Merge pull request #2653 from edx/e0d/docker-xqwatcher

E0d/docker xqwatcher

Merge pull request #2653 from edx/e0d/docker-xqwatcher
E0d/docker xqwatcher
936ecb75 · Edward Zarecor · 3fc50d80 · 083b121a · 936ecb75 · 936ecb75
Commit 936ecb75 authored Jan 08, 2016 by Edward Zarecor
9 changed files
--- a/docker/build/xqwatcher/Dockerfile
+++ b/docker/build/xqwatcher/Dockerfile
+FROM edxops/trusty-common:v3
+MAINTAINER edxops
+
+ADD . /edx/app/edx_ansible/edx_ansible
+COPY docker/build/xqwatcher/ansible_overrides.yml /
+WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
+RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook xqwatcher.yml \
+    -i '127.0.0.1,' -c local \
+    -t "install:base,install:configuration,install:system-requirements,install:app-requirements,install:code" \
+    -e@/ansible_overrides.yml
+WORKDIR /edx/app
+CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord", "-n", "--configuration", "/edx/app/supervisor/supervisord.conf"]
--- a/docker/build/xqwatcher/ansible_overrides.yml
+++ b/docker/build/xqwatcher/ansible_overrides.yml
+---
+FLOCK_TLD: "edx"
+
+# Note that this is currently a non-working exemplar configuration,
+# there isn't a grader provided in the edx-demo-course yet.
+XQWATCHER_COURSES:
+  - COURSE: "demo"
+    GIT_REPO: "https://github.com/edx/edx-demo-course"
+    GIT_REF: "master"
+    QUEUE_NAME: "test-pull"
+    QUEUE_CONFIG:
+      SERVER: "http://xqueue.{{ FLOCK_TLD }}"
+      CONNECTIONS: 2
+      AUTH: ["lms", "password"]
+      HANDLERS:
+        - HANDLER: "xqueue_watcher.jailedgrader.JailedGrader"
+          CODEJAIL:
+            name: "demo"
+            python_bin: "{{ xqwatcher_venv_base }}/demo/bin/python"
+            user: "demo"
+          KWARGS:
+            grader_root: "../data/edx-demo-course/graders/"
+    PYTHON_REQUIREMENTS:
+      - { name: "numpy", version: "1.6.2" }
+      - { name: "lxml", version: "2.3.6" }
--- a/docker/plays/xqwatcher.yml
+++ b/docker/plays/xqwatcher.yml
+- name: Deploy xqwatcher
+  hosts: all
+  sudo: True
+  gather_facts: True
+  roles:
+    - docker
+    - xqwatcher
--- a/playbooks/roles/xqwatcher/defaults/main.yml
+++ b/playbooks/roles/xqwatcher/defaults/main.yml
@@ -86,7 +86,7 @@ xqwatcher_conf_dir: "{{ xqwatcher_app_dir }}"
 #TODO: remove after refactoring out all the git stuff
 xqwatcher_course_git_ssh_opts: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i {{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses"

-xqwatcher_requirements_file: "{{ xqwatcher_code_dir }}/requirements.txt"
+xqwatcher_requirements_file: "{{ xqwatcher_code_dir }}/requirements/production.txt"
 xqwatcher_log_dir: "{{ COMMON_LOG_DIR }}/{{ xqwatcher_service_name }}"
 xqwatcher_module: "xqueue_watcher"

@@ -114,6 +114,7 @@ xqwatcher_supervisor_available_dir: "{{ xqwatcher_supervisor_app_dir }}/conf.ava
 #

 xqwatcher_debian_pkgs:
+  - apparmor
  - apparmor-utils

 xqwatcher_redhat_pkgs: []
--- a/playbooks/roles/xqwatcher/tasks/code_jail.yml
+++ b/playbooks/roles/xqwatcher/tasks/code_jail.yml
@@ -8,6 +8,9 @@
    shell=/bin/false
    home="/dev/null"
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:base

 #
 # Need to disable aa to update the virutalenv
@@ -17,6 +20,9 @@
    dest="/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
    mode=0644 owner=root group=root
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:configuration

 - name: write out sudoers for watcher
  template: >
@@ -24,15 +30,25 @@
    dest=/etc/sudoers.d/95-xqwatcher-{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user|replace('.', '') }}
    mode=0440 owner=root group=root validate='visudo -c -f %s'
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:configuration

+# see comment below as to why this is skipped.
 - name: put code jail into aa-complain
  command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  with_items: XQWATCHER_COURSES
+  tags:
+    - manage
+    - manage:sandbox

 - name: create jail virtualenv
  shell: >
    /usr/local/bin/virtualenv --no-site-packages {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:code

 - name: write out requirements.txt
  template: >
@@ -40,6 +56,9 @@
    dest={{ xqwatcher_app_dir }}/data/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
    mode=0440 owner=root group=root
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:code

 - name: install course specific python requirements
  pip: >
@@ -48,18 +67,30 @@
    state=present
    extra_args="{{ XQWATCHER_PIP_EXTRA_ARGS }}"
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:code

 - name: give other read permissions to the virtualenv
  shell: >
    chown -R {{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }} {{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:code

 - name: start apparmor service
  service: name=apparmor state=started
+  tags:
+    - manage
+    - manage:sandbox

 - name: load code sandbox profile
  command: apparmor_parser -r "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  with_items: XQWATCHER_COURSES
+  tags:
+    - manage
+    - manage:sandbox

 #
 # Leaves aa in either complain or enforce depending upon the value of the
@@ -69,8 +100,16 @@
  command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  when: CODE_JAIL_COMPLAIN|bool
  with_items: XQWATCHER_COURSES
+  # AA having issues on 14.04
+  # https://github.com/edx/codejail/issues/38
+  tags:
+    - manage
+    - manage:sandbox

 - name: put code sandbox into aa-enforce
  command: /usr/sbin/aa-enforce "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
  when: not CODE_JAIL_COMPLAIN|bool
  with_items: XQWATCHER_COURSES
+  tags:
+    - manage
+    - manage:sandbox
--- a/playbooks/roles/xqwatcher/tasks/deploy.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy.yml
@@ -3,13 +3,19 @@
    content="{{ XQWATCHER_GIT_IDENTITY }}"
    dest={{ xqwatcher_app_dir }}/.ssh/{{ xqwatcher_service_name }}-courses
    owner={{ xqwatcher_user }} group={{ xqwatcher_user }} mode=0600
-
+  tags:
+    - install
+    - install:code
+    
 #TODO: remove once xqwatcher.json can be pulled out into /edx/etc/
 - name: write out watcher config file
  template: >
    src=edx/app/xqwatcher/xqwatcher.json.j2
    dest={{ xqwatcher_conf_dir }}/xqwatcher.json
    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
+  tags:
+    - install
+    - install:configuration
    
 - include: deploy_watcher.yml
  tags:

--- a/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_courses.yml
@@ -8,3 +8,6 @@
    version={{ item.GIT_REF }}
    ssh_opts="{{ xqwatcher_course_git_ssh_opts }}"
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:code
--- a/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
+++ b/playbooks/roles/xqwatcher/tasks/deploy_watcher.yml
@@ -8,6 +8,9 @@
    virtualenv="{{ xqwatcher_app_dir }}/venvs/{{ xqwatcher_service_name }}" state=present
  sudo: true
  sudo_user: "{{ xqwatcher_user }}"
+  tags:
+    - install
+    - install:app-requirements

 - name: write out course config files
  template: >
@@ -15,12 +18,18 @@
    dest={{ xqwatcher_conf_dir }}/conf.d/{{ item.COURSE }}.json
    mode=0644 owner={{ xqwatcher_user }} group={{ xqwatcher_user }}
  with_items: XQWATCHER_COURSES
+  tags:
+    - install
+    - install:configuration

 - name: write supervisord config
  template: >
    src=edx/app/supervisor/conf.d/xqwatcher.conf.j2
    dest="{{ xqwatcher_supervisor_available_dir }}/xqwatcher.conf"
    group={{ xqwatcher_user }} mode=0650
+  tags:
+    - install
+    - install:configuration

 - name: enable supervisor script
  file: >
@@ -29,10 +38,16 @@
    state=link
    force=yes
  when: not disable_edx_services
+  tags:
+    - install
+    - install:configuration

 - name: update supervisor configuration
  shell: "{{ xqwatcher_supervisor_ctl }} -c {{ xqwatcher_supervisor_app_dir }}/supervisord.conf update"
  when: not disable_edx_services
+  tags:
+    - manage
+    - manage:update

 - name: restart xqwatcher
  supervisorctl: >
@@ -41,4 +56,7 @@
    config={{ xqwatcher_supervisor_app_dir }}/supervisord.conf
    name={{ xqwatcher_service_name }}
  when: not disable_edx_services
-  sudo_user: "{{ xqwatcher_user }}"
\ No newline at end of file
+  sudo_user: "{{ xqwatcher_user }}"
+  tags:
+    - manage
+    - manage:update
--- a/playbooks/roles/xqwatcher/tasks/main.yml
+++ b/playbooks/roles/xqwatcher/tasks/main.yml
@@ -92,6 +92,9 @@
    state=directory
    owner="{{ xqwatcher_user }}"
    group="{{ xqwatcher_user }}"
+  tags:
+    - install
+    - install:base

 - name: create conf.d dir
  file: >
@@ -99,7 +102,9 @@
    state=directory
    owner="{{ xqwatcher_user }}"
    group="{{ xqwatcher_user }}"
-
+  tags:
+    - install
+    - install:base

 - include: code_jail.yml CODE_JAIL_COMPLAIN=false