Skip to content

C
configuration
Commit e6595927 by John Jarvis
Options

xserver role cleanup

parent 0864ba1c
Showing with 22 additions and 13 deletions
playbooks/roles/xserver/defaults/main.yml
......@@ -8,9 +8,12 @@ XSERVER_RUN_URL: ''
XSERVER_LOGGING_ENV: 'sandbox'
XSERVER_SYSLOG_SERVER: ''
# For 6.00x use "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
XSERVER_GRADER_DIR: ""
XSERVER_GRADER_DIR: !!null
# For 6.00x use "git@github.com:/MITx/6.00x.git"
XSERVER_GRADER_SOURCE: ""
XSERVER_GRADER_SOURCE: !!null
# This must be set to run this role
# Example: "{{ secure_dir }}/files/git-identity"
XSERVER_LOCAL_GIT_IDENTITY: !!null
# by default do not check out the content
......@@ -29,6 +32,8 @@ xserver_user: "xserver"
xserver_sandbox_user: "xserver-sandbox"
xserver_log_dir: "{{ COMMON_LOG_DIR }}/xserver"
xserver_grader_root: "{{ XSERVER_GRADER_DIR }}/graders"
xserver_git_identity: "{{ xserver_app_dir }}/{{ XSERVER_LOCAL_GIT_IDENTITY|basename }}"
xserver_env_config:
RUN_URL: $XSERVER_RUN_URL
GRADER_ROOT: $xserver_grader_root
......@@ -37,7 +42,6 @@ xserver_env_config:
SYSLOG_SERVER: $XSERVER_SYSLOG_SERVER
SANDBOX_PYTHON: '{{ xserver_venv_sandbox_dir }}/bin/python'
xserver_git_identity_path: "{{ secure_dir }}/files/git-identity"
xserver_source_repo: "git://github.com/edx/xserver.git"
# This should probably be overridden in the playbook or groupvars
# with the default pointing to the head of master.
......
playbooks/roles/xserver/tasks/deploy.yml
......@@ -28,13 +28,17 @@
- deploy
- name: xserver | install read-only ssh key for the content repo that is required for grading
copy: src={{ item }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60
first_available_file:
- "{{ secure_dir }}/files/git-identity"
- "git-identity-example"
copy: >
src={{ XSERVER_LOCAL_GIT_IDENTITY }} dest={{ xserver_git_identity }}
owner={{ xserver_user }} group={{ xserver_user }} mode=0600
tags:
- deploy
- name: xserver | upload ssh script
template: >
src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
owner={{ xserver_user }} mode=750
- name: xserver | checkout grader code
git: dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
environment:
......@@ -44,7 +48,7 @@
- deploy
- name: xserver | remove read-only ssh key for the content repo
file: path=/etc/git-identity state=absent
file: path={{ xserver_git_identity }}
tags:
- deploy
......
playbooks/roles/xserver/tasks/main.yml
......@@ -5,7 +5,11 @@
- name: xserver | checking for grader info
fail: msg="You must define XSERVER_GRADER_DIR and XSERVER_GRADER_SOURCE to use this role!"
when: XSERVER_GRADER_DIR == "" or XSERVER_GRADER_SOURCE == ""
when: not XSERVER_GRADER_DIR or not XSERVER_GRADER_SOURCE
- name: xserver | checking for git identity
fail: msg="You must define XSERVER_LOCAL_GIT_IDENTITY to use this role"
when: not XSERVER_LOCAL_GIT_IDENTITY
- name: xserver | create application user
user: >
......@@ -62,9 +66,6 @@
- name: xserver | setup upstart script
template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
- name: xserver | upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: deploy.yml
- name: xserver | enforce app-armor rules
......
playbooks/roles/xserver/files/git_ssh.sh playbooks/roles/xserver/templates/git_ssh.sh.j2
#!/bin/sh
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i {{ xserver_git_identity }} "$@"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment