Merge pull request #830 from edx/jarv/automator-updates

Jarv/automator updates

Merge pull request #830 from edx/jarv/automator-updates
Jarv/automator updates
aaae8ec6 · John Jarvis · b02f1abd · fbba8fd4 · aaae8ec6 · aaae8ec6
Commit aaae8ec6 authored Feb 28, 2014 by John Jarvis
Showing with 28 additions and 8 deletions

playbooks/roles/edx_ansible/tasks/deploy.yml
+6 -0

playbooks/roles/edxapp/defaults/main.yml
+11 -5

playbooks/roles/edxapp/tasks/deploy.yml
+10 -2

playbooks/roles/user/tasks/main.yml
+1 -1

No files found.
--- a/playbooks/roles/edx_ansible/tasks/deploy.yml
+++ b/playbooks/roles/edx_ansible/tasks/deploy.yml
@@ -29,3 +29,9 @@
    src={{ edx_ansible_venv_bin }}/ansible-playbook
    dest={{ COMMON_BIN_DIR }}/ansible-playbook
    state=link
+- name: create a symlink for the playbooks dir
+  file: >
+    src={{ edx_ansible_code_dir }}/playbooks
+    dest={{ COMMON_CFG_DIR }}/playbooks
+    state=link
--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -127,12 +127,18 @@ EDXAPP_SANDBOX_ENFORCE: true
 # role.
 EDXAPP_AUTOMATOR_NAME: automator
 EDXAPP_AUTOMATOR_AUTHORIZED_KEYS: []
+# These are the commands allowed by the automator role.
+# The --settings parameter must be set at the end so that
+# is caught by the glob.
+# Example: sudo -u www-data /edx/bin/python.edxapp /edx/bin/manage.edxapp lms migrate --settings=aws
 EDXAPP_AUTOMATOR_SUDO_CMDS:
- "ALL=({{ common_web_user }})	NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py	migrate *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms migrate *"
- "ALL=({{ common_web_user }})	NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py	seed_permissions_roles *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp cms migrate *"
- "ALL=({{ common_web_user }})	NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py	set_staff *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms syncdb *"
- "ALL=({{ common_web_user }})	NOPASSWD:SETENV:{{ edxapp_venv_dir }}/bin/django-admin.py	transfer_students *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp cms syncdb *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms seed_permissions_roles *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms set_staff *"
+- "ALL=({{ common_web_user }})  NOPASSWD:SETENV:{{ COMMON_BIN_DIR }}/python.edxapp {{ COMMON_BIN_DIR }}/manage.edxapp lms transfer_students *"
 EDXAPP_USE_GIT_IDENTITY: false
 # Example: "{{ secure_dir }}/files/git-identity"

--- a/playbooks/roles/edxapp/tasks/deploy.yml
+++ b/playbooks/roles/edxapp/tasks/deploy.yml
@@ -322,14 +322,22 @@
  with_items: edxapp_workers
  sudo_user: "{{ supervisor_service_user }}"
- name: create a symlink for venv python
+- name: create symlinks from the venv bin dir
  file: >
    src="{{ edxapp_venv_bin }}/{{ item }}"
-    dest={{ COMMON_BIN_DIR }}/{{ item }}.edxapp
+    dest={{ COMMON_BIN_DIR }}/{{ item.split('.')[0] }}.edxapp
    state=link
  with_items:
  - python
  - pip
+  - django-admin.py
+- name: create symlinks from the repo dir
+  file: >
+    src="{{ edxapp_code_dir }}/{{ item }}"
+    dest={{ COMMON_BIN_DIR }}/{{ item.split('.')[0] }}.edxapp
+    state=link
+  with_items:
+  - manage.py
 - set_fact: edxapp_installed=true
--- a/playbooks/roles/user/tasks/main.yml
+++ b/playbooks/roles/user/tasks/main.yml
@@ -154,7 +154,7 @@
 - name: create sudoers file from template
  template:
-    dest=/etc/sudoers.d/restricted.sudoers.conf
+    dest=/etc/sudoers.d/99-restricted
    src=restricted.sudoers.conf.j2 owner="root"
    group="root" mode=0440 validate='visudo -cf %s'