Skip to content

C
configuration
Commit 14f3908a by Saleem Latif
Options

Clean up ansible services/roles for theming

parent 7a625110
Showing with 220 additions and 167 deletions
playbooks/roles/add-user/defaults/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Defaults for role add-user
#
playbooks/roles/add-user/tasks/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
#
#
# Tasks for role add-user
#
# Overview:
#
# This role performs the repetitive tasks that most edX roles
# require in our default configuration.
#
# Example play:
#
# Rather than being included in the play, this role
# is included as a dependency by other roles in the meta/main.yml
# file. The including role should add the following
# dependency definition.
#
# dependencies:
# - role: add-user
# user_name: edx-themes
# user_home: /edx/etc/edx-themes
# group_name: edx-themes
# dirs:
# - {path: /edx/var/edx-themes, owner: 'edx-themes', group: "edx-themes", mode: "0646"}
# - {path: /edx/etc/edx-themes, owner: 'edx-themes', group: "edx-themes", mode: "0664"}
# - ...
#
# Generating an ssh key so users can do a git
# clone over ssh for public repositories without any
# additional configuration
- name: create application user
user:
name: "{{ user_name }}"
home: "{{ user_home }}"
createhome: yes
shell: /bin/false
generate_ssh_key: yes
tags:
- install
- install:base
# Assumes that the home directory has been created above.
# In some cases(vagrant boxes) the home directory gets created
# but does not have the correct owner and group. In vagrant for
# example we were seeing it defaulting to `root` for both.
# Here we ensure that the ownership
# of the home directory is always correct before proceeding.
- name: ensure correct ownership of home directory
file:
path: "{{ user_home }}"
state: directory
owner: "{{ user_name }}"
group: "{{ group_name }}"
tags:
- install
- install:base
- name: create dirs for the user
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode | default('0755') }}"
with_items: dirs
when: dirs is defined
tags:
- install
- install:base
playbooks/roles/edx-themes/meta/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Role includes for role edx-themes
#
dependencies:
- role: add-user
user_name: "{{ themes_user }}"
user_home: "{{ themes_home }}"
group_name: "{{ themes_user }}"
- role: git-clone
repo_owner: "{{ themes_user }}"
repo_group: "{{ themes_user }}"
GIT_REPOS: "{{ THEMES_REPOS }}"
git_home: "{{ themes_home }}"
playbooks/roles/edx-themes/tasks/main.yml
......@@ -27,102 +27,3 @@
# - role: themes
# when do_setup_themes
#
# Generating an ssh key so service users can do a git
# clone over ssh for public repositories without any
# additional configuration
- name: create application user
user:
name: "{{ themes_user }}"
home: "{{ themes_home }}"
createhome: yes
shell: /bin/false
generate_ssh_key: yes
tags:
- install
- install:base
# Assumes that the home directory has been created above.
# In some cases(vagrant boxes) the home directory gets created
# but does not have the current owner and group. In vagrant for
# example we were seeing it defaulting it to `root` for both.
# The item that is a blank string ("") ensures the ownership
# of the home directory is always correct before proceeding.
- name: create themes home dirs
file:
path: "{{ themes_home }}/{{ item }}"
state: directory
owner: "{{ themes_user }}"
group: "{{ common_web_group }}"
with_items:
- ""
tags:
- install
- install:base
- name: set git fetch.prune to ignore deleted remote refs
shell: git config --global fetch.prune true
sudo_user: "{{ themes_user }}"
when: THEMES_REPOS is defined
tags:
- install
- install:code
- name: validate git protocol
fail: msg='THEMES_REPOS.PROTOCOL must be "https" or "ssh"'
when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and THEMES_REPOS is defined
with_items: THEMES_REPOS
tags:
- install
- install:code
- name: install read-only ssh key
copy:
dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
content: "{{ item.SSH_KEY }}"
owner: "{{ themes_user }}"
group: "{{ themes_user }}"
mode: 0600
when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
with_items: THEMES_REPOS
tags:
- install
- install:code
- name: checkout code over ssh
git_2_0_1:
repo: "git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}"
dest: "{{ item.DESTINATION }}"
version: "{{ item.VERSION }}"
accept_hostkey: yes
key_file: "{{ themes_home }}/.ssh/{{ item.REPO }}"
sudo_user: "{{ themes_user }}"
register: code_checkout
when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
with_items: THEMES_REPOS
tags:
- install
- install:code
- name: checkout code over https
git_2_0_1:
repo: "https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}"
dest: "{{ item.DESTINATION }}"
version: "{{ item.VERSION }}"
sudo_user: "{{ themes_user }}"
register: code_checkout
when: item.PROTOCOL == "https" and THEMES_REPOS is defined
with_items: THEMES_REPOS
tags:
- install
- install:code
- name: remove read-only ssh key
file:
dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
state: absent
when: THEMES_REPOS is defined
with_items: THEMES_REPOS
