Skip to content

C
configuration
Commit 9d13f136 by Joe Blaylock
Options

Cleanup for git workflow sharing

parent 901de639
Showing with 21 additions and 6 deletions
playbooks/roles/common/tasks/create_users.yml
......@@ -6,15 +6,25 @@
user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: admin_users
tags:
- users
- admin_users
- name: Copying ssh keys for admin users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
sudo: True
with_items: admin_keys
tags:
- users
- admin_users
- name: Creating env users
user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
sudo: True
with_items: env_users
tags:
- users
- name: Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{ lookup('file', item.path) }}"
sudo: True
with_items: env_keys
tags:
- users
playbooks/roles/lms/tasks/main.yml
......@@ -3,23 +3,24 @@
# - nginx/tasks/main.yml
---
- name: create lms application config
template: src=env.json.j2 dest=/opt/wwc/lms-env.json
template: src=env.json.j2 dest=/opt/wwc/lms.env.json
sudo: True
- name: create lms auth file
template: src=auth.json.j2 dest=/opt/wwc/lms-auth.json
template: src=auth.json.j2 dest=/opt/wwc/lms.auth.json
sudo: True
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
# Install ssh keys for ubuntu account to be able to check out from mitx
# Temprory behavior, not needed after June 1. Perhaps still useful as a recipe.
- name: install read-only ssh key for mitx repo (private)
copy: src=secure/mitx_readonly_key dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
copy: src=vars/secure/ssh_deploy_private dest=/home/ubuntu/.ssh/id_rsa force=yes owner=ubuntu group=ubuntu mode=600
- name: install read-only ssh key for mitx repo (public)
copy: src=secure/mitx_readonly_key.pub dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
copy: src=vars/secure/ssh_deploy_public dest=/home/ubuntu/.ssh/id_rsa.pub force=yes owner=ubuntu group=ubuntu mode=644
- name: install read-only ssh key for mitx repo (host github known)
copy: src=secure/known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
copy: src=vars/secure/ssh_deploy_known_hosts dest=/home/ubuntu/.ssh/known_hosts force=yes owner=ubuntu group=ubuntu mode=600
# Check out mitx repo to /opt/wwc
- name: set permissions on /opt/wwc sgid for edx
......
playbooks/vars/secure/.gitignore 0 → 100644
# Ignore git deployment ssh keys, which should never be checked into source
# control.
ssh_deploy*
playbooks/vars/secure/users.yml
......@@ -5,7 +5,8 @@ admin_users:
- user: joe
email: joe@example.com
groups:
- adm
# But at least one group must be defined
- adm
admin_keys:
- user: joe
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment