Skip to content

C
configuration
Commit 1a7b4b63 by John Jarvis
Options

updating the meta files for as and edxapp

parent d4f78ef6
Showing with 28 additions and 22 deletions
playbooks/roles/analytics-server/defaults/main.yml
......@@ -19,6 +19,9 @@ AS_SERVER_PORT: '9000'
AS_ENV_LANG: 'en_US.UTF-8'
AS_LOG_LEVEL: 'INFO'
AS_WORKERS: '4'
# add public keys to enable the automator user
# for running manage.py commands
AS_AUTOMATOR_AUTHORIZED_KEYS: []
DATABASES:
default: &databases_default
......
playbooks/roles/analytics-server/meta/main.yml
---
dependencies:
- {
role: automated,
automated_rbash_links: $as_automated_rbash_links,
autmoated_sudoers_dest: '99-automator-analytics-server',
automated_sudoers_template: 'roles/analytics-server/templates/etc/sudoers.d/99-automator-analytics-server.j2'
}
- role: user
name: automator
sudoers_template: '99-automator-analytics.j2'
user_authorized_keys: "{{ AS_AUTOMATOR_AUTHORIZED_KEYS }}"
rbash_links: "{{ as_automated_rbash_links }}"
when: AS_AUTOMATOR_AUTHORIZED_KEYS|length != 0
playbooks/roles/edxapp/defaults/main.yml
......@@ -123,12 +123,8 @@ EDXAPP_PYTHON_SANDBOX: false
# it puts the sandbox in 'complain' mode, for reporting but not enforcement
EDXAPP_SANDBOX_ENFORCE: true
# Supply authorized keys used for remote management via the automated
# role, see meta/main.yml. Ensure you know what this does before
# enabling. The boolean flag determines whether the role is included.
# This is done to make it possible to disable remote access easily by
# setting the flag to true and providing an empty array.
EDXAPP_INCLUDE_AUTOMATOR_ROLE: false
# Supply authorized keys used for remote management via the user
# role.
EDXAPP_AUTOMATOR_AUTHORIZED_KEYS: []
EDXAPP_USE_GIT_IDENTITY: false
......
playbooks/roles/edxapp/meta/main.yml
......@@ -6,8 +6,8 @@ dependencies:
rbenv_dir: "{{ edxapp_app_dir }}"
rbenv_ruby_version: "{{ edxapp_ruby_version }}"
- devpi
- role: automated
user_rbash_links: "{{ edxapp_automated_rbash_links }}"
user_sudoers_template: 'roles/edxapp/templates/etc/sudoers.d/99-automator-edxapp-server.j2'
- role: user
name: automator
sudoers_template: '99-edxapp-manage-cmds.j2'
user_authorized_keys: "{{ EDXAPP_AUTOMATOR_AUTHORIZED_KEYS }}"
when: EDXAPP_INCLUDE_AUTOMATOR_ROLE
when: EDXAPP_AUTOMATOR_AUTHORIZED_KEYS|length != 0
playbooks/roles/user/tasks/main.yml
......@@ -144,9 +144,9 @@
with_items: user_info
- name: create sudoers file from template
copy:
template:
dest=/etc/sudoers.d/{{ item.sudoers_template|basename|replace('.j2','') }}
src={{ item.sudoers_template }} owner="root"
src=etc/sudoers.d/{{ item.sudoers_template }} owner="root"
group="root" mode=0440 validate='visudo -cf %s'
when: item.restricted is defined and item.sudoers_template is defined
with_items: user_info
......@@ -168,9 +168,10 @@
- name: create allowed command links
file:
src={{ item[1] }} dest=/home/{{ item[0] }}/bin/{{ item.[1]|basename }}
state=link
when: when item[0].restricted is defined
src: "{{ item[1] }}"
dest: "/home/{{ item[0].name }}/bin/{{ item[1]|basename }}"
state: link
when: item[0].restricted is defined
with_nested:
- user_info
- user_rbash_links
playbooks/roles/user/templates/etc/sudoers.d/99-analytics-manage-cmds.j2 0 → 100644
{{ item.user }} ALL=({{ analytics_web_user }}) NOPASSWD:SETENV:{{ analytics_venv_dir }}/bin/django-admin.py run_all_queries *
playbooks/roles/user/templates/etc/sudoers.d/99-edxapp-manage-cmds.j2 0 → 100644
{{ item.name }} ALL=({{ common_web_user }}) NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py migrate *
{{ item.name }} ALL=({{ common_web_user }}) NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py seed_permissions_roles *
{{ item.name }} ALL=({{ common_web_user }}) NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py set_staff *
{{ item.name }} ALL=({{ common_web_user }}) NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py transfer_students *
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment