Merge pull request #194 from edx/e0d/notifier

E0d/notifier

Merge pull request #194 from edx/e0d/notifier
E0d/notifier
354f0030 · e0d · b8045c7f · 6f2c1362 · 354f0030 · 354f0030
Commit 354f0030 authored Aug 02, 2013 by e0d
12 changed files
--- a/playbooks/roles/common/tasks/create_github_users.yml
+++ b/playbooks/roles/common/tasks/create_github_users.yml
+---
+
+# Overview:
+# 
+# Creates OS accounts for users based on their github credential.
+# Expects to find a list in scope named github_users with
+# the following structure:
+#
+# github_users:
+#   - user: me_at_github
+#     groups:
+#     - adm
+#   - user: otheruser
+#     groups: 
+#     - users
+#
+
+- name: common | create local user for github user
+  user: 
+    name={{ item.user }} 
+    {% if item.groups %}groups={{ ",".join(item.groups) }}{% endif %}
+    shell=/bin/bash
+  with_items: github_users
+  tags:
+    - users
+    - update
+
+- name: common | create .ssh directory
+  file: 
+    path=/home/{{ item.user }}/.ssh state=directory mode=0600 
+    owner={{ item.user }} group={{ item.user }}
+  with_items: github_users
+  tags:
+    - users
+    - update
+
+- name: common | copy github key[s] to .ssh/authorized_keys
+  get_url: 
+    url=https://github.com/{{ item.user }}.keys 
+    dest=/home/{{ item.user }}/.ssh/authorized_keys mode=0600 
+    owner={{ item.user }} group={{ item.user }}
+  with_items: github_users
+  tags:
+    - users
+    - update
\ No newline at end of file
--- a/playbooks/roles/common/tasks/create_users.yml
+++ b/playbooks/roles/common/tasks/create_users.yml
@@ -56,4 +56,3 @@
  - users
  - admin_users
  - update
-
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
 ---
 - include: create_users.yml
+- include: create_github_users.yml

 - name: common | Add user www-data
  # This user should be created on the system by default

--- a/playbooks/roles/notifier/files/git_ssh.sh
+++ b/playbooks/roles/notifier/files/git_ssh.sh
+#!/bin/sh
+exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"
--- a/playbooks/roles/notifier/handlers/main.yml
+++ b/playbooks/roles/notifier/handlers/main.yml
+---
+
+##
+## for future compliance, when the API comes on line.
+##
+- name: notifier | restart the notifier service
+  service: name=notifier state=restarted
+
--- a/playbooks/roles/notifier/tasks/deploy.yml
+++ b/playbooks/roles/notifier/tasks/deploy.yml
+#
+# TODO: Needed while this repo is private
+#
+- name: notifier | upload ssh script
+  copy: 
+    src=git_ssh.sh dest=/tmp/git_ssh.sh 
+    force=yes owner=root group=adm mode=750
+  tags:
+  - notifier
+  - install
+  - update
+
+#
+# TODO: Needed while this repo is private
+#
+- name: notifier | install read-only ssh key required for checkout
+  copy: 
+    src={{ notifier_git_identity_path }} dest=/etc/git-identity 
+    force=yes owner=ubuntu group=adm mode=60
+  tags:
+  - deploy
+  - install
+  - update
+
+- name: notifier | checkout code
+  git: 
+    dest={{ notifier_code_dir }} repo={{ notifier_source_repo }} 
+    version={{ notifier_version }}
+  environment:
+    GIT_SSH: /tmp/git_ssh.sh
+  tags:
+    - deploy
+    - install
+    - update
+
+#
+# TODO: Needed while this repo is private
+#
+- name: notifier | update src permissions
+  file: 
+    path={{ notifier_code_dir }} state=directory owner={{ notifier_user }} 
+    group={{ notifier_user }} mode=2750 recurse=yes
+  tags:
+  - deploy
+  - install
+  - update
+
+#
+# TODO: Needed while this repo is private
+#
+- name: notifier | remove read-only ssh key for the content repo
+  file: path=/etc/git-identity state=absent
+  tags:
+  - deploy
+  - install
+  - update
+
+#
+# TODO: Needed while this repo is private
+#
+- name: notifier | remove ssh script
+  file: path=/tmp/git_ssh.sh state=absent
+  tags:
+  - deploy
+  - install
+  - update
+
+- name: notifier | install application requirements
+  pip: 
+    requirements="{{ notifier_requirements_file }}" 
+    virtualenv="{{ notifier_venv_dir }}" state=present
+  sudo: true  
+  sudo_user: "{{ notifier_user }}"
+  tags:
+  - deploy
+  - install
+  - update
\ No newline at end of file
--- a/playbooks/roles/notifier/tasks/main.yml
+++ b/playbooks/roles/notifier/tasks/main.yml
+---
+
+#
+# notifier
+# 
+# Overview:
+# 
+# Provides the edX notifier service, a service for sending 
+# notifications over messaging protocols.
+#
+# Dependencies:
+#
+#   * common
+# 
+# Example play:
+#   roles:
+#   - common
+#   - notifier
+#
+- name: notifier | install notifier specific system packages
+  apt: pkg={{','.join(notifier_debian_pkgs)}} state=present
+  tags:
+  - notifier
+  - install
+  - update
+
+- name: common | create incommon ca directory
+  file: 
+    path="/usr/share/ca-certificates/incommon" mode=2775 state=directory
+  tags:
+  - notifier
+  - install
+  - update
+  - ubuntu
+
+- name: common | retrieve incommon server CA
+  shell: curl https://www.incommon.org/cert/repository/InCommonServerCA.txt -o /usr/share/ca-certificates/incommon/InCommonServerCA.crt
+  tags:
+  - notifier
+  - install
+  - update
+  - ubuntu
+
+- name: common | add InCommon ca cert
+  lineinfile:
+    dest=/etc/ca-certificates.conf
+    regexp='incommon/InCommonServerCA.crt'    
+    line='incommon/InCommonServerCA.crt'
+  tags:
+  - notifier
+  - install
+  - update
+  - ubuntu
+
+- name: common | update ca certs globally
+  shell: update-ca-certificates
+  tags:
+  - notifier
+  - install
+  - update
+  - ubuntu
+
+- name: notifier | create notifier user {{ notifier_user }}
+  user: 
+    name={{ notifier_user }} state=present shell=/bin/bash 
+    home={{ notifier_home }} createhome=yes
+  tags:
+  - notifier
+  - install
+  - update
+
+- name: notifier | setup the notifier env
+  template: 
+    src=notifier_env.j2 dest={{ notifier_home }}/notifier_env 
+    owner="{{ notifier_user }}" group="{{ notifier_user }}"
+  tags:
+  - notifier
+  - install
+  - update
+
+- name: notifier | drop a bash_profile
+  copy: >
+    src=../../common/files/bash_profile 
+    dest={{ notifier_home }}/.bash_profile 
+    owner={{ notifier_user }} 
+    group={{ notifier_user }}
+
+
+- name: notifier | ensure .bashrc exists
+  shell: touch {{ notifier_home }}/.bashrc
+  sudo: true  
+  sudo_user: "{{ notifier_user }}"
+  tags:
+  - notifier
+  - install
+  - update
+
+- name: notifier | add source of notifier_env to .bashrc
+  lineinfile:
+    dest={{ notifier_home }}/.bashrc
+    regexp='. {{ notifier_home }}/notifier_env'    
+    line='. {{ notifier_home }}/notifier_env'
+  tags:
+  - notifier
+  - install
+  - update
+
+- name: notifier | add source venv to .bashrc
+  lineinfile:
+    dest={{ notifier_home }}/.bashrc
+    regexp='. {{ notifier_venv_dir }}/bin/activate'    
+    line='. {{ notifier_venv_dir }}/bin/activate'
+  tags:
+  - notifier
+  - install
+  - update
+
+- include: deploy.yml
\ No newline at end of file
--- a/playbooks/roles/notifier/templates/notifier.conf.j2
+++ b/playbooks/roles/notifier/templates/notifier.conf.j2
+description "Notifier Service"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+setuid {{ notifier_web_user }}
+
+env PID=/var/tmp/notifier_service.pid
+
+chdir {{ notifier_code_dir }}
+
+exec {{ notifier_home }}/src/manage.py runserver	
\ No newline at end of file
--- a/playbooks/roles/notifier/templates/notifier_env.j2
+++ b/playbooks/roles/notifier/templates/notifier_env.j2
+# Application Environment
+export NOTIFIER_ENV="{{ notifier_env }}"
+
+# email settings independent of transport
+export EMAIL_BACKEND="{{ notifier_email_backend }}"
+export EMAIL_HOST="{{ notifier_email_host }}"
+export EMAIL_PORT="{{ notifer_email_port }}"
+export EMAIL_HOST_USER="{{ notifer_email_user }}"
+export EMAIL_HOST_PASSWORD="{{ notifier_email_pass }}"
+export EMAIL_DOMAIN="{{ notifier_email_domain }}"
+export EMAIL_REWRITE_RECIPIENT="{{ notifer_email_rewrite_recipient }}"
+
+# LMS links, images, etc
+export LMS_URL_BASE="{{ notifier_lms_url_base }}"
+export SECRET_KEY="{{ notifier_lms_secret_key }}"
+
+# Comments Service Endpoint, for digest pulls
+export CS_URL_BASE="{{ notifier_comment_service_base }}"
+export CS_API_KEY="{{ notifier_comment_service_api_key }}"
+
+# User Service Endpoint, for notification prefs
+export US_URL_BASE="{{ notifier_user_service_base }}"
+export US_API_KEY="{{ notifier_user_service_api_key }}"
+
+# celery
+export BROKER_URL="{{ notifier_celery_broker_url }}"
+
+# have requests use the OS ca certs
+export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+
+# basic auth credentils
+export US_HTTP_AUTH_USER="{{ notifier_user_service_http_auth_user }}"
+export US_HTTP_AUTH_PASS="{{ notifier_user_service_http_auth_pass }}"
--- a/playbooks/roles/notifier/vars/main.yml
+++ b/playbooks/roles/notifier/vars/main.yml
+---
+
+notifier_user: "notifier"
+notifier_web_user: "www-user"
+notifier_home: "/opt/wwc/notifier"
+notifier_venv_dir: "{{ notifier_home }}/virtualenvs/notifier"
+notifier_source_repo: "git@github.com:edx/notifier.git"
+notifier_code_dir: "{{ notifier_home }}/src"
+notifier_version: "rc/digests"
+notifier_git_identity_path: "{{ secure_dir }}/files/git-identity"
+notifier_requirements_file: "{{ notifier_code_dir }}/requirements.txt"
+
+notifier_env: "Development"
+
+notifier_email_backend: "console"
+notifier_email_host: "localhost"
+notifier_email_port: 25
+notifier_email_user: ""
+notifier_email_pass: ""
+notifier_email_host: ""
+
+
+notifier_email_domain: "notifications.edx.org"
+notifier_email_rewrite_recipient: ""
+
+notifier_lms_url_base: "http://localhost:8000"
+notifier_lms_secret_key: "PUT_YOUR_SECRET_KEY_HERE"
+
+notifier_comment_service_base: "http://localhost:4567"
+2notifier_comment_service_api_key: "PUT_YOUR_API_KEY_HERE"
+
+notifier_user_service_base: "http://localhost:8000"
+notifier_user_service_api_key: "PUT_YOUR_API_KEY_HERE"
+notifier_user_service_http_auth_user: "guido"
+notifier_user_service_http_auth_pass: "vanrossum"
+notifier_celery_broker_url: "django://"
+
+notifier_debian_pkgs:
+  - apparmor-utils
+  - build-essential
+  - curl
+  - g++
+  - gcc
+  - ipython
+  - pkg-config
+  - rsyslog
\ No newline at end of file
--- a/playbooks/roles/virtualenv/tasks/main.yml
+++ b/playbooks/roles/virtualenv/tasks/main.yml
+---
+
+# virtualenv
+#
+# Overview:
+#
+# Creates the edX standard virtual env associated with 
+# a particular service account.  The name of the account, the
+# path to the accounts home directory and the name of the 
+# virtualenv are provided as parameters.
+# 
+# Dependencies:
+#
+#   * common
+# 
+# Example play:
+#
+#   roles:
+#   - common
+#   - role: virtualenv
+#     virtualenv_user: "{{ user }}"
+#     virtualenv_user_home: "{{ user_home }}"
+#     virtualenv_name: "{{ name }}"
+#
+# Parameters:
+#  
+#   * virtualenv_user
+#   * virtualenv_user_home
+#   * virtualenv_name
+#
+
+- fail: virtualenv_user required for role
+  when: virtualenv_user is not defined
+
+- fail: virtualenv_user_home required for role
+  when: virtualenv_user_home is not defined
+
+- fail: virtualenv_name required for role
+  when: virtualenv_name is not defined
+
+- name: virtualenv | create {{ virtualenv_user_home }}
+  # workaround for the case where the parent
+  # directory doesn't exist
+  file: >
+    path={{ virtualenv_user_home }} 
+    state=directory
+  tags: 
+    - install
+    - update
+
+- name: virtualenv | create virtualenv user {{ virtualenv_user }}
+  user: >
+    name={{ virtualenv_user }} 
+    state=present 
+    shell=/bin/bash 
+    home={{ virtualenv_user_home }}
+    createhome=yes
+  tags:
+  - install
+  - update
+
+- name: virtualenv | ensure homedir permissions {{ virtualenv_user_home }}
+  # workaround for the case where the parent
+  # directory doesn't exist
+  file: >
+    path={{ virtualenv_user_home }} 
+    owner={{ virtualenv_user }}
+    group={{ virtualenv_user }}
+    state=directory
+  tags:
+    - install
+    - update
+
+- name: virtualenv | install pre-requisities
+  apt: pkg={{','.join(virtualenv_apt_pkgs)}} install_recommends=yes state=present update_cache=yes
+  tags:
+  - install
+  - update
+
+- name: virtualenv | pip install virtualenv
+  pip: name=virtualenv state=latest
+  with_items: virtualenv_python_pkgs
+  tags:
+  - install
+  - update
+
+- name: virtualenv | create virtualenv directory
+  file: 
+    path="{{ virtualenv_user_home }}/virtualenvs/{{ virtualenv_name }}" owner={{ virtualenv_user }} 
+    group={{ virtualenv_user }}  mode=2775 state=directory recurse=yes
+  tags:
+  - install
+  - update
+
+- name: virtualenv | create the virtualenv directory initial contents
+  command: 
+    /usr/local/bin/virtualenv "{{ virtualenv_user_home }}/virtualenvs/{{ virtualenv_name }}" --distribute 
+    creates="{{ virtualenv_user_home }}/virtualenvs/{{ virtualenv_name }}/bin/activate"
+  sudo: yes
+  sudo_user: "{{ virtualenv_user }}"
+  tags:
+  - install
+  - update
+
+- name:  virtualenv | pip install gunicorn
+  pip: 
+    name=gunicorn virtualenv="{{ virtualenv_user_home }}/virtualenvs/{{ virtualenv_name }}" 
+    state=present
+  sudo: yes
+  sudo_user: "{{ virtualenv_user }}"
+  tags:
+  - install
+  - update
\ No newline at end of file
--- a/playbooks/roles/virtualenv/vars/main.yml
+++ b/playbooks/roles/virtualenv/vars/main.yml
+---
+
+virtualenv_apt_pkgs:
+  - python2.7
+  - python-pip
+  - python2.7-dev
+
+virtualenv_python_pkgs:
+  - virtualenv
+  - virtualenvwrapper
\ No newline at end of file