tags:
- install
- install:code
playbooks/roles/edx_service/meta/main.yml
......@@ -18,3 +18,14 @@
# my_role_var0: "foo"
# my_role_var1: "bar"
# }
dependencies:
- role: add-user
user_name: "{{ edx_service_name }}"
user_home: "{{ edx_service_home }}"
group_name: "{{ common_web_group }}"
- role: git-clone
repo_owner: "{{ edx_service_user }}"
repo_group: "{{ edx_service_user }}"
GIT_REPOS: "{{ edx_service_repos }}"
git_home: "{{ edx_service_home }}"
playbooks/roles/edx_service/tasks/main.yml
......@@ -43,25 +43,10 @@
# debian: [ pkg1, pkg2, pkg3 ]
# redhat: [ pkg4, pkg5 ]
#
# Generating an ssh key so service users can do a git
# clone over ssh for public repositories without any
# additional configuration
- name: create application user
user: >
name="{{ edx_service_name }}"
home="{{ edx_service_home }}"
createhome=yes
shell=/bin/false
generate_ssh_key=yes
tags:
- install
- install:base
# Assumes that the home directory has been created above.
# In some cases(vagrant boxes) the home directory gets created
# but does not have the corrent owner and group. In vagrant for
# example we were seeing it defaulting it to `root` for both.
# example we were seeing it defaulting to `root` for both.
# The item that is a blank string("") ensures the ownership
# of the home directory is always correct before proceeding.
- name: create edx_service app, venv, data, and staticfiles dirs
......@@ -135,58 +120,6 @@
- install
- install:system-requirements
- name: set git fetch.prune to ignore deleted remote refs
shell: git config --global fetch.prune true
sudo_user: "{{ edx_service_user }}"
when: edx_service_repos is defined
tags:
- install
- install:code
- name: validate git protocol
fail: msg='REPOS.PROTOCOL must be "https" or "ssh"'
when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and edx_service_repos is defined
with_items: edx_service_repos
tags:
- install
- install:code
- name: install read-only ssh key
copy: >
dest="{{ edx_service_home }}/.ssh/{{ item.REPO }}"
content="{{ item.SSH_KEY }}" owner={{ edx_service_user }}
group={{ edx_service_user }} mode=0600
when: item.PROTOCOL == "ssh" and edx_service_repos is defined
with_items: edx_service_repos
tags:
- install
- install:code
- name: checkout code over ssh
git_2_0_1: >
repo=git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}
dest={{ item.DESTINATION }} version={{ item.VERSION }}
accept_hostkey=yes key_file={{ edx_service_home }}/.ssh/{{ item.REPO }}
sudo_user: "{{ edx_service_user }}"
register: code_checkout
when: item.PROTOCOL == "ssh" and edx_service_repos is defined
with_items: edx_service_repos
tags:
- install
- install:code
- name: checkout code over https
git_2_0_1: >
repo=https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}
dest={{ item.DESTINATION }} version={{ item.VERSION }}
sudo_user: "{{ edx_service_user }}"
register: code_checkout
when: item.PROTOCOL == "https" and edx_service_repos is defined
with_items: edx_service_repos
tags:
- install
- install:code
- name: get instance information
action: ec2_facts
tags:
......
playbooks/roles/git-clone/defaults/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Defaults for role git-clone
#
playbooks/roles/git-clone/tasks/main.yml 0 → 100644
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
#
#
# Tasks for role git-clone
#
# Overview:
#
# This role performs the repetitive tasks that most edX roles
# require in our default configuration.
#
#
- name: set git fetch.prune to ignore deleted remote refs
shell: git config --global fetch.prune true
sudo_user: "{{ repo_owner }}"
when: GIT_REPOS is defined
tags:
- install
- install:code
- name: validate git protocol
fail: msg='GIT_REPOS.PROTOCOL must be "https" or "ssh"'
when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and GIT_REPOS is defined
with_items: GIT_REPOS
tags:
- install
- install:code
- name: install read-only ssh key
copy:
dest: "{{ git_home }}/.ssh/{{ item.REPO }}"
content: "{{ item.SSH_KEY }}"
owner: "{{ repo_owner }}"
group: "{{ repo_group }}"
mode: 0600
when: item.PROTOCOL == "ssh" and GIT_REPOS is defined
with_items: GIT_REPOS
tags:
- install
- install:code
- name: checkout code over ssh
git_2_0_1:
repo: "git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}"
dest: "{{ item.DESTINATION }}"
version: "{{ item.VERSION }}"
accept_hostkey: yes
key_file: "{{ git_home }}/.ssh/{{ item.REPO }}"
sudo_user: "{{ repo_owner }}"
register: code_checkout
when: item.PROTOCOL == "ssh" and GIT_REPOS is defined
with_items: GIT_REPOS
tags:
- install
- install:code
- name: checkout code over https
git_2_0_1:
repo: "https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}"
dest: "{{ item.DESTINATION }}"
version: "{{ item.VERSION }}"
sudo_user: "{{ repo_owner }}"
register: code_checkout
when: item.PROTOCOL == "https" and GIT_REPOS is defined
with_items: GIT_REPOS
tags:
- install
- install:code
- name: remove read-only ssh key
file:
dest: "{{ git_home }}/.ssh/{{ item.REPO }}"
state: absent
when: GIT_REPOS is defined
with_items: GIT_REPOS
tags:
- install
- install:code
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment