir={{ forum_code_dir }}
   sudo_user: "{{ common_web_user }}"
   environment: "{{ forum_environment }}"
+  notify: forum | restart the forum service
   tags:
   - deploy
 
@@ -31,14 +34,6 @@
     owner={{ common_web_user }} group={{ supervisor_user }}
     mode=0644
   register: forum_supervisor
-  tags:
-  - deploy
-
-- name: forum | restart the forum service
-  supervisorctl: >
-    name=forum
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+  notify: forum | restart the forum service
   tags:
   - deploy

playbooks/roles/forum/tasks/main.yml

@@ -26,11 +26,13 @@
     name="{{ forum_user }}" home="{{ forum_app_dir }}"
     createhome=no
     shell=/bin/false
+  notify: forum | restart the forum service
 
 - name: forum | create forum app dir
   file: >
     path="{{ forum_app_dir }}" state=directory
     owner="{{ forum_user }}" group="{{ common_web_group }}"
+  notify: forum | restart the forum service
 
 - name: forum | setup the forum env
   template: >
@@ -48,5 +50,19 @@
   register: forum_supervisor
 
 - include: deploy.yml
+
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: forum | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""
+
 - include: test.yml
 

playbooks/roles/ora/tasks/deploy.yml

-
-- name: ora | See if supervisord config file `ora.conf` is installed
-  shell: "[ -f {{ supervisor_cfg_dir }}/ora.conf ] && echo 'Found' || echo ''"
-  register: ora_installed
-  tags:
-  - deploy
-
-- name: ora | See if supervisord `ora_celery.conf` is installed
-  shell: "[ -f {{ supervisor_cfg_dir }}/ora_celery.conf ] && echo 'Found' || echo ''"
-  register: ora_celery_installed
-  tags:
-  - deploy
-
-# Stop ora service.
-- name: ora | stop ora service
-  supervisorctl: >
-    name=ora
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  when: ora_installed.stdout == 'Found'
-  notify: ora | restart ora
-  tags:
-  - deploy
-
-- name: ora | stop ora_celery service
-  supervisorctl: >
-    name=ora_celery
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  when: ora_celery_installed.stdout == 'Found'
-  notify: ora | restart ora_celery
-  tags:
-  - deploy
-
 - include: ease.yml
 
 - name: ora | create ora application config
@@ -48,24 +12,6 @@
   tags:
   - deploy
 
-- name: ora | create supervisor scripts - ora, ora_celery
-  template: >
-    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
-  with_items: ['ora', 'ora_celery']
-  tags:
-  - deploy
-
-- name: ora | ensuring ora and ora_celery are activated in supervisor
-  supervisorctl: >
-    name="{{ item }}"
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=present
-  with_items: ['ora', 'ora_celery']
-  tags:
-    - deploy
-
 # Do A Checkout
 - name: ora | git checkout ora repo into {{ ora_app_dir }}
   git: dest={{ ora_code_dir }} repo={{ ora_source_repo }} version={{ ora_version }}

playbooks/roles/ora/tasks/ease.yml

@@ -2,12 +2,18 @@
 - name: ora | git checkout ease repo into its base dir
   git: dest={{ora_ease_code_dir}} repo={{ora_ease_source_repo}} version={{ora_ease_version}}
   sudo_user: "{{ ora_user }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
 - name: ora | install ease system packages
   apt: pkg={{item}} state=present
   with_items: ora_ease_debian_pkgs
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
@@ -16,6 +22,9 @@
 - name: ora | install ease python pre-requirements
   pip: requirements="{{ora_ease_pre_requirements_file}}" virtualenv="{{ora_ease_venv_dir}}" state=present
   sudo_user: "{{ ora_user }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
@@ -23,6 +32,9 @@
 - name: ora | install ease python post-requirements
   pip: requirements="{{ora_ease_post_requirements_file}}" virtualenv="{{ora_ease_venv_dir}}" state=present
   sudo_user: "{{ ora_user }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
@@ -30,6 +42,9 @@
   shell: >
     . {{ ora_ease_venv_dir }}/bin/activate; cd {{ ora_ease_code_dir }}; python setup.py install
   sudo_user: "{{ ora_user }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
@@ -37,6 +52,9 @@
 - name: ora | check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
   shell: "[ -f {{ ora_nltk_data_dir }}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
   register: ora_nltk_data_installed
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy
 
@@ -45,5 +63,8 @@
   command: "{{ora_ease_venv_dir}}/bin/python -m nltk.downloader -d {{ ora_nltk_data_dir }} all"
   when: ora_nltk_data_installed.stdout  != "Found"
   sudo_user: "{{ common_web_user }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   tags:
   - deploy

playbooks/roles/ora/tasks/main.yml

@@ -7,11 +7,17 @@
   user: >
     name="{{ ora_user }}" home="{{ ora_app_dir }}"
     createhome=no shell=/bin/false
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
 
 - name: ora | create ora app dir
   file: >
     path="{{ item }}" state=directory
     owner="{{ ora_user }}" group="{{ common_web_group }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   with_items:
     - "{{ ora_venvs_dir }}"
     - "{{ ora_app_dir }}"
@@ -20,18 +26,38 @@
   file: >
     path="{{ item }}" state=directory
     owner="{{ common_web_user }}" group="{{ common_web_group }}"
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   with_items:
     - "{{ ora_data_dir }}"
     - "{{ ora_app_dir }}/ml_models"
 
 - name: ora | install debian packages that ora needs
   apt: pkg={{item}} state=present
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   with_items: ora_debian_pkgs
 
 - name: ora | install debian packages for ease that ora needs
   apt: pkg={{item}} state=present
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
   with_items: ora_ease_debian_pkgs
 
+- name: ora | create supervisor scripts - ora, ora_celery
+  template: >
+    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
+    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+  notify:
+    - ora | restart ora
+    - ora | restart ora_celery
+  with_items: ['ora', 'ora_celery']
+  tags:
+  - deploy
+
 - include: deploy.yml
 
 - name: ora | create a symlink for venv python
@@ -41,3 +67,16 @@
   with_items:
   - python
   - pip
+
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: ora | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""

playbooks/roles/supervisor/handlers/main.yml

-- name: supervisor | restart supervisor
-  service: >
-    name={{ supervisor_service }}
-    state=restarted
-
-- name: supervisor | reload supervisor
-  shell: "{{ supervisor_ctl }} -c {{ supervisor_cfg }} reload"

playbooks/roles/supervisor/tasks/main.yml

@@ -87,20 +87,17 @@
 - name: supervisor | install supervisor in its venv
   pip: name=supervisor virtualenv="{{supervisor_venv_dir}}" state=present
   sudo_user: "{{ supervisor_user }}"
-  notify: supervisor | restart supervisor
 
 - name: supervisor | create supervisor upstart job
   template: >
     src=supervisor-upstart.conf.j2 dest=/etc/init/{{ supervisor_service }}.conf
     owner=root group=root
-  notify: supervisor | restart supervisor
 
 - name: supervisor | create supervisor master config
   template: >
     src=supervisord.conf.j2 dest={{ supervisor_cfg }}
     owner={{ supervisor_user }} group={{ supervisor_service_user }}
     mode=0644
-  notify: supervisor | restart supervisor
 
 - name: supervisor | create a symlink for supervisortctl
   file: >
@@ -108,7 +105,6 @@
     dest={{ COMMON_BIN_DIR }}/{{ supervisor_ctl|basename }}
     state=link
   when: supervisor_service == "supervisor"
-  notify: supervisor | restart supervisor
 
 - name: supervisor | create a symlink for supervisor cfg
   file: >
@@ -119,9 +115,26 @@
   with_items:
   - "{{ supervisor_cfg }}"
   - "{{ supervisor_cfg_dir }}"
-  notify: supervisor | restart supervisor
 
 - name: supervisor | start supervisor
   service: >
     name={{supervisor_service}}
     state=started
+  register: start_supervisor
+
+  # calling update on supervisor too soon after it
+  # starts will result in an errror.
+- name: supervisor | wait for web port to be available
+  wait_for: port={{ supervisor_http_bind_port }} timeout=5
+  when: start_supervisor.changed
+
+  # call supervisorctl update every time, this reloads
+  # the supervisorctl config
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: supervisor | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""

playbooks/roles/xqueue/tasks/deploy.yml

-- name: xqueue | stop xqueue consumer service
-  supervisorctl: >
-    name=xqueue_consumer
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=stopped
-  tags:
-  - deploy
-
 - name: xqueue | create xqueue application config
   template: src=xqueue.env.json.j2 dest={{ xqueue_app_dir }}/xqueue.env.json mode=0644
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
 - name: xqueue | create xqueue auth file
   template: src=xqueue.auth.json.j2 dest={{ xqueue_app_dir }}/xqueue.auth.json mode=0644
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
-- name: "xqueue | writing supervisor scripts - xqueue, xqueue consumer"
-  template: >
-    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
-  with_items: ['xqueue', 'xqueue_consumer']
-  tags:
-  - deploy
-
-- name: xqueue | ensuring xqueue and xqueue_consumer are activated in supervisor
-  supervisorctl: >
-    name="{{ item }}"
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=present
-  with_items: ['xqueue', 'xqueue_consumer']
-  tags:
-    - deploy
-
 # Do A Checkout
 - name: xqueue | git checkout xqueue repo into xqueue_code_dir
   git: dest={{ xqueue_code_dir }} repo={{ xqueue_source_repo }} version={{ xqueue_version }}
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
@@ -49,6 +31,9 @@
 - name : install python pre-requirements
   pip: requirements="{{ xqueue_pre_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
@@ -56,6 +41,9 @@
 - name : install python post-requirements
   pip: requirements="{{ xqueue_post_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
@@ -64,6 +52,9 @@
     SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
   when: migrate_db is defined and migrate_db|lower == "yes"
   sudo_user: "{{ xqueue_user }}"
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy
 
@@ -71,23 +62,8 @@
   shell: >
     SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
   sudo_user: "{{ xqueue_user }}"
-  tags:
-  - deploy
-
-- name: xqueue | restart xqueue
-  supervisorctl: >
-    name=xqueue
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
-  tags:
-  - deploy
-
-- name: xqueue | restart xqueue consumer
-  supervisorctl: >
-    name=xqueue_consumer
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+  notify:
+    - xqueue | restart xqueue
+    - xqueue | restart xqueue consumer
   tags:
   - deploy

playbooks/roles/xqueue/tasks/main.yml

@@ -40,8 +40,29 @@
     encoding=utf8
   when: xqueue_create_db is defined and xqueue_create_db|lower == "yes"
 
+- name: "xqueue | writing supervisor scripts - xqueue, xqueue consumer"
+  template: >
+    src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
+    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+  with_items: ['xqueue', 'xqueue_consumer']
+  tags:
+  - deploy
+
 - include: deploy.yml
 
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: xqueue | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""
+
 - name: xqueue | create a symlink for venv python
   file: >
     src="{{ xqueue_venv_bin }}/{{ item }}"
@@ -50,3 +71,6 @@
   with_items:
   - python
   - pip
+
+
+

playbooks/roles/xserver/handlers/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Handlers for role xserver
+#
+# Overview:
+#
+
+- name: xserver | restart xserver
+  supervisorctl: >
+    name=xserver
+    supervisorctl_path={{ supervisor_ctl }}
+    config={{ supervisor_cfg }}
+    state=restarted
+

playbooks/roles/xserver/tasks/deploy.yml

 - name: xserver | checkout code
   git: dest={{xserver_code_dir}} repo={{xserver_source_repo}} version={{xserver_version}}
   sudo_user: "{{ xserver_user }}"
-  tags:
-  - deploy
-
-- name: "xserver | writing supervisor script"
-  template: >
-    src=xserver.conf.j2 dest={{ supervisor_cfg_dir }}/xserver.conf
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+  notify: xserver | restart xserver
   tags:
   - deploy
 
