Skip to content

C
configuration
Commit a07e3d1d by Vik Paruchuri
Options

Merge remote-tracking branch 'origin/master' into vik/ml-api 

Conflicts:
	playbooks/roles/common/tasks/edx_logging_base.yml
	playbooks/roles/common/tasks/main.yml
parents 102d6e53 2c81bf2a
Showing with 443 additions and 341 deletions
playbooks/edxapp_custom.yml deleted 100644 → 0
- hosts: tag_Group_edxapp_custom
sudo: True
vars_files:
# using conditional loading to override defaults for site-specific installs
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/edxapp_custom_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_stage_users.yml"
roles:
- common
- nginx
- gunicorn
- lms
- ruby
- npm
playbooks/edxapp_prod.yml playbooks/edxapp_ref.yml
- hosts: tag_Group_edxapp_prod
- hosts: tag_Group_edxapp_ref
sudo: True
vars_files:
- "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_prod_users.yml"
- "{{ secure_dir }}/vars/edxapp_ref_vars.yml"
- "{{ secure_dir }}/vars/edxapp_ref_users.yml"
roles:
- common
- nginx
- gunicorn
- lms
- cms
- lms-preview
- ruby
- npm
# run this role last
......
playbooks/edxapp_stage.yml deleted 100644 → 0
- hosts: tag_Group_edxapp_stage
sudo: True
vars_files:
- "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
- "{{ secure_dir }}/vars/users.yml"
- "{{ secure_dir }}/vars/edxapp_stage_users.yml"
roles:
- common
- nginx
- gunicorn
- lms
- ruby
- npm
playbooks/group_vars/tag_Group_anothermulti deleted 100644 → 0
---
# this path is relative to the playbook dir
secure_dir: '../../configuration-secure/ansible'
playbooks/group_vars/tag_Group_edxapp_prod deleted 100644 → 0
---
edxapp_prod: true
secure_dir: '../../configuration-secure/ansible'
\ No newline at end of file
playbooks/roles/cms/tasks/main.yml
......@@ -4,16 +4,18 @@
# - nginx/tasks/main.yml
---
- name: create cms application config
template: src=env.json.j2 dest=$app_base_dir/cms.env.json mode=644
template: src=env.json.j2 dest=$app_base_dir/cms.env.json mode=640 owner=www-data group=adm
tags:
- cms-env
- cms
- update
- name: create cms auth file
template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json mode=644
template: src=auth.json.j2 dest=$app_base_dir/cms.auth.json mode=640 owner=www-data group=adm
tags:
- cms-env
- cms
- update
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=cms
......@@ -25,6 +27,7 @@
- cms
- cms-env
- logging
- update
# If we set up CMS, we have to set up edx logging
- include: ../../common/tasks/edx_logging_base.yml
......
playbooks/roles/cms/vars/main.yml
# variables common to the cms role, automatically loaded
# when the role is included
---
cms_auth_config:
'CONTENTSTORE':
'ENGINE': 'xmodule.contentstore.mongo.MongoContentStore'
'MODULESTORE':
'default':
'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
cms_env_config:
'CACHES':
'default':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'mongo_metadata_inheritance':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'TIMEOUT': 300
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'staticfiles':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'LOG_DIR': '{{log_base_dir}}/edx'
'LOGGING_ENV': 'cms-dev'
'SITE_NAME': 'studio.cms-dev.m.edx.org'
'SYSLOG_SERVER': 'syslog.a.m.i4x.org'
'LMS_BASE': 'cms-dev.m.edx.org'
'SESSION_COOKIE_DOMAIN': '.cms-dev.m.edx.org'
cms_auth_config: {}
cms_env_config: {}
playbooks/roles/common/tasks/create_users.yml
......@@ -5,6 +5,7 @@
tags:
- users
- admin_users
- update
- name: Add user 'ubuntu' to 'edx' group
# This is a temporary measure for initial configuration; after the last
......@@ -14,6 +15,7 @@
tags:
- users
- admin_users
- update
- name: Creating admin users
# Admin users, by definition, should be able to sudo w/ password, and read adm-only files
......@@ -24,6 +26,7 @@
tags:
- users
- admin_users
- update
- name: Copying ssh keys for admin users
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
......@@ -32,6 +35,7 @@
tags:
- users
- admin_users
- update
- name: Creating env users
user: name={{ item.user }} groups={{ ",".join(item.groups) }} shell=/bin/bash
......@@ -39,6 +43,7 @@
when: env_users is defined
tags:
- users
- update
- name: Copying ssh keys for env users
authorized_key: user={{ item.user }} key="{{lookup('file', item.path)}}"
......@@ -46,6 +51,7 @@
when: env_keys is defined
tags:
- users
- update
- name: Group adm passwordless sudo
copy: content="%adm ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/adm-group owner=root group=root mode=0440
......@@ -53,4 +59,5 @@
tags:
- users
- admin_users
- update
playbooks/roles/common/tasks/create_venv.yml
......@@ -4,22 +4,31 @@
easy_install: name=pip
tags:
- venv_base
- install
- name: pip install virtualenv
pip: name=virtualenv state=latest
sudo: True
tags:
- venv_base
- install
- name: pip install virtualenvwrapper
pip: name=virtualenvwrapper state=latest
sudo: True
tags:
- venv_base
- install
- name: create edx virtualenv directory
file: path=$venv_dir owner=ubuntu group=adm mode=2775 state=directory
sudo: True
tags:
- venv_base
- install
- name: create the edx virtualenv directory initial contents
command: /usr/local/bin/virtualenv $venv_dir creates=$venv_dir/bin/activate
tags:
- venv_base
- install
playbooks/roles/common/tasks/edx_logging_base.yml
......@@ -2,30 +2,30 @@
- name: Install rsyslog configuration for edX
template: dest=/etc/rsyslog.d/99-edx.conf src=edx_rsyslog.j2 owner=root group=root mode=644
notify: restart rsyslogd
sudo: True
tags:
- logging
- update
- name: Install logrotate configuration for edX
template: dest=/etc/logrotate.d/edx-services src=edx_logrotate.j2 owner=root group=root mode=644
sudo: True
tags:
- logging
- update
- name: Touch tracking file into existence
command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
sudo: True
command: touch -a {{log_base_dir}}/tracking.log creates={{log_base_dir}}/tracking.log
tags:
- logging
- update
- name: Set permissions on tracking file
file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=750
sudo: True
file: path={{log_base_dir}}/tracking.log owner=syslog group=adm mode=640
tags:
- logging
- update
- name: Install logrotate configuration for tracking file
template: dest=/etc/logrotate.d/tracking.log src=edx_logrotate_tracking_log.j2 owner=root group=root mode=644
sudo: True
tags:
- logging
- update
playbooks/roles/common/tasks/main.yml
---
- include: create_users.yml
- name: Create application root
# In the future consider making group edx r/t adm
file: path=$app_base_dir state=directory owner=root group=adm mode=2775
sudo: True
tags:
- pre_install
- update
- name: Create upload directory
file: path=$app_base_dir/uploads mode=2775 state=directory owner=root group=adm
sudo: True
tags:
- pre_install
- update
- name: Create data dir
file: path={{ app_base_dir }}/data state=directory owner=root group=root
sudo: True
tags:
- pre_install
- update
- name: Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present
apt: pkg={{item}} install_recommends=yes state=present update_cache=yes
sudo: True
with_items:
- ack-grep
- lynx-cur
......@@ -33,26 +33,27 @@
- tree
tags:
- pre_install
- update
- name: Create log directory
file: path=$log_base_dir state=directory mode=2770 group=adm owner=syslog
sudo: True
tags:
- pre_install
- update
- name: Create alias from app_base_dir to the log_base_dir
file: state=link src=$log_base_dir path=$app_base_dir/log
sudo: True
tags:
- pre_install
- logging
- update
- name: Create convenience link from log_base_dir to system logs
file: state=link src=/var/log path=$log_base_dir/system
sudo: True
tags:
- pre_install
- logging
- update
- name: Touch edx log file into place
# This is done for the benefit of the rake commands, which expect it
......@@ -60,16 +61,17 @@
tags:
- pre_install
- logging
- install
- name: Set permissions on edx log file
# This is done for the benefit of the rake commands, which expect it
file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=770
sudo: True
file: path={{log_base_dir}}/edx.log owner=syslog group=adm mode=640
tags:
- pre_install
- logging
- update
- include: create_venv.yml
- include: edx_logging_base.yml
- include: software_update.yml
\ No newline at end of file
- include: software_update.yml
playbooks/roles/common/tasks/software_update.yml
......@@ -3,4 +3,5 @@
copy: src=roles/common/files/edx-update.sh dest=/usr/local/bin/edx-update.sh owner=ubuntu group=adm mode=0775
sudo: True
tags:
- release
- update
playbooks/roles/gunicorn/handlers/main.yml 0 → 100644
---
- name: restart lms
service: name=lms state=restarted
sudo: True
- name: restart cms
service: name=cms state=restarted
sudo: True
- name: restart lms-preview
service: name=lms-preview state=restarted
sudo: True
playbooks/roles/gunicorn/tasks/main.yml
......@@ -3,3 +3,4 @@
pip: name=gunicorn virtualenv="{{venv_dir}}" state=present
tags:
- gunicorn
- install
playbooks/roles/gunicorn/tasks/upstart.yml
......@@ -6,6 +6,8 @@
- "{{ local_dir }}/gunicorn/templates/{{ service_variant }}.conf.j2"
# seems like paths in first_available_file must be relative to the playbooks dir
- "roles/gunicorn/templates/{{ service_variant }}.conf.j2"
notify: restart {{ service_variant }}
tags:
- upstart
- gunicorn
- update
playbooks/roles/gunicorn/templates/cms.conf.j2
......@@ -17,8 +17,7 @@ env PORT=8010
env LANG=en_US.UTF-8
env DJANGO_SETTINGS_MODULE=cms.envs.aws
env SERVICE_VARIANT="cms"
chdir ${app_base_dir}/mitx
setuid www-data
......
