Merge branch 'master' into will/jenkins-provision-updates

Conflicts:
	playbooks/roles/jenkins/defaults/main.yml

ansible-requirements.txt

 Jinja2==2.6
 PyYAML==3.10
-ansible==1.2.2
+ansible==1.3.1
 argparse==1.2.1
-boto==2.8.0
+boto==2.10.0
 paramiko==1.10.1
 pycrypto==2.6
 wsgiref==0.1.2

cloudformation_templates/edx-reference-architecture.json

@@ -2007,7 +2007,10 @@
                   "Effect":"Allow",
                   "Action":[
                     "cloudformation:DescribeStackResource",
-                    "s3:Put"
+                    "s3:Put",
+                    "ses:SendEmail",
+                    "ses:SendRawEmail",
+                    "ses:GetSendQuota"
                   ],
                   "Resource":"*"
                 }

fabric-requirements.txt

@@ -4,7 +4,7 @@ PyYAML==3.10
 WebOb==1.2.3
 argparse==1.2.1
 beautifulsoup4==4.1.3
-boto==2.7.0
+boto==2.10.0
 cloudformation==0.0.0
 decorator==3.4.0
 distribute==0.6.30

package_data.yaml

@@ -223,17 +223,13 @@ post_checkout_regex: !!omap
           --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws \
           --noinput --verbosity=0
         fi
-        if $($RUN django-admin.py help update_templates --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws &>/dev/null) && [[ -r /opt/wwc/cms.auth.json ]]; then
-          $RUN django-admin.py update_templates \
-          --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws
-        fi
       fi
   - ^edx-platform$|^content-.*$:
     - |
       edxapp_status=$(service edxapp status 2>/dev/null || true)
 
       edx_workers_status=$(service edx-workers status 2>/dev/null || true)
-      
+
       if [[ -n $edxapp_status ]]; then
         if [[ $edxapp_status == *stop* ]]; then
           service edxapp start;

playbooks/edx-east/edx_dev2.yml

+---
+- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_edxapp
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/dev2.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      lms_nginx_port: 80
+      cms_nginx_port: 80
+      edxapp_lms_env: 'lms.envs.load_test'
+      edx_platform_commit: 'sarina/install-datadog'
+- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_worker
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/dev2.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      edxapp_lms_env: 'lms.envs.load_test'
+      celery_worker: True
+      edx_platform_commit: 'sarina/install-datadog'
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_xserver
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - nginx
+#    - xserver
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_rabbitmq
+#  serial: 1
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - rabbitmq
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_xqueue
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - nginx
+#    - xqueue

playbooks/edx-east/feanil_deploy.yml → playbooks/edx-east/edx_feanilsandbox.yml

 ---
-- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_edxapp
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_edxapp
   sudo: True
   vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
     - "{{ secure_dir }}/vars/users.yml"
   roles:
     - common
+    - datadog
     - nginx
-    - edxapp
-    - { role: 'edxapp', celery_worker: True }
-
-- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_xserver
+    - role: 'edxapp'
+      lms_nginx_port: 80
+      cms_nginx_port: 80
+      edxapp_lms_env: 'lms.envs.load_test'
+      edx_platform_commit: 'master'
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_worker
   sudo: True
   vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      edxapp_lms_env: 'lms.envs.load_test'
+      celery_worker: True
+      edx_platform_commit: 'master'
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_xserver
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
     - "{{ secure_dir }}/vars/users.yml"
   roles:
     - common
     - nginx
     - xserver
-- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_rabbitmq
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_rabbitmq
   serial: 1
   sudo: True
   vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
     - "{{ secure_dir }}/vars/users.yml"
   roles:
     - common
     - rabbitmq
-- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_xqueue
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_xqueue
   sudo: True
   vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
     - "{{ secure_dir }}/vars/users.yml"
   roles:
     - common

playbooks/edx-east/edx_sandbox.yml

@@ -9,10 +9,8 @@
   sudo: True
   gather_facts: True
   vars:
-    migrate_db: True
+    migrate_db: "yes"
     mysql5_workaround: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edx_sandbox.yml"
   roles:
     - common
     - nginx

playbooks/edx-west/.gitignore

+configuration-secure
+edx-secret

playbooks/edx-west/carnegie-prod-app.yml

+- hosts: ~tag_Name_app(10|20)_carn
+  sudo: True
+  vars_prompt:
+    - name: "migrate_db"
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
+      default: "no"
+      private: no
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    #local_dir:  '../../../edx-secret/ansible/local'
+    local_dir: "{{secure_dir}}/local"
+    # this toggles http basic auth on and off. false in production
+    not_prod: false
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_carnegie_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+  roles:
+    - common
+    - {'role': 'nginx', 'nginx_conf': true}
+    - {'role': 'edxapp', 'openid_workaround': true, 'template_subdir': 'carnegie'}
+    # run this role last
+    # - in_production

playbooks/edx-west/edxworker_prod.yml → playbooks/edx-west/carnegie-prod-worker.yml

 # this gets all running prod webservers
-- hosts: tag_environment_prod:&tag_function_util
+- hosts: tag_environment_prod_carn:&tag_function_util
 # or we can get subsets of them by name
-#- hosts: ~tag_Name_util(1|2)_prod
+#- hosts: ~tag_Name_util(10)_carn
   sudo: True
   vars:
-    secure_dir: '../../../configuration-secure/ansible'
+    secure_dir: '../../../edx-secret/ansible'
     # this indicates the path to site-specific (with precedence)
     # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
+    local_dir:  '../../../../../../edx-secret/ansible/local'
     migrate_db: "no"
   vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/edxapp_carnegie_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"
     - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
   roles:
     - common
     - { role: 'edxapp', celery_worker: True }

playbooks/edx-west/cme-prod-app.yml

+
+# set up the fireball transport
+#- hosts: ~tag_Name_app(10|20)_cme
+#  gather_facts: no
+#  connection: ssh # or paramiko
+#  sudo: yes
+#  tasks:
+#      - apt: pkg=gcc state=present
+#      - apt: pkg=libzmq-dev,python-zmq state=present
+#      - action: fireball
+
+
+# this gets all running prod webservers
+#- hosts: tag_environment_prod:&tag_function_webserver
+# or we can get subsets of them by name
+- hosts: ~tag_Name_app(10|20)_cme
+  sudo: True
+  vars_prompt:
+    - name: "migrate_db"
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
+      default: "no"
+      private: no
+  vars:
+    secure_dir: '../../../edx-secret/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir:  '../../../../../../edx-secret/ansible/local'
+    not_prod: true
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_cme_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+  roles:
+    - common
+    - nginx
+    - {'role': 'edxapp', 'openid_workaround': true}
+    # run this role last
+    # - in_production

playbooks/edx-west/xserver_prod.yml → playbooks/edx-west/cme-prod-worker.yml

 # this gets all running prod webservers
-- hosts: tag_environment_prod:&tag_function_xserver
+- hosts: tag_environment_prod_cme:&tag_function_util
 # or we can get subsets of them by name
-#- hosts: ~tag_Name_xserver(1|2)_prod
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
+#- hosts: ~tag_Name_util(10)_cme
   sudo: True
   vars:
-    secure_dir: '../../../configuration-secure/ansible'
+    secure_dir: '../../../edx-secret/ansible'
     # this indicates the path to site-specific (with precedence)
     # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
+    local_dir:  '../../../../../../edx-secret/ansible/local'
+    migrate_db: "no"
   vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/edxapp_cme_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"
     - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
   roles:
     - common
-    - nginx
-    - xserver
+    - { role: 'edxapp', celery_worker: True }

playbooks/edx-west/edxapp_prod_apache.yml

-- hosts: ~tag_Name_app(12|22)_prod
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
-
-  vars:
-    secure_dir: '../../../configuration-secure/ansible'
-    # this indicates the path to site-specific (with precedence)
-    # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
-
-  roles:
-    - nginx
-    - edxapp
-    - apache
-    - shibboleth
\ No newline at end of file

playbooks/edx-west/edxapp_prod_debug.yml

----
-
-#- hosts: tag_environment_prod:&tag_function_webserver:&tag_test_test
-- hosts: i-a4d28cfc
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    # run this role last
-    - in_production
-  tasks:
-    - debug: msg="{{ lms_preview_auth_config}}"
-      tags:
-        - debug
-    - debug: msg="{{ lms_preview_env_config}}"
-      tags:
-        - debug

playbooks/edx-west/edxapp_prod_local.yml

-- hosts: tag_Name_app4_prod
-#- hosts: tag_environment_prod:&tag_function_webserver:&tag_test_test
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    - edx-theme
-    # run this role last
-    - in_production

playbooks/edx-west/edxapp_ref.yml

-- hosts: tag_Group_edxapp_ref
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_ref_vars.yml"
-    - "{{ secure_dir }}/vars/edxapp_ref_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    # run this role last
-    - in_production

playbooks/edx-west/edxutil_prod.yml

-- hosts: tag_environment_prod:&tag_function_util
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - edxapp
-    - edx_worker_upstart
\ No newline at end of file

playbooks/edx-west/edxutil_prod_local.yml

-- hosts: tag_environment_prod:&tag_function_util
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - edxapp
-    - edx_worker_upstart
\ No newline at end of file

playbooks/edx-west/edxapp_prod.yml → playbooks/edx-west/prod-app.yml

@@ -2,9 +2,9 @@
 #- hosts: tag_environment_prod:&tag_function_webserver
 # or we can get subsets of them by name
 #- hosts: ~tag_Name_app(10|20)_prod
-#- hosts: ~tag_Name_app(11|21)_prod
+- hosts: ~tag_Name_app(11|21)_prod
 ## this is the test box
-- hosts: ~tag_Name_app4_prod
+#- hosts: ~tag_Name_app4_prod
 ## you can also do security group, but don't do that
 #- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
   sudo: True
@@ -18,6 +18,7 @@
     # this indicates the path to site-specific (with precedence)
     # things like nginx template files
     local_dir:  '../../../configuration-secure/ansible/local'
+    not_prod: false
   vars_files:
     - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"

playbooks/edx-west/jumpbox_prod.yml → playbooks/edx-west/prod-jumpbox.yml

 - hosts: tag_Name_jumpbox_prod
   sudo: True
   vars_files:
-    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/users_jumpbox.yml"
   vars:
     secure_dir: '../../../configuration-secure/ansible'
-    # this indicates the path to site-specific (with precedence)
-    # things like nginx template files
     local_dir:  '../../../configuration-secure/ansible/local'
-
   roles:
-    - common
\ No newline at end of file
+    - common

playbooks/edx-west/prod-worker.yml

+# For all util machines
+- hosts: tag_environment_prod:&tag_function_util
+# or we can get subsets of them by name
+#- hosts: ~tag_Name_util(1|2)_prod
+  sudo: True
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir:  '../../../configuration-secure/ansible/local'
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
+  roles:
+    - common
+    - { role: 'edxapp', celery_worker: True }
+
+#
+# COMMENT OUT THE NOTIFIER UNTIL IT IS READY
+#
+
+# run the notifier on the first util machine only
+#- hosts: ~tag_Name_util10_prod
+#  sudo: True
+#  vars:
+#    secure_dir: '../../../configuration-secure/ansible'
+#    migrate_db: "no"
+#  vars_files:
+#    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+#    - "{{ secure_dir }}/vars/notifier_prod_vars.yml"
+#  roles:
+#    - role: virtualenv
+#      virtualenv_user: "notifier"
+#      virtualenv_user_home: "/opt/wwc/notifier"
+#      virtualenv_name: "notifier"
+#    - notifier

playbooks/edx-west/xqueue_prod.yml → playbooks/edx-west/prod-xqueue.yml

@@ -10,7 +10,7 @@
     # things like nginx template files
     local_dir:  '../../../configuration-secure/ansible/local'
   vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/xqueue_prod_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"
     - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
   roles:

playbooks/edx-west/stage-ansible.cfg

@@ -8,7 +8,7 @@ hash_behaviour=merge
 # These are environment-specific defaults
 forks=10
 #forks=1
-log_path=stage-edx-ansible.log
+log_path=~/stage-edx-ansible.log
 transport=ssh
 hostfile=./ec2.py
 extra_vars='key=deployment name=edx-stage group=edx-stage region=us-west-1'
@@ -16,6 +16,5 @@ user=ubuntu
 
 [ssh_connection]
 # example from https://github.com/ansible/ansible/blob/devel/examples/ansible.cfg
-#ssh_args=-o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
-ssh_args=-F stage-ssh-config
+ssh_args=-F stage-ssh-config -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
 scp_if_ssh=True

playbooks/edx-west/stage-app.yml

@@ -3,8 +3,8 @@
   sudo: True
   vars_prompt:
     - name: "migrate_db"
-      prompt: "Should this playbook run database migrations? (<Return> for false, anything else for true)"
-      default: false
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
+      default: "no"
       private: no
   vars:
     not_prod: true

playbooks/edx-west/stage-jumpbox.yml

+- hosts: tag_Name_jumpbox_stage
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/users_jumpbox.yml"
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    local_dir:  '../../../configuration-secure/ansible/local'
+  roles:
+    - common

playbooks/edx-west/stage-worker.yml

+# this gets all running stage util machiens
+- hosts: tag_environment_stage:&tag_function_util
+# or we can get subsets of them by name
+#- hosts: ~tag_Name_util(1|2)_stage
+  sudo: True
+  vars:
+    secure_dir: ../../../edx-secret/ansible
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir: ../../../edx-secret/ansible/local
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
+  roles:
+    - common
+    - { role: 'edxapp', celery_worker: True }
+
+# run the notifier on the first util machine only
+- hosts: ~tag_Name_util10_stage
+  sudo: True
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/notifier_stage_vars.yml"
+  roles:
+    - role: virtualenv
+      virtualenv_user: "notifier"
+      virtualenv_user_home: "/opt/wwc/notifier"
+      virtualenv_name: "notifier"
+    - notifier

playbooks/edx-west/stage-xqueue.yml

@@ -5,7 +5,7 @@
     secure_dir: ../../../edx-secret/ansible
     local_dir: ../../../edx-secret/ansible/local
   vars_files:
-    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/xqueue_stage_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"
     - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
   roles:

playbooks/edx_sandbox.yml

@@ -26,7 +26,7 @@
     - nginx
     - edxlocal
     - edxapp
-    - rabbitmq
+    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
     - { role: 'edxapp', celery_worker: True }
     - oraclejdk
     - elasticsearch
@@ -35,3 +35,13 @@
       rbenv_user_home: "{{ forum_home }}"
       rbenv_ruby_version: "{{ forum_ruby_version }}"
     - forum
+    - role: virtualenv
+      virtualenv_user: "{{ xqueue_user }}"
+      virtualenv_user_home: "{{ xqueue_user_home }}"
+      virtualenv_name: "{{ xqueue_user }}"
+    - { role: "xqueue", update_users: True }
+    - role: virtualenv
+      virtualenv_user: "{{ ora_user }}"
+      virtualenv_user_home: "{{ ora_user_home }}"
+      virtualenv_name: "{{ ora_user }}"
+    - role: ora

playbooks/roles/apache/tasks/apache_site.yml

@@ -7,7 +7,7 @@
     # seems like paths in first_available_file must be relative to the playbooks dir
     - "roles/apache/templates/{{ site_name }}.j2"
   notify: apache | restart apache
-  when_set: $apache_role_run
+  when: apache_role_run is defined
   tags:
     - apache
     - update
@@ -15,7 +15,7 @@
 - name: apache | Creating apache2 config link {{ site_name }}
   file: src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
   notify: apache | restart apache
-  when_set: $apache_role_run
+  when: apache_role_run is defined
   tags:
     - apache
     - update

playbooks/roles/common/vars/main.yml → playbooks/roles/common/defaults/main.yml

@@ -7,3 +7,4 @@ common_debian_pkgs:
   - screen
   - tree
   - git
+  - unzip

playbooks/roles/common/tasks/create_github_users.yml

@@ -27,7 +27,7 @@
 
 - name: common | create .ssh directory
   file: 
-    path=/home/{{ item.user }}/.ssh state=directory mode=0600 
+    path=/home/{{ item.user }}/.ssh state=directory mode=0700 
     owner={{ item.user }} group={{ item.user }}
   with_items: github_users
   tags:

playbooks/roles/common/tasks/main.yml

 ---
 - include: create_users.yml
-#- include: create_github_users.yml
-#  when: github_users is defined
+- include: create_github_users.yml
+  when: github_users is defined
 
