Move sudo into playbook, minor cleanups

* Move sudo:True out of each task and into the playbook, since it's a
  playbook-level variable
* Removal of a couple debian package installs from common that are also
  being installed in the role where they're needed
* Re-correction of /etc/git-identity permissions
* Other cleanups (whitespace issues, etc.)

playbooks/edxapp_custom.yml

 - hosts: tag_Group_edxapp_custom
+  sudo: True
   vars_files:
   # using conditional loading to override defaults for site-specific installs
     - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"

playbooks/edxapp_prod.yml

 - hosts: tag_Group_edxapp_prod
+  sudo: True
   vars_files:
     - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"

playbooks/edxapp_stage.yml

 - hosts: tag_Group_edxapp_stage
+  sudo: True
   vars_files:
     - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
     - "{{ secure_dir }}/vars/users.yml"

playbooks/roles/cms/tasks/main.yml

@@ -5,14 +5,12 @@
 ---
 - name: create cms application config
   template: src=env.json.j2 dest=$app_base_dir/cms.env.json
-  sudo: True
   tags:
   - cms-env
   - cms
 
 - name: create cms auth file
   template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json
-  sudo: True
   tags:
   - cms-env
   - cms
@@ -24,4 +22,4 @@
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms-backend
   tags:
   - cms
-  -cms-env
+  - cms-env

playbooks/roles/common/tasks/create_users.yml

 ---
 - name: Create 'edx' users group
   group: name=edx state=present
-  sudo: True
   tags:
   - users
   - admin_users
@@ -9,14 +8,12 @@
   # This is a temporary measure for initial configuration; after the last 
   # play is run and we've got a good set of users, ubuntu should no longer be used
   user: name=ubuntu append=yes groups="edx"
-  sudo: True
   tags:
   - users
   - admin_users
 - name: Creating admin users
   # Admin users, by definition, should be able to sudo w/ password, and read adm-only files
   user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
-  sudo: True
   with_items: admin_users
   when: admin_users is defined
   tags:
@@ -24,21 +21,18 @@
   - admin_users
 - name: Copying ssh keys for admin users
   authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
-  sudo: True
   with_items: admin_keys
   tags:
   - users
   - admin_users
 - name: Creating env users
   user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
-  sudo: True
   with_items: env_users
   when: env_users is defined
   tags:
   - users
 - name: Copying ssh keys for env users
   authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
-  sudo: True
   with_items: env_keys
   when: env_keys is defined
   tags:

playbooks/roles/common/tasks/create_venv.yml

@@ -2,22 +2,18 @@
 # create the 'edx' virtual environment in /opt so that roles can populate it
 - name: easy_install pip
   easy_install: name=pip
-  sudo: True
   tags:
   - venv_base
 - name: pip install virtualenv
   pip: name=virtualenv state=latest
-  sudo: True
   tags:
   - venv_base
 - name: pip install virtualenvwrapper
   pip: name=virtualenvwrapper state=latest
-  sudo: True
   tags:
   - venv_base
 - name: create edx virtualenv directory
-  file: path=$venv_dir owner=ubuntu group=edx mode=2775 state=directory
-  sudo: True
+  file: path=$venv_dir owner=ubuntu group=adm mode=2775 state=directory
   tags:
   - venv_base
 - name: create the edx virtualenv directory initial contents

playbooks/roles/common/tasks/main.yml

@@ -3,12 +3,10 @@
 - name: Create application root
   # In the future consider making group edx r/t adm
   file: path=$app_base_dir state=directory owner=root group=adm mode=2775 
-  sudo: True
   tags:
   - pre_install
 - name: Create log directory
   file: path=/mnt/logs state=directory mode=2770 group=adm owner=root
-  sudo: True
   tags:
   - pre_install
 - name: Create aliases to the log directory
@@ -21,14 +19,19 @@
   - pre_install
 - name: Update apt cache
   apt: update_cache=yes
-  sudo: True
+  tags:
+  - pre_install
 
 - include: create_venv.yml
 
 - name: Install role-independent useful system packages
   apt: pkg={{item}} install_recommends=yes state=present
   with_items:
+  - ack-grep
+  - lynx-cur
   - mosh
-  - tmux
-  sudo: True
+  - most
+  - screen
+  tags:
+  - pre_install
 

playbooks/roles/lms/tasks/main.yml

@@ -5,14 +5,12 @@
 ---
 - name: create lms application config
   template: src=env.json.j2 dest=$app_base_dir/lms.env.json
-  sudo: True
   tags:
   - lms
   - lms-env
 
 - name: create lms auth file
   template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
-  sudo: True
   tags:
   - lms
   - lms-env
@@ -27,15 +25,13 @@
 # ugly relative pathing here
 
 - name: install read-only ssh key for mitx repo (private)
-  copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=root group=adm mode=640
-  sudo: True
+  copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=600
   tags:
   - lms
   - cms
 
 - name: upload ssh script
   copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
-  sudo: True
   tags:
   - lms
   - cms
@@ -43,7 +39,6 @@
 # Check out mitx repo to $app_base_dir
 - name: install git and its recommends
   apt: pkg=git state=present install_recommends=yes 
-  sudo: True
   tags:
   - lms
   - cms
@@ -86,7 +81,6 @@
 - name: install a bunch of system packages on which LMS and CMS rely
   apt: pkg={{item}} state=present
   with_items: lms_debian_pkgs
-  sudo: True
   tags:
   - lms
   - cms

playbooks/roles/lms/vars/main.yml

@@ -85,13 +85,10 @@ lms_debian_pkgs:
   - libxml2-dev
   - libxml2-utils
   - libxslt1-dev
-  # convenience
-  - lynx-cur
   - maven2
   - mongodb
   - mongodb-clients
   - mysql-client
-  - nodejs
   - ntp
   - openjdk-7-jdk
   - openjdk-7-jre

playbooks/roles/nginx/tasks/main.yml

@@ -2,20 +2,17 @@
 #   - common/tasks/main.yml
 ---
 - name: Install nginx
-  sudo: True
   apt: pkg=nginx state={{ pkgs.nginx.state }}
   notify: restart nginx
   tags:
   - nginx
 # removing default link
 - name: Removing default nginx config (enabled)
-  sudo: True
   file: path=/etc/nginx/sites-enabled/default state=absent
   notify: restart nginx
   tags:
   - nginx
 - name: Removing default nginx config (available)
-  sudo: True
   file: path=/etc/nginx/sites-available/default state=absent
   tags:
   - nginx
@@ -26,11 +23,9 @@
 - include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
 # Default htpassword file, required for basic auth
 - copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
-  sudo: True
   tags:
   - nginx
 - name: Ensuring that nginx is running
-  sudo: True
   service: name=nginx state=started
   tags:
   - nginx

playbooks/roles/nginx/tasks/nginx_site.yml

 # Requires nginx package
 ---
 - name: Copying nginx config {{ site_name }}
-  sudo: True
   template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
   first_available_file:
   - "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
@@ -14,7 +13,6 @@
   - nginx-env
 
 - name: Creating nginx config link {{ site_name }}
-  sudo: True
   file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
   notify: restart nginx
   tags:

playbooks/roles/npm/tasks/main.yml

@@ -3,7 +3,6 @@
 #   - ruby/tasks/main.yml
 ---
 - name: Install nodejs, and by extension npm
-  sudo: True
   apt: pkg=nodejs state=present install_recommends=no
   tags:
   - npm

playbooks/roles/ruby/tasks/main.yml

@@ -2,16 +2,13 @@
 #cribbed from https://github.com/mmoya/ansible-playbooks/blob/master/rbenv/main.yml
 - name: Create 'www' user (replicating historical environment)
   user: name=www state=present
-  sudo: True
   tags:
   - ruby
 - name: Create ruby base
-  sudo: True
   file: path=$ruby_base state=directory owner=www group=www
   tags:
   - ruby
 - name: rbenv | install build depends
-  sudo: true
   apt: pkg=$item state=present install_recommends=no
   with_items:
     - build-essential
@@ -27,25 +24,21 @@
   - ruby
 
 - name: rbenv | update rbenv repo
-  sudo: true
   git: repo=git://github.com/sstephenson/rbenv.git dest=$rbenv_root version=v0.4.0
   tags:
   - ruby
 
 - name: rbenv | add rbenv to path
-  sudo: true
   file: path=/usr/local/bin/rbenv src=${rbenv_root}/bin/rbenv state=link
   tags:
   - ruby
 
 - name: rbenv | add rbenv initialization to profile
-  sudo: true
   template: src=rbenv.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755
   tags:
   - ruby
 
 - name: rbenv | check ruby-build installed
-  sudo: true
   command: test -x /usr/local/bin/ruby-build
   register: rbuild_present
   ignore_errors: yes
@@ -66,7 +59,6 @@
   - ruby
 
 - name: rbenv | install ruby-build
-  sudo: true
   command: ./install.sh chdir=${tempdir.stdout}/ruby-build
   when_failed: $rbuild_present
   tags:
@@ -87,28 +79,24 @@
 
 - name: rbenv | install ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
-  sudo: true
   when_failed: $ruby_installed
   tags:
   - ruby
 
 - name: rbenv | set global ruby $ruby_version
   shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
-  sudo: true
   when_failed: $ruby_installed
   tags:
   - ruby
 
 - name: rbenv | rehash
   shell: RBENV_ROOT=${rbenv_root} rbenv rehash
-  sudo: true
   when_failed: $ruby_installed
   tags:
   - ruby
 
 - name: gem | gem install bundler
   shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${rbenv_root}/shims/gem install bundle chdir=${app_base_dir}/mitx
-  sudo: true
   tags:
   - ruby