Skip to content

C
configuration
Commit f6a7e2b5 by John Jarvis
Options

updates for ora/discern

parent 6700feac
Showing with 226 additions and 167 deletions
playbooks/edx-east/edx_continuous_integration.yml
......@@ -8,23 +8,27 @@
openid_workaround: True
roles:
- common
- role: nginx
nginx_sites:
- cms
- lms
- lms-preview
- ora
- xqueue
- xserver
- edxlocal
- mongo
- edxapp
- { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
- { role: 'edxapp', celery_worker: True }
- oraclejdk
- elasticsearch
- forum
- { role: "xqueue", update_users: True }
- xserver
- ora
# - role: nginx
# nginx_sites:
# - cms
# - lms
# - lms-preview
# - ora
# - xqueue
# - xserver
# - edxlocal
# - role: supervisor
# supervisor_servers:
# - forum
# - lms
# - mongo
# - edxapp
# - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
# - { role: 'edxapp', celery_worker: True }
# - oraclejdk
# - elasticsearch
# - forum
# - { role: "xqueue", update_users: True }
# - xserver
# - ora
- discern
playbooks/group_vars/all
......@@ -6,6 +6,8 @@ data_dir: /edx/var
app_dir: /edx/app
log_dir: "{{ data_dir }}/log"
venvs_dir: "{{ app_dir }}/venvs"
bin_dir: /edx/bin
cfg_dir: /edx/etc
os_name: ubuntu
......
playbooks/roles/common/tasks/main.yml
......@@ -7,7 +7,7 @@
- name: common | Create common directories
file: >
path={{ data_dir }}
path={{ item }}
state=directory
owner=root
group=root
......@@ -17,6 +17,8 @@
- "{{ app_dir }}"
- "{{ log_dir }}"
- "{{ venvs_dir }}"
- "{{ bin_dir }}"
- "{{ cfg_dir }}"
- name: common | Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present
......
playbooks/roles/discern/defaults/main.yml
DISCERN_NGINX_PORT: 18070
DISCERN_BASIC_AUTH: False
DISCERN_MEMCACHE: [ 'localhost:11211' ]
DISCERN_AWS_ACCESS_KEY_ID: ""
DISCERN_AWS_SECRET_ACCESS_KEY: ""
DISCERN_BROKER_URL: ""
DISCERN_RESULT_BACKEND: ""
DISCERN_GOOGLE_ANALYTICS_PROPERTY_ID: ""
DISCERN_MYSQL_DB_NAME: 'discern'
DISCERN_MYSQL_USER: 'root'
DISCERN_MYSQL_PASSWORD: ''
DISCERN_MYSQL_HOST: 'localhost'
DISCERN_MYSQL_PORT: '3306'
discern_app_dir: "{{ app_dir }}/discern"
discern_code_dir: "{{ discern_app_dir }}/discern"
discern_data_dir: "{{ data_dir }}/discern"
discern_venv_dir: "{{ venvs_dir }}/discern"
discern_venvs_dir: "{{ discern_app_dir }}/venvs"
discern_venv_dir: "{{ discern_venvs_dir }}/discern"
discern_venv_bin: "{{ discern_venv_dir }}/bin"
discern_pre_requirements_file: "{{ discern_code_dir }}/pre-requirements.txt"
discern_post_requirements_file: "{{ discern_code_dir }}/requirements.txt"
discern_user: "discern"
discern_ease_venv_dir: "{{ discern_venv_dir }}"
discern_ease_code_dir: "{{ app_dir }}/ease"
discern_ease_code_dir: "{{ discern_app_dir }}/ease"
discern_ease_source_repo: https://github.com/edx/ease.git
discern_ease_version: 'HEAD'
discern_ease_pre_requirements_file: "{{ discern_ease_code_dir }}/pre-requirements.txt"
......@@ -25,6 +38,37 @@ discern_branch: dev
discern_gunicorn_port: 8070
discern_gunicorn_host: 127.0.0.1
discern_env_config:
ACCOUNT_EMAIL_VERIFICATION: "mandatory"
AWS_SES_REGION_NAME: "us-east-1"
DEFAULT_FROM_EMAIL: "registration@example.com"
DNS_HOSTNAME: ""
ELB_HOSTNAME: ""
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
S3_BUCKETNAME: ""
USE_S3_TO_STORE_MODElS: false
discern_auth_config:
AWS_ACCESS_KEY_ID: $DISCERN_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: $DISCERN_SECRET_ACCESS_KEY
BROKER_URL: $DISCERN_BROKER_URL
CACHES:
default:
BACKEND: 'django.core.cache.backends.memcached.MemcachedCache'
LOCATION: $DISCERN_MEMCACHE
CELERY_RESULT_BACKEND: $DISCERN_RESULT_BACKEND
DATABASES:
default:
ENGINE: django.db.backends.mysql
HOST: $DISCERN_MYSQL_HOST
NAME: $DISCERN_MYSQL_DB_NAME
PASSWORD: $DISCERN_MYSQL_PASSWORD
PORT: $DISCERN_MYSQL_PORT
USER: $DISCERN_MYSQL_USER
GOOGLE_ANALYTICS_PROPERTY_ID: $DISCERN_GOOGLE_ANALYTICS_PROPERTY_ID
discern_debian_pkgs:
- policykit-1
- python-virtualenv
......@@ -36,7 +80,7 @@ discern_debian_pkgs:
- libfreetype6-dev
- libpng12-dev
- libxml2-dev
- libxslt-dev
- libxslt1-dev
- libreadline6
- libreadline6-dev
- redis-server
......
playbooks/roles/discern/tasks/deploy.yml
---
#Upload config files for django (auth and env)
- name: discern | create discern application config env.json file
template: src=env.json.j2 dest={{app_dir}}/env.json
template: src=env.json.j2 dest={{ discern_app_dir }}/env.json
sudo_user: "{{ discern_user }}"
notify:
- discern | restart celery
......@@ -10,7 +10,7 @@
- deploy
- name: discern | create discern auth file auth.json
template: src=auth.json.j2 dest={{app_dir}}/auth.json
template: src=auth.json.j2 dest={{ discern_app_dir }}/auth.json
sudo_user: "{{ discern_user }}"
notify:
- discern | restart celery
......@@ -18,19 +18,8 @@
tags:
- deploy
#Needed if using redis to prevent memory issues
- name: discern | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1
- name: discern | set permissions on app_dir sgid for edx
file: path={{app_dir}} owner=root group=edx mode=2775 state=directory
file: path={{venv_dir}} owner=root group=edx mode=2775 state=directory
tags:
- deploy
#Grab both repos or update
- name: discern | git checkout discern repo into discern_dir
git: dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}}
- name: discern | git checkout discern repo into discern_code_dir
git: dest={{ discern_code_dir }} repo={{ discern_source_repo }} version={{ discern_branch }}
sudo_user: "{{ discern_user }}"
notify:
- discern | restart celery
......@@ -38,8 +27,8 @@
tags:
- deploy
- name: discern | git checkout ease repo into ease_dir
git: dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}}
- name: discern | git checkout ease repo into discern_ease_code_dir
git: dest={{ discern_ease_code_dir}} repo={{ discern_ease_source_repo }} version={{ discern_ease_version }}
sudo_user: "{{ discern_user }}"
notify:
- discern | restart celery
......@@ -49,7 +38,7 @@
#Numpy has to be a pre-requirement in order for scipy to build
- name : install python pre-requirements for discern and ease
pip: requirements="{{item}}/pre-requirements.txt" virtualenv="{{ discern_venv_dir }}" state=present
pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
sudo_user: "{{ discern_user }}"
with_items:
- "{{ discern_pre_requirements_file }}"
......@@ -58,7 +47,7 @@
- deploy
- name : install python requirements for discern and ease
pip: requirements="{{item}}/requirements.txt" virtualenv="{{ discern_venv_dir }}" state=present
pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
sudo_user: "{{ discern_user }}"
with_items:
- "{{ discern_post_requirements_file }}"
......
playbooks/roles/discern/tasks/main.yml
......@@ -15,6 +15,7 @@
with_items:
- "{{ discern_app_dir }}"
- "{{ discern_data_dir }}"
- "{{ discern_venvs_dir }}"
- name: discern | install debian packages that discern needs
apt: pkg={{ item }} state=present
......@@ -24,19 +25,29 @@
apt: pkg={{ item }} state=present
with_items: discern_ease_debian_pkgs
#Create the templates for upstart services
- name: discern | render celery service from template
template: src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664
template: src=celery.conf.j2 dest=/etc/init/celery.conf
notify: discern | restart celery
- name: discern | render discern service from template
template: src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664
template: src=discern.conf.j2 dest=/etc/init/discern.conf
notify: discern | restart discern
- name: discern | copy sudoers file for discern
copy: >
src=sudoers-discern
dest=/etc/sudoers.d/{{ site_name }}
dest=/etc/sudoers.d/discern
mode=0440
validate='visudo -cf %s'
#Needed if using redis to prevent memory issues
- name: discern | change memory commit settings -- needed for redis
command: sysctl vm.overcommit_memory=1
- include: deploy.yml
- name: discern | create a symlink for venv python
file: >
src="{{ discern_venv_bin }}/python"
dest={{ cfg_dir }}/python.discern
state=link
playbooks/roles/discern/templates/auth.json.j2
{{ auth_config | to_nice_json }}
\ No newline at end of file
{{ discern_auth_config | to_nice_json }}
playbooks/roles/discern/templates/celery.conf.j2
......@@ -11,7 +11,7 @@ respawn limit 3 30
env DJANGO_SETTINGS_MODULE={{discern_settings}}
chdir {{discern_dir}}
chdir {{ discern_code_dir }}
setuid {{discern_user}}
exec {{venv_dir}}/bin/python {{discern_dir}}/manage.py celeryd --loglevel=info --settings={{discern_settings}} --pythonpath={{discern_dir}} -B --autoscale={{ ansible_processor_cores * 2 }},1
exec {{ discern_venv_dir }}/bin/python {{ discern_code_dir }}/manage.py celeryd --loglevel=info --settings={{ discern_settings }} --pythonpath={{ discern_code_dir }} -B --autoscale={{ ansible_processor_cores * 2 }},1
playbooks/roles/discern/templates/discern.conf.j2
......@@ -14,9 +14,9 @@ env WORKERS={{ ansible_processor_cores * 2 }}
env PORT={{ discern_gunicorn_port }}
env ADDRESS={{ discern_gunicorn_host }}
env LANG=en_US.UTF-8
env DJANGO_SETTINGS_MODULE={{discern_settings}}
env DJANGO_SETTINGS_MODULE={{ discern_settings }}
chdir {{discern_dir}}
setuid {{discern_user}}
chdir {{ discern_code_dir }}
setuid {{ discern_user }}
exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=30 --pythonpath={{discern_dir}} discern.wsgi
exec {{ discern_venv_bin }}/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=30 --pythonpath={{ discern_code_dir }} discern.wsgi
playbooks/roles/discern/templates/env.json.j2
{{ env_config | to_nice_json }}
\ No newline at end of file
{{ discern_env_config | to_nice_json }}
playbooks/roles/edxapp/defaults/main.yml
......@@ -95,7 +95,7 @@ EDXAPP_LMS_PREVIEW_BASIC_AUTH: False
edxapp_data_dir: "{{ data_dir }}/edxapp"
edxapp_app_dir: "{{ app_dir }}/edxapp"
edxapp_log_dir: "{{ log_dir }}/edxapp"
edxapp_venvs_dir: "{{ venvs_dir }}/edxapp"
edxapp_venvs_dir: "{{ edxapp_app_dir }}/venvs"
edxapp_venv_dir: "{{ edxapp_venvs_dir }}/edxapp"
edxapp_venv_bin: "{{ edxapp_venv_dir }}/bin"
edxapp_rbenv_dir: "{{ edxapp_app_dir }}"
......
playbooks/roles/edxapp/tasks/cms.yml
......@@ -6,9 +6,7 @@
template: >
src=cms.env.json.j2
dest={{ edxapp_app_dir }}/cms.env.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
sudo_user: "{{ edxapp_user }}"
tags:
- deploy
......@@ -16,19 +14,7 @@
template: >
src=cms.auth.json.j2
dest={{ edxapp_app_dir }}/cms.auth.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
tags:
- deploy
- name: Create CMS log target directory
file: >
path={{ edxapp_log_dir }}/cms
state=directory
owner={{ common_log_user }}
group={{ common_log_user }}
mode=0750
sudo_user: "{{ edxapp_user }}"
tags:
- deploy
......
playbooks/roles/edxapp/tasks/deploy.yml
......@@ -41,7 +41,7 @@
- name: edxapp | checkout theme
git: dest={{app_dir}}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
git: dest={{ edxapp_app_dir }}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
when: edxapp_theme_name != ''
sudo_user: "{{ edxapp_user }}"
tags:
......
playbooks/roles/edxapp/tasks/lms-preview.yml
......@@ -6,9 +6,6 @@
template: >
src=lms-preview.env.json.j2
dest={{ edxapp_app_dir }}/lms-preview.env.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
tags:
- deploy
......@@ -16,19 +13,6 @@
template: >
src=lms-preview.auth.json.j2
dest={{ edxapp_app_dir }}/lms-preview.auth.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
tags:
- deploy
- name: Create lms-preview log target directory
file: >
path={{ edxapp_log_dir }}/lms-preview
state=directory
owner={{ common_log_user }}
group={{ common_log_user }}
mode=0750
tags:
- deploy
......
playbooks/roles/edxapp/tasks/lms.yml
......@@ -3,9 +3,7 @@
template: >
src=lms.env.json.j2
dest={{ edxapp_app_dir }}/lms.env.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
sudo_user: "{{ edxapp_user }}"
tags:
- deploy
......@@ -13,19 +11,7 @@
template: >
src=lms.auth.json.j2
dest={{ edxapp_app_dir }}/lms.auth.json
mode=640
owner={{ edxapp_user }}
group={{ common_web_user }}
tags:
- deploy
- name: Create lms log target directory
file: >
path={{ edxapp_log_dir }}/lms
state=directory
owner={{ common_log_user }}
group={{ common_log_user }}
mode=0750
sudo_user: "{{ edxapp_user }}"
tags:
- deploy
......
playbooks/roles/edxapp/tasks/main.yml
......@@ -64,4 +64,22 @@
template: src=edx-workers.conf.j2 dest=/etc/init/edx-workers.conf owner=root group=root
when: "celery_worker is defined"
- name: edxapp | create log directories for service variants
file: >
path={{ edxapp_log_dir }}/{{ item }}
state=directory
owner={{ common_log_user }}
group={{ common_log_user }}
mode=0750
with_items:
- lms
- cms
- lms-preview
- include: deploy.yml
- name: edxapp | create a symlink for venv python
file: >
src="{{ edxapp_venv_bin }}/python"
dest={{ cfg_dir }}/python.edxapp
state=link
playbooks/roles/edxapp/templates/cms.conf.j2
......@@ -9,8 +9,6 @@ respawn
respawn limit 3 30
env PID=/var/tmp/cms.pid
#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
{% if ansible_processor|length > 0 %}
env WORKERS={{ ansible_processor|length * worker_core_mult.cms }}
{% else %}
......
playbooks/roles/edxapp/templates/lms-preview.conf.j2
......@@ -10,8 +10,6 @@ respawn
respawn limit 3 30
env PID=/var/tmp/lms.pid
#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
{% if ansible_processor|length > 0 %}
env WORKERS={{ ansible_processor|length * worker_core_mult.lms_preview }}
{% else %}
......
playbooks/roles/edxapp/templates/lms.conf.j2
......@@ -7,8 +7,6 @@ respawn
respawn limit 3 30
env PID=/var/tmp/lms.pid
#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
{% if ansible_processor|length > 0 %}
env WORKERS={{ ansible_processor|length * worker_core_mult.lms }}
{% else %}
......
playbooks/roles/edxlocal/tasks/main.yml
......@@ -31,5 +31,12 @@
state=present
encoding=utf8
- name: edxlocal | create a database for discern
mysql_db: >
db=discern
state=present
encoding=utf8
- name: edxlocal | install memcached
apt: pkg=memcached state=present
playbooks/roles/forum/tasks/main.yml
......@@ -42,4 +42,9 @@
- forum | restart the forum service
- include: deploy.yml
- name: forum | create the supervisor config
template: src=forum.conf.j2 dest={{ supervisor_cfg_dir }}/forum.conf
notify:
- forum | restart the forum service
- include: test.yml
playbooks/roles/forum/templates/forum.conf.j2 0 → 100644
[program:forum]
command={{ forum_supervisor_wrapper }}
priority=999
user={{ common_web_user }}
startsecs=10
stdout_logfile={{ supervisor_log_dir }}/%(program_name)-stdout.log
stderr_logfile={{ supervisor_log_dir }}/%(program_name)-stderr.log
stderr_logfile_maxbytes=1MB
killasgroup=true
stopasgroup=true
playbooks/roles/nginx/templates/basic-auth.j2
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/nginx.htpasswd;
root {{ app_dir }}/main_static;
root {{ nginx_app_dir }}/main_static;
index index.html
proxy_set_header X-Forwarded-Proto https;
playbooks/roles/nginx/templates/discern.j2
......@@ -9,7 +9,7 @@ server {
# https://docs.djangoproject.com/en/dev/howto/static-files/#serving-static-files-in-production
location /static/ { # STATIC_URL
alias {{ discern_dir }}/staticfiles/;
alias {{ discern_app_dir }}/staticfiles/;
expires 1m;
autoindex on;
}
......
playbooks/roles/nginx/templates/lms-preview.j2
......@@ -48,7 +48,7 @@ server {
# Check security on this
location ~ /static/(?P<file>.*) {
root {{app_dir}};
root {{ edxapp_data_dir}};
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
......
playbooks/roles/ora/defaults/main.yml
......@@ -6,7 +6,8 @@ ORA_BASIC_AUTH: False
ora_app_dir: "{{ app_dir }}/ora"
ora_code_dir: "{{ ora_app_dir }}/ora"
ora_data_dir: "{{ data_dir }}/ora"
ora_venv_dir: "{{ venvs_dir }}/ora"
ora_venvs_dir: "{{ ora_app_dir }}/venvs"
ora_venv_dir: "{{ ora_venvs_dir }}/ora"
ora_venv_bin: "{{ ora_venv_dir }}/bin"
ora_user: "ora"
ora_nltk_data_dir: "{{ ora_data_dir}}/nltk_data"
......@@ -17,7 +18,7 @@ ora_pre_requirements_file: "{{ ora_code_dir }}/pre-requirements.txt"
ora_post_requirements_file: "{{ ora_code_dir }}/requirements.txt"
ora_ease_venv_dir: "{{ ora_venv_dir }}"
ora_ease_code_dir: "{{ app_dir }}/ease"
ora_ease_code_dir: "{{ ora_app_dir }}/ease"
ora_ease_source_repo: https://github.com/edx/ease.git
ora_ease_version: 'HEAD'
ora_ease_pre_requirements_file: "{{ ora_ease_code_dir }}/pre-requirements.txt"
......
playbooks/roles/ora/tasks/ease.yml
......@@ -60,15 +60,15 @@
#Needed for the ease package to work
- name: ora | check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
register: nltk_data_installed
shell: "[ -f {{ ora_nltk_data_dir }}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
register: ora_nltk_data_installed
tags:
- deploy
- name: ora | install nltk data using rendered shell script
command: "{{ora_ease_venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
when: nltk_data_installed.stdout != "Found"
command: "{{ora_ease_venv_dir}}/bin/python -m nltk.downloader -d {{ ora_nltk_data_dir }} all"
when: ora_nltk_data_installed.stdout != "Found"
sudo_user: "{{ ora_user }}"
tags:
- deploy
playbooks/roles/ora/tasks/main.yml
......@@ -17,6 +17,7 @@
owner="{{ ora_user }}"
group="{{ common_web_group }}"
with_items:
- "{{ ora_venvs_dir }}"
- "{{ ora_app_dir }}"
- "{{ ora_data_dir }}"
- "{{ ora_app_dir }}/ml_models"
......@@ -30,3 +31,9 @@
with_items: ora_ease_debian_pkgs
- include: deploy.yml
- name: ora | create a symlink for venv python
file: >
src="{{ ora_venv_bin }}/python"
dest={{ cfg_dir }}/python.ora
state=link
playbooks/roles/supervisor/handlers/main.yml 0 → 100644
- name: supervisor | restart supervisor
service: >
name=supervisor
state=restarted
playbooks/roles/supervisor/tasks/main.yml
......@@ -11,9 +11,8 @@
# Tasks for role supervisor
#
# Overview:
# Parameterized role for supervisord
# Supervisor templates must exist in the
# templates/ dir for each server
# Role for supervisord
# Installs supervisor in its own venv.
#
# Dependencies:
# - common
......@@ -22,13 +21,8 @@
# roles:
# - common
# - role: supervisor
# supervisor_servers:
# - ...
---
- fail: supervisor_servers is a required parameter for this role
when: supervisor_servers is not defined
- name: supervisor | create application user
user: >
name="{{ supervisor_user }}"
......@@ -61,18 +55,28 @@
- name: supervisor | install supervisor in its venv
pip: name=supervisor virtualenv="{{supervisor_venv_dir}}" state=present
sudo_user: "{{ supervisor_user }}"
notify: supervisor | restart supervisor
- name: supervisor | create supervisor upstart job
template: src=supervisor-upstart.conf.j2 dest=/etc/init/supervisor.conf
notify: supervisor | restart supervisor
- name: supervisor | create supervisor master config
template: src=supervisord.conf.j2 dest={{ supervisor_cfg }}
sudo_user: "{{ supervisor_user }}"
notify: supervisor | restart supervisor
- name: supervisor | create supervisor configs
template: src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
with_items: supervisor_servers
sudo_user: "{{ supervisor_user }}"
- name: supervisor | create a symlink for supervisortctl
file: >
src={{ supervisor_ctl }}
dest={{ bin_dir }}/{{ supervisor_ctl|basename }}
state=link
- name: supervisor | create a symlink for supervisor cfg
file: >
src={{ supervisor_cfg }}
dest={{ cfg_dir }}/{{ supervisor_cfg|basename }}
state=link
- name: supervisor | ensure supervisor is started
service: name=supervisor state=started
playbooks/roles/supervisor/templates/forum.conf.j2 deleted 100644 → 0
[program:forum]
command={{ forum_supervisor_wrapper }}
priority=999
startsecs = 5
redirect_stderr = True
autostart=False
user={{ common_web_user }}
playbooks/roles/xqueue/defaults/main.yml
......@@ -7,7 +7,7 @@ XQUEUE_BASIC_AUTH: False
xqueue_app_dir: "{{ app_dir }}/xqueue"
xqueue_code_dir: "{{ xqueue_app_dir }}/xqueue"
xqueue_data_dir: "{{ data_dir }}/xqueue"
xqueue_venvs_dir: "{{ venvs_dir }}/xqueue"
xqueue_venvs_dir: "{{ xqueue_app_dir }}/venvs"
xqueue_venv_dir: "{{ xqueue_venvs_dir }}/xqueue"
xqueue_venv_bin: "{{ xqueue_venv_dir }}/bin"
xqueue_user: "xqueue"
......
playbooks/roles/xqueue/tasks/deploy.yml
......@@ -10,20 +10,20 @@
- deploy
- name: xqueue | create xqueue application config
template: src=xqueue.env.json.j2 dest={{xqueue_app_dir}}/xqueue.env.json mode=0640 owner={{ xqueue_user }} group=adm
template: src=xqueue.env.json.j2 dest={{ xqueue_app_dir }}/xqueue.env.json mode=0644
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
- name: xqueue | create xqueue auth file
template: src=xqueue.auth.json.j2 dest={{xqueue_app_dir}}/xqueue.auth.json mode=0640 owner={{ xqueue_user }} group=adm
template: src=xqueue.auth.json.j2 dest={{ xqueue_app_dir }}/xqueue.auth.json mode=0644
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
# Do A Checkout
- name: xqueue | git checkout xqueue repo into {{app_dir}}
git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}
- name: xqueue | git checkout xqueue repo into xqueue_code_dir
git: dest={{ xqueue_code_dir }} repo={{ xqueue_source_repo }} version={{ xqueue_version }}
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
......@@ -31,27 +31,29 @@
# Install the python pre requirements into {{ xqueue_venv_dir }}
- name : install python pre-requirements
pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
pip: requirements="{{ xqueue_pre_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
# Install the python post requirements into {{ xqueue_venv_dir }}
- name : install python post-requirements
pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
pip: requirements="{{ xqueue_post_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
- name: xqueue | syncdb and migrate
shell: SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
shell: >
SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
when: migrate_db is defined and migrate_db|lower == "yes"
sudo_user: "{{ xqueue_user }}"
tags:
- deploy
- name: xqueue | create users
shell: SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
shell: >
SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
when: update_users is defined
sudo_user: "{{ xqueue_user }}"
tags:
......
playbooks/roles/xqueue/tasks/main.yml
......@@ -13,20 +13,15 @@
createhome=no
shell=/bin/false
- name: xqueue | create xqueue app dir
- name: xqueue | create xqueue app and venv dir
file: >
path="{{ xqueue_app_dir }}"
state=directory
owner="{{ xqueue_user }}"
group="{{ common_web_group }}"
- name: xqueue | create xqueue venvs dir
file: >
path="{{ xqueue_venvs_dir }}"
state=directory
owner="{{ xqueue_user }}"
group="{{ common_web_group }}"
with_items:
- "{{ xqueue_app_dir }}"
- "{{ xqueue_venvs_dir }}"
- name: xqueue | install a bunch of system packages on which xqueue relies
apt: pkg={{','.join(xqueue_debian_pkgs)}} state=present
......@@ -52,3 +47,9 @@
template: src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm
- include: deploy.yml
- name: xqueue | create a symlink for venv python
file: >
src="{{ xqueue_venv_bin }}/python"
dest={{ cfg_dir }}/python.xqueue
state=link
playbooks/roles/xserver/defaults/main.yml
......@@ -17,8 +17,8 @@ XSERVER_GRADER_CHECKOUT: False
xserver_app_dir: "{{ app_dir }}/xserver"
xserver_code_dir: "{{ xserver_app_dir }}/xserver"
xserver_data_dir: "{{ data_dir }}/xserver"
xserver_venvs_dir: "{{ venvs_dir }}/xserver"
xserver_venv_dir: "{{ xqueue_venvs_dir }}/xserver"
xserver_venvs_dir: "{{ xserver_app_dir }}/venvs"
xserver_venv_dir: "{{ xserver_venvs_dir }}/xserver"
xserver_venv_sandbox_dir: "{{ xserver_venv_dir }}-sandbox"
xserver_venv_bin: "{{ xserver_venv_dir }}/bin"
xserver_user: "xserver"
......
playbooks/roles/xserver/tasks/deploy.yml
......@@ -22,7 +22,7 @@
- deploy
- name: xserver | create xserver application config
template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json mode=640 owner=www-data group=adm
template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json
sudo_user: "{{ xserver_user }}"
tags:
- deploy
......
playbooks/roles/xserver/tasks/main.yml
......@@ -17,7 +17,7 @@
shell=/bin/false
- name: xserver | create xserver app and data dir
- name: xserver | create xserver app and data dirs
file: >
path="{{ item }}"
state=directory
......@@ -25,6 +25,7 @@
group="{{ common_web_group }}"
with_items:
- "{{ xserver_app_dir }}"
- "{{ xserver_venvs_dir }}"
- "{{ xserver_data_dir }}"
- name: xserver | create sandbox sudoers file
......@@ -53,9 +54,6 @@
- "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
- "usr.bin.python-sandbox.j2"
- name: xserver | enforce app-armor rules
command: aa-enforce {{ xserver_sandbox_venv_dir }}
- name: xserver | setup upstart script
template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
......@@ -63,3 +61,13 @@
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: deploy.yml
- name: xserver | enforce app-armor rules
command: aa-enforce {{ xserver_venv_sandbox_dir }}
- name: xserver | create a symlink for venv python
file: >
src="{{ xserver_venv_bin }}/python"
dest={{ cfg_dir }}/python.xserver
state=link
playbooks/roles/xserver/templates/99-sandbox.j2
www-data ALL=({{ xserver_sandbox_user }}) NOPASSWD:{{xserver_sandbox_venv_dir}}/bin/python
www-data ALL=({{ xserver_sandbox_user }}) NOPASSWD:{{xserver_venv_sandbox_dir}}/bin/python
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment