moving all nginx templates into the nginx role

removing nginx setup from individual roles

moving all nginx templates into the nginx role
removing nginx setup from individual roles
689fe8df · John Jarvis · 3b1faf4f · 689fe8df · 689fe8df · 689fe8df
Commit 689fe8df authored Oct 11, 2013 by John Jarvis
24 changed files
--- a/playbooks/roles/discern/defaults/main.yml
+++ b/playbooks/roles/discern/defaults/main.yml
@@ -6,7 +6,7 @@ discern_settings: discern.aws
 nltk_data_dir: /usr/share/nltk_data
 ease_branch: master
 discern_branch: dev
-nginx_listen_port: 80
+discern_nginx_port: 80
 gunicorn_port: 7999
 discern_user: discern
 site_name: discern
--- a/playbooks/roles/discern/handlers/main.yml
+++ b/playbooks/roles/discern/handlers/main.yml
@@ -4,6 +4,3 @@
 - name: discern | restart celery
  service: name=celery state=restarted
- name: discern | restart nginx
-  service: name=nginx state=restarted
--- a/playbooks/roles/discern/tasks/main.yml
+++ b/playbooks/roles/discern/tasks/main.yml
@@ -109,20 +109,3 @@
 #Have this separate from the other three because it doesn't take the noinput flag
 - name: discern | django update_index for discern
  shell: ${venv_dir}/bin/python {{discern_dir}}/manage.py update_index --settings={{discern_settings}} --pythonpath={{discern_dir}}
- name: discern | create nginx directory and set perms
-  file: path=/etc/nginx/sites-available owner=root group=edx mode=2775 state=directory
-#Install nginx sites available
-#remove default link, render template, link template to sites-enabled to activate
- name: discern | Removing default nginx config
-  file: path=/etc/nginx/sites-enabled/default state=absent
-  notify: discern | restart nginx
- name: discern | render nginx sites available
-  template: src=nginx-discern.j2 dest=/etc/nginx/sites-available/{{ site_name }}
-  notify: discern | restart nginx
- name: discern | Creating nginx config link {{ site_name }}
-  file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state=link owner=root group=root
-  notify: discern | restart nginx
--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -249,8 +249,7 @@ edxapp_lms_preview_app_address: 127.0.0.1
 # These vars are for creating the application json config
 # files.  There are two for each service that uses the
 # 'edx-platform' code.  Defining them will create the upstart
-# job and nginx configuration for the corresponding service.
+# job.  It will also enable the corresponding section in the
-# It will also enable the corresponding section in the
 # 'edxapp' upstart job.
 service_variants_enabled:

--- a/playbooks/roles/edxapp/tasks/cms.yml
+++ b/playbooks/roles/edxapp/tasks/cms.yml
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 ---
 - name: create cms application config
  template: src=cms.env.json.j2 dest=$app_base_dir/cms.env.json mode=640 owner=www-data group=adm
@@ -19,12 +18,6 @@
  - update
  - deploy
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms
-  when: celery_worker is not defined
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms-backend
-  when: celery_worker is not defined
 - name: Create CMS log target directory
  file: path={{log_base_dir}}/cms state=directory owner=syslog group=syslog mode=2750
  tags:

--- a/playbooks/roles/edxapp/tasks/lms-preview.yml
+++ b/playbooks/roles/edxapp/tasks/lms-preview.yml
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 ---
 - name: create lms application config
  template: src=lms-preview.env.json.j2 dest=$app_base_dir/lms-preview.env.json mode=640 owner=www-data group=adm
@@ -26,11 +25,5 @@
  - update
  - deploy
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview
-  when: celery_worker is not defined
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview-backend
-  when: celery_worker is not defined
 # Creates LMS Preview upstart file
 - include: upstart.yml basename=lms-preview
--- a/playbooks/roles/edxapp/tasks/lms.yml
+++ b/playbooks/roles/edxapp/tasks/lms.yml
@@ -24,12 +24,6 @@
  - update
  - deploy
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
-  when: celery_worker is not defined
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
-  when: celery_worker is not defined
 # Creates LMS upstart file
 - include: upstart.yml basename=lms
  when: celery_worker is not defined

--- a/playbooks/roles/edxapp/tasks/main.yml
+++ b/playbooks/roles/edxapp/tasks/main.yml
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 ---
 - name: Change permissions on datadir
  file: path={{ app_base_dir }}/data state=directory owner=www-data group=www-data

--- a/playbooks/roles/edxlocal/tasks/main.yml
+++ b/playbooks/roles/edxlocal/tasks/main.yml
@@ -2,7 +2,6 @@
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 #
 #  This installs mysql-server-5.5 though
 #  in production we use mysql-5.1.62.

--- a/playbooks/roles/nginx/handlers/main.yml
+++ b/playbooks/roles/nginx/handlers/main.yml
 ---
 - name: nginx | restart nginx
  service: name=nginx state=restarted
-  sudo: True
+- name: nginx | reload nginx
+  service: name=nginx state=reloaded
--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@@ -11,16 +11,13 @@
 - name: nginx | Server configuration file
  copy: src={{secure_dir}}/files/nginx.conf dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
  when: nginx_conf is defined
-  notify: nginx | restart nginx
+  notify: nginx | reload nginx
  tags:
  - nginx
  - install
-# Standard configuration that is common across all roles
+# Default configuration that is common across all roles
-# Default values for these variables are set in group_vars/all
+- include: nginx_site.yml state=link site_name=edx-release
-# Note: remove spaces in {{..}}, otherwise you will get a template parsing error.
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
 - name: nginx | Write out default htpasswd file
  copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd owner=www-data group=www-data mode=0600
@@ -38,7 +35,7 @@
 # removing default link
 - name: nginx | Removing default nginx config and restart (enabled)
  file: path=/etc/nginx/sites-enabled/default state=absent
-  notify: nginx | restart nginx
+  notify: nginx | reload nginx
  tags:
  - nginx
  - update
@@ -47,25 +44,21 @@
 - name: nginx | Set up nginx access log rotation
  template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
+  notify: common | restart logrotate
  tags:
  - logging
  - update
 - name: nginx | Set up nginx access log rotation
  template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
+  notify: common | restart logrotate
  tags:
  - logging
  - update
 - name: nginx | Removing default nginx config (available)
  file: path=/etc/nginx/sites-available/default state=absent
-  tags:
+  notify: nginx | reload nginx
-  - nginx
-  - update
- name: nginx | Register the fact that nginx has run
-  command: echo True
-  register: nginx_role_run
  tags:
  - nginx
  - update

--- a/playbooks/roles/nginx/templates/basic-auth.j2
+++ b/playbooks/roles/nginx/templates/basic-auth.j2
-server {
-  listen 80;
-  location / {
     auth_basic            "Restricted";
     auth_basic_user_file  /etc/nginx/nginx.htpasswd;
-     root {{app_base_dir}}/main_static;
+     root {{ app_base_dir }}/main_static;
     index index.html
     proxy_set_header X-Forwarded-Proto https;
-  }
-}
--- a/playbooks/roles/nginx/templates/cms.j2
+++ b/playbooks/roles/nginx/templates/cms.j2
@@ -31,6 +31,9 @@ server {
  }
  location / {
+    {% if  EDXAPP_LMS_BASIC_AUTH %}
+        {% include "basic-auth.j2" %}
+    {% endif %}
    try_files $uri @proxy_to_cms_app;
  }

--- a/playbooks/roles/discern/templates/nginx-discern.j2
+++ b/playbooks/roles/discern/templates/nginx-discern.j2
 server {
-    listen {{nginx_listen_port}};
+    listen {{discern_nginx_port}};
    server_name localhost;
    set $my_host $http_host;

--- a/playbooks/roles/nginx/templates/edx-release.j2
+++ b/playbooks/roles/nginx/templates/edx-release.j2
 server {
    listen 8099 default_server;
-    server_name mitx_release.*;
    location = /versions.html {
        alias {{ nginx_cfg.version_html }};
    }

--- a/playbooks/roles/nginx/templates/lms.j2
+++ b/playbooks/roles/nginx/templates/lms.j2
@@ -28,8 +28,19 @@ server {
    proxy_redirect off;
    proxy_pass http://lms-backend;
  }
+  location / {
+     auth_basic            "Restricted";
+     auth_basic_user_file  /etc/nginx/nginx.htpasswd;
+     root {{app_base_dir}}/main_static;
+     index index.html
+     proxy_set_header X-Forwarded-Proto https;
+  }
  location / {
+    {% if  EDXAPP_LMS_BASIC_AUTH %}
+        {% include "basic-auth.j2" %}
+    {% endif %}
    try_files $uri @proxy_to_lms_app;
  }

--- a/playbooks/roles/xserver/templates/simple-proxy.j2
+++ b/playbooks/roles/xserver/templates/simple-proxy.j2
--- a/playbooks/roles/ora/tasks/deploy.yml
+++ b/playbooks/roles/ora/tasks/deploy.yml
@@ -53,10 +53,6 @@
  - ora
  - deploy
-# Install nginx site
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=ora
 # Do A Checkout
 - name: ora | git checkout ora repo into $app_base_dir
  git: dest={{ora_code_dir}} repo={{ora_source_repo}} version={{ora_version}}

--- a/playbooks/roles/ora/tasks/main.yml
+++ b/playbooks/roles/ora/tasks/main.yml
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 ---
 - name: ora | create the ora application user
  user: name={{ ora_user }}

--- a/playbooks/roles/xqueue/tasks/deploy.yml
+++ b/playbooks/roles/xqueue/tasks/deploy.yml
@@ -35,9 +35,6 @@
  - xqueue
  - deploy
-# Install nginx site
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=xqueue
 # Do A Checkout
 - name: xqueue | git checkout xqueue repo into {{app_base_dir}}
  git: dest={{xqueue_code_dir}} repo={{xqueue_source_repo}} version={{xqueue_version}}

--- a/playbooks/roles/xqueue/tasks/main.yml
+++ b/playbooks/roles/xqueue/tasks/main.yml
 # requires:
 #  - group_vars/all
 #  - common/tasks/main.yml
-#  - nginx/tasks/main.yml
 ---
 # Check out xqueue repo to {{xqueue_code_dir}}
 - name: xqueue | install git and its recommends

--- a/playbooks/roles/xserver/handlers/main.yml
+++ b/playbooks/roles/xserver/handlers/main.yml
- name: xserver | restart nginx
-  service: name=nginx state=restarted
--- a/playbooks/roles/xserver/tasks/main.yml
+++ b/playbooks/roles/xserver/tasks/main.yml
@@ -53,6 +53,4 @@
 - name: xserver | upload ssh script
  copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: nginx.yml
 - include: deploy.yml
--- a/playbooks/roles/xserver/tasks/nginx.yml
+++ b/playbooks/roles/xserver/tasks/nginx.yml
- name: xserver | add xserver nginx configuration
-  template: src=simple-proxy.j2 dest=/etc/nginx/sites-available/simple-proxy
-  notify:
-  - xserver | restart nginx
- name: xserver | enable xserver nginx configuration
-  file: src=/etc/nginx/sites-available/simple-proxy dest=/etc/nginx/sites-enabled/simple-proxy state=link
-  notify:
-  - xserver | restart nginx