Merge pull request #63 from edx/jbau/lms-preview

Jbau/lms preview

Merge pull request #63 from edx/jbau/lms-preview
Jbau/lms preview
db15ea76 · Jason Bau · 905bffd0 · 5ec8a298 · db15ea76 · db15ea76
Commit db15ea76 authored May 14, 2013 by Jason Bau
7 changed files
--- a/playbooks/roles/gunicorn/templates/lms-preview.conf.j2
+++ b/playbooks/roles/gunicorn/templates/lms-preview.conf.j2
+# gunicorn
+
+description "gunicorn server"
+author "Calen Pennington <cpennington@mitx.mit.edu>"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+respawn limit 3 30
+
+env PID=/var/tmp/lms.pid
+#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
+#env NEWRELIC=${venv_dir}/bin/newrelic-admin
+env WORKERS={{ ansible_processor_cores * 2 }}
+env PORT=8020
+env LANG=en_US.UTF-8
+env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env SERVICE_VARIANT="lms-preview"
+
+
+chdir ${app_base_dir}/mitx
+setuid www-data
+
+exec ${venv_dir}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath=${app_base_dir}/mitx lms.wsgi
+
+post-start script
+  while true
+  do
+    if $(curl -s -i localhost:$PORT/heartbeat | egrep -q '200 OK'); then
+      break;
+    else
+      sleep 1;
+    fi
+  done
+end script
+
--- a/playbooks/roles/lms-preview/tasks/main.yml
+++ b/playbooks/roles/lms-preview/tasks/main.yml
+# requires:
+#  - group_vars/all
+#  - common/tasks/main.yml
+#  - nginx/tasks/main.yml
+---
+- name: create lms application config
+  template: src=env.json.j2 dest=$app_base_dir/lms-preview.env.json
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- name: create lms auth file
+  template: src=auth.json.j2 dest=$app_base_dir/lms-preview.auth.json
+  tags:
+  - lms-preview
+  - lms-preview-env
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview
+
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview-backend
+
+# Creates LMS Preview upstart file
+- include: ../../gunicorn/tasks/upstart.yml service_variant=lms-preview
--- a/playbooks/roles/lms-preview/templates/auth.json.j2
+++ b/playbooks/roles/lms-preview/templates/auth.json.j2
+{{ lms_preview_auth_config | to_nice_json }}
--- a/playbooks/roles/lms-preview/templates/env.json.j2
+++ b/playbooks/roles/lms-preview/templates/env.json.j2
+{{ lms_preview_env_config | to_nice_json }}
--- a/playbooks/roles/nginx/templates/lms-preview-backend.j2
+++ b/playbooks/roles/nginx/templates/lms-preview-backend.j2
+upstream lms-preview-backend {
+    # For a TCP configuration:
+    server 127.0.0.1:8020 fail_timeout=0;
+}
--- a/playbooks/roles/nginx/templates/lms-preview.j2
+++ b/playbooks/roles/nginx/templates/lms-preview.j2
+server {
+  # LMS-preview configuration file for nginx, templated by ansible
+
+  listen 80;
+
+  server_name trace-lms-preview.*
+              preview.lms-dev.m.edx.org;
+
+  #
+  # Send error response when request host isn't under our control
+  # We will no longer respond to proxy attempts like this with
+  # anything.
+  # curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
+  #
+
+  set $reject 'no';
+
+  #if ($host !~* (edx.org|edxonline.org)$ ) {
+  #  set $reject 'yes';
+  #}
+
+  if ($request_uri ~ ^(/heartbeat)$) {
+    set $reject 'no';
+  }
+
+  if ( $reject = 'yes' ) {
+    return 444;
+  }
+  # CS184 requires uploads of up to 4MB for submitting screenshots.
+  # CMS requires larger value for course assest, values provided
+  # via hiera.
+  client_max_body_size 4M;
+
+  rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
+
+  location @proxy_to_lms-preview_app {
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://lms-preview-backend;
+  }
+
+  location / {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the github_service_hook url, so that github can use it for cms
+  location /github_service_hook {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # No basic auth security on the heartbeat url, so that ELB can use it
+  location /heartbeat {
+    try_files $uri @proxy_to_lms-preview_app;
+  }
+
+  # Check security on this
+  location ~ /static/(?P<file>.*) {
+    root {{app_base_dir}};
+    try_files /staticfiles/$file /course_static/$file =404;
+
+    # return a 403 for static files that shouldn't be
+    # in the staticfiles directory
+    location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
+        return 403;
+    }
+    # Set django-pipelined files to maximum cache time
+    location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
+        expires max;
+        # Without this try_files, files that have been run through
+        # django-pipeline return 404s
+        try_files /staticfiles/$collected /course_static/$collected =404;
+    }
+
+    # Expire other static files immediately (there should be very few / none of these)
+    expires epoch;
+  }
+
+  # Forward to HTTPS if we're an HTTP request...
+  if ($http_x_forwarded_proto = "http") {
+    set $do_redirect "true";
+  }
+
+  # Run our actual redirect...
+  if ($do_redirect = "true") {
+    rewrite ^ https://$host$request_uri? permanent;
+  }
+
+  # Monitoring support for datadog.
+  location /nginx_status {
+    stub_status on;
+    access_log off;
+    allow 127.0.0.1/32;
+    deny all;
+  }
+}
--- a/playbooks/secure_example/vars/edxapp_prod_vars.yml
+++ b/playbooks/secure_example/vars/edxapp_prod_vars.yml
 ---
-lms_auth_config:
+#Use YAML references (& and *) and hash merge <<: to factor out shared settings
+#see http://atechie.net/2009/07/merging-hashes-in-yaml-conf-files/
+lms_auth_config:  &lms_auth
  'ANALYTICS_API_KEY':  'hidden-prod'
  'AWS_ACCESS_KEY_ID':  'hidden-prod'
  'AWS_SECRET_ACCESS_KEY':  'hidden-prod'
@@ -17,7 +19,7 @@ lms_auth_config:
      'USER':  'hidden-prod'}
  'MODULESTORE':
    'default':
-      'OPTIONS':
+      'OPTIONS':  &lms_modulestore_default_options
        'collection':  'hidden-prod'
        'db':  'hidden-prod'
        'default_class':  'hidden-prod'
@@ -39,7 +41,7 @@ lms_auth_config:
      'username':  'hidden-prod'}
    'url':  'hidden-prod'
 
-lms_env_config:
+lms_env_config:  &lms_env
  'SYSLOG_SERVER':  'hidden-prod'
  'SITE_NAME':  'hidden-prod'
  'LOG_DIR':  'hidden-prod'
@@ -51,7 +53,7 @@ lms_env_config:
  'ADMINS' : 
  - ['name', 'email']
  'TIME_ZONE': 'America/New_York'
-  'CACHES':
+  'CACHES':  &lms_caches
    'default':
      'KEY_PREFIX':  'hidden-prod'
      'LOCATION': [ 'hidden-prod',
@@ -144,4 +146,23 @@ cms_env_config:
    'DISABLE_COURSE_CREATION': false
    'SEGMENT_IO': false

+lms_preview_auth_config:
+  <<: *lms_auth
+  'MODULESTORE':
+    'default':
+      'ENGINE': 'xmodule.modulestore.mongo.DraftMongoModuleStore'
+      'OPTIONS': *lms_modulestore_default_options
+
+lms_preview_env_config:
+  <<: *lms_env
+  'SITE_NAME':  'preview.class.stanford.edu'
+  'COMMENTS_SERVICE_KEY':  false
+  'CACHES': 
+    <<: *lms_caches
+    'general':
+      'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_PREFIX':  'preview.edx.org'
+      'KEY_FUNCTION': 'util.memcache.safe_key'
+      'LOCATION': [ 'vpc-974dbeff-cache.oyg26r.0001.usw1.cache.amazonaws.com:12345',
+                    'vpc-974dbeff-cache.oyg26r.0002.usw1.cache.amazonaws.com:12345' ]