Commit fac30bd0 by Joe Blaylock

Move sudo into playbook, minor cleanups

* Move sudo:True out of each task and into the playbook, since it's a
  playbook-level variable
* Removal of a couple debian package installs from common that are also
  being installed in the role where they're needed
* Re-correction of /etc/git-identity permissions
* Other cleanups (whitespace issues, etc.)
parent a2f001ac
- hosts: tag_Group_edxapp_custom
sudo: True
vars_files:
# using conditional loading to override defaults for site-specific installs
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
......
- hosts: tag_Group_edxapp_prod
sudo: True
vars_files:
- "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
......
- hosts: tag_Group_edxapp_stage
sudo: True
vars_files:
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
......
......@@ -5,14 +5,12 @@
---
- name: create cms application config
template: src=env.json.j2 dest=$app_base_dir/cms.env.json
sudo: True
tags:
- cms-env
- cms
- name: create cms auth file
template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json
sudo: True
tags:
- cms-env
- cms
......@@ -24,4 +22,4 @@
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms-backend
tags:
- cms
-cms-env
- cms-env
---
- name: Create 'edx' users group
group: name=edx state=present
sudo: True
tags:
- users
- admin_users
......@@ -9,14 +8,12 @@
# This is a temporary measure for initial configuration; after the last
# play is run and we've got a good set of users, ubuntu should no longer be used
user: name=ubuntu append=yes groups="edx"
sudo: True
tags:
- users
- admin_users
- name: Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files
user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: admin_users
when: admin_users is defined
tags:
......@@ -24,21 +21,18 @@
- admin_users
- name: Copying ssh keys for admin users
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
sudo: True
with_items: admin_keys
tags:
- users
- admin_users
- name: Creating env users
user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: env_users
when: env_users is defined
tags:
- users
- name: Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
sudo: True
with_items: env_keys
when: env_keys is defined
tags:
......
......@@ -2,22 +2,18 @@
# create the 'edx' virtual environment in /opt so that roles can populate it
- name: easy_install pip
easy_install: name=pip
sudo: True
tags:
- venv_base
- name: pip install virtualenv
pip: name=virtualenv state=latest
sudo: True
tags:
- venv_base
- name: pip install virtualenvwrapper
pip: name=virtualenvwrapper state=latest
sudo: True
tags:
- venv_base
- name: create edx virtualenv directory
file: path=$venv_dir owner=ubuntu group=edx mode=2775 state=directory
sudo: True
file: path=$venv_dir owner=ubuntu group=adm mode=2775 state=directory
tags:
- venv_base
- name: create the edx virtualenv directory initial contents
......
......@@ -3,12 +3,10 @@
- name: Create application root
# In the future consider making group edx r/t adm
file: path=$app_base_dir state=directory owner=root group=adm mode=2775
sudo: True
tags:
- pre_install
- name: Create log directory
file: path=/mnt/logs state=directory mode=2770 group=adm owner=root
sudo: True
tags:
- pre_install
- name: Create aliases to the log directory
......@@ -21,14 +19,19 @@
- pre_install
- name: Update apt cache
apt: update_cache=yes
sudo: True
tags:
- pre_install
- include: create_venv.yml
- name: Install role-independent useful system packages
apt: pkg={{item}} install_recommends=yes state=present
with_items:
- ack-grep
- lynx-cur
- mosh
- tmux
sudo: True
- most
- screen
tags:
- pre_install
......@@ -5,14 +5,12 @@
---
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms.env.json
sudo: True
tags:
- lms
- lms-env
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
sudo: True
tags:
- lms
- lms-env
......@@ -27,15 +25,13 @@
# ugly relative pathing here
- name: install read-only ssh key for mitx repo (private)
copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=root group=adm mode=640
sudo: True
copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=600
tags:
- lms
- cms
- name: upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
sudo: True
tags:
- lms
- cms
......@@ -43,7 +39,6 @@
# Check out mitx repo to $app_base_dir
- name: install git and its recommends
apt: pkg=git state=present install_recommends=yes
sudo: True
tags:
- lms
- cms
......@@ -86,7 +81,6 @@
- name: install a bunch of system packages on which LMS and CMS rely
apt: pkg={{item}} state=present
with_items: lms_debian_pkgs
sudo: True
tags:
- lms
- cms
......
