Merge pull request #1349 from edx/cg/xqwatcher_fixes

Several fixes to xqwatcher role

playbooks/roles/xqwatcher/defaults/main.yml

@@ -19,6 +19,7 @@ XQWATCHER_COURSES:
   - COURSE: "exampleX-101x"
     GIT_REPO: "git@github.com:foo/graders-exampleX-101x.git"
     GIT_REF: "master"
+    PYTHON_REQUIREMENTS: []
     QUEUE_NAME: "exampleX-101x"
     QUEUE_CONFIG:
       SERVER: "https://xqueue.example.com"
@@ -35,6 +36,7 @@ XQWATCHER_COURSES:
   - COURSE: "exampleX-202x"
     GIT_REPO: "git@github.com:foo/graders-exampleX-202x.git"
     GIT_REF: "master"
+    PYTHON_REQUIREMENTS: []
     QUEUE_NAME: "exampleX-202x"
     QUEUE_CONFIG:
       SERVER: "https://xqueue.example.com"
@@ -68,12 +70,11 @@ xqwatcher_user: "xqwatcher"
 xqwatcher_module: "xqueue_watcher"
 
 xqwatcher_app_dir: "{{ COMMON_APP_DIR }}/{{ xqwatcher_service_name }}"
-xqwatcher_home: "{{ COMMON_APP_DIR }}/{{ xqwatcher_service_name }}"
-xqwatcher_venv_base: "{{ xqwatcher_home }}/venvs"
+xqwatcher_app_data: "{{ xqwatcher_app_dir }}/data"
+xqwatcher_venv_base: "{{ xqwatcher_app_dir }}/venvs"
 xqwatcher_venv_dir: "{{ xqwatcher_venv_base }}/{{ xqwatcher_service_name }}"
 xqwatcher_code_dir: "{{ xqwatcher_app_dir }}/src"
-xqwatcher_conf_dir: "{{ xqwatcher_home }}"
-xqwatcher_data_dir: "{{ xqwatcher_home }}/data"
+xqwatcher_conf_dir: "{{ xqwatcher_app_dir }}"
 
 xqwatcher_source_repo: "git@{{ COMMON_GIT_MIRROR }}:edx/xqueue-watcher.git"
 xqwatcher_git_ssh_opts: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i {{ xqwatcher_git_identity }}"
@@ -87,6 +88,7 @@ xqwatcher_log_dir: "{{ COMMON_LOG_DIR }}/{{ xqwatcher_service_name }}"
 # supervisor related config
 #
 xqwatcher_supervisor_app_dir: "{{ xqwatcher_app_dir }}/supervisor"
+xqwatcher_supervisor_http_port: 9003
 xqwatcher_supervisor_data_dir: "{{ COMMON_DATA_DIR }}/{{ xqwatcher_service_name }}"
 xqwatcher_supervisor_log_dir: "{{ xqwatcher_log_dir }}"
 xqwatcher_supervisor_venv_dir: "{{ xqwatcher_venv_base }}/supervisor"

playbooks/roles/xqwatcher/meta/main.yml

@@ -24,4 +24,4 @@ dependencies:
     supervisor_service_user: "{{ xqwatcher_supervisor_user }}"
     supervisor_available_dir: "{{ xqwatcher_supervisor_available_dir }}"
     supervisor_service: "supervisor.xqwatcher"
-    supervisor_http_bind_port: '9003'
+    supervisor_http_bind_port: "{{ xqwatcher_supervisor_http_port }}"

playbooks/roles/xqwatcher/tasks/code_jail.yml

@@ -44,13 +44,13 @@
 - name: write out requirements.txt
   template: >
     src=edx/app/xqwatcher/data/requirements.txt.j2
-    dest={{ xqwatcher_data_dir }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
+    dest={{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt
     mode=0440 owner=root group=root
   with_items: XQWATCHER_COURSES
 
 - name : install course specific python requirements
   pip: >
-    requirements="{{ xqwatcher_data_dir }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
+    requirements="{{ xqwatcher_app_data }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}-requirements.txt"
     virtualenv="{{ xqwatcher_venv_base }}/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
     state=present
     extra_args="{{ XQWATCHER_PIP_EXTRA_ARGS }}"
@@ -74,9 +74,10 @@
 # environment where untrusted users can submit code
 - name: put code jail into aa-complain
   command: /usr/sbin/aa-complain "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  when: CODE_JAIL_COMPLAIN
+  when: CODE_JAIL_COMPLAIN|bool
   with_items: XQWATCHER_COURSES
 
 - name: put code sandbox into aa-enforce
   command: /usr/sbin/aa-enforce "/etc/apparmor.d/code.jail.{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}"
-  when: CODE_JAIL_COMPAIN is not defined | not CODE_JAIL_COMPLAIN
\ No newline at end of file
+  when: not CODE_JAIL_COMPLAIN|bool
+  with_items: XQWATCHER_COURSES

playbooks/roles/xqwatcher/tasks/deploy_courses.yml

@@ -4,7 +4,7 @@
 
 - name: checkout grader code
   git: >
-    dest={{ xqwatcher_data_dir }}/{{ item.COURSE }} repo={{ item.GIT_REPO }}
+    dest={{ xqwatcher_app_data }}/{{ item.COURSE }} repo={{ item.GIT_REPO }}
     version={{ item.GIT_REF }}
     ssh_opts="{{ xqwatcher_git_ssh_opts }}"
   with_items: XQWATCHER_COURSES

playbooks/roles/xqwatcher/tasks/main.yml

@@ -48,6 +48,7 @@
 #   - COURSE: "exampleX-101x"
 #     GIT_REPO: "git@github.com:foo/graders-exampleX-101x.git"
 #     GIT_REF: "master"
+#     PYTHON_REQUIREMENTS: []
 #     QUEUE_NAME: "exampleX-101x"
 #     QUEUE_CONFIG:
 #       SERVER: "https://xqueue.example.com"
@@ -64,6 +65,7 @@
 #   - COURSE: "exampleX-202x"
 #     GIT_REPO: "git@github.com:foo/graders-exampleX-202x.git"
 #     GIT_REF: "master"
+#     PYTHON_REQUIREMENTS: []
 #     QUEUE_NAME: "exampleX-202x"
 #     QUEUE_CONFIG:
 #       SERVER: "https://xqueue.example.com"
@@ -84,8 +86,6 @@
 #   -----END RSA PRIVATE KEY-----
 #
 
-- include: code_jail.yml CODE_JAIL_COMPLAIN=false
-
 - name: create conf dir
   file: >
     path="{{ xqwatcher_conf_dir }}"
@@ -100,4 +100,13 @@
     owner="{{ xqwatcher_user }}"
     group="{{ xqwatcher_user }}"
 
+- name: create app data dir
+  file: >
+    path="{{ xqwatcher_app_data }}"
+    state=directory
+    owner="{{ xqwatcher_user }}"
+    group="{{ xqwatcher_user }}"
+
+- include: code_jail.yml CODE_JAIL_COMPLAIN=false
+
 - include: deploy.yml tags=deploy

playbooks/roles/xqwatcher/templates/edx/app/supervisor/conf.d/xqwatcher.conf.j2

@@ -7,7 +7,7 @@
 {% set executable = xqwatcher_venv_dir + '/bin/python' %}
 {% endif %}
 
-[program:xqwatcher_service_name]
+[program:{{ xqwatcher_service_name }}]
 command={{ executable }} -m {{ xqwatcher_module }} -d {{ xqwatcher_conf_dir }} 
 process_name=%(program_name)s
 user={{ xqwatcher_user }}