Merge pull request #3148 from edx/arbab/xqwatcher-rewrite

rewrite the tasks using YAML syntax

playbooks/roles/xqwatcher/tasks/code_jail.yml

@@ -3,91 +3,98 @@
 # Tasks related to deploying the code jail for the XQWatcher
 #
 - name: Create sandboxed user
-  user: >
-    name="{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}"
-    shell=/bin/false
-    home="/dev/null"
-  with_items: XQWATCHER_COURSES
+  user:
+    name: "{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}"
+    shell: /bin/false
+    home: "/dev/null"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:base
 
 #
-# Need to disable aa to update the virutalenv
-- name: write out apparmor config
-  template: >
-    src=etc/apparmor.d/code.jail.j2
-    dest="/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    mode=0644 owner=root group=root
-  with_items: XQWATCHER_COURSES
+# Need to disable apparmor to update the virutalenv
+- name: Write out apparmor config
+  template:
+    src: "etc/apparmor.d/code.jail.j2"
+    dest: "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+    owner: root
+    group: root
+    mode: "0644"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:configuration
 
-- name: write out sudoers for watcher
-  template: >
-    src=etc/sudoers.d/95-xqwatcher.j2
-    dest=/etc/sudoers.d/95-xqwatcher-{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user|replace('.', '') }}
-    mode=0440 owner=root group=root validate='visudo -c -f %s'
-  with_items: XQWATCHER_COURSES
+- name: Write out sudoers for watcher
+  template:
+    src: "etc/sudoers.d/95-xqwatcher.j2"
+    dest: "/etc/sudoers.d/95-xqwatcher-{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user|replace('.', '') }}"
+    owner: root
+    group: root
+    mode: "0440"
+    validate: 'visudo -c -f %s'
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:configuration
 
 # see comment below as to why this is skipped.
-- name: put code jail into aa-complain
+- name: Put code jail into aa-complain
   command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - manage
     - manage:sandbox
 
-- name: create jail virtualenv
-  shell: >
-    /usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
-  with_items: XQWATCHER_COURSES
+- name: Create jail virtualenv
+  shell: "/usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:code
 
-- name: write out requirements.txt
-  template: >
-    src=edx/app/xqwatcher/data/requirements.txt.j2
-    dest={{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
-    mode=0440 owner=root group=root
-  with_items: XQWATCHER_COURSES
+- name: Write out requirements.txt
+  template:
+    src: "edx/app/xqwatcher/data/requirements.txt.j2"
+    dest: "{{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
+    owner: root
+    group: root
+    mode: "0440"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:code
 
-- name: install course specific python requirements
-  pip: >
-    requirements="{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
-    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-    state=present
-    extra_args="{{ XQWATCHER_PIP_EXTRA_ARGS }}"
-  with_items: XQWATCHER_COURSES
+- name: Install course specific python requirements
+  pip:
+    requirements: "{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
+    virtualenv: "{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+    state: present
+    extra_args: "{{ XQWATCHER_PIP_EXTRA_ARGS }}"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:code
 
-- name: give other read permissions to the virtualenv
-  shell: >
-    chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
-  with_items: XQWATCHER_COURSES
+- name: Give other read permissions to the virtualenv
+  shell: "chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:code
 
-- name: start apparmor service
-  service: name=apparmor state=started
+- name: Start apparmor service
+  service:
+    name: apparmor
+    state: started
   tags:
     - manage
     - manage:sandbox
 
-- name: load code sandbox profile
+- name: Load code sandbox profile
   command: apparmor_parser -r "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - manage
     - manage:sandbox
@@ -96,20 +103,20 @@
 # Leaves aa in either complain or enforce depending upon the value of the
 # CODE_JAIL_COMPLAIN var.  Complain mode should never be run in an
 # environment where untrusted users can submit code
-- name: put code jail into aa-complain
+- name: Put code jail into aa-complain
   command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
   when: CODE_JAIL_COMPLAIN|bool
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
   # AA having issues on 14.04
   # https://github.com/edx/codejail/issues/38
   tags:
     - manage
     - manage:sandbox
 
-- name: put code sandbox into aa-enforce
+- name: Put code sandbox into aa-enforce
   command: /usr/sbin/aa-enforce "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
   when: not CODE_JAIL_COMPLAIN|bool
-  with_items: XQWATCHER_COURSES
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - manage
     - manage:sandbox

playbooks/roles/xqwatcher/tasks/deploy.yml

-- name: install courses ssh key
-  copy: >
-    content="{{ XQWATCHER_GIT_IDENTITY }}"
-    dest={{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses
-    owner={{ xqwatcher_user }} group={{ xqwatcher_user }} mode=0600
+- name: Install courses ssh key
+  copy:
+    content: "{{ XQWATCHER_GIT_IDENTITY }}"
+    dest: "{{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses"
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
+    mode: "0600"
   tags:
     - install
     - install:code
     
 #TODO: remove once xqwatcher.json can be pulled out into /edx/etc/
-- name: write out watcher config file
-  template: >
-    src=edx/app/xqwatcher/xqwatcher.json.j2
-    dest={{ xqwatcher_conf_dir }}/xqwatcher.json
-    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
+- name: Write out watcher config file
+  template:
+    src: "edx/app/xqwatcher/xqwatcher.json.j2"
+    dest: "{{ xqwatcher_conf_dir }}/xqwatcher.json"
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
+    mode: "0644" 
   tags:
     - install
     - install:configuration

playbooks/roles/xqwatcher/tasks/deploy_courses.yml

@@ -2,12 +2,13 @@
 # checking out the grader code from the repository specified on
 # a per queue basis.
 
-- name: checkout grader code
-  git_2_0_1: >
-    dest={{ xqwatcher_app_dir }}/data/{{ item.COURSE }} repo={{ item.GIT_REPO }}
-    version={{ item.GIT_REF }}
-    ssh_opts="{{ xqwatcher_course_git_ssh_opts }}"
-  with_items: XQWATCHER_COURSES
+- name: Checkout grader code
+  git_2_0_1:
+    repo: "{{ item.GIT_REPO }}"
+    dest: "{{ xqwatcher_app_dir }}/data/{{ item.COURSE }}"
+    version: "{{ item.GIT_REF }}"
+    ssh_opts: "{{ xqwatcher_course_git_ssh_opts }}"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:code

playbooks/roles/xqwatcher/tasks/deploy_watcher.yml

@@ -2,59 +2,63 @@
 # The watcher can watch one or many queues and dispatch submissions
 # to the appropriate grader which lives in a separate SCM repository.
 
-- name: install application requirements
-  pip: >
-    requirements="{{ xqwatcher_requirements_file }}"
-    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}" state=present
+- name: Install application requirements
+  pip:
+    requirements: "{{ xqwatcher_requirements_file }}"
+    virtualenv: "{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}"
+    state: present
   become: true
   become_user: "{{ xqwatcher_user }}"
   tags:
     - install
     - install:app-requirements
 
-- name: write out course config files
-  template: >
-    src=edx/app/xqwatcher/conf.d/course.json.j2
-    dest={{ xqwatcher_conf_dir }}/conf.d/{{ item.COURSE }}.json
-    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
-  with_items: XQWATCHER_COURSES
+- name: Write out course config files
+  template:
+    src: "edx/app/xqwatcher/conf.d/course.json.j2"
+    dest: "{{ xqwatcher_conf_dir }}/conf.d/{{ item.COURSE }}.json"
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
+    mode: "0644"
+  with_items: "{{ XQWATCHER_COURSES }}"
   tags:
     - install
     - install:configuration
 
-- name: write supervisord config
-  template: >
-    src=edx/app/supervisor/conf.d/xqwatcher.conf.j2
-    dest="{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
-    group={{ xqwatcher_user }} mode=0650
+- name: Write supervisord config
+  template:
+    src: "edx/app/supervisor/conf.d/xqwatcher.conf.j2"
+    dest: "{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
+    group: "{{ xqwatcher_user }}"
+    mode: "0650"
   tags:
     - install
     - install:configuration
 
-- name: enable supervisor script
-  file: >
-    src={{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf
-    dest={{ xqwatcher_supervisor_cfg_dir }}/xqwatcher.conf
-    state=link
-    force=yes
+- name: Enable supervisor script
+  file:
+    src: "{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
+    dest: "{{ xqwatcher_supervisor_cfg_dir }}/xqwatcher.conf"
+    state: link
+    force: yes
   when: not disable_edx_services
   tags:
     - install
     - install:configuration
 
-- name: update supervisor configuration
+- name: Update supervisor configuration
   shell: "{{ xqwatcher_supervisor_ctl }} -c {{ xqwatcher_supervisor_app_dir }}/supervisord.conf update"
   when: not disable_edx_services
   tags:
     - manage
     - manage:update
 
-- name: restart xqwatcher
-  supervisorctl: >
-    state=restarted
-    supervisorctl_path={{ xqwatcher_supervisor_ctl }}
-    config={{ xqwatcher_supervisor_app_dir }}/supervisord.conf
-    name={{ xqwatcher_service_name }}
+- name: Restart xqwatcher
+  supervisorctl:
+    name: "{{ xqwatcher_service_name }}"
+    supervisorctl_path: "{{ xqwatcher_supervisor_ctl }}"
+    config: "{{ xqwatcher_supervisor_app_dir }}/supervisord.conf"
+    state: restarted
   when: not disable_edx_services
   become_user: "{{ xqwatcher_user }}"
   tags:

playbooks/roles/xqwatcher/tasks/main.yml

@@ -86,26 +86,28 @@
 #   -----END RSA PRIVATE KEY-----
 #
 
-- name: create conf dir
-  file: >
-    path="{{ xqwatcher_conf_dir }}"
-    state=directory
-    owner="{{ xqwatcher_user }}"
-    group="{{ xqwatcher_user }}"
+- name: Create conf dir
+  file:
+    path: "{{ xqwatcher_conf_dir }}"
+    state: directory
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
   tags:
     - install
     - install:base
 
-- name: create conf.d dir
-  file: >
-    path="{{ xqwatcher_conf_dir }}/conf.d"
-    state=directory
-    owner="{{ xqwatcher_user }}"
-    group="{{ xqwatcher_user }}"
+- name: Create conf.d dir
+  file:
+    path: "{{ xqwatcher_conf_dir }}/conf.d"
+    state: directory
+    owner: "{{ xqwatcher_user }}"
+    group: "{{ xqwatcher_user }}"
   tags:
     - install
     - install:base
 
 - include: code_jail.yml CODE_JAIL_COMPLAIN=false
 
-- include: deploy.yml tags=deploy
+- include: deploy.yml
+  tags:
+    - deploy