Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
configuration
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
configuration
Commits
926501bc
Commit
926501bc
authored
Jan 15, 2014
by
Joe Blaylock
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP Stanford playbook updates
parent
5556e728
Show whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
98 additions
and
211 deletions
+98
-211
playbooks/edx-west/cme-prod-worker.yml
+17
-0
playbooks/edx-west/prod-jumpbox.yml
+11
-0
playbooks/edx-west/prod-worker.yml
+20
-15
playbooks/edx-west/stage-app.yml
+11
-0
playbooks/edx-west/stage-jumpbox.yml
+11
-0
playbooks/edx-west/stage-worker.yml
+28
-17
playbooks/roles/certificates/handlers/main.yml
+0
-2
playbooks/roles/certificates/tasks/main.yml
+0
-136
playbooks/roles/certificates/templates/certificates.auth.json.j2
+0
-1
playbooks/roles/certificates/templates/certificates.env.json.j2
+0
-1
playbooks/roles/certificates/templates/certifier-cert-agent-supervisor.j2
+0
-23
playbooks/roles/certificates/templates/certifier_shell_env.j2
+0
-7
playbooks/roles/certificates/templates/git_ssh.sh.j2
+0
-2
playbooks/roles/certificates/templates/notifier_env.j2
+0
-7
No files found.
playbooks/edx-west/cme-prod-worker.yml
View file @
926501bc
...
...
@@ -43,6 +43,23 @@
tags
:
xqueue
-
datadog
-
name
:
Deploy certs, notifier only to first util machine
hosts
:
~tag_Name_util(1)_cme
sudo
:
True
gather_facts
:
True
vars
:
secure_dir
:
'
../../../configuration-secure/ansible'
local_dir
:
"
{{secure_dir}}/local"
migrate_db
:
"
no"
vars_files
:
-
"
roles/common/defaults/main.yml"
-
"
roles/supervisor/defaults/main.yml"
-
"
{{
secure_dir
}}/vars/edxapp_cme_vars.yml"
-
"
{{
secure_dir
}}/vars/certs_cme_vars.yml"
roles
:
-
role
:
certs
tags
:
certs
# run the certificate agent on the first util machine only
#- hosts: ~tag_Name_util10_cme
# sudo: True
...
...
playbooks/edx-west/prod-jumpbox.yml
View file @
926501bc
...
...
@@ -9,3 +9,14 @@
roles
:
-
common
-
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
playbooks/edx-west/prod-worker.yml
View file @
926501bc
...
...
@@ -24,6 +24,11 @@
-
sefk
-
jbau
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
-
role
:
'
common'
tags
:
common
...
...
@@ -46,21 +51,21 @@
#- splunkforwarder
# run the certificate agent on the first util machine only
#- hosts: ~tag_Name_util10
_prod
#
sudo: True
#
vars:
#
secure_dir: '../../../configuration-secure/ansible'
#
migrate_db: "no"
#
vars_files:
# - "{{ secure_dir }}/vars/edxapp_prod_vars
.yml"
# - "{{ secure_dir }}/vars/certifier_prod_vars
.yml"
# roles:
# - common
# - role: virtualenv
# virtualenv_user: "certifier"
# virtualenv_name: "certifier"
# virtualenv_user_home: "/opt/wwc/certifier"
# - certificate
s
-
hosts
:
~tag_Name_util1
_prod
sudo
:
True
vars
:
secure_dir
:
'
../../../configuration-secure/ansible'
migrate_db
:
"
no"
vars_files
:
-
"
roles/common/defaults/main
.yml"
-
"
roles/supervisor/defaults/main
.yml"
-
"
{{
secure_dir
}}/vars/edxapp_prod_vars.yml"
-
"
{{
secure_dir
}}/vars/certs_prod_vars.yml"
roles
:
-
role
:
gh_users
# gh_users var intentionally unspecified
tags
:
users
-
role
:
certs
tags
:
cert
s
#
# COMMENT OUT THE NOTIFIER UNTIL IT IS READY
...
...
playbooks/edx-west/stage-app.yml
View file @
926501bc
...