playbooks/roles/gunicorn/templates/lms-preview.conf.j2 0 → 100644
# gunicorn
description "gunicorn server"
author "Calen Pennington <cpennington@mitx.mit.edu>"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 3 30
env PID=/var/tmp/lms.pid
#env NEW_RELIC_CONFIG_FILE=${app_base_dir}/newrelic.ini
#env NEWRELIC=${venv_dir}/bin/newrelic-admin
env WORKERS={{ ansible_processor_cores * 2 }}
env PORT=8020
env LANG=en_US.UTF-8
env DJANGO_SETTINGS_MODULE=lms.envs.aws
env SERVICE_VARIANT="lms-preview"
chdir ${app_base_dir}/mitx
setuid www-data
exec ${venv_dir}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath=${app_base_dir}/mitx lms.wsgi
post-start script
while true
do
if $(curl -s -i localhost:$PORT/heartbeat | egrep -q '200 OK'); then
break;
else
sleep 1;
fi
done
end script
playbooks/roles/gunicorn/templates/lms.conf.j2
......@@ -17,8 +17,7 @@ env PORT=8000
env LANG=en_US.UTF-8
env DJANGO_SETTINGS_MODULE=lms.envs.aws
env SERVICE_VARIANT="lms"
chdir ${app_base_dir}/mitx
setuid www-data
......
playbooks/roles/in_production/tasks/main.yml
......@@ -9,10 +9,30 @@
- name: Make sure LMS is running
service: name=lms state=started
tags:
- lms
- lms-env
- production
- update
- name: Make sure CMS is running
service: name=cms state=started
tags:
- cms
- cms-env
- production
- update
- name: Make sure LMS-preview is running
service: name=lms-preview state=started
tags:
- lms-preview
- lms-preview-env
- production
- update
- name: Disable HTTP Basic Auth on site
file: path=/etc/nginx/sites-enabled/basic-auth state=absent
notify: restart nginx
tags:
- production
- update
playbooks/roles/lms-preview/tasks/main.yml 0 → 100644
# requires:
# - group_vars/all
# - common/tasks/main.yml
# - nginx/tasks/main.yml
---
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms-preview.env.json mode=640 owner=www-data group=adm
tags:
- lms-preview
- lms-preview-env
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms-preview.auth.json mode=640 owner=www-data group=adm
tags:
- lms-preview
- lms-preview-env
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-preview-backend
# Creates LMS Preview upstart file
- include: ../../gunicorn/tasks/upstart.yml service_variant=lms-preview
playbooks/roles/lms-preview/templates/auth.json.j2 0 → 100644
{{ lms_preview_auth_config | to_nice_json }}
playbooks/roles/lms-preview/templates/env.json.j2 0 → 100644
{{ lms_preview_env_config | to_nice_json }}
playbooks/roles/lms/tasks/main.yml
......@@ -4,16 +4,18 @@
# - nginx/tasks/main.yml
---
- name: create lms application config
template: src=env.json.j2 dest=$app_base_dir/lms.env.json
template: src=env.json.j2 dest=$app_base_dir/lms.env.json mode=640 owner=www-data group=adm
tags:
- lms
- lms-env
- update
- name: create lms auth file
template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json
template: src=auth.json.j2 dest=$app_base_dir/lms.auth.json mode=640 owner=www-data group=adm
tags:
- lms
- lms-env
- update
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms
- include: ../../nginx/tasks/nginx_site.yml state=link site_name=lms-backend
......@@ -24,6 +26,7 @@
- cms
- lms
- lms-env
- update
- name: Create lms log target directory
file: path={{log_base_dir}}/lms state=directory owner=syslog group=adm mode=2770
......@@ -31,6 +34,7 @@
- lms
- lms-env
- logging
- update
# If we set up LMS, we have to set up edx logging
- include: ../../common/tasks/edx_logging_base.yml
......@@ -45,12 +49,14 @@
tags:
- lms
- cms
- update
- name: upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
tags:
- lms
- cms
- update
# Check out mitx repo to $app_base_dir
- name: install git and its recommends
......@@ -58,13 +64,15 @@
tags:
- lms
- cms
- name: git checkout mitx repo into $app_base_dir
git: dest={{app_base_dir}}/mitx repo={{lms_source_repo}}
- name: git checkout edx-platform repo into $app_base_dir
git: dest={{platform_code_dir}} repo={{lms_source_repo}}
environment:
GIT_SSH: /tmp/git_ssh.sh
tags:
- lms
- cms
- install
## Install the debian package requirements system-wide
- name: store remote apt_repos list for ansible use
......@@ -73,6 +81,8 @@
tags:
- lms
- cms
- install
- name: add apt_repos to the remote hosts
apt_repository: repo="$item"
with_items: "{{apt_repos_list.stdout.split()}}"
......@@ -81,6 +91,8 @@
tags:
- lms
- cms
- install
- name: update apt cache (if necessary)
apt: update_cache=yes
sudo: True
......@@ -88,18 +100,23 @@
tags:
- lms
- cms
- install
- name: store remote apt_packages list for ansible use
command: cat {{app_base_dir}}/mitx/apt-packages.txt
register: apt_packages_list
tags:
- lms
- cms
- install
- name: install a bunch of system packages on which LMS and CMS rely
apt: pkg={{item}} state=present
with_items: lms_debian_pkgs
tags:
- lms
- cms
- install
# Install the python requirements into $venv_dir
- name : install python pre-requirements
......@@ -107,6 +124,7 @@
tags:
- lms
- cms
- install
# Install the python modules into $venv_dir
- name : install python packages using the shell
......@@ -118,6 +136,7 @@
tags:
- lms
- cms
- install
# Creates LMS upstart file
- include: ../../gunicorn/tasks/upstart.yml service_variant=lms
playbooks/roles/lms/vars/main.yml
# variables common to the lms role, automatically loaded
# when the role is included
---
lms_auth_config:
'CONTENTSTORE':
'ENGINE': 'xmodule.contentstore.mongo.MongoContentStore'
'MODULESTORE':
'default':
'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
lms_env_config:
'CACHES':
'default':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'general':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'mongo_metadata_inheritance':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'TIMEOUT': 300
'staticfiles':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'CERT_QUEUE': 'certificates'
# 'COURSE_LISTINGS':
# 'default': ['MITx/6.002x/2012_Fall']
# 'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
# 'stage-harvard': [ 'HarvardX/CS50/2012H']
# 'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
# 'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
# 'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
'LOCAL_LOGLEVEL': 'INFO'
# 'META_UNIVERSITIES':
# 'UTx': [ 'UTAustinX']
'MITX_FEATURES':
'AUTH_USE_OPENID_PROVIDER': true
'CERTIFICATES_ENABLED': true
'ENABLE_DISCUSSION_SERVICE': true
'ENABLE_INSTRUCTOR_ANALYTICS': true
'ENABLE_PEARSON_HACK_TEST': false
'SUBDOMAIN_BRANDING': false
'SUBDOMAIN_COURSE_LISTINGS': false
# 'SUBDOMAIN_BRANDING':
# 'stage-berkeley': 'BerkeleyX'
# 'stage-harvard': 'HarvardX'
# 'stage-mit': 'MITx'
# 'stage-num': 'MITx'
# 'stage-sjsu': 'MITx'
# 'VIRTUAL_UNIVERSITIES': []
'WIKI_ENABLED': true
lms_source_repo: git@github.com:edx/mitx.git
lms_auth_config: {}
lms_env_config: {}
lms_source_repo: git@github.com:edx/edx-platform.git
lms_debian_pkgs:
- apparmor-utils
- aspell
......
playbooks/roles/nginx/tasks/main.yml
......@@ -6,45 +6,58 @@
notify: restart nginx
tags:
- nginx
# removing default link
- name: Removing default nginx config (enabled)
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
tags:
- nginx
- name: Removing default nginx config (available)
file: path=/etc/nginx/sites-available/default state=absent
tags:
- nginx
- install
# Standard configuration that is common across all roles
# Default values for these variables are set in group_vars/all
# Note: remove spaces in {{..}}, otherwise you will get a template parsing error.
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.edx_release}} site_name=edx-release
- include: nginx_site.yml state={{nginx_cfg.sites_enabled.basic_auth}} site_name=basic-auth
# Default htpassword file, required for basic auth
- copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
- name: Write out default htpasswd file
copy: content={{ nginx_cfg.htpasswd }} dest=/etc/nginx/nginx.htpasswd
tags:
- nginx
- update
- name: Create nginx log file location (just in case)
file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
tags:
- nginx
- logging
- update
# removing default link
- name: Removing default nginx config and restart (enabled)
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
tags:
- nginx
- update
- name: Ensuring that nginx is running
service: name=nginx state=started
tags:
- nginx
- update
- name: Create nginx log file location (just in case)
file: path={{log_base_dir}}/nginx state=directory owner=syslog group=adm mode=2770
# Note that nginx logs to /var/log until it reads its configuration, so /etc/logrotate.d/nginx is still good
- name: Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
tags:
- nginx
- logging
- update
- name: Set up nginx access log rotation
template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
tags:
- logging
- update
- name: Removing default nginx config (available)
file: path=/etc/nginx/sites-available/default state=absent
tags:
- nginx
- update
# Commented out until default config has nginx log to {{log_base_dir}}/nginx
# and also until default logrotate task 'nginx' gets removed
###
#- name: Set up nginx access log rotation
# template: dest=/etc/logrotate.d/nginx-access src=edx_logrotate_nginx_access.j2 owner=root group=root mode=644
# tags:
# - logging
#
#- name: Set up nginx access log rotation
# template: dest=/etc/logrotate.d/nginx-error src=edx_logrotate_nginx_error.j2 owner=root group=root mode=644
# tags:
# - logging
playbooks/roles/nginx/tasks/nginx_site.yml
......@@ -12,6 +12,7 @@
- lms
- cms
- nginx-env
- update
- name: Creating nginx config link {{ site_name }}
file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
......@@ -21,3 +22,4 @@
- lms
- cms
- nginx-env
- update
playbooks/roles/nginx/templates/cms.j2
......@@ -5,13 +5,13 @@ server {
server_name trace-cms.*
studio.lms-dev.m.edx.org;
access_log {{log_base_dir}}/nginx/access.log;
error_log {{log_base_dir}}/nginx/error.log error;
#
# Send error response when request host isn't under our control
# We will no longer respond to proxy attempts like this with
# anything.
# curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
#
set $reject 'no';
......
playbooks/roles/nginx/templates/edx_logrotate_nginx_access.j2
# Put in place by ansible
{{log_base_dir}}/nginx/access.log {
create
compress
......
playbooks/roles/nginx/templates/edx_logrotate_nginx_error.j2
# Put in place by ansible
{{log_base_dir}}/nginx/error.log {
create
compress
......
playbooks/roles/nginx/templates/lms-preview-backend.j2 0 → 100644
upstream lms-preview-backend {
# For a TCP configuration:
server 127.0.0.1:8020 fail_timeout=0;
}
playbooks/roles/nginx/templates/lms-preview.j2 0 → 100644
server {
# LMS-preview configuration file for nginx, templated by ansible
listen 80;
server_name trace-lms-preview.*
preview.lms-dev.m.edx.org;
#
# Send error response when request host isn't under our control
# We will no longer respond to proxy attempts like this with
# anything.
# curl -i -A '' -x http://www.edx.org:80 --proxy-negotiate -U u:p -u u:p http://chat.sdtz.com
#
set $reject 'no';
#if ($host !~* (edx.org|edxonline.org)$ ) {
# set $reject 'yes';
#}
if ($request_uri ~ ^(/heartbeat)$) {
set $reject 'no';
}
if ( $reject = 'yes' ) {
return 444;
}
# CS184 requires uploads of up to 4MB for submitting screenshots.
# CMS requires larger value for course assest, values provided
# via hiera.
client_max_body_size 4M;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
location @proxy_to_lms-preview_app {
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://lms-preview-backend;
}
location / {
try_files $uri @proxy_to_lms-preview_app;
}
# No basic auth security on the github_service_hook url, so that github can use it for cms
location /github_service_hook {
try_files $uri @proxy_to_lms-preview_app;
}
# No basic auth security on the heartbeat url, so that ELB can use it
location /heartbeat {
try_files $uri @proxy_to_lms-preview_app;
}
# Check security on this
location ~ /static/(?P<file>.*) {
root {{app_base_dir}};
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
# in the staticfiles directory
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
return 403;
}
# Set django-pipelined files to maximum cache time
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
expires max;
# Without this try_files, files that have been run through
# django-pipeline return 404s
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Expire other static files immediately (there should be very few / none of these)
expires epoch;
}
# Forward to HTTPS if we're an HTTP request...
if ($http_x_forwarded_proto = "http") {
set $do_redirect "true";
}
# Run our actual redirect...
if ($do_redirect = "true") {
rewrite ^ https://$host$request_uri? permanent;
}
# Monitoring support for datadog.
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1/32;
deny all;
}
}
playbooks/roles/nginx/templates/lms.j2
......@@ -3,7 +3,9 @@ server {
listen 80;
server_name *.edx.org
server_name *.edx.org;
access_log {{log_base_dir}}/nginx/access.log;
error_log {{log_base_dir}}/nginx/error.log error;
#
# Send error response when request host isn't under our control
......
playbooks/roles/npm/tasks/main.yml
......@@ -6,9 +6,11 @@
apt: pkg=nodejs state=present install_recommends=no
tags:
- npm
- install
- name: Install mitx npm dependencies
shell: npm install chdir=${app_base_dir}/mitx
tags:
- npm
- update
playbooks/roles/ruby/tasks/main.yml
......@@ -4,10 +4,14 @@
user: name=www state=present
tags:
- ruby
- update
- name: Create ruby base
file: path=$ruby_base state=directory owner=www group=www
tags:
- ruby
- update
- name: rbenv | install build depends
apt: pkg=$item state=present install_recommends=no
with_items:
......@@ -22,21 +26,25 @@
- zlib1g-dev
tags:
- ruby
- install
- name: rbenv | update rbenv repo
git: repo=git://github.com/sstephenson/rbenv.git dest=$rbenv_root version=v0.4.0
tags:
- ruby
- install
- name: rbenv | add rbenv to path
file: path=/usr/local/bin/rbenv src=${rbenv_root}/bin/rbenv state=link
tags:
- ruby
- update
- name: rbenv | add rbenv initialization to profile
template: src=rbenv.sh.j2 dest=/etc/profile.d/rbenv.sh owner=root group=root mode=0755
tags:
- ruby
- update
- name: rbenv | check ruby-build installed
command: test -x /usr/local/bin/ruby-build
......@@ -44,6 +52,7 @@
ignore_errors: yes
tags:
- ruby
- install
- name: rbenv | create temporary directory
command: mktemp -d
......@@ -51,24 +60,28 @@
when_failed: $rbuild_present
tags:
- ruby
- install
- name: rbenv | clone ruby-build repo
git: repo=git://github.com/sstephenson/ruby-build.git dest=${tempdir.stdout}/ruby-build
when_failed: $rbuild_present
tags:
- ruby
- install
- name: rbenv | install ruby-build
command: ./install.sh chdir=${tempdir.stdout}/ruby-build
when_failed: $rbuild_present
tags:
- ruby
- install
- name: rbenv | remove temporary directory
file: path=${tempdir.stdout} state=absent
when_failed: $rbuild_present
tags:
- ruby
- install
- name: rbenv | check ruby $ruby_version installed
shell: RBENV_ROOT=${rbenv_root} rbenv versions | grep $ruby_version
......@@ -76,31 +89,37 @@
ignore_errors: yes
tags:
- ruby
- install
- name: rbenv | install ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
when_failed: $ruby_installed
tags:
- ruby
- install
- name: rbenv | set global ruby $ruby_version
shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
when_failed: $ruby_installed
tags:
- ruby
- install
- name: rbenv | rehash
shell: RBENV_ROOT=${rbenv_root} rbenv rehash
when_failed: $ruby_installed
tags:
- ruby
- install
- name: gem | gem install bundler
shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${rbenv_root}/shims/gem install bundle chdir=${app_base_dir}/mitx
tags:
- ruby
- install
- name: bundle | bundle install
shell: RBENV_ROOT=${rbenv_root} GEM_HOME=${gem_home} ${gem_home}/bin/bundle install --binstubs chdir=${app_base_dir}/mitx
tags:
- ruby
- install
playbooks/secure_example/vars/edxapp_prod_users.yml deleted 100644 → 0
---
# these user lists cannot be merged
# because they are not hashes
env_users: []
env_keys: []
\ No newline at end of file
playbooks/secure_example/vars/users.yml playbooks/secure_example/vars/edxapp_ref_users.yml
---
# these user lists cannot be merged
# because they are not hashes
env_users: []
env_keys: []
# administrator accounts, added to all roles
# The create_users role task automatically adds all these users to the
# 'adm' and 'edx' system groups
......@@ -10,4 +18,4 @@ admin_users:
admin_keys:
- user: joe
path: "{{ secure_dir }}/keys/joe.key"
path: "{{ secure_dir }}/keys/joe.key"
playbooks/secure_example/vars/edxapp_prod_vars.yml playbooks/secure_example/vars/edxapp_ref_vars.yml
---
lms_auth_config:
#Use YAML references (& and *) and hash merge <<: to factor out shared settings
#see http://atechie.net/2009/07/merging-hashes-in-yaml-conf-files/
lms_auth_config: &lms_auth
'ANALYTICS_API_KEY': 'hidden-prod'
'AWS_ACCESS_KEY_ID': 'hidden-prod'
'AWS_SECRET_ACCESS_KEY': 'hidden-prod'
'CONTENTSTORE':
'ENGINE': 'xmodule.contentstore.mongo.MongoContentStore'
'OPTIONS':
'db': 'hidden-prod'
'host': [ 'hidden-prod', 'hidden-prod']
......@@ -17,7 +20,8 @@ lms_auth_config:
'USER': 'hidden-prod'}
'MODULESTORE':
'default':
'OPTIONS':
'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
'OPTIONS': &lms_modulestore_default_options
'collection': 'hidden-prod'
'db': 'hidden-prod'
'default_class': 'hidden-prod'
......@@ -39,7 +43,34 @@ lms_auth_config:
'username': 'hidden-prod'}
'url': 'hidden-prod'
lms_env_config:
lms_env_config: &lms_env
'CERT_QUEUE': 'certificates'
# 'COURSE_LISTINGS':
# 'default': ['MITx/6.002x/2012_Fall']
# 'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
# 'stage-harvard': [ 'HarvardX/CS50/2012H']
# 'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
# 'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
# 'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
'LOCAL_LOGLEVEL': 'INFO'
# 'META_UNIVERSITIES':
# 'UTx': [ 'UTAustinX']
'MITX_FEATURES':
'AUTH_USE_OPENID_PROVIDER': true
'CERTIFICATES_ENABLED': true
'ENABLE_DISCUSSION_SERVICE': true
'ENABLE_INSTRUCTOR_ANALYTICS': true
'ENABLE_PEARSON_HACK_TEST': false
'SUBDOMAIN_BRANDING': false
'SUBDOMAIN_COURSE_LISTINGS': false
# 'SUBDOMAIN_BRANDING':
# 'stage-berkeley': 'BerkeleyX'
# 'stage-harvard': 'HarvardX'
# 'stage-mit': 'MITx'
# 'stage-num': 'MITx'
# 'stage-sjsu': 'MITx'
# 'VIRTUAL_UNIVERSITIES': []
'WIKI_ENABLED': true
'SYSLOG_SERVER': 'hidden-prod'
'SITE_NAME': 'hidden-prod'
'LOG_DIR': 'hidden-prod'
......@@ -51,20 +82,29 @@ lms_env_config:
'ADMINS' :
- ['name', 'email']
'TIME_ZONE': 'America/New_York'
'CACHES':
'CACHES': &lms_caches
'default':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'general':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'mongo_metadata_inheritance':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'TIMEOUT': 300
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'staticfiles':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
......@@ -74,6 +114,11 @@ lms_env_config:
'COMMENTS_SERVICE_KEY': 'hidden-prod'
cms_auth_config:
'CONTENTSTORE':
'ENGINE': 'xmodule.contentstore.mongo.MongoContentStore'
'MODULESTORE':
'default':
'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
'AWS_ACCESS_KEY_ID': 'hidden-prod'
'AWS_SECRET_ACCESS_KEY': 'hidden-prod'
'CONTENTSTORE':
......@@ -118,30 +163,53 @@ cms_auth_config:
cms_env_config:
'CACHES':
'default':
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'general':
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'mongo_metadata_inheritance':
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'TIMEOUT': 300
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'staticfiles':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'KEY_PREFIX': 'cms.edx.org'
'LOCATION': [ "deploycache-large.foo-bar.amazonaws.com:11211" ]
'general':
'KEY_PREFIX': 'hidden-prod'
'LOCATION': [ 'hidden-prod',
'hidden-prod']
'LOG_DIR': 'hidden-prod'
'LOGGING_ENV': 'hidden-prod'
'SITE_NAME': 'hidden-prod'
'SYSLOG_SERVER': 'hidden-prod'
'LMS_BASE': 'hidden-prod'
'SESSION_COOKIE_DOMAIN': 'hidden-prod'
'LOG_DIR': '{{log_base_dir}}/edx'
'LOGGING_ENV': 'cms-dev'
'SITE_NAME': 'studio.cms-dev.m.edx.org'
'SYSLOG_SERVER': 'syslog.a.m.i4x.org'
'LMS_BASE': 'cms-dev.m.edx.org'
'SESSION_COOKIE_DOMAIN': '.cms-dev.m.edx.org'
'SEGMENT_IO_KEY': 'hidden-prod'
'MITX_FEATURES':
'DISABLE_COURSE_CREATION': false
'SEGMENT_IO': false
lms_preview_auth_config:
<<: *lms_auth
'MODULESTORE':
'default':
'ENGINE': 'xmodule.modulestore.mongo.DraftMongoModuleStore'
'OPTIONS': *lms_modulestore_default_options
lms_preview_env_config:
<<: *lms_env
'SITE_NAME': 'preview.class.stanford.edu'
'COMMENTS_SERVICE_KEY': false
'CACHES':
<<: *lms_caches
'general':
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_PREFIX': 'preview.edx.org'
'KEY_FUNCTION': 'util.memcache.safe_key'
'LOCATION': [ 'vpc-974dbeff-cache.oyg26r.0001.usw1.cache.amazonaws.com:12345',
'vpc-974dbeff-cache.oyg26r.0002.usw1.cache.amazonaws.com:12345' ]
playbooks/secure_example/vars/edxapp_stage_users.yml deleted 100644 → 0
# these user lists cannot be merged
# because they are not hashes
env_users:
- user: frank
email: frank@example.com
groups:
- adm
env_keys:
- user: frank
path: "{{ secure_dir }}/keys/frank.key"
playbooks/secure_example/vars/edxapp_stage_vars.yml deleted 100644 → 0
---
lms_auth_config:
'ANALYTICS_API_KEY': 'hidden-stage'
'AWS_ACCESS_KEY_ID': 'hidden-stage'
'AWS_SECRET_ACCESS_KEY': 'hidden-stage'
'CONTENTSTORE':
'OPTIONS':
'db': 'hidden-stage'
'host': [ 'hidden-stage', 'hidden-stage']
'password': 'hidden-stage'
'port': 0000
'user': 'hidden-stage'
'DATABASES':
'default': { 'ENGINE': 'hidden-stage',
'HOST': 'hidden-stage', 'NAME': 'hidden-stage',
'PASSWORD': 'hidden-stage', 'PORT': 0000,
'USER': 'hidden-stage'}
'MODULESTORE':
'default':
'OPTIONS':
'collection': 'hidden-stage'
'db': 'hidden-stage'
'default_class': 'hidden-stage'
'fs_root': 'hidden-stage'
'host': [ 'hidden-stage', 'hidden-stage']
'password': 'hidden-stage'
'port': 0000
'render_template': 'hidden-stage'
'user': 'hidden-stage'
'OPEN_ENDED_GRADING_INTERFACE': { 'hidden-stage': 'hidden-stage',
'password': 'hidden-stage', 'hidden-stage': 'hidden-stage',
'staff_grading': 'hidden-stage', 'hidden-stage': 'hidden-stage',
'username': 'hidden-stage'}
'PEARSON_TEST_PASSWORD': 'hidden-stage'
'SECRET_KEY': 'hidden-stage'
'XQUEUE_INTERFACE':
'basic_auth': [ 'hidden-stage', 'hidden-stage']
'django_auth': { 'password': 'hidden-stage',
'username': 'hidden-stage'}
'url': 'hidden-stage'
lms_env_config:
'SYSLOG_SERVER': 'hidden-stage'
'SITE_NAME': 'hidden-stage'
'LOG_DIR': 'hidden-stage'
'MEDIA_URL': 'hidden-stage'
'BOOK_URL': 'hidden-stage'
'ANALYTICS_SERVER_URL': 'hidden-stage'
'DEFAULT_FROM_EMAIL': 'hidden-stage'
'DEFAULT_FEEDBACK_EMAIL': 'hidden-stage'
'ADMINS' :
- ['name', 'email']
'TIME_ZONE': 'America/New_York'
'CACHES':
'default':
'KEY_PREFIX': 'hidden-stage'
'LOCATION': [ 'hidden-stage',
'hidden-stage']
'general':
'KEY_PREFIX': 'hidden-stage'
'LOCATION': [ 'hidden-stage',
'hidden-stage']
'mongo_metadata_inheritance':
'KEY_PREFIX': 'hidden-stage'
'LOCATION': [ 'hidden-stage',
'hidden-stage']
'staticfiles':
'KEY_PREFIX': 'hidden-stage'
'LOCATION': [ 'hidden-stage',
'hidden-stage']
'COMMENTS_SERVICE_URL': 'hidden-stage'
'LOGGING_ENV': 'hidden-stage'
'SESSION_COOKIE_DOMAIN': 'hidden-stage'
'COMMENTS_SERVICE_KEY': 'hidden-stage'
playbooks/vars/lms_vars.yml deleted 100644 → 0
---
lms_auth_config:
'CONTENTSTORE':
'ENGINE': 'xmodule.contentstore.mongo.MongoContentStore'
'MODULESTORE':
'default':
'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
lms_env_config:
'CACHES':
'default':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'general':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'mongo_metadata_inheritance':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'TIMEOUT': 300
'staticfiles':
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'KEY_FUNCTION': 'util.memcache.safe_key'
'CERT_QUEUE': 'certificates'
'COURSE_LISTINGS':
'default': ['MITx/6.002x/2012_Fall']
'stage-berkeley': [ 'BerkeleyX/CS169/fa12']
'stage-harvard': [ 'HarvardX/CS50/2012H']
'stage-mit': [ 'MITx/3.091/MIT_2012_Fall']
'stage-num': [ 'MITx/6.002x-NUM/2012_Fall_NUM']
'stage-sjsu': [ 'MITx/6.002x-EE98/2012_Fall_SJSU']
'LOCAL_LOGLEVEL': 'INFO'
'META_UNIVERSITIES':
'UTx': [ 'UTAustinX']
'MITX_FEATURES': { 'AUTH_USE_OPENID_PROVIDER': true,
'CERTIFICATES_ENABLED': true, 'ENABLE_DISCUSSION_SERVICE': true,
'ENABLE_INSTRUCTOR_ANALYTICS': true, 'ENABLE_PEARSON_HACK_TEST': true,
'SUBDOMAIN_BRANDING': true, 'SUBDOMAIN_COURSE_LISTINGS': true}
'SUBDOMAIN_BRANDING': { 'stage-berkeley': 'BerkeleyX',
'stage-harvard': 'HarvardX', 'stage-mit': 'MITx',
'stage-num': 'MITx', 'stage-sjsu': 'MITx'}
'VIRTUAL_UNIVERSITIES': []
'WIKI_ENABLED': true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment