Merge pull request #2227 from edx/clintonb/ecom-sandbox

Otto in Sandboxes

playbooks/edx-east/ecommerce.yml

@@ -10,6 +10,8 @@
     - role: nginx
       nginx_sites:
         - ecommerce
+      nginx_default_sites:
+        - ecommerce
     - aws
     - ecommerce
     - role: datadog

playbooks/edx-east/edx_continuous_integration.yml

@@ -16,6 +16,7 @@
       - xserver
       - certs
       - analytics_api
+      - ecommerce
       nginx_default_sites:
       - lms
     - role: edxlocal
@@ -35,6 +36,8 @@
     - certs
     - edx_ansible
     - analytics_api
+    - ecommerce
+    - oauth_client_setup
     - role: datadog
       when: COMMON_ENABLE_DATADOG
     - role: splunkforwarder

playbooks/edx_sandbox.yml

@@ -39,6 +39,7 @@
     - insights
     - edx_notes_api
     - demo
+    - oauth_client_setup
     - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
     - oraclejdk
     - elasticsearch

playbooks/roles/ecommerce/defaults/main.yml

@@ -18,6 +18,7 @@ ECOMMERCE_GIT_IDENTITY: !!null
 ECOMMERCE_NEWRELIC_APPNAME: "{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }}-{{ ecommerce_service_name }}"
 ECOMMERCE_PIP_EXTRA_ARGS: "-i {{ COMMON_PYPI_MIRROR_URL }}"
 ECOMMERCE_NGINX_PORT: "18130"
+ECOMMERCE_SSL_NGINX_PORT: 48130
 
 ECOMMERCE_DEFAULT_DB_NAME: 'ecommerce'
 
@@ -38,10 +39,10 @@ ECOMMERCE_VERSION: "master"
 ECOMMERCE_SECRET_KEY: 'Your secret key here'
 ECOMMERCE_TIME_ZONE: 'UTC'
 ECOMMERCE_LANGUAGE_CODE: 'en-us'
-ECOMMERCE_EDX_API_KEY: 'put-your-edx-api-auth-token-here'
+ECOMMERCE_EDX_API_KEY: 'PUT_YOUR_API_KEY_HERE'  # This should match the value set for edxapp
 ECOMMERCE_ECOMMERCE_URL_ROOT: 'http://localhost:8002'
 ECOMMERCE_LMS_URL_ROOT: 'http://127.0.0.1:8000'
-ECOMMERCE_JWT_SECRET_KEY: 'generated-key-that-matches-ECOMMERCE_API_SIGNING_KEY-in-edxapp'
+ECOMMERCE_JWT_SECRET_KEY: 'SET-ME-PLEASE' # This should match the value set for edxapp
 ECOMMERCE_JWT_VERIFY_EXPIRATION: true
 
 # Used to automatically configure OAuth2 Client

playbooks/roles/edx_ansible/templates/update.j2

@@ -55,6 +55,7 @@ repos_to_cmd["read-only-certificate-code"]="$edx_ansible_cmd certs.yml -e 'certs
 repos_to_cmd["edx-analytics-data-api"]="$edx_ansible_cmd analyticsapi.yml -e 'ANALYTICS_API_VERSION=$2'"
 repos_to_cmd["edx-ora2"]="$edx_ansible_cmd ora2.yml -e 'ora2_version=$2'"
 repos_to_cmd["insights"]="$edx_ansible_cmd insights.yml -e 'INSIGHTS_VERSION=$2'"
+repos_to_cmd["ecommerce"]="$edx_ansible_cmd ecommerce.yml -e 'ECOMMERCE_VERSION=$2'"
 
 
 if [[ -z $1 || -z $2 ]]; then

playbooks/roles/edxapp/defaults/main.yml

@@ -477,7 +477,7 @@ PERFORMANCE_GRAPHITE_URL: 'SetPerformanceGraphiteHostName'
 
 # E-Commerce Related Settings
 EDXAPP_ECOMMERCE_PUBLIC_URL_ROOT: 'https://www.example.com'
-EDXAPP_ECOMMERCE_API_URL: 'https://www-internal.example.com/api'
+EDXAPP_ECOMMERCE_API_URL: 'https://www-internal.example.com/api/v2'
 EDXAPP_ECOMMERCE_API_SIGNING_KEY: 'SET-ME-PLEASE'
 
 #To use AWS S3 as your backend, you need different kwargs:

playbooks/roles/launch_ec2/tasks/main.yml

@@ -66,7 +66,7 @@
     value: "{{ item.public_dns_name }}"
   with_items: ec2.instances
 
-- name: Add DNS name studio
+- name: Add DNS names for services
   local_action:
     module: route53
     overwrite: yes
@@ -74,21 +74,11 @@
     zone: "{{ dns_zone }}"
     type: CNAME
     ttl: 300
-    record: "studio-{{ dns_name }}.{{ dns_zone }}"
-    value: "{{ item.public_dns_name }}"
-  with_items: ec2.instances
-
-- name: Add DNS name preview
-  local_action:
-    module: route53
-    overwrite: yes
-    command: create
-    zone: "{{ dns_zone }}"
-    type: CNAME
-    ttl: 300
-    record: "preview-{{ dns_name }}.{{ dns_zone }}"
-    value: "{{ item.public_dns_name }}"
-  with_items: ec2.instances
+    record: "{{ item[1] }}-{{ dns_name }}.{{ dns_zone }}"
+    value: "{{ item[0].public_dns_name }}"
+  with_nested:
+    - ec2.instances
+    - ['studio', 'ecommerce', 'preview']
 
 
 - name: Add new instance to host group

playbooks/roles/local_dev/defaults/main.yml

@@ -35,9 +35,3 @@ local_dev_pkgs:
     - openbox
 
 localdev_jscover_version: "1.0.2"
-
-localdev_oauth2_clients:
-    - { name: "{{ ecommerce_service_name | default('None') }}", url_root: "{{ ECOMMERCE_ECOMMERCE_URL_ROOT }}",
-        id: "{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY }}", secret: "{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET }}" }
-    - { name: "{{ INSIGHTS_OAUTH2_APP_CLIENT_NAME | default('None') }}", url_root: "{{ INSIGHTS_BASE_URL }}",
-        id: "{{ INSIGHTS_OAUTH2_KEY }}", secret: "{{ INSIGHTS_OAUTH2_SECRET }}" }

playbooks/roles/local_dev/tasks/main.yml

@@ -76,19 +76,3 @@
 - name: add preview.localhost to /etc/hosts
   shell: sed -i -r 's/^127.0.0.1\s+.*$/127.0.0.1 localhost preview.localhost/' /etc/hosts
   sudo: yes
-
-- name: create OAuth2 Clients
-  shell: >
-    {{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms --settings=aws
-    create_oauth2_client
-    {{ item.url_root }}
-    "{{ item.url_root }}/complete/edx-oidc/"
-    confidential
-    --client_name {{ item.name }}
-    --client_id {{ item.id }}
-    --client_secret {{ item.secret }}
-    --trusted
-  sudo_user: "{{ edxapp_user }}"
-  environment: "{{ edxapp_environment }}"
-  with_items: localdev_oauth2_clients
-  when: item.name != 'None'

playbooks/roles/nginx/defaults/main.yml

@@ -70,6 +70,7 @@ NGINX_EDXAPP_ERROR_PAGES:
   "504": "{{ nginx_default_error_page }}"
 
 CMS_HOSTNAME: '~^((stage|prod)-)?studio.*'
+ECOMMERCE_HOSTNAME: '~^((stage|prod)-)?ecommerce.*'
 
 nginx_template_dir: "edx/app/nginx/sites-available"
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ecommerce.j2

 #
 # {{ ansible_managed }}
 #
+
+
+{% if "ecommerce" in nginx_default_sites %}
+  {% set default_site = "default" %}
+{% else %}
+  {% set default_site = "" %}
+{% endif %}
+
 upstream ecommerce_app_server {
-    {% for host in nginx_ecommerce_gunicorn_hosts %}
-        server {{ host }}:{{ ecommerce_gunicorn_port }} fail_timeout=0;
-    {% endfor %}
+{% for host in nginx_ecommerce_gunicorn_hosts %}
+    server {{ host }}:{{ ecommerce_gunicorn_port }} fail_timeout=0;
+{% endfor %}
 }
 
 server {
-  listen {{ ECOMMERCE_NGINX_PORT }} default_server;
+  server_name {{ ECOMMERCE_HOSTNAME }};
+
+  {% if NGINX_ENABLE_SSL %}
+
+  listen {{ ECOMMERCE_NGINX_PORT }} {{ default_site }};
+  listen {{ ECOMMERCE_SSL_NGINX_PORT }} ssl;
+
+  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
+  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  # request the browser to use SSL for all connections
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  {% else %}
+  listen {{ ECOMMERCE_NGINX_PORT }} {{ default_site }};
+  {% endif %}
 
   location ~ ^/static/(?P<file>.*) {
     root {{ COMMON_DATA_DIR }}/{{ ecommerce_service_name }};

playbooks/roles/oauth_client_setup/defaults/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Defaults for role oauth_client_setup
+# 
+
+#
+# vars are namespaced with the module name.
+#
+oauth_client_setup_role_name: oauth_client_setup
+
+oauth_client_setup_oauth2_clients:
+    - { name: "{{ ecommerce_service_name | default('None') }}", url_root: "{{ ECOMMERCE_ECOMMERCE_URL_ROOT }}",
+        id: "{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY }}", secret: "{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET }}" }
+    - { name: "{{ INSIGHTS_OAUTH2_APP_CLIENT_NAME | default('None') }}", url_root: "{{ INSIGHTS_BASE_URL }}",
+        id: "{{ INSIGHTS_OAUTH2_KEY }}", secret: "{{ INSIGHTS_OAUTH2_SECRET }}" }
+
+#
+# OS packages
+#
+
+oauth_client_setup_debian_pkgs: []
+
+oauth_client_setup_redhat_pkgs: []

playbooks/roles/oauth_client_setup/tasks/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role oauth_client_setup
+# 
+# Overview:
+# 
+#
+# Dependencies:
+#
+# 
+# Example play:
+#
+#
+
+- name: create OAuth2 Clients
+  shell: >
+    {{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms --settings=aws
+    create_oauth2_client
+    {{ item.url_root }}
+    "{{ item.url_root }}/complete/edx-oidc/"
+    confidential
+    --client_name {{ item.name }}
+    --client_id {{ item.id }}
+    --client_secret {{ item.secret }}
+    --trusted
+  sudo_user: "{{ edxapp_user }}"
+  environment: "{{ edxapp_environment }}"
+  with_items: oauth_client_setup_oauth2_clients
+  when: item.name != 'None'

playbooks/vagrant-devstack.yml

@@ -32,3 +32,4 @@
     - browsermob-proxy
     - local_dev
     - demo
+    - oauth_client_setup

util/jenkins/ansible-provision.sh

@@ -147,6 +147,8 @@ EDXAPP_STATIC_URL_BASE: $static_url_base
 EDXAPP_LMS_NGINX_PORT: 80
 EDXAPP_LMS_PREVIEW_NGINX_PORT: 80
 EDXAPP_CMS_NGINX_PORT: 80
+ECOMMERCE_NGINX_PORT: 80
+ECOMMERCE_SSL_NGINX_PORT: 443
 NGINX_SET_X_FORWARDED_HEADERS: True
 EDX_ANSIBLE_DUMP_VARS: true
 migrate_db: "yes"
@@ -209,6 +211,11 @@ EDXAPP_NEWRELIC_WORKERS_APPNAME: sandbox-${dns_name}-edxapp-workers
 XQUEUE_NEWRELIC_APPNAME: sandbox-${dns_name}-xqueue
 FORUM_NEW_RELIC_APP_NAME: sandbox-${dns_name}-forums
 SANDBOX_USERNAME: $github_username
+ECOMMERCE_SOCIAL_AUTH_REDIRECT_IS_HTTPS: true
+EDXAPP_ECOMMERCE_PUBLIC_URL_ROOT: "https://ecommerce-${deploy_host}"
+EDXAPP_ECOMMERCE_API_URL: "https://ecommerce-${deploy_host}/api/v2"
+ECOMMERCE_ECOMMERCE_URL_ROOT: "https://ecommerce-${deploy_host}"
+ECOMMERCE_LMS_URL_ROOT: "https://${deploy_host}"
 EOF
 fi