...
@@ -20,6 +20,17 @@
roles
:
-
common
-
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
dcadams
-
caesar2164
-
jinpa
-
gbruhns
tags
:
users
-
role
:
nginx
nginx_sites
:
-
lms
...
...
playbooks/edx-west/stage-jumpbox.yml
View file @
926501bc
...
...
@@ -8,3 +8,14 @@
local_dir
:
'
../../../configuration-secure/ansible/local'
roles
:
-
common
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
caesar2164
-
dcadams
-
jinpa
-
gbruhns
tags
:
users
playbooks/edx-west/stage-worker.yml
View file @
926501bc
...
...
@@ -18,6 +18,17 @@
tags
:
common
-
role
:
'
supervisor'
tags
:
supervisor
-
role
:
gh_users
gh_users
:
-
sefk
-
jbau
-
jrbl
-
ali123
-
dcadams
-
caesar2164
-
jinpa
-
gbruhns
tags
:
users
-
role
:
'
edxapp'
celery_worker
:
True
devstack
:
false
...
...
@@ -33,23 +44,23 @@
tags
:
xqueue
#- name: Deploy certs, notifier only to first util machine
#
hosts: ~tag_Name_util1_stage
#
sudo: True
#
gather_facts: True
#
vars:
#
secure_dir: '../../../configuration-secure/ansible'
#
local_dir: "{{secure_dir}}/local"
#
migrate_db: "no"
#
vars_files:
# - "{{ secure_dir }}/vars/edxapp_stage_vars
.yml"
# - "{{ secure_dir }}/vars/notifier_stage_vars
.yml"
# roles:
# - certs
# - role: virtualenv
# virtualenv_user: "notifier"
# virtualenv_user_home: "/opt/wwc/notifier"
# virtualenv_name: "notifier"
# - notifier
hosts
:
~tag_Name_util1_stage
sudo
:
True
gather_facts
:
True
vars
:
secure_dir
:
'
../../../configuration-secure/ansible'
local_dir
:
"
{{secure_dir}}/local"
migrate_db
:
"
no"
vars_files
:
-
"
roles/common/defaults/main
.yml"
-
"
roles/supervisor/defaults/main
.yml"
-
"
{{
secure_dir
}}/vars/edxapp_stage_vars.yml"
-
"
{{
secure_dir
}}/vars/certs_stage_vars.yml"
roles
:
-
role
:
gh_users
# gh_users var intentionally unspecified
tags
:
users
-
role
:
certs
tags
:
certs
#- name: Deploy certs to first util machine
# hosts: ~tag_Name_util1_stage
...
...
playbooks/roles/certificates/handlers/main.yml
deleted
100644 → 0
View file @
5556e728
-
name
:
certifier | restart certificate-agent
supervisorctl
:
name=certificate-agent state=restarted
playbooks/roles/certificates/tasks/main.yml
deleted
100644 → 0
View file @
5556e728
# requires:
# - group_vars/all
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
-
name
:
certificates | create certificates user {{ certs_user }}
user
:
name={{certs_user}} state=present shell=/bin/bash home={{certs_home}} createhome=yes
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | create location for gpg information
file
:
state=directory path={{certs_home}}/.gpg mode=0700 owner={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | put gpg information in place
copy
:
src={{secure_dir}}/files/{{item}} dest={{cert_gpg}}/{{item}} mode=0400 owner={{certs_user}}
with_items
:
-
gpg.conf
-
pubring.gpg
-
secring.gpg
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | create certificates log location
file
:
state=directory path={{certs_logs_dir}} mode=0770 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | upload ssh script
template
:
src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | install read-only ssh key for the certs repo
copy
:
src={{secure_dir}}/files/git-identity dest=/{{certs_home}}/git-identity force=yes owner={{certs_user}} group=adm mode=600
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | checkout certificate code
git
:
dest={{certs_home}}/src repo={{certs_repo}} version={{certs_ver}}
environment
:
GIT_SSH
:
/tmp/git_ssh.sh
tags
:
-
certificates
-
install
-
deploy
-
name
:
certificates | fixup permissions on repo
# TODO: after remote_user is available in ansible dist, use that in the above task instead of manual perms fixup
file
:
path={{certs_home}}/src state=directory recurse=yes owner={{certs_user}} group=adm mode=755
tags
:
-
certificates
-
install
-
deploy
-
name
:
certificates | install prerequisites
pip
:
requirements={{certs_home}}/src/requirements.txt virtualenv={{certs_venv_dir}} state=present
tags
:
-
certificates
-
install
-
update
-
name
:
certificates | install env
template
:
src=certificates.env.json.j2 dest={{certs_home}}/env.json mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certificates | install auth
template
:
src=certificates.auth.json.j2 dest={{certs_home}}/auth.json mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certifier | install bash_profile
copy
:
src=../../common/files/bash_profile dest={{certs_home}}/.bash_profile owner={{certs_user}} group={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
deploy
-
name
:
certifier | setup certifier shell environment
template
:
src=certifier_shell_env.j2 dest={{certs_home}}/certifier_env owner={{certs_user}} group={{certs_user}}
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | ensure .bashrc exists and sources shell environment
lineinfile
:
dest={{certs_home}}/.bashrc create=yes state=present insertbefore=BOF
regexp='source {{certs_home}}/certifier_env' line='source {{certs_home}}/certifier_env'
mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | add source venv to .bashrc
lineinfile
:
dest={{certs_home}}/.bashrc create=yes state=present insertafter=EOF
regexp='source {{certs_venv_dir}}/bin/activate' line='source {{certs_venv_dir}}/bin/activate'
mode=640 owner={{certs_user}} group=adm
tags
:
-
certificates
-
install
-
update
-
name
:
certifier | supervisord config for certificate-agent
template
:
src=certifier-cert-agent-supervisor.j2 dest=/etc/supervisor/conf.d/certifier-cert-agent.conf
notify
:
certifier | restart certificate-agent
tags
:
-
certificates
-
install
-
update
playbooks/roles/certificates/templates/certificates.auth.json.j2
deleted
100644 → 0
View file @
5556e728
{{ certs_auth_config | to_nice_json }}
playbooks/roles/certificates/templates/certificates.env.json.j2
deleted
100644 → 0
View file @
5556e728
{{ certs_env_config | to_nice_json }}
playbooks/roles/certificates/templates/certifier-cert-agent-supervisor.j2
deleted
100644 → 0
View file @
5556e728
;
; {{ ansible_managed }}
;
[program:certificate-agent]
command={{ certs_venv_dir }}/bin/python {{certs_home}}/src/certificate_agent.py
priority=999
user={{ certs_user }}
stdout_logfile={{certs_logs_dir}}/certificate-agent-stdout.log
stderr_logfile={{certs_logs_dir}}/certificate-agent-stderr.log
environment=PID='/var/tmp/certifier-certificate-agent.pid',LANG=en_US.UTF-8,
killasgroup=true
stopasgroup=true
startsecs=10
autostart=true
autorestart=true
directory={{certs_home}}
environment=PID='/var/tmp/certifier-certificate-agent.pid',LANG=en_US.UTF-8,
{%- for name,value in certs_shell_env_vars.items() -%}
{{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
playbooks/roles/certificates/templates/certifier_shell_env.j2
deleted
100644 → 0
View file @
5556e728
# {{ ansible_managed }}
{% for name,value in certs_shell_env_vars.items() %}
{% if value %}
export {{ name }}="{{ value }}"
{% endif %}
{% endfor %}
playbooks/roles/certificates/templates/git_ssh.sh.j2
deleted
100755 → 0
View file @
5556e728
#!/bin/sh
exec
/usr/bin/ssh
-o
StrictHostKeyChecking
=
no
-i
/
{{
certs_home
}}
/git-identity
"
$@
"
playbooks/roles/certificates/templates/notifier_env.j2
deleted
100644 → 0
View file @
5556e728
# {{ ansible_managed }}
{% for name,value in notifier_env_vars.items() %}
{% if value %}
export {{ name }}="{{ value }}"
{% endif %}
{% endfor %}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