......@@ -85,13 +85,10 @@ lms_debian_pkgs:
- libxml2-dev
- libxml2-utils
- libxslt1-dev
# convenience
- lynx-cur
- maven2
- mongodb
- mongodb-clients
- mysql-client
- nodejs
- ntp
- openjdk-7-jdk
- openjdk-7-jre
......
......@@ -2,20 +2,17 @@
# - common/tasks/main.yml
---
- name: Install nginx
sudo: True
apt: pkg=nginx state={{ pkgs.nginx.state }}
notify: restart nginx
tags:
- nginx
# removing default link
- name: Removing default nginx config (enabled)
sudo: True
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
tags:
- nginx
- name: Removing default nginx config (available)
sudo: True
file: path=/etc/nginx/sites-available/default state=absent
tags:
- nginx
......@@ -26,11 +23,9 @@
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
# Default htpassword file, required for basic auth
- copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
sudo: True
tags:
- nginx
- name: Ensuring that nginx is running
sudo: True
service: name=nginx state=started
tags:
- nginx
# Requires nginx package
---
- name: Copying nginx config {{ site_name }}
sudo: True
template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
first_available_file:
- "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
......@@ -14,7 +13,6 @@
- nginx-env
- name: Creating nginx config link {{ site_name }}
sudo: True
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
notify: restart nginx
tags:
......
......@@ -3,7 +3,6 @@
# - ruby/tasks/main.yml
---
- name: Install nodejs, and by extension npm
sudo: True
apt: pkg=nodejs state=present install_recommends=no
tags:
- npm
......
......@@ -2,16 +2,13 @@
#cribbed from https://github.com/mmoya/ansible-playbooks/blob/master/rbenv/main.yml
- name: Create 'www' user (replicating historical environment)
user: name=www state=present
sudo: True
tags:
- ruby
- name: Create ruby base
sudo: True
file: path=$ruby_base state=directory owner=www group=www
tags:
- ruby
- name: rbenv | install build depends
sudo: true
apt: pkg=$item state=present install_recommends=no
with_items:
- build-essential
......@@ -27,25 +24,21 @@
- ruby
- name: rbenv | update rbenv repo
sudo: true
git: repo=git://github.com/sstephenson/rbenv.git dest=$rbenv_root version=v0.4.0
tags:
- ruby
- name: rbenv | add rbenv to path
sudo: true
file: path=/usr/local/bin/rbenv src=${rbenv_root}/bin/rbenv state=link
tags:
- ruby
- name: rbenv | add rbenv initialization to profile
sudo: true
template: src=rbenv.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755
tags:
- ruby
- name: rbenv | check ruby-build installed
sudo: true
command: test -x /usr/local/bin/ruby-build
register: rbuild_present
ignore_errors: yes
......@@ -66,7 +59,6 @@
- ruby
- name: rbenv | install ruby-build
sudo: true
command: ./install.sh chdir=${tempdir.stdout}/ruby-build
when_failed: $rbuild_present
tags:
......@@ -87,28 +79,24 @@
- name: rbenv | install ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
sudo: true
when_failed: $ruby_installed
tags:
- ruby
- name: rbenv | set global ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
sudo: true
when_failed: $ruby_installed
tags:
- ruby
- name: rbenv | rehash
shell: RBENV_ROOT=${rbenv_root} rbenv rehash
sudo: true
when_failed: $ruby_installed
tags:
- ruby
- name: gem | gem install bundler
shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${rbenv_root}/shims/gem install bundle chdir=${app_base_dir}/mitx
sudo: true
tags:
- ruby
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment