Users and application configuration

* Created new directory structure outlined in the README * Created the LMS role which for now just creates teh application config files * Created the common role * Updated the cf playbook to accept arguments

Users and application configuration
* Created new directory structure outlined in the README * Created the LMS role which for now just creates teh application config files * Created the common role * Updated the cf playbook to accept arguments
1c2d4487 · John Jarvis · 704dc309 · 1c2d4487 · 1c2d4487 · 1c2d4487
Commit 1c2d4487 authored Apr 20, 2013 by John Jarvis
23 changed files
--- a/playbooks/ansible.cfg
+++ b/playbooks/ansible.cfg
+# config file for ansible -- http://ansible.github.com
+# nearly all parameters can be overridden in ansible-playbook or with command line flags
+# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first
+
+[defaults]
+
+jinja2_extensions=jinja2.ext.do
+hash_behaviour=merge
--- a/playbooks/cloudformation.yaml
+++ b/playbooks/cloudformation.yaml
@@ -31,15 +31,15 @@
  tasks:
  - name: edX configuration
    cloudformation: >
-      stack_name="ansible-cloudformation" state=present
+      stack_name="$name" state=present
      region=us-east-1 disable_rollback=false
      template=files/edx-server-ubuntu-configuration.json
    args:
      template_parameters:
-        KeyName: deployment
+        KeyName: $key
        InstanceType: m1.small
-        NameTag: edx-ec2
-        GroupTag: edx-group
+        NameTag: $name
+        GroupTag: $group
    register: stack
  - name: show stack outputs
    debug: msg="My stack outputs are ${stack.stack_outputs}"
--- a/playbooks/edxapp_custom.yml
+++ b/playbooks/edxapp_custom.yml
+- hosts: tag_group_cfn-edxapp-jarv
+  vars_files:
+    - "vars/lms_vars.yml"
+    - "vars/secure/edxapp_stage_vars.yml"
+    - "vars/secure/edxapp_custom_vars.yml"
+    - "vars/secure/users.yml"
+    - "vars/secure/edxapp_stage_users.yml"
+  roles:
+    - common
+    - lms
--- a/playbooks/edxapp_prod.yml
+++ b/playbooks/edxapp_prod.yml
+- hosts: tag_group_cfn-edxapp-jarv
+  vars_files:
+    - "vars/lms_vars.yml"
+    - "vars/secure/edxapp_prod_vars.yml"
+  roles:
+    - common
+    - lms
--- a/playbooks/edxapp_stage.yml
+++ b/playbooks/edxapp_stage.yml
+- hosts: tag_Group_edxapp_stage
+  vars_files:
+    - "vars/lms_vars.yml"
+    - "vars/secure/edxapp_stage_vars.yml"
+    - "vars/secure/users.yml"
+    - "vars/secure/edxapp_stage_users.yml"
+  roles:
+    - common
+    - lms
--- a/playbooks/group_vars/README.md
+++ b/playbooks/group_vars/README.md
+After EC2 discovery variables in the files that match any 
+of the discovered groups will be set.
+
+For convenience a single variable is set
+for every Group tag for conditional task execution.
--- a/playbooks/group_vars/tag_Group_edxapp_prod
+++ b/playbooks/group_vars/tag_Group_edxapp_prod
+---
+edxapp_prod: true
--- a/playbooks/group_vars/tag_Group_edxapp_stage
+++ b/playbooks/group_vars/tag_Group_edxapp_stage
+---
+edxapp_stage: true
--- a/playbooks/keys/frank.key
+++ b/playbooks/keys/frank.key
+ssh-rsa ASFDG frank@somehost
+ssh-rsa GHJKL frank@anotherhost
--- a/playbooks/keys/joe.key
+++ b/playbooks/keys/joe.key
+ssh-rsa ASFDG joe@somehost
+ssh-rsa GHJKL joe@notherhost
--- a/playbooks/roles/common/tasks/create_users.yml
+++ b/playbooks/roles/common/tasks/create_users.yml
+---
+- name: Creating admin users
+  user: name={{ item.user }} groups={{ ",".join(item.groups) }}
+  sudo: True
+  with_items: admin_users
+- name: Copying ssh keys for admin users
+  authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
+  sudo: True
+  with_items: admin_keys
+- name: Creating env users
+  user: name={{ item.user }} groups={{ ",".join(item.groups) }}
+  sudo: True
+  with_items: env_users
+- name: Copying ssh keys for env users
+  authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
+  sudo: True
+  with_items: env_keys
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
+---
+- include: create_users.yml
+- name: Create application root
+  sudo: True
+  action: file path=/opt/wwc state=directory owner=root group=root
+- name: Create log directory
+  sudo: True
+  action: file path=/mnt/logs state=directory
--- a/playbooks/roles/lms/tasks/main.yml
+++ b/playbooks/roles/lms/tasks/main.yml
+---
+- name: create lms application config
+  action: template src=env.json.j2 dest=/opt/wwc/lms-env.json
+  sudo: True
+- name: create lms auth file
+  action: template src=auth.json.j2 dest=/opt/wwc/lms-auth.json
+  sudo: True
--- a/playbooks/roles/lms/templates/auth.json.j2
+++ b/playbooks/roles/lms/templates/auth.json.j2
+{{ auth_config | to_nice_json }}
--- a/playbooks/roles/lms/templates/env.json.j2
+++ b/playbooks/roles/lms/templates/env.json.j2
+{{ env_config | to_nice_json }}
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
+- include: edxapp.yml
--- a/playbooks/vars/lms_vars.yml
+++ b/playbooks/vars/lms_vars.yml
+---
+auth_config:
+  'CONTENTSTORE':
+    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
+  'MODULESTORE':
+    'default':
+      'ENGINE':  'xmodule.modulestore.mongo.MongoModuleStore'
+ 
+env_config:
+  'CACHES':
+    'default':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+    'general':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+    'mongo_metadata_inheritance':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+      'TIMEOUT': 300
+    'staticfiles':
+      'BACKEND':  'django.core.cache.backends.memcached.MemcachedCache'
+      'KEY_FUNCTION':  'util.memcache.safe_key'
+  'CERT_QUEUE':  'certificates'
+  'COURSE_LISTINGS':
+    'default': ['MITx/6.002x/2012_Fall']
+    'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
+    'stage-harvard': [ 'HarvardX/CS50/2012H']
+    'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
+    'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
+    'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
+  'LOCAL_LOGLEVEL':  'INFO'
+  'META_UNIVERSITIES':
+    'UTx': [ 'UTAustinX']
+  'MITX_FEATURES': { 'AUTH_USE_OPENID_PROVIDER': true,
+    'CERTIFICATES_ENABLED': true,  'ENABLE_DISCUSSION_SERVICE': true,
+    'ENABLE_INSTRUCTOR_ANALYTICS': true,  'ENABLE_PEARSON_HACK_TEST': true,
+    'SUBDOMAIN_BRANDING': true,  'SUBDOMAIN_COURSE_LISTINGS': true}
+  'SUBDOMAIN_BRANDING': { 'stage-berkeley':  'BerkeleyX',
+    'stage-harvard':  'HarvardX',  'stage-mit':  'MITx',
+    'stage-num':  'MITx',  'stage-sjsu':  'MITx'}
+  'VIRTUAL_UNIVERSITIES': []
+  'WIKI_ENABLED': true
--- a/playbooks/vars/secure/README.md
+++ b/playbooks/vars/secure/README.md
+This is an example secure/ data which would normally have passwords and sensitive bits
--- a/playbooks/vars/secure/edxapp_custom_vars.yml
+++ b/playbooks/vars/secure/edxapp_custom_vars.yml
+---
+auth_config:
+  'DATABASES':
+    'default': { 'ENGINE':  'custom',
+      'HOST':  'custom',  'NAME':  'custom',
+      'PASSWORD':  'custom',  'PORT': 0000,
+      'USER':  'custom'}
--- a/playbooks/vars/secure/edxapp_prod_vars.yml
+++ b/playbooks/vars/secure/edxapp_prod_vars.yml
+---
+auth_config:
+  'ANALYTICS_API_KEY':  'hidden-prod'
+  'AWS_ACCESS_KEY_ID':  'hidden-prod'
+  'AWS_SECRET_ACCESS_KEY':  'hidden-prod'
+  'CONTENTSTORE':
+    'OPTIONS':
+      'db':  'hidden-prod'
+      'host': [ 'hidden-prod',  'hidden-prod']
+      'password':  'hidden-prod'
+      'port': 0000 
+      'user':  'hidden-prod'
+  'DATABASES':
+    'default': { 'ENGINE':  'hidden-prod',
+      'HOST':  'hidden-prod',  'NAME':  'hidden-prod',
+      'PASSWORD':  'hidden-prod',  'PORT': 0000,
+      'USER':  'hidden-prod'}
+  'MODULESTORE':
+    'default':
+      'OPTIONS':
+        'collection':  'hidden-prod'
+        'db':  'hidden-prod'
+        'default_class':  'hidden-prod'
+        'fs_root':  'hidden-prod'
+        'host': [ 'hidden-prod',  'hidden-prod']
+        'password':  'hidden-prod'
+        'port': 0000
+        'render_template':  'hidden-prod'
+        'user':  'hidden-prod'
+  'OPEN_ENDED_GRADING_INTERFACE': { 'hidden-prod':  'hidden-prod',
+    'password':  'hidden-prod',  'hidden-prod':  'hidden-prod',
+    'staff_grading':  'hidden-prod',  'hidden-prod':  'hidden-prod',
+    'username':  'hidden-prod'}
+  'PEARSON_TEST_PASSWORD':  'hidden-prod'
+  'SECRET_KEY':  'hidden-prod'
+  'XQUEUE_INTERFACE':
+    'basic_auth': [ 'hidden-prod',  'hidden-prod']
+    'django_auth': { 'password':  'hidden-prod',
+      'username':  'hidden-prod'}
+    'url':  'hidden-prod'
+ 
+env_config:
+  'SYSLOG_SERVER':  'hidden-prod'
+  'SITE_NAME':  'hidden-prod'
+  'LOG_DIR':  'hidden-prod'
+  'MEDIA_URL':  'hidden-prod'
+  'BOOK_URL':  'hidden-prod'
+  'ANALYTICS_SERVER_URL':  'hidden-prod'
+  'CACHES':
+    'default':
+      'KEY_PREFIX':  'hidden-prod'
+      'LOCATION': [ 'hidden-prod',
+        'hidden-prod']
+    'general':
+      'KEY_PREFIX':  'hidden-prod'
+      'LOCATION': [ 'hidden-prod',
+        'hidden-prod']
+    'mongo_metadata_inheritance':
+      'KEY_PREFIX':  'hidden-prod'
+      'LOCATION': [ 'hidden-prod',
+        'hidden-prod']
+    'staticfiles':
+      'KEY_PREFIX':  'hidden-prod'
+      'LOCATION': [ 'hidden-prod',
+        'hidden-prod']
+  'COMMENTS_SERVICE_URL':  'hidden-prod'
+  'LOGGING_ENV':  'hidden-prod'
+  'SESSION_COOKIE_DOMAIN':  'hidden-prod'
+  'COMMENTS_SERVICE_KEY':  'hidden-prod'
--- a/playbooks/vars/secure/edxapp_stage_users.yml
+++ b/playbooks/vars/secure/edxapp_stage_users.yml
+# these user lists cannot be merged
+# because they are not hashes
+
+env_users:
+- user: frank
+  email: frank@example.com
+  groups:
+  - adm
+
+env_keys:
+- user: frank
+  path: keys/frank.key
--- a/playbooks/vars/secure/edxapp_stage_vars.yml
+++ b/playbooks/vars/secure/edxapp_stage_vars.yml
+---
+auth_config:
+  'ANALYTICS_API_KEY':  'hidden-stage'
+  'AWS_ACCESS_KEY_ID':  'hidden-stage'
+  'AWS_SECRET_ACCESS_KEY':  'hidden-stage'
+  'CONTENTSTORE':
+    'OPTIONS':
+      'db':  'hidden-stage'
+      'host': [ 'hidden-stage',  'hidden-stage']
+      'password':  'hidden-stage'
+      'port': 0000 
+      'user':  'hidden-stage'
+  'DATABASES':
+    'default': { 'ENGINE':  'hidden-stage',
+      'HOST':  'hidden-stage',  'NAME':  'hidden-stage',
+      'PASSWORD':  'hidden-stage',  'PORT': 0000,
+      'USER':  'hidden-stage'}
+  'MODULESTORE':
+    'default':
+      'OPTIONS':
+        'collection':  'hidden-stage'
+        'db':  'hidden-stage'
+        'default_class':  'hidden-stage'
+        'fs_root':  'hidden-stage'
+        'host': [ 'hidden-stage',  'hidden-stage']
+        'password':  'hidden-stage'
+        'port': 0000
+        'render_template':  'hidden-stage'
+        'user':  'hidden-stage'
+  'OPEN_ENDED_GRADING_INTERFACE': { 'hidden-stage':  'hidden-stage',
+    'password':  'hidden-stage',  'hidden-stage':  'hidden-stage',
+    'staff_grading':  'hidden-stage',  'hidden-stage':  'hidden-stage',
+    'username':  'hidden-stage'}
+  'PEARSON_TEST_PASSWORD':  'hidden-stage'
+  'SECRET_KEY':  'hidden-stage'
+  'XQUEUE_INTERFACE':
+    'basic_auth': [ 'hidden-stage',  'hidden-stage']
+    'django_auth': { 'password':  'hidden-stage',
+      'username':  'hidden-stage'}
+    'url':  'hidden-stage'
+ 
+env_config:
+  'SYSLOG_SERVER':  'hidden-stage'
+  'SITE_NAME':  'hidden-stage'
+  'LOG_DIR':  'hidden-stage'
+  'MEDIA_URL':  'hidden-stage'
+  'BOOK_URL':  'hidden-stage'
+  'ANALYTICS_SERVER_URL':  'hidden-stage'
+  'CACHES':
+    'default':
+      'KEY_PREFIX':  'hidden-stage'
+      'LOCATION': [ 'hidden-stage',
+        'hidden-stage']
+    'general':
+      'KEY_PREFIX':  'hidden-stage'
+      'LOCATION': [ 'hidden-stage',
+        'hidden-stage']
+    'mongo_metadata_inheritance':
+      'KEY_PREFIX':  'hidden-stage'
+      'LOCATION': [ 'hidden-stage',
+        'hidden-stage']
+    'staticfiles':
+      'KEY_PREFIX':  'hidden-stage'
+      'LOCATION': [ 'hidden-stage',
+        'hidden-stage']
+  'COMMENTS_SERVICE_URL':  'hidden-stage'
+  'LOGGING_ENV':  'hidden-stage'
+  'SESSION_COOKIE_DOMAIN':  'hidden-stage'
+  'COMMENTS_SERVICE_KEY':  'hidden-stage'
--- a/playbooks/vars/secure/users.yml
+++ b/playbooks/vars/secure/users.yml
+# administrator accounts, added to all roles
+admin_users:
+- user: joe
+  email: joe@example.com
+  groups:
+  - adm
+
+admin_keys:
+- user: joe
+  path: keys/joe.key