Merge pull request #133 from edx/jbau/ora-role

Jbau/ora role

Merge pull request #133 from edx/jbau/ora-role
Jbau/ora role
10a636c3 · Jason Bau · 8ab4d913 · 9ece32cc · 10a636c3 · 10a636c3
Commit 10a636c3 authored Jun 27, 2013 by Jason Bau
12 changed files
--- a/playbooks/edx-west/edxapp_prod.yml
+++ b/playbooks/edx-west/edxapp_prod.yml
 # this gets all running prod webservers
 #- hosts: tag_environment_prod:&tag_function_webserver
 # or we can get subsets of them by name
- hosts: ~tag_Name_app(10|20)_prod
+- hosts: ~tag_Name_app(4)_prod
 #- hosts: ~tag_Name_app(11|21)_prod
 ## these are cold hosts:
 #- hosts: ~tag_Name_app(12|22)_prod

--- a/playbooks/edx-west/ora_prod.yml
+++ b/playbooks/edx-west/ora_prod.yml
+# this gets all running prod webservers
+- hosts: tag_environment_prod:&tag_function_ora
+# or we can get subsets of them by name
+#- hosts: ~tag_Name_xserver(1|2)_prod
+#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
+  sudo: True
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir:  '../../../configuration-secure/ansible/local'
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+  roles:
+    - common
+    - nginx
+    - ora
--- a/playbooks/edx_jenkins_tests.yml
+++ b/playbooks/edx_jenkins_tests.yml
@@ -16,3 +16,4 @@
    - edxapp
    - xqueue
    - xserver
+    - ora
--- a/playbooks/roles/edxlocal/tasks/main.yml
+++ b/playbooks/roles/edxlocal/tasks/main.yml
@@ -32,6 +32,11 @@
    state=present
    encoding=utf8

+- name: create a database for ora
+  mysql_db: >
+    db=ora
+    state=present
+    encoding=utf8

 - name: install mongo server and recommends  
  apt: pkg=mongodb-server state=present install_recommends=yes

--- a/playbooks/roles/nginx/templates/ora.j2
+++ b/playbooks/roles/nginx/templates/ora.j2
+upstream app_server {
+    # For a TCP configuration:
+    server 127.0.0.1:{{ ora_gunicorn_port }} fail_timeout=0;
+}
+
+server {
+  listen {{ ora_nginx_port}} default_server;
+
+  location / {
+
+    try_files $uri @proxy_to_app;
+  }
+
+  # Check security on this
+  location /static/ {
+    alias /opt/wwc/staticfiles/;
+
+    # return a 403 for static files that shouldn't be
+    # in the staticfiles directory
+    location ~ ^/static/(.*)(\.xml|\.json|README.TXT) {
+        return 403;
+    }
+    # Set django-pipelined files to maximum cache time
+    location ~ /static/.*\.[0-9a-f]+\..* {
+        expires max;
+    }
+
+    # Expire other static files immediately (there should be very few / none of these)
+    expires epoch;
+  }
+
+  location @proxy_to_app {
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://app_server;
+  }
+}
--- a/playbooks/roles/ora/tasks/deploy.yml
+++ b/playbooks/roles/ora/tasks/deploy.yml
+- name: See if edx-ora.conf is installed
+  shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
+  register: edx_ora_installed
+  tags:
+  - ora
+  - deploy
+
+- name: See if edx-ora-celery.conf is installed
+  shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
+  register: edx_ora_celery_installed
+  tags:
+  - ora
+  - deploy
+
+# Stop ora service.
+- name: stop edx-ora service
+  service: name=edx-ora state=stopped
+  when: edx_ora_installed.stdout == 'Found'
+  tags:
+  - ora
+  - deploy
+
+- name: stop edx-ora-celery service
+  service: name=edx-ora-celery state=stopped
+  when: edx_ora_celery_installed.stdout == 'Found'
+  tags:
+  - ora
+  - deploy
+
+# Do A Checkout
+- name: git checkout ora repo into $app_base_dir
+  git: dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}}
+  tags:
+  - ora
+  - deploy
+
+# Do Post Checkout Tasks.
+- name: change permissions on ora code dir
+  file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  tags:
+  - ora
+  - deploy
+
+- name: copy over edx-ora upstart scripts from repo
+  shell: "cp {{ora_code_dir}}/edx-ora.conf /etc/init/edx-ora.conf;
+          chmod 644 /etc/init/edx-ora.conf; chown root:root /etc/init/edx-ora.conf;"
+  tags:
+  - ora
+  - deploy
+
+- name: set correct port in edx-ora.conf
+  lineinfile: dest=/etc/init/edx-ora.conf regexp="^env PORT=[0-9]+" line="env PORT={{ora_gunicorn_port}}"
+  tags:
+  - ora
+  - deploy
+
+- name: copy over edx-ora-celery upstart scripts from repo
+  shell: "cp {{ora_code_dir}}/edx-ora-celery.conf /etc/init/edx-ora-celery.conf;
+          chmod 644 /etc/init/edx-ora-celery.conf; chown root:root /etc/init/edx-ora-celery.conf;"
+  tags:
+  - ora
+  - deploy
+
+# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
+# portions of the deploy needs to be incorporated here.
+
+- name: install ora apt-packages
+  command: xargs -a {{ora_code_dir}}/apt-packages.txt apt-get install -y
+  tags:
+  - ora
+  - deploy
+
+# Install the python pre requirements into {{ venv_dir }}
+- name: install python pre-requirements
+  pip: requirements="{{ora_pre_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  tags:
+  - ora
+  - deploy
+
+# Install the python post requirements into {{ venv_dir }}
+- name: install python post-requirements
+  pip: requirements="{{ora_post_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  tags:
+  - ora
+  - deploy
+
+  #Needed if using redis to prevent memory issues
+- name: change memory commit settings -- needed for redis
+  command: sysctl vm.overcommit_memory=1
+  tags:
+  - ora
+  - deploy
+
+- name: syncdb and migrate
+  shell: sudo -u www-data {{venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  when: migrate_db is defined
+  tags:
+  - ora
+  - syncdb
+  - deploy
+
+- name: create users
+  shell: sudo -u www-data {{venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  tags:
+  - ora
+  - syncdb
+  - deploy
+
+- name: restart edx-ora
+  service: name=edx-ora state=restarted
+  tags:
+  - ora
+  - deploy
+
+- name: restart edx-ora-celery
+  service: name=edx-ora-celery state=restarted
+  tags:
+  - ora
+  - deploy
--- a/playbooks/roles/ora/tasks/ease.yml
+++ b/playbooks/roles/ora/tasks/ease.yml
+- name: See if edx-ora.conf is installed
+  shell: "[ -f /etc/init/edx-ora.conf ] && echo 'Found' || echo ''"
+  register: edx_ora_installed
+  tags:
+  - ora
+  - deploy
+
+- name: See if edx-ora-celery.conf is installed
+  shell: "[ -f /etc/init/edx-ora-celery.conf ] && echo 'Found' || echo ''"
+  register: edx_ora_celery_installed
+  tags:
+  - ora
+  - deploy
+
+# Stop ora service.
+- name: stop edx-ora service
+  service: name=edx-ora state=stopped
+  when: edx_ora_installed.stdout == 'Found'
+  tags:
+  - ora
+  - deploy
+
+- name: stop edx-ora-celery service
+  service: name=edx-ora-celery state=stopped
+  when: edx_ora_celery_installed.stdout == 'Found'
+  tags:
+  - ora
+  - deploy
+
+
+# Do A Checkout
+- name: git checkout ease repo into its base dir
+  git: dest={{ease_code_dir}} repo={{ease_source_repo}} version={{ease_version}}
+  tags:
+  - ease
+  - deploy
+
+# Do Post Checkout Tasks.
+- name: change permissions on ease code dir
+  file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  tags:
+  - ease
+  - deploy
+
+
+# TODO: Check git.py _run_if_changed() to see if the logic there to skip running certain
+# portions of the deploy needs to be incorporated here.
+
+- name: install ease apt-packages
+  command: xargs -a {{ease_code_dir}}/apt-packages.txt apt-get install -y
+  tags:
+  - ease
+  - deploy
+
+# Install the python pre requirements into {{ venv_dir }}
+- name: install ease python pre-requirements
+  pip: requirements="{{ease_pre_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  tags:
+  - ease
+  - deploy
+
+# Install the python post requirements into {{ venv_dir }}
+- name: install ease python post-requirements
+  pip: requirements="{{ease_post_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  tags:
+  - ease
+  - deploy
+
+- name: install ease python package
+  shell: command="{{venv_dir}}/bin/activate; cd {{ease_code_dir}}; python setup.py install"
+  tags:
+  - ease
+  - deploy
+
+#Needed for the ease package to work
+- name: check for the existence of nltk data taggers/maxent_treebank_pos_tagger/english.pickle
+  shell: "[ -f {{nltk_data_dir}}/taggers/maxent_treebank_pos_tagger/english.pickle ] && echo 'Found' || echo ''"
+  register: nltk_data_installed
+  tags:
+  - ease
+  - deploy
+
+
+- name: install nltk data using rendered shell script
+  command: "{{venv_dir}}/bin/python -m nltk.downloader -d {{nltk_data_dir}} all"
+  when: nltk_data_installed.stdout  != "Found"
+  tags:
+  - ease
+  - deploy
+
+- name: set permissions on nltk data directory
+  file: path={{nltk_data_dir}} owner=ubuntu group=adm mode=2775 state=directory
+  tags:
+  - ease
+  - deploy
--- a/playbooks/roles/ora/tasks/main.yml
+++ b/playbooks/roles/ora/tasks/main.yml
+# requires:
+#  - group_vars/all
+#  - common/tasks/main.yml
+#  - nginx/tasks/main.yml
+---
+- name: Change permissions on datadir
+  file: path={{ app_base_dir }}/data state=directory owner=www-data group=www-data
+  tags:
+  - ora
+
+- name: Create ml_models directory
+  file: path={{ app_base_dir }}/ml_models state=directory owner=www-data group=www-data
+  tags:
+  - ora
+
+# Check out ora repo to $app_base_dir
+- name: install git and its recommends
+  apt: pkg=git state=present install_recommends=yes
+  tags:
+  - ora
+
+- name: install a bunch of system packages on which ora depends
+  apt: pkg={{item}} state=present
+  with_items: ora_debian_pkgs
+  tags:
+  - ora
+
+- name: create ora application config
+  template: src=ora.env.json.j2 dest=$app_base_dir/env.json mode=0640 owner=www-data group=adm
+  tags:
+  - ora
+
+- name: create ora auth file
+  template: src=ora.auth.json.j2 dest=$app_base_dir/auth.json mode=0640 owner=www-data group=adm
+  tags:
+  - ora
+
+# Install nginx site
+- include: ../../nginx/tasks/nginx_site.yml state=link site_name=ora
+
+- include: ease.yml
+- include: deploy.yml
--- a/playbooks/roles/ora/templates/ora.auth.json.j2
+++ b/playbooks/roles/ora/templates/ora.auth.json.j2
+{{ ora_auth_config | to_nice_json }}
--- a/playbooks/roles/ora/templates/ora.env.json.j2
+++ b/playbooks/roles/ora/templates/ora.env.json.j2
+{{ ora_env_config | to_nice_json }}
--- a/playbooks/roles/ora/vars/main.yml
+++ b/playbooks/roles/ora/vars/main.yml
+# vars for the ORA role
+---
+ora_code_dir: "{{ app_base_dir }}/edx-ora"
+# Default nginx listen port
+# These should be overrided if you want
+# to serve all content on port 80
+ora_nginx_port: 18091
+ora_gunicorn_port: 8091
+ora_auth_config: {}
+ora_env_config: {}
+ora_source_repo: https://github.com/edx/edx-ora.git
+ora_version: 'HEAD'
+ora_pre_requirements_file: "{{ ora_code_dir }}/pre-requirements.txt"
+ora_post_requirements_file: "{{ ora_code_dir }}/requirements.txt"
+ora_debian_pkgs: []
+
+ease_code_dir: "{{ app_base_dir }}/ease"
+ease_source_repo: https://github.com/edx/ease.git
+ease_version: 'HEAD'
+ease_pre_requirements_file: "{{ ease_code_dir }}/pre-requirements.txt"
+ease_post_requirements_file: "{{ ease_code_dir }}/requirements.txt"
+ease_debian_pkgs: []
+nltk_data_dir: /usr/share/nltk_data
--- a/playbooks/secure_example/vars/edxapp_sandbox.yml
+++ b/playbooks/secure_example/vars/edxapp_sandbox.yml
@@ -24,6 +24,53 @@
 #Use YAML references (& and *) and hash merge <<: to factor out shared settings
 #see http://atechie.net/2009/07/merging-hashes-in-yaml-conf-files/

+ora_env_config:
+  "LOGGING_ENV": "prod-grader"
+  "LOG_DIR": "/mnt/logs"
+  "REQUESTS_TIMEOUT": "5"
+  "QUEUES_TO_PULL_FROM": "open-ended"
+  "TIME_BETWEEN_XQUEUE_PULLS": "5"
+  "TIME_BETWEEN_EXPIRED_CHECKS": "1800"
+  "GRADER_SETTINGS_DIRECTORY": "grader_settings/"
+  "MAX_NUMBER_OF_TIMES_TO_RETRY_GRADING": "10"
+  "MIN_TO_USE_ML": "100"
+  "ML_PATH": "machine-learning/"
+  "ML_MODEL_PATH": "ml_models/"
+  "TIME_BETWEEN_ML_CREATOR_CHECKS": "300"
+  "TIME_BETWEEN_ML_GRADER_CHECKS": "5"
+  "MIN_TO_USE_PEER": "10"
+  "PEER_GRADER_COUNT": "3"
+  "PEER_GRADER_MINIMUM_TO_CALIBRATE": "3"
+  "PEER_GRADER_MAXIMUM_TO_CALIBRATE": "6"
+  "PEER_GRADER_MIN_NORMALIZED_CALIBRATION_ERROR": ".5"
+  "EXPIRE_SUBMISSIONS_AFTER": "1296000"
+  "RESET_SUBMISSIONS_AFTER": "600"
+  "LOCAL_LOGLEVEL": "DEBUG"
+  "DEBUG": false
+  "SYSLOG_SERVER": "localhost"
+  "USE_S3_TO_STORE_MODELS": false
+  "S3_BUCKETNAME": "openended-prod"
+
+ora_auth_config:
+  "USERS":
+    "xqueue_pull": "password"
+    "lms": "password"
+  "XQUEUE_INTERFACE":
+    "django_auth":
+      "password": "password"
+      "username": "lms"
+    "basic_auth": [ "edx", "edx"]
+    "url": "http://localhost:18040"
+  "GRADING_CONTROLLER_INTERFACE":
+    "django_auth":
+      "password": "password"
+      "username": "lms"
+    "url": "http://localhost:18091"
+  'DATABASES':
+    'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'ora', 'USER': 'root', 'PASSWORD': '', 'HOST': 'localhost', 'PORT': '3306' }
+  'AWS_ACCESS_KEY_ID' : ''
+  'AWS_SECRET_ACCESS_KEY' : ''
+

 xqueue_env_config:
  'XQUEUES':