 - name: common | Add user www-data
   # This user should be created on the system by default

playbooks/roles/common/templates/edx_rsyslog.j2

 # custom edx syslog configuration
-# Put in place and templatized by ansible 
-#
-# Cliffs notes version: ansible uses local0 and local1, so they have to be
-# plumbed through appropriately.
- 
-#############
-# Change some global configuration
-#############
+#
+
+
+#  Default rules for rsyslog.
+#
+#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf
+
+#
+# First some standard log files.  Log by facility.
+
 # don't escape newlines
 $EscapeControlCharactersOnReceive off
+
 $SystemLogRateLimitInterval 0
 $RepeatedMsgReduction off
 $MaxMessageSize 32768
- 
-#############
-# Override default auth config so we can ignore local0 and local1 also
-#############
+
 auth,authpriv.*                                         /var/log/auth.log
 *.*;auth,authpriv.none,local0.none,local1.none          -/var/log/syslog
- 
-# According to the docs for rsyslog, "syslogtag" is the "TAG" from 
-# the message which in the case of tracking logs is interpreted to 
-# be everything before the first whitespace character. 
+
+# According to the docs for rsyslog, "syslogtag" is the "TAG" from
+# the message which in the case of tracking logs is interpreted to
+# be everything before the first whitespace character.
 # This is why we include "syslogtag."
-# Maybe one day this will be answered:
-# - http://stackoverflow.com/questions/10449447/how-to-avoid-syslogtag-from-rsyslog-template
+# Maybe one day this will be answered - http://stackoverflow.com/questions/10449447/how-to-avoid-syslogtag-from-rsyslog-template
 $template tracking,"%syslogtag%%msg%\n"
- 
+
 # looks for [service_name=<name>] in the beginning of the log message,
-# if it exists the log will go into {{log_base_dir}}/<name>/edx.log, otherwise
-# it will go into {{log_base_dir}}/edx.log
-$template DynaFile,"{{log_base_dir}}/%syslogtag:R,ERE,1,BLANK:\[service_variant=([a-zA-Z_-]*)\].*--end%/edx.log"
- 
+# if it exists the log will go into /mnt/logs/<name>/edx.log, otherwise
+# it will go into /mnt/logs/edx.log
+$template DynaFile,"/mnt/logs/%syslogtag:R,ERE,1,BLANK:\[service_variant=([a-zA-Z_-]*)\].*--end%/edx.log"
+
 local0.*                        -?DynaFile
-local1.*                        {{log_base_dir}}/tracking.log;tracking
+local1.*                        /mnt/logs/tracking.log;tracking
+#cron.*                         /var/log/cron.log
+#daemon.*                       -/var/log/daemon.log
+kern.*                          -/var/log/kern.log
+#lpr.*                          -/var/log/lpr.log
+mail.*                          -/var/log/mail.log
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+#mail.info                      -/var/log/mail.info
+#mail.warn                      -/var/log/mail.warn
+mail.err                        /var/log/mail.err
+
+#
+# Logging for INN news system.
+#
+news.crit                       /var/log/news/news.crit
+news.err                        /var/log/news/news.err
+news.notice                     -/var/log/news/news.notice
+
+#
+# Some "catch-all" log files.
+#
+#*.=debug;\
+#       auth,authpriv.none;\
+#       news.none;mail.none     -/var/log/debug
+#*.=info;*.=notice;*.=warn;\
+#       auth,authpriv.none;\
+#       cron,daemon.none;\
+#       mail,news.none          -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg                                :omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+#       news.=crit;news.=err;news.=notice;\
+#       *.=debug;*.=info;\
+#       *.=notice;*.=warn       /dev/tty8
+
+# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+# you must invoke `xconsole' with the `-file' option:
+#
+#    $ xconsole -file /dev/xconsole [...]
+#
+# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+#      busy site..
+#
+daemon.*;mail.*;\
+        news.err;\
+        *.=debug;*.=info;\
+        *.=notice;*.=warn       |/dev/xconsole
+

playbooks/roles/datadog/defaults/main.yml

+---
+
+datadog_api_key: "PUT_YOUR_API_KEY_HERE"
+
+datadog_apt_key: "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x226AE980C7A7DA52"
+
+datadog_debian_pkgs:
+  - apparmor-utils
+  - build-essential
+  - curl
+  - g++
+  - gcc
+  - ipython
+  - pkg-config
+  - rsyslog

playbooks/roles/datadog/files/etc/yum.repo.d/datadog.repo

+[datadog]
+name = Datadog, Inc.
+baseurl = http://yum.datadoghq.com/rpm/
+enabled=1
+gpgcheck=0
\ No newline at end of file

playbooks/roles/datadog/handlers/main.yml

+---
+
+- name: datadog | restart the datadog service
+  service: name=datadog-agent state=restarted
\ No newline at end of file

playbooks/roles/datadog/tasks/main.yml

+---
+
+#
+# datadog
+# 
+# Overview:
+# 
+# Installs datadog 
+##
+# Dependencies:
+#
+# Example play:
+#   roles:
+#   - common
+#   - datadog
+#
+
+- name: datadog | add apt key
+  apt_key: id=C7A7DA52 url={{datadog_apt_key}} state=present
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+
+- name: datadog | install apt repository
+  shell: echo 'deb http://apt.datadoghq.com/ unstable main' > /etc/apt/sources.list.d/datadog-source.list
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+
+- name: datadog | add yum repo
+  copy:
+    src=etc/yum.repo.d/datdog.repo
+    dest=/etc/yum.repo.d/datdog.repo
+  tags:
+    - datadog
+    - redhat
+  when_string: ansible_distribution in common_redhat_variants
+
+- name: datadog | install datadog agent
+  apt: pkg="datadog-agent" update_cache=yes
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+
+- name: datadog | bootstrap config
+  shell: cp /etc/dd-agent/datadog.conf.example /etc/dd-agent/datadog.conf creates=/etc/dd-agent/datadog.conf
+  tags:
+    - datadog
+
+# quoting intentional, missing space after line=api_key: also
+# ansible wasn't handling the double quoted yaml properly 
+# otherwise.
+- name: datadog | update api-key
+  lineinfile: 
+    dest="/etc/dd-agent/datadog.conf" 
+    "regexp=^api_key:.*"
+    "line=api_key:{{ common_dd_api_key }}"
+  notify:
+    - datadog | restart the datadog service
+  tags:
+    - datadog

playbooks/roles/edxapp/vars/main.yml → playbooks/roles/edxapp/defaults/main.yml

@@ -23,7 +23,7 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
     'basic_auth': [ 'edx',  'edx']
     'django_auth': { 'password':  'password',
       'username':  'lms'}
-    'url':  'https://localhost:18040'
+    'url':  'http://localhost:18040'
   'CONTENTSTORE':
     'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
     'OPTIONS':
@@ -45,7 +45,6 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
         'port': 27017
         'render_template':  'mitxmako.shortcuts.render_to_string'
         'user':  'mongo'
-    # Needed for the CMS to be able to run update_templates
     'direct':
       'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
       'OPTIONS':  *generic_modulestore_default_options
@@ -60,7 +59,7 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
       'PORT': '3306'
   'PEARSON_TEST_PASSWORD':  ''
   'OPEN_ENDED_GRADING_INTERFACE':
-    'url':  'http://localhost:18091'
+    'url':  'http://localhost:18091/'
     'password':  'password'
     'peer_grading':  'peer_grading'
     'staff_grading':  'staff_grading'
@@ -173,6 +172,11 @@ edxapp_lms_app_port: 8000
 edxapp_lms_xml_app_port: 8030
 edxapp_lms_preview_app_port: 8020
 
+edxapp_cms_app_address: 127.0.0.1
+edxapp_lms_app_address: 127.0.0.1
+edxapp_lms_xml_app_address: 127.0.0.1
+edxapp_lms_preview_app_address: 127.0.0.1
+
 # These vars are for creating the application json config
 # files.  There are two for each service that uses the
 # 'edx-platform' code.  Defining them will create the upstart
@@ -182,9 +186,9 @@ edxapp_lms_preview_app_port: 8020
 
 service_variants_enabled:
   - lms
-  - lms-xml
   - cms
-  - lms-preview
+
+edxapp_lms_env: 'lms.envs.aws'
 
 
 #Number of gunicorn worker processes to spawn, as a multiplier to number of virtual cores
@@ -202,8 +206,10 @@ edxapp_theme_source_repo: 'https://github.com/Stanford-Online/edx-theme.git'
 edxapp_theme_version: 'HEAD'
 
 # make this the public URL instead of writable
-lms_source_repo: https://github.com/edx/edx-platform.git
-lms_version: 'release'
+edx_platform_repo: https://github.com/edx/edx-platform.git
+# `edx_platform_commit` can be anything that git recognizes as a commit
+# reference, including a tag, a branch name, or a commit hash
+edx_platform_commit: 'release'
 local_requirements_file:  "{{ edx_platform_code_dir }}/requirements/edx/local.txt"
 pre_requirements_file:    "{{ edx_platform_code_dir }}/requirements/edx/pre.txt"
 post_requirements_file:   "{{ edx_platform_code_dir }}/requirements/edx/post.txt"
@@ -258,7 +264,6 @@ lms_debian_pkgs:
   - libxslt1-dev
   - lynx-cur
   - maven2
-  - mongodb
   - mongodb-clients
   - mysql-client
   - npm
@@ -307,3 +312,6 @@ deploy_environment:
   RBENV_ROOT: "{{ rbenv_root }}"
   GEM_HOME: "{{ gem_home }}"
   PATH: "{{ venv_dir }}/bin:{{ edx_platform_code_dir }}/bin:{{ rbenv_root }}/bin:{{ rbenv_root }}/shims:{{ gem_home }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Worker Settings
+worker_django_settings_module: 'aws'

playbooks/roles/edxapp/tasks/collect_static.yml

-# Gather lms assets using rake if possible
-- name: gather lms static assets with rake
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ lms_variant }} rake lms:gather_assets:aws
-  when: grep_gather_assets.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
-
-# Gather lms assets using django if necessary(When rake doesn't know how)
-- name: gather lms static assets with django
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws --noinput --verbosity=0
-  when: grep_gather_assets.rc != 0 and check_lms_collect_static.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
-
-
-# Gather cms assets using rake if possible
-- name: gather cms static assets with rake
-#  script: gather_assets.sh
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ cms_variant }} rake cms:gather_assets:aws
-  when: grep_gather_assets.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
-
-- name: gather cms static assets with django
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws --noinput --verbosity=0
-  when: grep_gather_assets.rc != 0 and check_cms_collect_static.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
-
-- name: update cms templates
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py update_templates --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
-  when: check_cms_update_templates.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
-
-# Add failure checks for if no static assets were deployed.
-- name: lms asset static failure check
-  shell: /bin/false
-  when: grep_gather_assets.rc != 0 and check_lms_collect_static.rc != 0
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
-
-- name: cms asset static failure check
-  shell: /bin/false
-  when: grep_gather_assets.rc != 0 and check_cms_collect_static.rc != 0
-  tags:
-  - cms
-  - deploy
-

playbooks/roles/edxapp/tasks/deploy.yml

@@ -16,8 +16,16 @@
   - deploy
 
 # Do A Checkout
-- name: git checkout edx-platform repo into $app_base_dir
-  git: dest={{edx_platform_code_dir}} repo={{lms_source_repo}} version={{lms_version}}
+- name: edxapp | checkout edx-platform repo into {{edx_platform_code_dir}}
+  git: dest={{edx_platform_code_dir}} repo={{edx_platform_repo}} version={{edx_platform_commit}}
+  tags:
+  - lms
+  - cms
+  - install
+  - deploy
+
+- name: git clean after checking out edx-platform
+  shell: cd {{edx_platform_code_dir}} && git clean -xdf
   tags:
   - lms
   - cms
@@ -31,6 +39,7 @@
   - lms
   - cms
   - install
+  - deploy
 
 - name: checkout theme
   git: dest={{app_base_dir}}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
@@ -149,56 +158,35 @@
 - name: changing group ownership to www-data for everything in the venv (workaround)
   shell: chgrp -R www-data {{ venv_dir }}
 
-# This check needs to be run to see if rake can be used but its failure should not stop the run.
-- name: check if rake gather_assets is available
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} rake -T | grep gather_assets
-  environment: "{{ deploy_environment }}"
-  register: grep_gather_assets
-  ignore_errors: yes
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - cms
-  - deploy
 
-- name: check if django can collect lms static data
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py help collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws
-  register: check_lms_collect_static
+# Gather lms assets using rake if possible
+- name: gather lms static assets with rake
+  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ lms_variant }} rake lms:gather_assets:aws
+  notify:
+  - restart edxapp
   sudo: yes
   sudo_user: www-data
+  when: celery_worker is not defined
   environment: "{{ deploy_environment }}"
-  ignore_errors: yes
   tags:
   - lms
   - lms-preview
   - lms-xml
   - deploy
 
-- name: check if django can collect cms static data
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py help collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
-  register: check_cms_collect_static
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  ignore_errors: yes
-  tags:
-  - cms
-  - deploy
-
-- name: check if django can update cms templates
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py help update_templates --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
-  register: check_cms_update_templates
+# Gather cms assets using rake if possible
+- name: gather cms static assets with rake
+  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ cms_variant }} rake cms:gather_assets:aws
+  notify:
+  - restart edxapp
   sudo: yes
   sudo_user: www-data
+  when: celery_worker is not defined
   environment: "{{ deploy_environment }}"
-  ignore_errors: yes
   tags:
   - cms
   - deploy
 
-- include: collect_static.yml
-  when: celery_worker is not defined
 
 # https://code.launchpad.net/~wligtenberg/django-openid-auth/mysql_fix/+merge/22726
 # This is necessary for when syncdb is run and the django_openid_auth module is installed,
@@ -226,6 +214,17 @@
   - cms
   - syncdb
 
+- name: db migrate
+  shell: sudo -u www-data SERVICE_VARIANT=lms /opt/edx/bin/django-admin.py migrate --noinput --settings=lms.envs.aws --pythonpath=/opt/wwc/edx-platform
+  when: migrate_only is defined and migrate_only|lower == "yes"
+  tags:
+  - deploy
+  - lms
+  - lms-xml
+  - lms-preview
+  - cms
+  - syncdb
+
 - name: restart edxapp
   service: name=edxapp state=restarted
   when: celery_worker is not defined

playbooks/roles/edxapp/tasks/ruby.yml

@@ -57,28 +57,28 @@
 - name: rbenv | create temporary directory
   command: mktemp -d
   register: tempdir
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
   tags:
   - ruby
   - install
 
 - name: rbenv | clone ruby-build repo
   git: repo=https://github.com/sstephenson/ruby-build.git dest=${tempdir.stdout}/ruby-build
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
   tags:
   - ruby
   - install
 
 - name: rbenv | install ruby-build
   command: ./install.sh chdir=${tempdir.stdout}/ruby-build
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
   tags:
   - ruby
   - install
 
 - name: rbenv | remove temporary directory
   file: path=${tempdir.stdout} state=absent
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
   tags:
   - ruby
   - install
@@ -93,21 +93,21 @@
 
 - name: rbenv | install ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
   tags:
   - ruby
   - install
 
 - name: rbenv | set global ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
   tags:
   - ruby
   - install
 
 - name: rbenv | rehash
   shell: RBENV_ROOT=${rbenv_root} rbenv rehash
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
   tags:
   - ruby
   - install

playbooks/roles/edxapp/templates/cms.conf.j2

@@ -17,6 +17,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.cms }}
 env WORKERS={{ worker_core_mult.cms }}
 {% endif %}
 env PORT={{edxapp_cms_app_port}}
+env ADDRESS={{edxapp_cms_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=cms.envs.aws
 env SERVICE_VARIANT="cms"
@@ -24,4 +25,4 @@ env SERVICE_VARIANT="cms"
 chdir {{edx_platform_code_dir}}
 setuid www-data
 
-exec {{venv_dir}}/bin/gunicorn_django -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} --settings=cms.envs.aws
+exec {{venv_dir}}/bin/gunicorn_django -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} --settings=cms.envs.aws

playbooks/roles/edxapp/templates/edx-worker-cms.conf.j2

@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=cms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
 
@@ -21,4 +21,4 @@ setuid www-data
 
 chdir {{edx_platform_code_dir}}
 
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py $SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY

playbooks/roles/edxapp/templates/edx-worker-lms-xml.conf.j2

@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
 
@@ -21,4 +21,4 @@ setuid www-data
 
 chdir {{edx_platform_code_dir}}
 
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py lms --service-variant=$SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY

playbooks/roles/edxapp/templates/edx-worker-lms.conf.j2

@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
 
@@ -21,4 +21,4 @@ setuid www-data
 
 chdir {{edx_platform_code_dir}}
 
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py lms --service-variant=$SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY

playbooks/roles/edxapp/templates/lms-preview.conf.j2

@@ -18,6 +18,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms_preview }}
 env WORKERS={{ worker_core_mult.lms_preview }}
 {% endif %}
 env PORT={{edxapp_lms_preview_app_port}}
+env ADDRESS={{edxapp_lms_preview_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=lms.envs.aws
 env SERVICE_VARIANT="lms-preview"
@@ -25,7 +26,7 @@ env SERVICE_VARIANT="lms-preview"
 chdir {{edx_platform_code_dir}}
 setuid www-data
 
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
 
 post-start script
   while true

playbooks/roles/edxapp/templates/lms-xml.conf.j2

@@ -17,6 +17,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms_xml }}
 env WORKERS={{ worker_core_mult.lms_xml }}
 {% endif %}
 env PORT={{edxapp_lms_xml_app_port}}
+env ADDRESS={{edxapp_lms_xml_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=lms.envs.aws
 env SERVICE_VARIANT="lms-xml"
@@ -24,7 +25,7 @@ env SERVICE_VARIANT="lms-xml"
 chdir {{edx_platform_code_dir}}
 setuid www-data
 
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}}  lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}}  lms.wsgi
 
 post-start script
   while true

playbooks/roles/edxapp/templates/lms.conf.j2

@@ -15,14 +15,15 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms }}
 env WORKERS={{ worker_core_mult.lms }}
 {% endif %}
 env PORT={{edxapp_lms_app_port}}
+env ADDRESS={{edxapp_lms_app_address}}
 env LANG=en_US.UTF-8
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{ edxapp_lms_env }}
 env SERVICE_VARIANT="lms"
 
 chdir {{edx_platform_code_dir}}
 setuid www-data
 
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
 
 post-start script
   while true

playbooks/roles/elasticsearch/tasks/main.yml

@@ -28,3 +28,9 @@
   tags:
     - elasticsearch
     - install
+
+- name: elasticsearch | Ensure elasticsearch is enabled and started
+  service: name=elasticsearch state=started enabled=yes
+  tags:
+    - elasticsearch
+    - install

playbooks/roles/forum/tasks/test.yml

 ---
 
 - name: forum | test that the required service are listening
-  wait_for: port={{ item.port }} timeout=10
+  wait_for: port={{ item.port }} host={{ item.host }} timeout=10
   with_items: "{{ forum_services }}"
   tags:
   - forum

playbooks/roles/nginx/tasks/main.yml

@@ -8,6 +8,14 @@
   - nginx
   - install
 
+- name: nginx | Server configuration file
+  copy: src={{secure_dir}}/files/nginx.conf dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
+  when: nginx_conf is defined
+  notify: nginx | restart nginx
+  tags:
+  - nginx
+  - install
+
 # Standard configuration that is common across all roles
 # Default values for these variables are set in group_vars/all
 # Note: remove spaces in {{..}}, otherwise you will get a template parsing error.

playbooks/roles/nginx/tasks/nginx_site.yml

 # Requires nginx package
 ---
 - name: nginx | Copying nginx config {{ site_name }}
-  template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
+  template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }} owner=root group=root mode=0600
   first_available_file:
+  - "{{ local_dir }}/nginx/templates/{{ template_subdir }}/{{ site_name }}.j2"
   - "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
   # seems like paths in first_available_file must be relative to the playbooks dir
   - "roles/nginx/templates/{{ site_name }}.j2" 
   notify: nginx | restart nginx
-  when_set: $nginx_role_run
+  when: nginx_role_run is defined
   tags:
   - nginx
   - lms
@@ -18,7 +19,7 @@
 - name: nginx | Creating nginx config link {{ site_name }}
   file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
   notify: nginx | restart nginx
-  when_set: $nginx_role_run
+  when: nginx_role_run is defined
   tags:
   - nginx
   - lms

playbooks/roles/notifier/vars/main.yml → playbooks/roles/notifier/defaults/main.yml

@@ -4,14 +4,15 @@ notifier_user: "notifier"
 notifier_web_user: "www-user"
 notifier_home: "/opt/wwc/notifier"
 notifier_venv_dir: "{{ notifier_home }}/virtualenvs/notifier"
+notifier_db_dir: "{{ notifier_home }}/db"
 notifier_source_repo: "git@github.com:edx/notifier.git"
 notifier_code_dir: "{{ notifier_home }}/src"
-notifier_version: "rc/digests"
+notifier_version: "master"
 notifier_git_identity_path: "{{ secure_dir }}/files/git-identity"
 notifier_requirements_file: "{{ notifier_code_dir }}/requirements.txt"
 notifier_log_level: "INFO"
 notifier_rsyslog_enabled: "yes"
-notifier_digest_task_interval: "5"
+notifier_digest_task_interval: "1440"
 
 notifier_env: "Development"
 
@@ -20,7 +21,7 @@ notifier_email_host: "localhost"
 notifier_email_port: 25
 notifier_email_user: ""
 notifier_email_pass: ""
-notifier_email_host: ""
+notifier_email_use_tls: "False"
 
 notifier_email_domain: "notifications.edx.org"
 notifier_email_rewrite_recipient: ""
@@ -41,6 +42,8 @@ notifier_supervisor_log_dest: "/mnt/logs/supervisor"
 
 notifer_requests_ca_bundle: "/etc/ssl/certs/ca-certificates.crt"
 
+notifier_dd_api_key: "NOT_USED"    # data dog
+
 notifier_debian_pkgs:
   - apparmor-utils
   - build-essential
@@ -60,7 +63,13 @@ notifier_debian_pkgs:
 #
 notifier_env_vars:
   NOTIFIER_ENV: "{{ notifier_env }}"
+  NOTIFIER_DB_DIR: "{{ notifier_db_dir }}"
   EMAIL_BACKEND: "{{ notifier_email_backend }}"
+  EMAIL_HOST: "{{ notifier_email_host }}"
+  EMAIL_PORT: "{{ notifier_email_port }}"
+  EMAIL_HOST_USER: "{{ notifier_email_user }}"
+  EMAIL_HOST_PASSWORD: "{{ notifier_email_pass }}"
+  EMAIL_USE_TLS: "{{ notifier_email_use_tls }}"
   EMAIL_DOMAIN: "{{ notifier_email_domain }}"
   EMAIL_REWRITE_RECIPIENT: "{{ notifier_email_rewrite_recipient }}"
   LMS_URL_BASE: "{{ notifier_lms_url_base }}"

playbooks/roles/notifier/files/git_ssh.sh

-#!/bin/sh
-exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"

playbooks/roles/notifier/files/opt/notifier/bin/forums_digest.sh

-#!/bin/bash
-
-. $HOME/.bashrc
-
-minutes=$1
-digest_date=`date --utc '+%Y-%m-%dT%H:%MZ'`
-
-cd /opt/wwc/notifier/src && /opt/wwc/notifier/virtualenvs/notifier/bin/python /opt/wwc/notifier/src/manage.py forums_digest --to_datetime=${digest_date} --minutes=${minutes}

playbooks/roles/notifier/handlers/main.yml

@@ -4,20 +4,20 @@
 ## for future compliance, when the API comes on line.
 ##
 
-- name: notifier | install notifier-celery-beat
-  supervisorctl: name=notifier-celery-beat state=present
+- name: notifier | install notifier-scheduler
+  supervisorctl: name=notifier-scheduler state=present
 
 - name: notifier | install notifier-celery-workers
   supervisorctl: name=notifier-celery-workers state=present
 
 - name: notifier | restart notifier
-  supervisorctl: name=notifier-celery-beat state=restarted
+  supervisorctl: name=notifier-scheduler state=restarted
   notify:
     - notifier | install notifier-celery-workers
-    - notifier | install notifier-celery-beat
+    - notifier | install notifier-scheduler
         
-- name: notifier | restart notifier-celery-beat
-  supervisorctl: name=notifier-celery-beat state=restarted
+- name: notifier | restart notifier-scheduler
+  supervisorctl: name=notifier-scheduler state=restarted
 
 - name: notifier | restart notifier-celery-workers
   supervisorctl: name=notifier-celery-workers state=restarted

playbooks/roles/notifier/tasks/deploy.yml

-#
-# TODO: Needed while this repo is private
-#
-- name: notifier | upload ssh script
-  copy: 
-    src=git_ssh.sh dest=/tmp/git_ssh.sh 
-    force=yes owner=root group=adm mode=750
-  notify:
-    - notifier | restart notifier
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-
-#
-# TODO: Needed while this repo is private
-#
-- name: notifier | install read-only ssh key required for checkout
-  copy: 
-    src={{ notifier_git_identity_path }} dest=/etc/git-identity 
-    force=yes owner=ubuntu group=adm mode=60
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-
+---
 - name: notifier | stop notifier-celery-beat
   supervisorctl: name=notifier-celery-beat state=restarted
+  ignore_errors: yes
 
 - name: notifier | stop notifier-celery-workers
   supervisorctl: name=notifier-celery-workers state=restarted
+  ignore_errors: yes
 
 - name: notifier | checkout code
   git: 
     dest={{ notifier_code_dir }} repo={{ notifier_source_repo }} 
     version={{ notifier_version }}
-  environment:
-    GIT_SSH: /tmp/git_ssh.sh
   notify:
     - notifier | restart notifier
   tags:
@@ -46,40 +19,14 @@
     - install
     - update
 
-#
-# TODO: Needed while this repo is private
-#
-- name: notifier | update src permissions
+- name: notifier | source repo group perms
   file: 
-    path={{ notifier_code_dir }} state=directory owner={{ notifier_user }} 
-    group={{ notifier_user }} mode=2750 recurse=yes
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-
-#
-# TODO: Needed while this repo is private
-#
-- name: notifier | remove read-only ssh key for the content repo
-  file: path=/etc/git-identity state=absent
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-
-#
-# TODO: Needed while this repo is private
-#
-- name: notifier | remove ssh script
-  file: path=/tmp/git_ssh.sh state=absent
+    path={{ notifier_source_repo }} mode=2775 state=directory
   tags:
-  - notifier
-  - deploy
-  - install
-  - update
+    - notifier
+    - deploy
+    - install
+    - update
 
 - name: notifier | install application requirements
   pip: 

playbooks/roles/notifier/tasks/main.yml

@@ -96,7 +96,6 @@
     owner={{ notifier_user }} 
     group={{ notifier_user }}
 
-
 - name: notifier | ensure .bashrc exists
   shell: touch {{ notifier_home }}/.bashrc
   sudo: true  
@@ -126,16 +125,17 @@
   - install
   - update
 
-- name: notifier | create notifier/bin directory
-  file: 
-    path="{{ notifier_home }}/bin" mode=2775 state=directory
+- name: notifier | create notifier DB directory
+  file:
+    path="{{ notifier_db_dir }}" mode=2775 state=directory
   tags:
   - notifier
   - install
   - update
 
-- name: notifier | make the script executable
-  file: path={{ notifier_home }}/bin/forums_digest.sh state=file mode=2755
+- name: notifier | create notifier/bin directory
+  file: 
+    path="{{ notifier_home }}/bin" mode=2775 state=directory
   tags:
   - notifier
   - install
@@ -159,13 +159,13 @@
   - install
   - update
 
-- name: notifier | supervisord config for celery beat
+- name: notifier | supervisord config for scheduler
   template: 
-    src=etc/supervisor/conf.d/notifier-celery-beat.conf.j2 dest=/etc/supervisor/conf.d/notifier-celery-beat.conf 
-  notify: notifier | restart notifier-celery-beat
+    src=etc/supervisor/conf.d/notifier-scheduler.conf.j2 dest=/etc/supervisor/conf.d/notifier-scheduler.conf 
+  notify: notifier | restart notifier-scheduler
   tags:
   - notifier
   - install
   - update
 
-- include: deploy.yml
\ No newline at end of file
+- include: deploy.yml

playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-beat.conf.j2 → playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-scheduler.conf.j2

 ;
 ;  {{ ansible_managed }}
 ;
-[program:notifier-celery-beat]
+[program:notifier-scheduler]
 
-command={{ notifier_venv_dir }}/bin/python manage.py celery beat -l DEBUG
+command={{ notifier_venv_dir }}/bin/python manage.py scheduler
 
 process_name=%(program_name)s
 numprocs=1
@@ -18,15 +18,15 @@ stopsignal=TERM
 stopwaitsecs=10
 user=notifier
 redirect_stderr=false
-stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-celery-beat-stdout.log
+stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-scheduler-stdout.log
 stdout_logfile_maxbytes=1MB
 stdout_logfile_backups=10
 stdout_capture_maxbytes=1MB
-stderr_logfile={{notifier_supervisor_log_dest }}/notifier-celery-beat-stderr.log
+stderr_logfile={{notifier_supervisor_log_dest }}/notifier-scheduler-stderr.log
 stderr_logfile_maxbytes=1MB
 stderr_logfile_backups=10
 stderr_capture_maxbytes=1MB
-environment=PID='/var/tmp/notifier-celery-beat.pid',LANG=en_US.UTF-8,
+environment=PID='/var/tmp/notifier-scheduler.pid',LANG=en_US.UTF-8,
 {%- for name,value in notifier_env_vars.items() -%}
 {{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
 {%- endfor -%}
\ No newline at end of file

playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-workers.conf.j2

@@ -3,7 +3,7 @@
 ;
 [program:notifier-celery-workers]
 
-command={{ notifier_venv_dir }}/bin/python manage.py celery worker -l DEBUG
+command={{ notifier_venv_dir }}/bin/python manage.py celery worker -l {{ notifier_log_level }}
 
 process_name=%(program_name)s
 numprocs=1

playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-scheduler.conf.j2

+;
+;  {{ ansible_managed }}
+;
+[program:notifier-scheduler]
+
+command={{ notifier_venv_dir }}/bin/python manage.py scheduler
+
+process_name=%(program_name)s
+numprocs=1
+directory={{ notifier_code_dir }}
+umask=022
+autostart=true
+autorestart=true
+startsecs=10
+startretries=3
+exitcodes=0,2
+stopsignal=TERM
+stopwaitsecs=10
+user=notifier
+redirect_stderr=false
+stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-scheduler-stdout.log
+stdout_logfile_maxbytes=1MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=1MB
+stderr_logfile={{notifier_supervisor_log_dest }}/notifier-scheduler-stderr.log
+stderr_logfile_maxbytes=1MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=1MB
+environment=PID='/var/tmp/notifier-scheduler.pid',LANG=en_US.UTF-8,
+{%- for name,value in notifier_env_vars.items() -%}
+{{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
+{%- endfor -%}
\ No newline at end of file

playbooks/roles/ora/vars/main.yml → playbooks/roles/ora/defaults/main.yml

@@ -4,8 +4,10 @@ ora_code_dir: "{{ app_base_dir }}/edx-ora"
 # Default nginx listen port
 # These should be overrided if you want
 # to serve all content on port 80
-ora_venv_dir: "{{ venv_dir }}"
-ease_venv_dir: "{{ venv_dir }}"
+ora_user: "edx-ora"
+ora_user_home: "/opt/edx-ora"
+ora_venv_dir: "{{ ora_user_home }}/virtualenvs/{{ ora_user }}"
+ease_venv_dir: "{{ ora_venv_dir }}"
 ora_gunicorn_workers: 4
 ora_nginx_port: 18091
 ora_gunicorn_port: 8091

playbooks/roles/ora/tasks/deploy.yml

@@ -41,7 +41,7 @@
 
 # Do Post Checkout Tasks.
 - name: ora | change permissions on ora code dir
-  file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  file: path={{ora_code_dir}} state=directory owner={{ ora_user }} group={{ ora_user }} mode=755 recurse=yes
   notify:
     - ora | restart edx-ora
     - ora | restart edx-ora-celery
@@ -85,7 +85,7 @@
   - deploy
 
 - name: ora | syncdb and migrate
-  shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  shell: sudo -u {{ ora_user }} SERVICE_VARIANT=ora {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
   when: migrate_db is defined and migrate_db|lower == "yes"
   notify:
     - ora | restart edx-ora
@@ -96,7 +96,7 @@
   - deploy
 
 - name: ora | create users
-  shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  shell: sudo -u {{ ora_user }} SERVICE_VARIANT=ora {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
   notify:
     - ora | restart edx-ora
     - ora | restart edx-ora-celery

playbooks/roles/ora/tasks/ease.yml

@@ -37,7 +37,7 @@
 
 # Do Post Checkout Tasks.
 - name: ora | change permissions on ease code dir
-  file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  file: path={{ease_code_dir}} state=directory owner={{ ora_user }} group={{ ora_user }} mode=755 recurse=yes
   tags:
   - ease
   - deploy

playbooks/roles/ora/tasks/main.yml

@@ -3,13 +3,8 @@
 #  - common/tasks/main.yml
 #  - nginx/tasks/main.yml
 ---
-- name: ora | Change permissions on datadir
-  file: path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data
-  tags:
-  - ora
-
 - name: ora | Create ml_models directory
-  file: path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data
+  file: path={{ora_code_dir}}/../ml_models state=directory owner={{ ora_user }} group={{ ora_user }}
   tags:
   - ora
 
@@ -20,12 +15,12 @@
   - ora
 
 - name: ora | create ora application config
-  template: src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm
+  template: src=ora.env.json.j2 dest={{ora_code_dir}}/../ora.env.json mode=0640 owner={{ ora_user }} group=adm
   tags:
   - ora
 
 - name: ora | create ora auth file
-  template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm
+  template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../ora.auth.json mode=0640 owner={{ ora_user }} group=adm
   tags:
   - ora
 
@@ -45,16 +40,6 @@
   tags:
   - ora
 
-- name: ora | create the ora virtual environment
-  file: path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory
-  tags:
-  - ora
-
-- name: ora | bootstrap the ora virtual environment
-  command: /usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate
-  tags:
-  - ora
-
 # Install nginx site
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=ora
 

playbooks/roles/ora/templates/edx-ora-celery.conf.j2

@@ -10,8 +10,9 @@ respawn
 respawn limit 3 30
 
 env DJANGO_SETTINGS_MODULE=edx_ora.aws
+env SERVICE_VARIANT=ora
 
 chdir {{ ora_code_dir }}
-setuid www-data
+setuid {{ ora_user }}
 
 exec {{ ora_venv_dir }}/bin/python {{ ora_code_dir }}/manage.py celeryd --loglevel=info --settings=edx_ora.aws --pythonpath={{ ora_code_dir}} -B --autoscale=4,1

playbooks/roles/ora/templates/edx-ora.conf.j2

@@ -14,11 +14,12 @@ env WORKERS={{ ora_gunicorn_workers }}
 env PORT={{ ora_gunicorn_port }}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=edx_ora.aws
+env SERVICE_VARIANT=ora
 
 pre-start script
 end script
 
 chdir {{ ora_code_dir }}
-setuid www-data
+setuid {{ ora_user }}
 
 exec {{ ora_venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=90 --pythonpath={{ ora_code_dir}} edx_ora.wsgi

playbooks/roles/oraclejdk/templates/java.sh.j2

-export JAVA_HOME="{{ java_link }}"
+export JAVA_HOME="{{oraclejdk_link}}"
 export PATH=$JAVA_HOME/bin:$PATH

playbooks/roles/rabbitmq/vars/main.yml → playbooks/roles/rabbitmq/defaults/main.yml

@@ -14,12 +14,15 @@ rabbitmq_mnesia_folder: "{{rabbitmq_cookie_dir}}/mnesia"
 
 rabbitmq_port: 5672
 rabbitmq_management_port: 15672
+rabbitmq_ip: "{{ ansible_default_ipv4.address }}"
 
 rabbitmq_auth_config:
   erlang_cookie: "CHANGE ME"
-  admin:
+  admins:
   - name: 'admin'
     password: 'the example admin password'
+  - name: 'edx'
+    password: 'edx'
 
 # If the system is running out of an Amazon Web Services
 # cloudformation stack, this group name can used to pull out
@@ -29,4 +32,4 @@ rabbitmq_aws_stack_name: "tag_aws_cloudformation_stack-name_"
 rabbitmq_clustered_hosts: []
 
 rabbitmq_plugins:
-  - rabbitmq_management
\ No newline at end of file
+  - rabbitmq_management

playbooks/roles/rabbitmq/tasks/main.yml

@@ -13,7 +13,7 @@
   apt_repository: repo="{{rabbitmq_repository}}" state=present
 
 - name: rabbitmq | install rabbitmq
-  apt: pkg={{rabbitmq_pkg}} state=present
+  apt: pkg={{rabbitmq_pkg}} state=present update_cache=yes
 
 - name: rabbitmq | stop rabbit cluster
   service: name=rabbitmq-server state=stopped
@@ -52,6 +52,9 @@
 - name: rabbitmq | start rabbit nodes
   service: name=rabbitmq-server state=restarted
 
+- name: rabbitmq | wait for rabbit to start
+  wait_for: port={{ rabbitmq_management_port }} delay=2
+
 - name: rabbitmq | remove guest user
   rabbitmq_user: user="guest" state=absent
 
@@ -78,4 +81,4 @@
 - name: rabbitmq | ensure rabbitmqadmin attributes
   file: 
     path=/usr/local/bin/rabbitmqadmin owner=root 
-    group=root mode=0655
\ No newline at end of file
+    group=root mode=0655

playbooks/roles/rabbitmq/templates/rabbitmq-env.conf.j2

 RABBITMQ_NODE_PORT={{ rabbitmq_port }}
-RABBITMQ_NODE_IP_ADDRESS={{ ansible_default_ipv4.address }}
+RABBITMQ_NODE_IP_ADDRESS={{ rabbitmq_ip }}

playbooks/roles/rbenv/tasks/main.yml

@@ -136,20 +136,30 @@
   - ruby
   - install
 
+- name: rbenv | if ruby-build exists, which versions we can install
+  command: /usr/local/bin/ruby-build --definitions
+  when: rbuild_present|success
+  register: installable_ruby_vers
+  ignore_errors: yes
+  tags:
+  - ruby
+  - install
+
+### in this block, we (re)install ruby-build if it doesn't exist or if it can't install the requested version
 - name: rbenv | create temporary directory
   command: mktemp -d
   register: tempdir
   sudo: true  
-  sudo_user: "{{ rbenv_user }}" 
-  when: rbuild_present|failed
+  sudo_user: "{{ rbenv_user }}"
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
   tags:
   - ruby
   - install
 
 - name: rbenv | clone ruby-build repo
   git: repo=https://github.com/sstephenson/ruby-build.git dest={{ tempdir.stdout }}/ruby-build
-  when:  rbuild_present|failed
-  sudo: true  
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
+  sudo: true
   sudo_user: "{{ rbenv_user }}" 
   tags:
   - ruby
@@ -157,14 +167,14 @@
 
 - name: rbenv | install ruby-build
   command: ./install.sh chdir={{ tempdir.stdout }}/ruby-build
-  when: rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
   tags:
   - ruby
   - install
 
 - name: rbenv | remove temporary directory
   file: path={{ tempdir.stdout }} state=absent
-  when: rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
   tags:
   - ruby
   - install

playbooks/roles/xqueue/vars/main.yml → playbooks/roles/xqueue/defaults/main.yml

@@ -10,6 +10,10 @@ xqueue_code_dir: "{{ app_base_dir }}/xqueue"
 xqueue_nginx_port: 18040
 xqueue_gunicorn_port: 8040
 
+xqueue_user: "xqueue"
+xqueue_user_home: "/opt/xqueue"
+xqueue_venv_dir: "{{ xqueue_user_home }}/virtualenvs/{{ xqueue_user }}"
+
 xqueue_env_config:
   'XQUEUES':
     # push queue
@@ -35,6 +39,7 @@ xqueue_auth_config:
   'DATABASES':
     'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'xqueue', 'USER': 'root', 'PASSWORD': '', 'HOST': 'localhost', 'PORT': '3306' }
 
+xqueue_create_db: 'yes'
 xqueue_source_repo: https://github.com/edx/xqueue.git
 xqueue_version: 'HEAD'
 xqueue_pre_requirements_file:    "{{ xqueue_code_dir }}/pre-requirements.txt"

playbooks/roles/xqueue/tasks/deploy.yml

@@ -20,7 +20,7 @@
 
 # Do Post Checkout Tasks.
 - name: xqueue | create xqueue code dir
-  file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755
+  file: path={{xqueue_code_dir}} state=directory owner={{ xqueue_user }} group={{ xqueue_user }} mode=755
   tags:
   - xqueue
   - deploy
@@ -30,29 +30,29 @@
 # portions of the deploy needs to be incorporated here.
 
 - name: xqueue | sets permissions on xqueue code dir and contents
-  file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes
+  file: path={{xqueue_code_dir}} state=directory owner={{ xqueue_user }} group={{ xqueue_user }} recurse=yes
   # Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready.
   # Look at the handlers/main.yml in this role for a description of the tasks stated below.
   tags:
   - xqueue
   - deploy
 
-# Install the python pre requirements into {{ venv_dir }}
+# Install the python pre requirements into {{ xqueue_venv_dir }}
 - name : install python pre-requirements
-  pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
   tags:
   - xqueue
   - deploy
 
-# Install the python post requirements into {{ venv_dir }}
+# Install the python post requirements into {{ xqueue_venv_dir }}
 - name : install python post-requirements
-  pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
   tags:
   - xqueue
   - deploy
 
 - name: xqueue | syncdb and migrate
-  shell: sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: sudo -u {{ xqueue_user }} SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
   when: migrate_db is defined and migrate_db|lower == "yes"
   tags:
   - xqueue
@@ -60,7 +60,7 @@
   - deploy
 
 - name: xqueue | create users
-  shell: sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: sudo -u {{ xqueue_user }} SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
   when: update_users is defined
   tags:
   - xqueue

playbooks/roles/xqueue/tasks/main.yml

@@ -3,11 +3,6 @@
 #  - common/tasks/main.yml
 #  - nginx/tasks/main.yml
 ---
-- name: xqueue | Change permissions on datadir
-  file: path={{app_base_dir}}/data state=directory owner=www-data group=www-data
-  tags:
-  - xqueue
-
 # Check out xqueue repo to {{xqueue_code_dir}}
 - name: xqueue | install git and its recommends
   apt: pkg=git state=present install_recommends=yes 
@@ -30,9 +25,10 @@
     login_password={{xqueue_auth_config.DATABASES.default.PASSWORD}}
     state=present
     encoding=utf8
+  when: xqueue_create_db is defined and xqueue_create_db|lower == "yes"
 
 - name: xqueue | create xqueue application config
-  template: src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm
+  template: src=xqueue.env.json.j2 dest={{app_base_dir}}/xqueue.env.json mode=0640 owner={{ xqueue_user }} group=adm
   notify:
   - xqueue | restart xqueue
   - xqueue | restart xqueue consumer
@@ -40,7 +36,7 @@
   - xqueue
 
 - name: xqueue | create xqueue auth file
-  template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm
+  template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/xqueue.auth.json mode=0640 owner={{ xqueue_user }} group=adm
   notify:
   - xqueue | restart xqueue
   - xqueue | restart xqueue consumer

playbooks/roles/xqueue/templates/xqueue.conf.j2

@@ -7,7 +7,11 @@ respawn
 respawn limit 3 30
 
 env PID=/var/tmp/xqueue.pid
-env WORKERS={{ ansible_processor_cores * 2 }}
+{% if ansible_processor|length > 0 %}
+env WORKERS={{ ansible_processor|length * 2 }}
+{% else %}
+env WORKERS=2
+{% endif %}
 env PORT={{ xqueue_gunicorn_port }}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=xqueue.aws_settings
@@ -15,6 +19,6 @@ env SERVICE_VARIANT="xqueue"
 
 
 chdir {{ xqueue_code_dir }}
-setuid www-data
+setuid {{ xqueue_user }}
 
-exec {{ venv_dir }}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{ xqueue_code_dir }} xqueue.wsgi
+exec {{ xqueue_venv_dir }}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{ xqueue_code_dir }} xqueue.wsgi

playbooks/roles/xqueue/templates/xqueue_consumer.conf.j2

@@ -11,7 +11,8 @@ respawn limit 3 30
 
 env LANG=en_US.UTF-8
 env WORKERS_PER_QUEUE={{xqueue_env_config.XQUEUE_WORKERS_PER_QUEUE}}
+env SERVICE_VARIANT="xqueue"
 chdir {{xqueue_code_dir}}
-setuid www-data
+setuid {{ xqueue_user }}
 
-exec {{venv_dir}}/bin/django-admin.py run_consumer --pythonpath={{xqueue_code_dir}} --settings=xqueue.aws_settings $WORKERS_PER_QUEUE
+exec {{xqueue_venv_dir}}/bin/django-admin.py run_consumer --pythonpath={{xqueue_code_dir}} --settings=xqueue.aws_settings $WORKERS_PER_QUEUE

playbooks/vagrant-fullstack.yml

@@ -12,14 +12,18 @@
     - nginx
     - edxlocal
     - edxapp
-    - rabbitmq
-    - xqueue
-    - xserver
+    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
+    - { role: 'edxapp', celery_worker: True }
     - oraclejdk
     - elasticsearch
-    - { role: 'edxapp', celery_worker: True }
     - role: rbenv
       rbenv_user: "{{ forum_user }}"
       rbenv_user_home: "{{ forum_home }}"
       rbenv_ruby_version: "{{ forum_ruby_version }}"
     - forum
+    - role: virtualenv
+      virtualenv_user: "{{ xqueue_user }}"
+      virtualenv_user_home: "{{ xqueue_user_home }}"
+      virtualenv_name: "{{ xqueue_user }}"
+    - { role: "xqueue", update_users: True }
+    - xserver
\ No newline at end of file

util/vpc-tools/vpc-dns.py

 """vpc-dns.py
 
 Usage:
-    vpc-dns.py create-zone vpc <vpc-id>
+    vpc-dns.py create-zone (vpc <vpc_id> | stack-name <stack_name>)
     vpc-dns.py (-h --help)
     vpc-dns.py (-v --version)
 
@@ -12,6 +12,7 @@ Options:
 import boto
 from boto.route53.record import ResourceRecordSets
 from docopt import docopt
+from vpcutil import vpc_for_stack_name
 
 class VPCDns:
     BACKEND_ZONE = "Z4AI6ADZTL3HN"
@@ -106,8 +107,13 @@ class VPCDns:
 VERSION="0.1"
 
 def dispatch(args):
-
-    vpc_id = args.get("<vpc-id>")
+    if args.get("vpc"):
+      vpc_id = args.get("<vpc_id>")
+    elif args.get("stack-name"):
+      stack_name = args.get("<stack_name>")
+      vpc_id = vpc_for_stack_name(stack_name)
+    else:
+      raise Exception("No vpc_id or stack_name provided.")
 
     c = VPCDns(vpc_id=vpc_id)
 

util/vpc-tools/vpc-tools.py

 """VPC Tools.
 
 Usage:
-    vpc-tools.py ssh-config (vpc <vpc_id> | stack-name <stack_name>) identity-file <identity_file> user <user> [config-file <config_file>] [strict-host-check <strict_host_check>]
+    vpc-tools.py ssh-config (vpc <vpc_id> | stack-name <stack_name>) identity-file <identity_file> user <user> [(config-file <config_file>)] [(strict-host-check <strict_host_check>)]
     vpc-tools.py (-h --help)
     vpc-tools.py (-v --version)
 
@@ -12,11 +12,12 @@ Options:
 """
 import boto
 from docopt import docopt
+from vpcutil import vpc_for_stack_name
 
 
 VERSION="vpc tools 0.1"
 DEFAULT_USER="ubuntu"
-DEFAULT_HOST_CHECK="yes"
+DEFAULT_HOST_CHECK="ask"
 
 JUMPBOX_CONFIG = """
     Host {jump_box}
@@ -43,13 +44,6 @@ def dispatch(args):
     if args.get("ssh-config"):
         _ssh_config(args)
 
-def vpc_for_stack_name(stack_name):
-    cfn = boto.connect_cloudformation()
-    resources = cfn.list_stack_resources(stack_name)
-    for resource in resources:
-      if resource.resource_type == 'AWS::EC2::VPC':
-        return resource.physical_resource_id
-
 def _ssh_config(args):
     if args.get("vpc"):
       vpc_id = args.get("<vpc_id>")
@@ -57,7 +51,7 @@ def _ssh_config(args):
       stack_name = args.get("<stack_name>")
       vpc_id = vpc_for_stack_name(stack_name)
     else:
-      raise Exception("No way to know which vpc to query.")
+      raise Exception("No vpc_id or stack_name provided.")
 
     vpc = boto.connect_vpc()
 
@@ -75,7 +69,7 @@ def _ssh_config(args):
     if config_file:
       config_file = "-F {}".format(config_file)
     else:
-      config_file = "nothing"
+      config_file = ""
 
     jump_box = "{vpc_id}-jumpbox".format(vpc_id=vpc_id)
     friendly = "{vpc_id}-{logical_id}-{instance_id}"

util/vpc-tools/vpcutil.py

+import boto
+
+def vpc_for_stack_name(stack_name):
+    cfn = boto.connect_cloudformation()
+    resources = cfn.list_stack_resources(stack_name)
+    for resource in resources:
+      if resource.resource_type == 'AWS::EC2::VPC':
+        return resource.physical_resource_id
+

vagrant/fullstack/Vagrantfile

@@ -17,9 +17,8 @@ Vagrant.configure("2") do |config|
   config.vm.provision :ansible do |ansible|
     # point Vagrant at the location of your playbook you want to run
     ansible.playbook = "../../playbooks/vagrant-fullstack.yml"
-
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
     ansible.extra_vars = { c_skip_grader_checkout: 'True' }
-    ansible.verbose = true
+    ansible.verbose = "extra"
   end
 end

vagrant/shortstack-xml/Vagrantfile

@@ -18,7 +18,7 @@ Vagrant.configure("2") do |config|
     # point Vagrant at the location of your playbook you want to run
     ansible.playbook = "../../playbooks/vagrant-shortstack-xml.yml"
 
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
-    ansible.verbose = true
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
+    ansible.verbose = "extra"
   end
 end

vagrant/shortstack/Vagrantfile

@@ -17,8 +17,10 @@ Vagrant.configure("2") do |config|
   config.vm.provision :ansible do |ansible|
     # point Vagrant at the location of your playbook you want to run
     ansible.playbook = "../../playbooks/vagrant-shortstack.yml"
-
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
-    ansible.verbose = true
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
+    ansible.verbose = "extra"
+    # to target the master branch of edx-platform, instead of the release branch,
+    # just uncomment this line
+    # ansible.extra_vars = { edx_platform_commit: "master" }
   end
 end