 - name: xserver | install requirements
   pip: requirements="{{xserver_requirements_file}}" virtualenv="{{ xserver_venv_dir }}" state=present
   sudo_user: "{{ xserver_user }}"
+  notify: xserver | restart xserver
   tags:
   - deploy
 
 - name: xserver | install sandbox requirements
   pip: requirements="{{xserver_requirements_file}}" virtualenv="{{xserver_venv_sandbox_dir}}" state=present
   sudo_user: "{{ xserver_user }}"
+  notify: xserver | restart xserver
   tags:
   - deploy
 
 - name: xserver | create xserver application config
   template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json
   sudo_user: "{{ xserver_user }}"
+  notify: xserver | restart xserver
   tags:
   - deploy
 
@@ -33,6 +30,7 @@
   copy: >
     src={{ XSERVER_LOCAL_GIT_IDENTITY }} dest={{ xserver_git_identity }}
     owner={{ xserver_user }} group={{ xserver_user }} mode=0600
+  notify: xserver | restart xserver
   tags:
   - deploy
 
@@ -40,6 +38,7 @@
   template: >
     src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
     owner={{ xserver_user }} mode=750
+  notify: xserver | restart xserver
   tags:
   - deploy
 
@@ -47,20 +46,13 @@
   git: dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
   environment:
     GIT_SSH: /tmp/git_ssh.sh
+  notify: xserver | restart xserver
   sudo_user: "{{ xserver_user }}"
   tags:
   - deploy
 
 - name: xserver | remove read-only ssh key for the content repo
   file: path={{ xserver_git_identity }} state=absent
-  tags:
-  - deploy
-
-- name: xserver | restart xserver
-  supervisorctl: >
-    name=xserver
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+  notify: xserver | restart xserver
   tags:
   - deploy

playbooks/roles/xserver/tasks/main.yml

@@ -62,6 +62,14 @@
   - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
   - "usr.bin.python-sandbox.j2"
 
+- name: "xserver | writing supervisor script"
+  template: >
+    src=xserver.conf.j2 dest={{ supervisor_cfg_dir }}/xserver.conf
+    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+  tags:
+  - deploy
+
+
 - include: deploy.yml
 
 - name: xserver | enforce app-armor rules
@@ -76,3 +84,15 @@
   - python
   - pip
 
+  # call supervisorctl update. this reloads
+  # the supervisorctl config and restarts
+  # the services if any of the configurations
+  # have changed.
+  #
+  # we don't use notifications for supervisor because
+  # they don't work well with parameterized roles.
+  # See https://github.com/ansible/ansible/issues/4853
+- name: xserver | update supervisor configuration
+  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
+  register: supervisor_update
+  changed_when: supervisor_update.stdout != ""

playbooks/vagrant-fullstack.yml

@@ -5,25 +5,29 @@
   vars:
     migrate_db: "yes"
     openid_workaround: True
+    EDXAPP_LMS_NGINX_PORT: '80'
+    edx_platform_commit: 'master'
   vars_files:
     - "group_vars/all"
   roles:
+    - gh_users
     - common
     - role: nginx
       nginx_sites:
-      - lms
       - cms
-      - lms-preview
-      - xserver
+      - lms
+      - ora
       - xqueue
     - edxlocal
     - supervisor
     - mongo
     - edxapp
+    - demo
     - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
     - { role: 'edxapp', celery_worker: True }
     - oraclejdk
     - elasticsearch
     - forum
     - { role: "xqueue", update_users: True }
-    - xserver
+    - ora
+    - discern

vagrant/fullstack/Vagrantfile

@@ -18,7 +18,6 @@ Vagrant.configure("2") do |config|
     # point Vagrant at the location of your playbook you want to run
     ansible.playbook = "../../playbooks/vagrant-fullstack.yml"
     ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
-    ansible.extra_vars = { XSERVER_GRADER_CHECKOUT: 'False' }
     ansible.verbose = "extra"
   end
 end