updates for ora/discern

playbooks/edx-east/edx_continuous_integration.yml

@@ -8,23 +8,27 @@
     openid_workaround: True
   roles:
     - common
-    - role: nginx
-      nginx_sites:
-      - cms
-      - lms
-      - lms-preview
-      - ora
-      - xqueue
-      - xserver
-    - edxlocal
-    - mongo
-    - edxapp
-    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
-    - { role: 'edxapp', celery_worker: True }
-    - oraclejdk
-    - elasticsearch
-    - forum
-    - { role: "xqueue", update_users: True }
-    - xserver
-    - ora
+#    - role: nginx
+#      nginx_sites:
+#      - cms
+#      - lms
+#      - lms-preview
+#      - ora
+#      - xqueue
+#      - xserver
+#    - edxlocal
+#    - role: supervisor
+#      supervisor_servers:
+#      - forum
+#      - lms
+#    - mongo
+#    - edxapp
+#    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
+#    - { role: 'edxapp', celery_worker: True }
+#    - oraclejdk
+#    - elasticsearch
+#    - forum
+#    - { role: "xqueue", update_users: True }
+#    - xserver
+#    - ora
     - discern

playbooks/group_vars/all

@@ -6,6 +6,8 @@ data_dir: /edx/var
 app_dir: /edx/app
 log_dir: "{{ data_dir }}/log"
 venvs_dir: "{{ app_dir }}/venvs"
+bin_dir: /edx/bin
+cfg_dir: /edx/etc
 
 os_name: ubuntu
 

playbooks/roles/common/tasks/main.yml

@@ -7,7 +7,7 @@
 
 - name: common | Create common directories
   file: >
-    path={{ data_dir }}
+    path={{ item }}
     state=directory
     owner=root
     group=root
@@ -17,6 +17,8 @@
     - "{{ app_dir }}"
     - "{{ log_dir }}"
     - "{{ venvs_dir }}"
+    - "{{ bin_dir }}"
+    - "{{ cfg_dir }}"
 
 - name: common | Install role-independent useful system packages
   # do this before log dir setup; rsyslog package guarantees syslog user present

playbooks/roles/discern/defaults/main.yml

 DISCERN_NGINX_PORT: 18070
 DISCERN_BASIC_AUTH: False
+DISCERN_MEMCACHE: [ 'localhost:11211' ]
+DISCERN_AWS_ACCESS_KEY_ID: ""
+DISCERN_AWS_SECRET_ACCESS_KEY: ""
+DISCERN_BROKER_URL: ""
+DISCERN_RESULT_BACKEND: ""
+DISCERN_GOOGLE_ANALYTICS_PROPERTY_ID: ""
+DISCERN_MYSQL_DB_NAME: 'discern'
+DISCERN_MYSQL_USER: 'root'
+DISCERN_MYSQL_PASSWORD: ''
+DISCERN_MYSQL_HOST: 'localhost'
+DISCERN_MYSQL_PORT: '3306'
+
 
 discern_app_dir: "{{ app_dir }}/discern"
 discern_code_dir: "{{ discern_app_dir }}/discern"
 discern_data_dir: "{{ data_dir }}/discern"
-discern_venv_dir: "{{ venvs_dir }}/discern"
+discern_venvs_dir: "{{ discern_app_dir }}/venvs"
+discern_venv_dir: "{{ discern_venvs_dir }}/discern"
 discern_venv_bin: "{{ discern_venv_dir }}/bin"
 discern_pre_requirements_file: "{{ discern_code_dir }}/pre-requirements.txt"
 discern_post_requirements_file: "{{ discern_code_dir }}/requirements.txt"
 discern_user: "discern"
 
 discern_ease_venv_dir: "{{ discern_venv_dir }}"
-discern_ease_code_dir: "{{ app_dir }}/ease"
+discern_ease_code_dir: "{{ discern_app_dir }}/ease"
 discern_ease_source_repo: https://github.com/edx/ease.git
 discern_ease_version: 'HEAD'
 discern_ease_pre_requirements_file: "{{ discern_ease_code_dir }}/pre-requirements.txt"
@@ -25,6 +38,37 @@ discern_branch: dev
 discern_gunicorn_port: 8070
 discern_gunicorn_host: 127.0.0.1
 
+discern_env_config:
+  ACCOUNT_EMAIL_VERIFICATION: "mandatory"
+  AWS_SES_REGION_NAME: "us-east-1"
+  DEFAULT_FROM_EMAIL: "registration@example.com"
+  DNS_HOSTNAME: ""
+  ELB_HOSTNAME: ""
+  EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
+  S3_BUCKETNAME: ""
+  USE_S3_TO_STORE_MODElS: false
+
+
+discern_auth_config:
+  AWS_ACCESS_KEY_ID: $DISCERN_AWS_ACCESS_KEY_ID
+  AWS_SECRET_ACCESS_KEY: $DISCERN_SECRET_ACCESS_KEY
+  BROKER_URL: $DISCERN_BROKER_URL
+  CACHES:
+    default:
+      BACKEND: 'django.core.cache.backends.memcached.MemcachedCache'
+      LOCATION: $DISCERN_MEMCACHE
+  CELERY_RESULT_BACKEND: $DISCERN_RESULT_BACKEND
+  DATABASES:
+    default:
+      ENGINE: django.db.backends.mysql
+      HOST: $DISCERN_MYSQL_HOST
+      NAME: $DISCERN_MYSQL_DB_NAME
+      PASSWORD: $DISCERN_MYSQL_PASSWORD
+      PORT: $DISCERN_MYSQL_PORT
+      USER: $DISCERN_MYSQL_USER
+  GOOGLE_ANALYTICS_PROPERTY_ID: $DISCERN_GOOGLE_ANALYTICS_PROPERTY_ID
+
+
 discern_debian_pkgs:
   - policykit-1
   - python-virtualenv
@@ -36,7 +80,7 @@ discern_debian_pkgs:
   - libfreetype6-dev
   - libpng12-dev
   - libxml2-dev
-  - libxslt-dev
+  - libxslt1-dev
   - libreadline6
   - libreadline6-dev
   - redis-server

playbooks/roles/discern/tasks/deploy.yml

 ---
 #Upload config files for django (auth and env)
 - name: discern | create discern application config env.json file
-  template: src=env.json.j2 dest={{app_dir}}/env.json
+  template: src=env.json.j2 dest={{ discern_app_dir }}/env.json
   sudo_user: "{{ discern_user }}"
   notify:
     - discern | restart celery
@@ -10,7 +10,7 @@
     - deploy
 
 - name: discern | create discern auth file auth.json
-  template: src=auth.json.j2 dest={{app_dir}}/auth.json
+  template: src=auth.json.j2 dest={{ discern_app_dir }}/auth.json
   sudo_user: "{{ discern_user }}"
   notify:
     - discern | restart celery
@@ -18,19 +18,8 @@
   tags:
     - deploy
 
-#Needed if using redis to prevent memory issues
-- name: discern | change memory commit settings -- needed for redis
-  command: sysctl vm.overcommit_memory=1
-
-- name: discern | set permissions on app_dir sgid for edx
-  file: path={{app_dir}} owner=root group=edx mode=2775 state=directory
-  file: path={{venv_dir}} owner=root group=edx mode=2775 state=directory
-  tags:
-    - deploy
-
-#Grab both repos or update
-- name: discern | git checkout discern repo into discern_dir
-  git: dest={{discern_dir}} repo={{discern_source_repo}} version={{discern_branch}}
+- name: discern | git checkout discern repo into discern_code_dir
+  git: dest={{ discern_code_dir }} repo={{ discern_source_repo }} version={{ discern_branch }}
   sudo_user: "{{ discern_user }}"
   notify:
     - discern | restart celery
@@ -38,8 +27,8 @@
   tags:
     - deploy
 
-- name: discern | git checkout ease repo into ease_dir
-  git: dest={{ease_dir}} repo={{ease_source_repo}} version={{ease_branch}}
+- name: discern | git checkout ease repo into discern_ease_code_dir
+  git: dest={{ discern_ease_code_dir}} repo={{ discern_ease_source_repo }} version={{ discern_ease_version }}
   sudo_user: "{{ discern_user }}"
   notify:
     - discern | restart celery
@@ -49,7 +38,7 @@
 
 #Numpy has to be a pre-requirement in order for scipy to build
 - name : install python pre-requirements for discern and ease
-  pip: requirements="{{item}}/pre-requirements.txt" virtualenv="{{ discern_venv_dir }}" state=present
+  pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
   sudo_user: "{{ discern_user }}"
   with_items:
     - "{{ discern_pre_requirements_file }}"
@@ -58,7 +47,7 @@
     - deploy
 
 - name : install python requirements for discern and ease
-  pip: requirements="{{item}}/requirements.txt" virtualenv="{{ discern_venv_dir }}" state=present
+  pip: requirements={{item}} virtualenv={{ discern_venv_dir }} state=present
   sudo_user: "{{ discern_user }}"
   with_items:
     - "{{ discern_post_requirements_file }}"

playbooks/roles/discern/tasks/main.yml

@@ -15,6 +15,7 @@
   with_items:
     - "{{ discern_app_dir }}"
     - "{{ discern_data_dir }}"
+    - "{{ discern_venvs_dir }}"
 
 - name: discern | install debian packages that discern needs
   apt: pkg={{ item }} state=present
@@ -24,19 +25,29 @@
   apt: pkg={{ item }} state=present
   with_items: discern_ease_debian_pkgs
 
-#Create the templates for upstart services
 - name: discern | render celery service from template
-  template: src=celery.conf.j2 dest=/etc/init/celery.conf owner=root group=edx mode=0664
+  template: src=celery.conf.j2 dest=/etc/init/celery.conf
   notify: discern | restart celery
 
 - name: discern | render discern service from template
-  template: src=discern.conf.j2 dest=/etc/init/discern.conf owner=root group=edx mode=0664
+  template: src=discern.conf.j2 dest=/etc/init/discern.conf
   notify: discern | restart discern
 
 - name: discern | copy sudoers file for discern
   copy: >
     src=sudoers-discern
-    dest=/etc/sudoers.d/{{ site_name }}
+    dest=/etc/sudoers.d/discern
+    mode=0440
     validate='visudo -cf %s'
 
+#Needed if using redis to prevent memory issues
+- name: discern | change memory commit settings -- needed for redis
+  command: sysctl vm.overcommit_memory=1
+
 - include: deploy.yml
+
+- name: discern | create a symlink for venv python
+  file: >
+    src="{{ discern_venv_bin }}/python"
+    dest={{ cfg_dir }}/python.discern
+    state=link

playbooks/roles/discern/templates/auth.json.j2

-{{ auth_config | to_nice_json }}
+{{ discern_auth_config | to_nice_json }}
\ No newline at end of file

playbooks/roles/discern/templates/celery.conf.j2

@@ -11,7 +11,7 @@ respawn limit 3 30
 
 env DJANGO_SETTINGS_MODULE={{discern_settings}}
 
-chdir {{discern_dir}}
+chdir {{ discern_code_dir }}
 setuid {{discern_user}}
 
-exec {{venv_dir}}/bin/python {{discern_dir}}/manage.py celeryd --loglevel=info --settings={{discern_settings}} --pythonpath={{discern_dir}} -B --autoscale={{ ansible_processor_cores * 2 }},1
+exec {{ discern_venv_dir }}/bin/python {{ discern_code_dir }}/manage.py celeryd --loglevel=info --settings={{ discern_settings }} --pythonpath={{ discern_code_dir }} -B --autoscale={{ ansible_processor_cores * 2 }},1

playbooks/roles/discern/templates/discern.conf.j2

@@ -14,9 +14,9 @@ env WORKERS={{ ansible_processor_cores * 2 }}
 env PORT={{ discern_gunicorn_port }}
 env ADDRESS={{ discern_gunicorn_host }}
 env LANG=en_US.UTF-8
-env DJANGO_SETTINGS_MODULE={{discern_settings}}
+env DJANGO_SETTINGS_MODULE={{ discern_settings }}
 
-chdir {{discern_dir}}
-setuid {{discern_user}}
+chdir {{ discern_code_dir }}
+setuid {{ discern_user }}
 
-exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=30 --pythonpath={{discern_dir}} discern.wsgi
+exec {{ discern_venv_bin }}/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=30 --pythonpath={{ discern_code_dir }} discern.wsgi

playbooks/roles/discern/templates/env.json.j2

-{{ env_config | to_nice_json }}
+{{ discern_env_config | to_nice_json }}
\ No newline at end of file

playbooks/roles/edxapp/defaults/main.yml

@@ -95,7 +95,7 @@ EDXAPP_LMS_PREVIEW_BASIC_AUTH: False
 edxapp_data_dir: "{{ data_dir }}/edxapp"
 edxapp_app_dir: "{{ app_dir }}/edxapp"
 edxapp_log_dir: "{{ log_dir }}/edxapp"
-edxapp_venvs_dir: "{{ venvs_dir }}/edxapp"
+edxapp_venvs_dir: "{{ edxapp_app_dir }}/venvs"
 edxapp_venv_dir: "{{ edxapp_venvs_dir }}/edxapp"
 edxapp_venv_bin: "{{ edxapp_venv_dir }}/bin"
 edxapp_rbenv_dir: "{{ edxapp_app_dir }}"

playbooks/roles/edxapp/tasks/cms.yml

@@ -6,9 +6,7 @@
   template: >
     src=cms.env.json.j2
     dest={{ edxapp_app_dir }}/cms.env.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
+  sudo_user: "{{ edxapp_user }}"
   tags:
   - deploy
 
@@ -16,19 +14,7 @@
   template: >
     src=cms.auth.json.j2
     dest={{ edxapp_app_dir }}/cms.auth.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
-  tags:
-  - deploy
-
-- name: Create CMS log target directory
-  file: >
-    path={{ edxapp_log_dir }}/cms
-    state=directory
-    owner={{ common_log_user }}
-    group={{ common_log_user }}
-    mode=0750
+  sudo_user: "{{ edxapp_user }}"
   tags:
   - deploy
 

playbooks/roles/edxapp/tasks/deploy.yml

@@ -41,7 +41,7 @@
 
 
 - name: edxapp | checkout theme
-  git: dest={{app_dir}}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
+  git: dest={{ edxapp_app_dir }}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
   when: edxapp_theme_name != ''
   sudo_user: "{{ edxapp_user }}"
   tags:

playbooks/roles/edxapp/tasks/lms-preview.yml

@@ -6,9 +6,6 @@
   template: >
     src=lms-preview.env.json.j2
     dest={{ edxapp_app_dir }}/lms-preview.env.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
   tags:
   - deploy
 
@@ -16,19 +13,6 @@
   template: >
     src=lms-preview.auth.json.j2
     dest={{ edxapp_app_dir }}/lms-preview.auth.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
-  tags:
-  - deploy
-
-- name: Create lms-preview log target directory
-  file: >
-    path={{ edxapp_log_dir }}/lms-preview
-    state=directory
-    owner={{ common_log_user }}
-    group={{ common_log_user }}
-    mode=0750
   tags:
   - deploy
 

playbooks/roles/edxapp/tasks/lms.yml

@@ -3,9 +3,7 @@
   template: >
     src=lms.env.json.j2
     dest={{ edxapp_app_dir }}/lms.env.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
+  sudo_user: "{{ edxapp_user }}"
   tags:
   - deploy
 
@@ -13,19 +11,7 @@
   template: >
     src=lms.auth.json.j2
     dest={{ edxapp_app_dir }}/lms.auth.json
-    mode=640
-    owner={{ edxapp_user }}
-    group={{ common_web_user }}
-  tags:
-  - deploy
-
-- name: Create lms log target directory
-  file: >
-    path={{ edxapp_log_dir }}/lms
-    state=directory
-    owner={{ common_log_user }}
-    group={{ common_log_user }}
-    mode=0750
+  sudo_user: "{{ edxapp_user }}"
   tags:
   - deploy
 

playbooks/roles/edxapp/tasks/main.yml

@@ -64,4 +64,22 @@
   template: src=edx-workers.conf.j2 dest=/etc/init/edx-workers.conf owner=root group=root
   when: "celery_worker is defined"
 
+- name: edxapp | create log directories for service variants
+  file: >
+    path={{ edxapp_log_dir }}/{{ item }}
+    state=directory
+    owner={{ common_log_user }}
+    group={{ common_log_user }}
+    mode=0750
+  with_items:
+    - lms
+    - cms
+    - lms-preview
+
 - include: deploy.yml
+
+- name: edxapp | create a symlink for venv python
+  file: >
+    src="{{ edxapp_venv_bin }}/python"
+    dest={{ cfg_dir }}/python.edxapp
+    state=link

playbooks/roles/edxapp/templates/cms.conf.j2

@@ -9,8 +9,6 @@ respawn
 respawn limit 3 30
  
 env PID=/var/tmp/cms.pid
-#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
-#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
 {% if ansible_processor|length > 0 %}
 env WORKERS={{ ansible_processor|length * worker_core_mult.cms }}
 {% else %}

playbooks/roles/edxapp/templates/lms-preview.conf.j2

@@ -10,8 +10,6 @@ respawn
 respawn limit 3 30
 
 env PID=/var/tmp/lms.pid
-#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
-#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
 {% if ansible_processor|length > 0 %}
 env WORKERS={{ ansible_processor|length * worker_core_mult.lms_preview }}
 {% else %}

playbooks/roles/edxapp/templates/lms.conf.j2

@@ -7,8 +7,6 @@ respawn
 respawn limit 3 30
 
 env PID=/var/tmp/lms.pid
-#env NEW_RELIC_CONFIG_FILE={{app_dir}}/newrelic.ini
-#env NEWRELIC={{edxapp_venv_dir}}/bin/newrelic-admin
 {% if ansible_processor|length > 0 %}
 env WORKERS={{ ansible_processor|length * worker_core_mult.lms }}
 {% else %}

playbooks/roles/edxlocal/tasks/main.yml

@@ -31,5 +31,12 @@
     state=present
     encoding=utf8
 
+- name: edxlocal | create a database for discern
+  mysql_db: >
+    db=discern
+    state=present
+    encoding=utf8
+
+
 - name: edxlocal | install memcached
   apt: pkg=memcached state=present

playbooks/roles/forum/tasks/main.yml

@@ -42,4 +42,9 @@
     - forum | restart the forum service
 
 - include: deploy.yml
+
+- name: forum | create the supervisor config
+  template: src=forum.conf.j2 dest={{ supervisor_cfg_dir }}/forum.conf
+  notify:
+    - forum | restart the forum service
 - include: test.yml

playbooks/roles/forum/templates/forum.conf.j2

+[program:forum]
+command={{ forum_supervisor_wrapper }}
+priority=999
+user={{ common_web_user }}
+startsecs=10
+stdout_logfile={{ supervisor_log_dir }}/%(program_name)-stdout.log
+stderr_logfile={{ supervisor_log_dir }}/%(program_name)-stderr.log
+stderr_logfile_maxbytes=1MB
+killasgroup=true
+stopasgroup=true

playbooks/roles/nginx/templates/basic-auth.j2

      auth_basic            "Restricted";
      auth_basic_user_file  /etc/nginx/nginx.htpasswd;
-     root {{ app_dir }}/main_static;
+     root {{ nginx_app_dir }}/main_static;
      index index.html
      proxy_set_header X-Forwarded-Proto https;

playbooks/roles/nginx/templates/discern.j2

@@ -9,7 +9,7 @@ server {
 
     # https://docs.djangoproject.com/en/dev/howto/static-files/#serving-static-files-in-production
     location /static/ { # STATIC_URL
-        alias {{ discern_dir }}/staticfiles/;
+        alias {{ discern_app_dir }}/staticfiles/;
         expires 1m;
 	autoindex on;
     }

playbooks/roles/nginx/templates/lms-preview.j2

@@ -48,7 +48,7 @@ server {
 
   # Check security on this
   location ~ /static/(?P<file>.*) {
-    root {{app_dir}};
+    root {{ edxapp_data_dir}};
     try_files /staticfiles/$file /course_static/$file =404;
 
     # return a 403 for static files that shouldn't be

playbooks/roles/ora/defaults/main.yml

@@ -6,7 +6,8 @@ ORA_BASIC_AUTH: False
 ora_app_dir: "{{ app_dir }}/ora"
 ora_code_dir: "{{ ora_app_dir }}/ora"
 ora_data_dir: "{{ data_dir }}/ora"
-ora_venv_dir: "{{ venvs_dir }}/ora"
+ora_venvs_dir: "{{ ora_app_dir }}/venvs"
+ora_venv_dir: "{{ ora_venvs_dir }}/ora"
 ora_venv_bin: "{{ ora_venv_dir }}/bin"
 ora_user: "ora"
 ora_nltk_data_dir: "{{ ora_data_dir}}/nltk_data"
@@ -17,7 +18,7 @@ ora_pre_requirements_file: "{{ ora_code_dir }}/pre-requirements.txt"
 ora_post_requirements_file: "{{ ora_code_dir }}/requirements.txt"
 
 ora_ease_venv_dir: "{{ ora_venv_dir }}"
-ora_ease_code_dir: "{{ app_dir }}/ease"
+ora_ease_code_dir: "{{ ora_app_dir }}/ease"
 ora_ease_source_repo: https://github.com/edx/ease.git
 ora_ease_version: 'HEAD'
 ora_ease_pre_requirements_file: "{{ ora_ease_code_dir }}/pre-requirements.txt"

playbooks/roles/ora/tasks/ease.yml

@@ -60,15 +60,15 @@
 
 #Needed for the ease package to work
 - name: ora | check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
-  shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
-  register: nltk_data_installed
+  shell: "[ -f {{ ora_nltk_data_dir }}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
+  register: ora_nltk_data_installed
   tags:
   - deploy
 
 
 - name: ora | install nltk data using rendered shell script
-  command: "{{ora_ease_venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
-  when: nltk_data_installed.stdout  != "Found"
+  command: "{{ora_ease_venv_dir}}/bin/python -m nltk.downloader -d {{ ora_nltk_data_dir }} all"
+  when: ora_nltk_data_installed.stdout  != "Found"
   sudo_user: "{{ ora_user }}"
   tags:
   - deploy

playbooks/roles/ora/tasks/main.yml

@@ -17,6 +17,7 @@
     owner="{{ ora_user }}"
     group="{{ common_web_group }}"
   with_items:
+    - "{{ ora_venvs_dir }}"
     - "{{ ora_app_dir }}"
     - "{{ ora_data_dir }}"
     - "{{ ora_app_dir }}/ml_models"
@@ -30,3 +31,9 @@
   with_items: ora_ease_debian_pkgs
 
 - include: deploy.yml
+
+- name: ora | create a symlink for venv python
+  file: >
+    src="{{ ora_venv_bin }}/python"
+    dest={{ cfg_dir }}/python.ora
+    state=link

playbooks/roles/supervisor/handlers/main.yml

+- name: supervisor | restart supervisor
+  service: >
+    name=supervisor
+    state=restarted

playbooks/roles/supervisor/tasks/main.yml

@@ -11,9 +11,8 @@
 # Tasks for role supervisor
 #
 # Overview:
-#   Parameterized role for supervisord
-#   Supervisor templates must exist in the
-#   templates/ dir for each server
+#   Role for supervisord
+#   Installs supervisor in its own venv.
 #
 # Dependencies:
 #   - common
@@ -22,13 +21,8 @@
 #   roles:
 #     - common
 #     - role: supervisor
-#       supervisor_servers:
-#       - ...
 
 ---
-- fail: supervisor_servers is a required parameter for this role
-  when: supervisor_servers is not defined
-
 - name: supervisor | create application user
   user: >
     name="{{ supervisor_user }}"
@@ -61,18 +55,28 @@
 - name: supervisor | install supervisor in its venv
   pip: name=supervisor virtualenv="{{supervisor_venv_dir}}" state=present
   sudo_user: "{{ supervisor_user }}"
+  notify: supervisor | restart supervisor
 
 - name: supervisor | create supervisor upstart job
   template: src=supervisor-upstart.conf.j2 dest=/etc/init/supervisor.conf
+  notify: supervisor | restart supervisor
 
 - name: supervisor | create supervisor master config
   template: src=supervisord.conf.j2 dest={{ supervisor_cfg }}
   sudo_user: "{{ supervisor_user }}"
+  notify: supervisor | restart supervisor
 
-- name: supervisor | create supervisor configs
-  template: src={{ item }}.conf.j2 dest={{ supervisor_cfg_dir }}/{{ item }}.conf
-  with_items: supervisor_servers
-  sudo_user: "{{ supervisor_user }}"
+- name: supervisor | create a symlink for supervisortctl
+  file: >
+    src={{ supervisor_ctl }}
+    dest={{ bin_dir }}/{{ supervisor_ctl|basename }}
+    state=link
+
+- name: supervisor | create a symlink for supervisor cfg
+  file: >
+    src={{ supervisor_cfg }}
+    dest={{ cfg_dir }}/{{ supervisor_cfg|basename }}
+    state=link
 
 - name: supervisor | ensure supervisor is started
   service: name=supervisor state=started

playbooks/roles/supervisor/templates/forum.conf.j2

-[program:forum]
-
-command={{ forum_supervisor_wrapper }}
-priority=999
-startsecs = 5
-redirect_stderr = True
-autostart=False
-user={{ common_web_user }}

playbooks/roles/xqueue/defaults/main.yml

@@ -7,7 +7,7 @@ XQUEUE_BASIC_AUTH: False
 xqueue_app_dir: "{{ app_dir }}/xqueue"
 xqueue_code_dir: "{{ xqueue_app_dir }}/xqueue"
 xqueue_data_dir: "{{ data_dir }}/xqueue"
-xqueue_venvs_dir: "{{ venvs_dir }}/xqueue"
+xqueue_venvs_dir: "{{ xqueue_app_dir }}/venvs"
 xqueue_venv_dir: "{{ xqueue_venvs_dir }}/xqueue"
 xqueue_venv_bin: "{{ xqueue_venv_dir }}/bin"
 xqueue_user: "xqueue"

playbooks/roles/xqueue/tasks/deploy.yml

@@ -10,20 +10,20 @@
   - deploy
 
 - name: xqueue | create xqueue application config
-  template: src=xqueue.env.json.j2 dest={{xqueue_app_dir}}/xqueue.env.json mode=0640 owner={{ xqueue_user }} group=adm
+  template: src=xqueue.env.json.j2 dest={{ xqueue_app_dir }}/xqueue.env.json mode=0644
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
 
 - name: xqueue | create xqueue auth file
-  template: src=xqueue.auth.json.j2 dest={{xqueue_app_dir}}/xqueue.auth.json mode=0640 owner={{ xqueue_user }} group=adm
+  template: src=xqueue.auth.json.j2 dest={{ xqueue_app_dir }}/xqueue.auth.json mode=0644
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
 
 # Do A Checkout
-- name: xqueue | git checkout xqueue repo into {{app_dir}}
-  git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}
+- name: xqueue | git checkout xqueue repo into xqueue_code_dir
+  git: dest={{ xqueue_code_dir }} repo={{ xqueue_source_repo }} version={{ xqueue_version }}
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
@@ -31,27 +31,29 @@
 
 # Install the python pre requirements into {{ xqueue_venv_dir }}
 - name : install python pre-requirements
-  pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
+  pip: requirements="{{ xqueue_pre_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
 
 # Install the python post requirements into {{ xqueue_venv_dir }}
 - name : install python post-requirements
-  pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
+  pip: requirements="{{ xqueue_post_requirements_file }}" virtualenv="{{ xqueue_venv_dir }}" state=present
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
 
 - name: xqueue | syncdb and migrate
-  shell: SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: >
+    SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
   when: migrate_db is defined and migrate_db|lower == "yes"
   sudo_user: "{{ xqueue_user }}"
   tags:
   - deploy
 
 - name: xqueue | create users
-  shell: SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: >
+    SERVICE_VARIANT=xqueue {{ xqueue_venv_bin }}/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath={{ xqueue_code_dir }}
   when: update_users is defined
   sudo_user: "{{ xqueue_user }}"
   tags:

playbooks/roles/xqueue/tasks/main.yml

@@ -13,20 +13,15 @@
     createhome=no
     shell=/bin/false
 
-- name: xqueue | create xqueue app dir
+- name: xqueue | create xqueue app and venv dir
   file: >
     path="{{ xqueue_app_dir }}"
     state=directory
     owner="{{ xqueue_user }}"
     group="{{ common_web_group }}"
-
-- name: xqueue | create xqueue venvs dir
-  file: >
-    path="{{ xqueue_venvs_dir }}"
-    state=directory
-    owner="{{ xqueue_user }}"
-    group="{{ common_web_group }}"
-
+  with_items:
+    - "{{ xqueue_app_dir }}"
+    - "{{ xqueue_venvs_dir }}"
 
 - name: xqueue | install a bunch of system packages on which xqueue relies
   apt: pkg={{','.join(xqueue_debian_pkgs)}} state=present
@@ -52,3 +47,9 @@
   template: src=xqueue_consumer.conf.j2 dest=/etc/init/xqueue_consumer.conf mode=0640 owner=root group=adm
 
 - include: deploy.yml
+
+- name: xqueue | create a symlink for venv python
+  file: >
+    src="{{ xqueue_venv_bin }}/python"
+    dest={{ cfg_dir }}/python.xqueue
+    state=link

playbooks/roles/xserver/defaults/main.yml

@@ -17,8 +17,8 @@ XSERVER_GRADER_CHECKOUT: False
 xserver_app_dir: "{{ app_dir }}/xserver"
 xserver_code_dir: "{{ xserver_app_dir }}/xserver"
 xserver_data_dir: "{{ data_dir }}/xserver"
-xserver_venvs_dir: "{{ venvs_dir }}/xserver"
-xserver_venv_dir: "{{ xqueue_venvs_dir }}/xserver"
+xserver_venvs_dir: "{{ xserver_app_dir }}/venvs"
+xserver_venv_dir: "{{ xserver_venvs_dir }}/xserver"
 xserver_venv_sandbox_dir: "{{ xserver_venv_dir }}-sandbox"
 xserver_venv_bin: "{{ xserver_venv_dir }}/bin"
 xserver_user: "xserver"

playbooks/roles/xserver/tasks/deploy.yml

@@ -22,7 +22,7 @@
   - deploy
 
 - name: xserver | create xserver application config
-  template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json mode=640 owner=www-data group=adm
+  template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json
   sudo_user: "{{ xserver_user }}"
   tags:
   - deploy

playbooks/roles/xserver/tasks/main.yml

@@ -17,7 +17,7 @@
     shell=/bin/false
 
 
-- name: xserver | create xserver app and data dir
+- name: xserver | create xserver app and data dirs
   file: >
     path="{{ item }}"
     state=directory
@@ -25,6 +25,7 @@
     group="{{ common_web_group }}"
   with_items:
     - "{{ xserver_app_dir }}"
+    - "{{ xserver_venvs_dir }}"
     - "{{ xserver_data_dir }}"
 
 - name: xserver | create sandbox sudoers file
@@ -53,9 +54,6 @@
   - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
   - "usr.bin.python-sandbox.j2"
 
-- name: xserver | enforce app-armor rules
-  command: aa-enforce {{ xserver_sandbox_venv_dir }}
-
 - name: xserver | setup upstart script
   template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
 
@@ -63,3 +61,13 @@
   copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
 
 - include: deploy.yml
+
+- name: xserver | enforce app-armor rules
+  command: aa-enforce {{ xserver_venv_sandbox_dir }}
+
+- name: xserver | create a symlink for venv python
+  file: >
+    src="{{ xserver_venv_bin }}/python"
+    dest={{ cfg_dir }}/python.xserver
+    state=link
+

playbooks/roles/xserver/templates/99-sandbox.j2

-www-data ALL=({{ xserver_sandbox_user }}) NOPASSWD:{{xserver_sandbox_venv_dir}}/bin/python
+www-data ALL=({{ xserver_sandbox_user }}) NOPASSWD:{{xserver_venv_sandbox_dir}}/bin/python