Merge pull request #1809 from edx/max/git-refactor

Fix ssh key checkout being broken

Merge pull request #1809 from edx/max/git-refactor
Fix ssh key checkout being broken
79fad536 · Max Rothman · 073847b0 · 32412690 · 79fad536 · 79fad536
Commit 79fad536 authored Jan 29, 2015 by Max Rothman
Showing with 24 additions and 26 deletions

playbooks/roles/edx-notes-api/defaults/main.yml
+2 -4

playbooks/roles/edx-notes-api/meta/main.yml
+2 -0

playbooks/roles/edx-notes-api/tasks/main.yml
+3 -3

playbooks/roles/edx_service/tasks/main.yml
+17 -19

No files found.
--- a/playbooks/roles/edx-notes-api/defaults/main.yml
+++ b/playbooks/roles/edx-notes-api/defaults/main.yml
@@ -26,6 +26,7 @@ EDX_NOTES_API_NEWRELIC_APPNAME: "{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }
 EDX_NOTES_API_SECRET_KEY: "i^,9%i=e=y/Nlpb=Mkx!j&,HD9d/17F][9P,FLdwM2+G6|]BEU"
 EDX_NOTES_API_CLIENT_ID: edx-notes-id
 EDX_NOTES_API_CLIENT_SECRET: edx-notes-secret
+EDX_NOTES_API_GIT_SSH_KEY: !!null

 EDX_NOTES_API_DATABASES:
  # rw user
@@ -46,6 +47,7 @@ EDX_NOTES_API_REPOS:
    REPO: edx-notes-api.git
    VERSION: e0d/migration-overrides
    DESTINATION: "{{edx_notes_api_code_dir}}"
+    SSH_KEY: "{{ EDX_NOTES_API_GIT_SSH_KEY }}"

 #
 # This data structure will be written out to yaml configuration file
@@ -88,12 +90,8 @@ edx_notes_api_source_repo: https://{{ COMMON_GIT_MIRROR }}/edx/edx-notes-api.git
 edx_notes_api_user: "{{ edx_notes_api_role_name }}"
 edx_notes_api_app_dir: "{{ COMMON_APP_DIR }}/{{ edx_notes_api_service_name }}"
 edx_notes_api_home: "{{ COMMON_APP_DIR }}/{{ edx_notes_api_service_name }}"
-edx_notes_api_venv_base: "{{ edx_notes_api_home }}/venvs"
-edx_notes_api_venv_dir: "{{ edx_notes_api_venv_base }}/{{ edx_notes_api_service_name }}"
-edx_notes_api_venv_bin: "{{ edx_notes_api_venv_dir }}/bin"
 edx_notes_api_python_path: "{{ edx_notes_api_code_dir }}/edx-notes-api"
 edx_notes_api_conf_dir: "{{ edx_notes_api_home }}"
-edx_notes_api_log_dir: "{{ COMMON_LOG_DIR }}/{{ edx_notes_api_service_name }}"

 edx_notes_api_gunicorn_host: "127.0.0.1"
 edx_notes_api_gunicorn_port: "8120"

--- a/playbooks/roles/edx-notes-api/meta/main.yml
+++ b/playbooks/roles/edx-notes-api/meta/main.yml
@@ -25,4 +25,6 @@ dependencies:
    edx_service_name: "{{ edx_notes_api_service_name }}"
    edx_service_config: "{{ edx_notes_api_service_config }}"
    edx_service_repos: "{{ edx_notes_api_repos }}"
+    edx_service_user: "{{ edx_notes_api_user }}"
+    edx_service_home: "{{ edx_notes_api_home }}"
  - supervisor
--- a/playbooks/roles/edx-notes-api/tasks/main.yml
+++ b/playbooks/roles/edx-notes-api/tasks/main.yml
@@ -47,7 +47,7 @@
 - name: install application requirements
  pip: >
    requirements="{{ edx_notes_api_requirements_base }}/{{ item }}"
-    virtualenv="{{ edx_notes_api_venv_dir }}" state=present
+    virtualenv="{{ edx_notes_api_home }}/venvs" state=present
    extra_args="--exists-action w"
  sudo_user: "{{ edx_notes_api_user }}"
  with_items: edx_notes_api_requirements
@@ -57,7 +57,7 @@
    chdir={{ edx_notes_api_code_dir }}
    DB_MIGRATION_USER={{ COMMON_MYSQL_MIGRATE_USER }}
    DB_MIGRATION_PASS={{ COMMON_MYSQL_MIGRATE_PASS }}
-    {{ edx_notes_api_venv_bin }}/python {{ edx_notes_api_manage }} migrate --noinput --settings="notesserver.settings.yaml_config"
+    {{ edx_notes_api_home }}/venvs/{{ edx_notes_api_service_name }}/bin/python {{ edx_notes_api_manage }} migrate --noinput --settings="notesserver.settings.yaml_config"
  sudo_user: "{{ edx_notes_api_user }}"
  environment:
    EDXNOTES_CONFIG_ROOT: "{{ COMMON_CFG_DIR }}"
@@ -107,7 +107,7 @@

 - name: create symlinks from the venv bin dir
  file: >
-    src="{{ edx_notes_api_venv_bin }}/{{ item }}"
+    src="{{ edx_notes_api_home }}/venvs/{{ edx_notes_api_service_name }}/bin/{{ item }}"
    dest="{{ COMMON_BIN_DIR }}/{{ item.split('.')[0] }}.{{ edx_notes_api_role_name }}"
    state=link
  with_items:

--- a/playbooks/roles/edx_service/tasks/main.yml
+++ b/playbooks/roles/edx_service/tasks/main.yml
@@ -33,31 +33,22 @@
 - name: create application user
  user: >
    name="{{ edx_service_name }}"
-    home="{{ COMMON_APP_DIR }}/{{ edx_service_name }}"
+    home="{{ edx_service_home }}"
    createhome=yes
    shell=/bin/false
    generate_ssh_key=yes

 # Assumes that the home directory has been created above.
- name: create edx_service app and venv dir
+- name: create edx_service app, venv, data, and staticfiles dirs
  file: >
-    path="{{ item }}"
+    path="{{ edx_service_home }}/{{ item }}"
    state=directory
    owner="{{ edx_service_name }}"
    group="{{ common_web_group }}"
  with_items:
-    - "{{ COMMON_APP_DIR }}/{{ edx_service_name }}/venvs"
-
- name: create edx_service data and staticfiles dir
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ edx_service_name }}"
-    group="{{ common_web_group }}"
-  with_items:
-    - "{{ COMMON_DATA_DIR }}/{{ edx_service_name }}/data"
-    - "{{ COMMON_DATA_DIR }}/{{ edx_service_name }}/staticfiles"
-
+    - "venvs"
+    - "data"
+    - "staticfiles"

 - name: create edx_service log dir
  file: >
@@ -106,17 +97,24 @@
    - edx_service_repos
    - git_dir_exists.results

-
- name: validate GIT.PROTOCOL
-  fail: msg='GIT.PROTOCOL must be "https" or "ssh"'
+- name: validate git protocol
+  fail: msg='REPOS.PROTOCOL must be "https" or "ssh"'
  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh")
  with_items: edx_service_repos

+- name: install read-only ssh key
+  copy: >
+    dest="{{ edx_service_home }}.ssh/{{ item.REPO }}"
+    content="{{ item.SSH_KEY }}" owner={{ edx_service_user }}
+    group={{ edx_service_user }} mode=0600
+  when: item.PROTOCOL == "ssh"
+  with_items: edx_service_repos
+
 - name: checkout code over ssh
  git: >
    repo=git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}
    dest={{ item.DESTINATION }}  version={{ item.VERSION }}
-    accept_hostkey=yes key_file={{ edx_notes_api_home }}/.ssh/id_rsa
+    accept_hostkey=yes key_file={{ edx_service_home }}.ssh/{{ item.REPO }}
  sudo_user: "{{ edx_role_name }}"
  register: code_checkout
  when: item.PROTOCOL == "ssh"