Merge branch 'master' into will/jenkins-provision-updates

Conflicts: playbooks/roles/jenkins/defaults/main.yml

Merge branch 'master' into will/jenkins-provision-updates
Conflicts: playbooks/roles/jenkins/defaults/main.yml
e640217a · Will Daly · e6990e86 · 180e2289 · e640217a · e640217a
Commit e640217a authored Sep 27, 2013 by Will Daly
97 changed files
--- a/ansible-requirements.txt
+++ b/ansible-requirements.txt
 Jinja2==2.6
 PyYAML==3.10
-ansible==1.2.2
+ansible==1.3.1
 argparse==1.2.1
-boto==2.8.0
+boto==2.10.0
 paramiko==1.10.1
 pycrypto==2.6
 wsgiref==0.1.2
--- a/cloudformation_templates/edx-reference-architecture.json
+++ b/cloudformation_templates/edx-reference-architecture.json
@@ -2007,7 +2007,10 @@
                  "Effect":"Allow",
                  "Action":[
                    "cloudformation:DescribeStackResource",
-                    "s3:Put"
+                    "s3:Put",
+                    "ses:SendEmail",
+                    "ses:SendRawEmail",
+                    "ses:GetSendQuota"
                  ],
                  "Resource":"*"
                }

--- a/fabric-requirements.txt
+++ b/fabric-requirements.txt
@@ -4,7 +4,7 @@ PyYAML==3.10
 WebOb==1.2.3
 argparse==1.2.1
 beautifulsoup4==4.1.3
-boto==2.7.0
+boto==2.10.0
 cloudformation==0.0.0
 decorator==3.4.0
 distribute==0.6.30

--- a/package_data.yaml
+++ b/package_data.yaml
@@ -223,17 +223,13 @@ post_checkout_regex: !!omap
          --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws \
          --noinput --verbosity=0
        fi
-        if $($RUN django-admin.py help update_templates --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws &>/dev/null) && [[ -r /opt/wwc/cms.auth.json ]]; then
-          $RUN django-admin.py update_templates \
-          --pythonpath=/opt/wwc/edx-platform --settings=cms.envs.aws
-        fi
      fi
  - ^edx-platform$|^content-.*$:
    - |
      edxapp_status=$(service edxapp status 2>/dev/null || true)
      edx_workers_status=$(service edx-workers status 2>/dev/null || true)
      if [[ -n $edxapp_status ]]; then
        if [[ $edxapp_status == *stop* ]]; then
          service edxapp start;

--- a/playbooks/edx-east/edx_dev2.yml
+++ b/playbooks/edx-east/edx_dev2.yml
+---
+- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_edxapp
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/dev2.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      lms_nginx_port: 80
+      cms_nginx_port: 80
+      edxapp_lms_env: 'lms.envs.load_test'
+      edx_platform_commit: 'sarina/install-datadog'
+- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_worker
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/dev2.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      edxapp_lms_env: 'lms.envs.load_test'
+      celery_worker: True
+      edx_platform_commit: 'sarina/install-datadog'
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_xserver
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - nginx
+#    - xserver
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_rabbitmq
+#  serial: 1
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - rabbitmq
+#- hosts: tag_aws_cloudformation_stack-name_dev2:&tag_group_xqueue
+#  sudo: True
+#  vars_files:
+#    - "{{ secure_dir }}/vars/dev/dev2.yml"
+#    - "{{ secure_dir }}/vars/users.yml"
+#  roles:
+#    - common
+#    - nginx
+#    - xqueue
--- a/playbooks/edx-east/feanil_deploy.yml
+++ b/playbooks/edx-east/feanil_deploy.yml
 ---
- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_edxapp
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_edxapp
  sudo: True
  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
    - "{{ secure_dir }}/vars/users.yml"
  roles:
    - common
+    - datadog
    - nginx
-    - edxapp
+    - role: 'edxapp'
-    - { role: 'edxapp', celery_worker: True }
+      lms_nginx_port: 80
+      cms_nginx_port: 80
- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_xserver
+      edxapp_lms_env: 'lms.envs.load_test'
+      edx_platform_commit: 'master'
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_worker
  sudo: True
  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
+    - "{{ secure_dir }}/vars/common/common.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+  roles:
+    - common
+    - datadog
+    - nginx
+    - role: 'edxapp'
+      edxapp_lms_env: 'lms.envs.load_test'
+      celery_worker: True
+      edx_platform_commit: 'master'
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_xserver
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
    - "{{ secure_dir }}/vars/users.yml"
  roles:
    - common
    - nginx
    - xserver
- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_rabbitmq
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_rabbitmq
  serial: 1
  sudo: True
  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
    - "{{ secure_dir }}/vars/users.yml"
  roles:
    - common
    - rabbitmq
- hosts: tag_aws_cloudformation_stack-name_feanilpractice:&tag_group_xqueue
+- hosts: tag_aws_cloudformation_stack-name_feanilsandbox:&tag_group_xqueue
  sudo: True
  vars_files:
+    - "{{ secure_dir }}/vars/dev/feanilsandbox.yml"
    - "{{ secure_dir }}/vars/users.yml"
  roles:
    - common

--- a/playbooks/edx-east/edx_sandbox.yml
+++ b/playbooks/edx-east/edx_sandbox.yml
@@ -9,10 +9,8 @@
  sudo: True
  gather_facts: True
  vars:
-    migrate_db: True
+    migrate_db: "yes"
    mysql5_workaround: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edx_sandbox.yml"
  roles:
    - common
    - nginx

--- a/playbooks/edx-west/.gitignore
+++ b/playbooks/edx-west/.gitignore
+configuration-secure
+edx-secret
--- a/playbooks/edx-west/carnegie-prod-app.yml
+++ b/playbooks/edx-west/carnegie-prod-app.yml
+- hosts: ~tag_Name_app(10|20)_carn
+  sudo: True
+  vars_prompt:
+    - name: "migrate_db"
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
+      default: "no"
+      private: no
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    #local_dir:  '../../../edx-secret/ansible/local'
+    local_dir: "{{secure_dir}}/local"
+    # this toggles http basic auth on and off. false in production
+    not_prod: false
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_carnegie_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+  roles:
+    - common
+    - {'role': 'nginx', 'nginx_conf': true}
+    - {'role': 'edxapp', 'openid_workaround': true, 'template_subdir': 'carnegie'}
+    # run this role last
+    # - in_production
--- a/playbooks/edx-west/edxworker_prod.yml
+++ b/playbooks/edx-west/edxworker_prod.yml
 # this gets all running prod webservers
- hosts: tag_environment_prod:&tag_function_util
+- hosts: tag_environment_prod_carn:&tag_function_util
 # or we can get subsets of them by name
-#- hosts: ~tag_Name_util(1|2)_prod
+#- hosts: ~tag_Name_util(10)_carn
  sudo: True
  vars:
-    secure_dir: '../../../configuration-secure/ansible'
+    secure_dir: '../../../edx-secret/ansible'
    # this indicates the path to site-specific (with precedence)
    # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
+    local_dir:  '../../../../../../edx-secret/ansible/local'
    migrate_db: "no"
  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/edxapp_carnegie_vars.yml"
    - "{{ secure_dir }}/vars/users.yml"
    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
  roles:
    - common
    - { role: 'edxapp', celery_worker: True }
--- a/playbooks/edx-west/cme-prod-app.yml
+++ b/playbooks/edx-west/cme-prod-app.yml
+# set up the fireball transport
+#- hosts: ~tag_Name_app(10|20)_cme
+#  gather_facts: no
+#  connection: ssh # or paramiko
+#  sudo: yes
+#  tasks:
+#      - apt: pkg=gcc state=present
+#      - apt: pkg=libzmq-dev,python-zmq state=present
+#      - action: fireball
+# this gets all running prod webservers
+#- hosts: tag_environment_prod:&tag_function_webserver
+# or we can get subsets of them by name
+- hosts: ~tag_Name_app(10|20)_cme
+  sudo: True
+  vars_prompt:
+    - name: "migrate_db"
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
+      default: "no"
+      private: no
+  vars:
+    secure_dir: '../../../edx-secret/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir:  '../../../../../../edx-secret/ansible/local'
+    not_prod: true
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_cme_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+  roles:
+    - common
+    - nginx
+    - {'role': 'edxapp', 'openid_workaround': true}
+    # run this role last
+    # - in_production
--- a/playbooks/edx-west/xserver_prod.yml
+++ b/playbooks/edx-west/xserver_prod.yml
 # this gets all running prod webservers
- hosts: tag_environment_prod:&tag_function_xserver
+- hosts: tag_environment_prod_cme:&tag_function_util
 # or we can get subsets of them by name
-#- hosts: ~tag_Name_xserver(1|2)_prod
+#- hosts: ~tag_Name_util(10)_cme
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
  sudo: True
  vars:
-    secure_dir: '../../../configuration-secure/ansible'
+    secure_dir: '../../../edx-secret/ansible'
    # this indicates the path to site-specific (with precedence)
    # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
+    local_dir:  '../../../../../../edx-secret/ansible/local'
+    migrate_db: "no"
  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/edxapp_cme_vars.yml"
    - "{{ secure_dir }}/vars/users.yml"
    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
  roles:
    - common
-    - nginx
+    - { role: 'edxapp', celery_worker: True }
-    - xserver
--- a/playbooks/edx-west/edxapp_prod_apache.yml
+++ b/playbooks/edx-west/edxapp_prod_apache.yml
- hosts: ~tag_Name_app(12|22)_prod
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
-  vars:
-    secure_dir: '../../../configuration-secure/ansible'
-    # this indicates the path to site-specific (with precedence)
-    # things like nginx template files
-    local_dir:  '../../../configuration-secure/ansible/local'
-  roles:
-    - nginx
-    - edxapp
-    - apache
-    - shibboleth
\ No newline at end of file
--- a/playbooks/edx-west/edxapp_prod_debug.yml
+++ b/playbooks/edx-west/edxapp_prod_debug.yml
---
-#- hosts: tag_environment_prod:&tag_function_webserver:&tag_test_test
- hosts: i-a4d28cfc
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    # run this role last
-    - in_production
-  tasks:
-    - debug: msg="{{ lms_preview_auth_config}}"
-      tags:
-        - debug
-    - debug: msg="{{ lms_preview_env_config}}"
-      tags:
-        - debug
--- a/playbooks/edx-west/edxapp_prod_local.yml
+++ b/playbooks/edx-west/edxapp_prod_local.yml
- hosts: tag_Name_app4_prod
-#- hosts: tag_environment_prod:&tag_function_webserver:&tag_test_test
-#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    - edx-theme
-    # run this role last
-    - in_production
--- a/playbooks/edx-west/edxapp_ref.yml
+++ b/playbooks/edx-west/edxapp_ref.yml
- hosts: tag_Group_edxapp_ref
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_ref_vars.yml"
-    - "{{ secure_dir }}/vars/edxapp_ref_users.yml"
-  roles:
-    - common
-    - nginx
-    - gunicorn
-    - edxapp
-    - ruby
-    - npm
-    # run this role last
-    - in_production
--- a/playbooks/edx-west/edxutil_prod.yml
+++ b/playbooks/edx-west/edxutil_prod.yml
- hosts: tag_environment_prod:&tag_function_util
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - edxapp
-    - edx_worker_upstart
\ No newline at end of file
--- a/playbooks/edx-west/edxutil_prod_local.yml
+++ b/playbooks/edx-west/edxutil_prod_local.yml
- hosts: tag_environment_prod:&tag_function_util
-  sudo: True
-  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
-    - "{{ secure_dir }}/vars/users.yml"
-    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
-  roles:
-    - common
-    - edxapp
-    - edx_worker_upstart
\ No newline at end of file
--- a/playbooks/edx-west/edxapp_prod.yml
+++ b/playbooks/edx-west/edxapp_prod.yml
@@ -2,9 +2,9 @@
 #- hosts: tag_environment_prod:&tag_function_webserver
 # or we can get subsets of them by name
 #- hosts: ~tag_Name_app(10|20)_prod
-#- hosts: ~tag_Name_app(11|21)_prod
+- hosts: ~tag_Name_app(11|21)_prod
 ## this is the test box
- hosts: ~tag_Name_app4_prod
+#- hosts: ~tag_Name_app4_prod
 ## you can also do security group, but don't do that
 #- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
  sudo: True
@@ -18,6 +18,7 @@
    # this indicates the path to site-specific (with precedence)
    # things like nginx template files
    local_dir:  '../../../configuration-secure/ansible/local'
+    not_prod: false
  vars_files:
    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
    - "{{ secure_dir }}/vars/users.yml"

--- a/playbooks/edx-west/jumpbox_prod.yml
+++ b/playbooks/edx-west/jumpbox_prod.yml
 - hosts: tag_Name_jumpbox_prod
  sudo: True
  vars_files:
-    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/users_jumpbox.yml"
  vars:
    secure_dir: '../../../configuration-secure/ansible'
-    # this indicates the path to site-specific (with precedence)
-    # things like nginx template files
    local_dir:  '../../../configuration-secure/ansible/local'
  roles:
    - common
\ No newline at end of file
--- a/playbooks/edx-west/ora_prod.yml
+++ b/playbooks/edx-west/ora_prod.yml
--- a/playbooks/edx-west/prod-worker.yml
+++ b/playbooks/edx-west/prod-worker.yml
+# For all util machines
+- hosts: tag_environment_prod:&tag_function_util
+# or we can get subsets of them by name
+#- hosts: ~tag_Name_util(1|2)_prod
+  sudo: True
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir:  '../../../configuration-secure/ansible/local'
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
+    - "{{ secure_dir }}/vars/shib_prod_vars.yml"
+  roles:
+    - common
+    - { role: 'edxapp', celery_worker: True }
+#
+# COMMENT OUT THE NOTIFIER UNTIL IT IS READY
+#
+# run the notifier on the first util machine only
+#- hosts: ~tag_Name_util10_prod
+#  sudo: True
+#  vars:
+#    secure_dir: '../../../configuration-secure/ansible'
+#    migrate_db: "no"
+#  vars_files:
+#    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+#    - "{{ secure_dir }}/vars/notifier_prod_vars.yml"
+#  roles:
+#    - role: virtualenv
+#      virtualenv_user: "notifier"
+#      virtualenv_user_home: "/opt/wwc/notifier"
+#      virtualenv_name: "notifier"
+#    - notifier
--- a/playbooks/edx-west/xqueue_prod.yml
+++ b/playbooks/edx-west/xqueue_prod.yml
@@ -10,7 +10,7 @@
    # things like nginx template files
    local_dir:  '../../../configuration-secure/ansible/local'
  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_prod_vars.yml"
+    - "{{ secure_dir }}/vars/xqueue_prod_vars.yml"
    - "{{ secure_dir }}/vars/users.yml"
    - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
  roles:

--- a/playbooks/edx-west/stage-ansible.cfg
+++ b/playbooks/edx-west/stage-ansible.cfg
@@ -8,7 +8,7 @@ hash_behaviour=merge
 # These are environment-specific defaults
 forks=10
 #forks=1
-log_path=stage-edx-ansible.log
+log_path=~/stage-edx-ansible.log
 transport=ssh
 hostfile=./ec2.py
 extra_vars='key=deployment name=edx-stage group=edx-stage region=us-west-1'
@@ -16,6 +16,5 @@ user=ubuntu
 [ssh_connection]
 # example from https://github.com/ansible/ansible/blob/devel/examples/ansible.cfg
-#ssh_args=-o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
+ssh_args=-F stage-ssh-config -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
-ssh_args=-F stage-ssh-config
 scp_if_ssh=True
--- a/playbooks/edx-west/stage-app.yml
+++ b/playbooks/edx-west/stage-app.yml
@@ -3,8 +3,8 @@
  sudo: True
  vars_prompt:
    - name: "migrate_db"
-      prompt: "Should this playbook run database migrations? (<Return> for false, anything else for true)"
+      prompt: "Should this playbook run database migrations? (Type 'yes' to run, anything else to skip migrations)"
-      default: false
+      default: "no"
      private: no
  vars:
    not_prod: true

--- a/playbooks/edx-west/stage-edx-ansible.log
+++ b/playbooks/edx-west/stage-edx-ansible.log
--- a/playbooks/edx-west/stage-jumpbox.yml
+++ b/playbooks/edx-west/stage-jumpbox.yml
+- hosts: tag_Name_jumpbox_stage
+  sudo: True
+  vars_files:
+    - "{{ secure_dir }}/vars/users_jumpbox.yml"
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    local_dir:  '../../../configuration-secure/ansible/local'
+  roles:
+    - common
--- a/playbooks/edx-west/stage-worker.yml
+++ b/playbooks/edx-west/stage-worker.yml
+# this gets all running stage util machiens
+- hosts: tag_environment_stage:&tag_function_util
+# or we can get subsets of them by name
+#- hosts: ~tag_Name_util(1|2)_stage
+  sudo: True
+  vars:
+    secure_dir: ../../../edx-secret/ansible
+    # this indicates the path to site-specific (with precedence)
+    # things like nginx template files
+    local_dir: ../../../edx-secret/ansible/local
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/users.yml"
+    - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
+  roles:
+    - common
+    - { role: 'edxapp', celery_worker: True }
+# run the notifier on the first util machine only
+- hosts: ~tag_Name_util10_stage
+  sudo: True
+  vars:
+    secure_dir: '../../../configuration-secure/ansible'
+    migrate_db: "no"
+  vars_files:
+    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/notifier_stage_vars.yml"
+  roles:
+    - role: virtualenv
+      virtualenv_user: "notifier"
+      virtualenv_user_home: "/opt/wwc/notifier"
+      virtualenv_name: "notifier"
+    - notifier
--- a/playbooks/edx-west/stage-xqueue.yml
+++ b/playbooks/edx-west/stage-xqueue.yml
@@ -5,7 +5,7 @@
    secure_dir: ../../../edx-secret/ansible
    local_dir: ../../../edx-secret/ansible/local
  vars_files:
-    - "{{ secure_dir }}/vars/edxapp_stage_vars.yml"
+    - "{{ secure_dir }}/vars/xqueue_stage_vars.yml"
    - "{{ secure_dir }}/vars/users.yml"
    - "{{ secure_dir }}/vars/edxapp_stage_users.yml"
  roles:

--- a/playbooks/edx_sandbox.yml
+++ b/playbooks/edx_sandbox.yml
@@ -26,7 +26,7 @@
    - nginx
    - edxlocal
    - edxapp
-    - rabbitmq
+    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
    - { role: 'edxapp', celery_worker: True }
    - oraclejdk
    - elasticsearch
@@ -35,3 +35,13 @@
      rbenv_user_home: "{{ forum_home }}"
      rbenv_ruby_version: "{{ forum_ruby_version }}"
    - forum
+    - role: virtualenv
+      virtualenv_user: "{{ xqueue_user }}"
+      virtualenv_user_home: "{{ xqueue_user_home }}"
+      virtualenv_name: "{{ xqueue_user }}"
+    - { role: "xqueue", update_users: True }
+    - role: virtualenv
+      virtualenv_user: "{{ ora_user }}"
+      virtualenv_user_home: "{{ ora_user_home }}"
+      virtualenv_name: "{{ ora_user }}"
+    - role: ora
--- a/playbooks/roles/apache/vars/main.yml
+++ b/playbooks/roles/apache/vars/main.yml
--- a/playbooks/roles/apache/tasks/apache_site.yml
+++ b/playbooks/roles/apache/tasks/apache_site.yml
@@ -7,7 +7,7 @@
    # seems like paths in first_available_file must be relative to the playbooks dir
    - "roles/apache/templates/{{ site_name }}.j2"
  notify: apache | restart apache
-  when_set: $apache_role_run
+  when: apache_role_run is defined
  tags:
    - apache
    - update
@@ -15,7 +15,7 @@
 - name: apache | Creating apache2 config link {{ site_name }}
  file: src=/etc/apache2/sites-available/{{ site_name }} dest=/etc/apache2/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
  notify: apache | restart apache
-  when_set: $apache_role_run
+  when: apache_role_run is defined
  tags:
    - apache
    - update
--- a/playbooks/roles/common/vars/main.yml
+++ b/playbooks/roles/common/vars/main.yml
@@ -7,3 +7,4 @@ common_debian_pkgs:
  - screen
  - tree
  - git
+  - unzip
--- a/playbooks/roles/common/tasks/create_github_users.yml
+++ b/playbooks/roles/common/tasks/create_github_users.yml
@@ -27,7 +27,7 @@
 - name: common | create .ssh directory
  file: 
-    path=/home/{{ item.user }}/.ssh state=directory mode=0600 
+    path=/home/{{ item.user }}/.ssh state=directory mode=0700 
    owner={{ item.user }} group={{ item.user }}
  with_items: github_users
  tags:

--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
 ---
 - include: create_users.yml
-#- include: create_github_users.yml
+- include: create_github_users.yml
-#  when: github_users is defined
+  when: github_users is defined
 - name: common | Add user www-data
  # This user should be created on the system by default

--- a/playbooks/roles/common/templates/edx_rsyslog.j2
+++ b/playbooks/roles/common/templates/edx_rsyslog.j2
 # custom edx syslog configuration
-# Put in place and templatized by ansible 
+#
-#
-# Cliffs notes version: ansible uses local0 and local1, so they have to be
-# plumbed through appropriately.
+#  Default rules for rsyslog.
+#
-#############
+#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf
-# Change some global configuration
-#############
+#
+# First some standard log files.  Log by facility.
 # don't escape newlines
 $EscapeControlCharactersOnReceive off
 $SystemLogRateLimitInterval 0
 $RepeatedMsgReduction off
 $MaxMessageSize 32768
-#############
-# Override default auth config so we can ignore local0 and local1 also
-#############
 auth,authpriv.*                                         /var/log/auth.log
 *.*;auth,authpriv.none,local0.none,local1.none          -/var/log/syslog
-# According to the docs for rsyslog, "syslogtag" is the "TAG" from 
+# According to the docs for rsyslog, "syslogtag" is the "TAG" from
-# the message which in the case of tracking logs is interpreted to 
+# the message which in the case of tracking logs is interpreted to
-# be everything before the first whitespace character. 
+# be everything before the first whitespace character.
 # This is why we include "syslogtag."
-# Maybe one day this will be answered:
+# Maybe one day this will be answered - http://stackoverflow.com/questions/10449447/how-to-avoid-syslogtag-from-rsyslog-template
-# - http://stackoverflow.com/questions/10449447/how-to-avoid-syslogtag-from-rsyslog-template
 $template tracking,"%syslogtag%%msg%\n"
 # looks for [service_name=<name>] in the beginning of the log message,
-# if it exists the log will go into {{log_base_dir}}/<name>/edx.log, otherwise
+# if it exists the log will go into /mnt/logs/<name>/edx.log, otherwise
-# it will go into {{log_base_dir}}/edx.log
+# it will go into /mnt/logs/edx.log
-$template DynaFile,"{{log_base_dir}}/%syslogtag:R,ERE,1,BLANK:\[service_variant=([a-zA-Z_-]*)\].*--end%/edx.log"
+$template DynaFile,"/mnt/logs/%syslogtag:R,ERE,1,BLANK:\[service_variant=([a-zA-Z_-]*)\].*--end%/edx.log"
 local0.*                        -?DynaFile
-local1.*                        {{log_base_dir}}/tracking.log;tracking
+local1.*                        /mnt/logs/tracking.log;tracking
+#cron.*                         /var/log/cron.log
+#daemon.*                       -/var/log/daemon.log
+kern.*                          -/var/log/kern.log
+#lpr.*                          -/var/log/lpr.log
+mail.*                          -/var/log/mail.log
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+#mail.info                      -/var/log/mail.info
+#mail.warn                      -/var/log/mail.warn
+mail.err                        /var/log/mail.err
+#
+# Logging for INN news system.
+#
+news.crit                       /var/log/news/news.crit
+news.err                        /var/log/news/news.err
+news.notice                     -/var/log/news/news.notice
+#
+# Some "catch-all" log files.
+#
+#*.=debug;\
+#       auth,authpriv.none;\
+#       news.none;mail.none     -/var/log/debug
+#*.=info;*.=notice;*.=warn;\
+#       auth,authpriv.none;\
+#       cron,daemon.none;\
+#       mail,news.none          -/var/log/messages
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg                                :omusrmsg:*
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+#       news.=crit;news.=err;news.=notice;\
+#       *.=debug;*.=info;\
+#       *.=notice;*.=warn       /dev/tty8
+# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+# you must invoke `xconsole' with the `-file' option:
+#
+#    $ xconsole -file /dev/xconsole [...]
+#
+# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+#      busy site..
+#
+daemon.*;mail.*;\
+        news.err;\
+        *.=debug;*.=info;\
+        *.=notice;*.=warn       |/dev/xconsole
--- a/playbooks/roles/datadog/defaults/main.yml
+++ b/playbooks/roles/datadog/defaults/main.yml
+---
+datadog_api_key: "PUT_YOUR_API_KEY_HERE"
+datadog_apt_key: "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x226AE980C7A7DA52"
+datadog_debian_pkgs:
+  - apparmor-utils
+  - build-essential
+  - curl
+  - g++
+  - gcc
+  - ipython
+  - pkg-config
+  - rsyslog
--- a/playbooks/roles/datadog/files/etc/yum.repo.d/datadog.repo
+++ b/playbooks/roles/datadog/files/etc/yum.repo.d/datadog.repo
+[datadog]
+name = Datadog, Inc.
+baseurl = http://yum.datadoghq.com/rpm/
+enabled=1
+gpgcheck=0
\ No newline at end of file
--- a/playbooks/roles/datadog/handlers/main.yml
+++ b/playbooks/roles/datadog/handlers/main.yml
+---
+- name: datadog | restart the datadog service
+  service: name=datadog-agent state=restarted
\ No newline at end of file
--- a/playbooks/roles/datadog/tasks/main.yml
+++ b/playbooks/roles/datadog/tasks/main.yml
+---
+#
+# datadog
+# 
+# Overview:
+# 
+# Installs datadog 
+##
+# Dependencies:
+#
+# Example play:
+#   roles:
+#   - common
+#   - datadog
+#
+- name: datadog | add apt key
+  apt_key: id=C7A7DA52 url={{datadog_apt_key}} state=present
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+- name: datadog | install apt repository
+  shell: echo 'deb http://apt.datadoghq.com/ unstable main' > /etc/apt/sources.list.d/datadog-source.list
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+- name: datadog | add yum repo
+  copy:
+    src=etc/yum.repo.d/datdog.repo
+    dest=/etc/yum.repo.d/datdog.repo
+  tags:
+    - datadog
+    - redhat
+  when_string: ansible_distribution in common_redhat_variants
+- name: datadog | install datadog agent
+  apt: pkg="datadog-agent" update_cache=yes
+  tags:
+    - datadog
+    - ubuntu
+  when: ansible_distribution in common_debian_variants
+- name: datadog | bootstrap config
+  shell: cp /etc/dd-agent/datadog.conf.example /etc/dd-agent/datadog.conf creates=/etc/dd-agent/datadog.conf
+  tags:
+    - datadog
+# quoting intentional, missing space after line=api_key: also
+# ansible wasn't handling the double quoted yaml properly 
+# otherwise.
+- name: datadog | update api-key
+  lineinfile: 
+    dest="/etc/dd-agent/datadog.conf" 
+    "regexp=^api_key:.*"
+    "line=api_key:{{ common_dd_api_key }}"
+  notify:
+    - datadog | restart the datadog service
+  tags:
+    - datadog
--- a/playbooks/roles/discern/vars/main.yml
+++ b/playbooks/roles/discern/vars/main.yml
--- a/playbooks/roles/edxapp/vars/main.yml
+++ b/playbooks/roles/edxapp/vars/main.yml
@@ -23,7 +23,7 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
    'basic_auth': [ 'edx',  'edx']
    'django_auth': { 'password':  'password',
      'username':  'lms'}
-    'url':  'https://localhost:18040'
+    'url':  'http://localhost:18040'
  'CONTENTSTORE':
    'ENGINE':  'xmodule.contentstore.mongo.MongoContentStore'
    'OPTIONS':
@@ -45,7 +45,6 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
        'port': 27017
        'render_template':  'mitxmako.shortcuts.render_to_string'
        'user':  'mongo'
-    # Needed for the CMS to be able to run update_templates
    'direct':
      'ENGINE': 'xmodule.modulestore.mongo.MongoModuleStore'
      'OPTIONS':  *generic_modulestore_default_options
@@ -60,7 +59,7 @@ edxapp_generic_auth_config:  &edxapp_generic_auth
      'PORT': '3306'
  'PEARSON_TEST_PASSWORD':  ''
  'OPEN_ENDED_GRADING_INTERFACE':
-    'url':  'http://localhost:18091'
+    'url':  'http://localhost:18091/'
    'password':  'password'
    'peer_grading':  'peer_grading'
    'staff_grading':  'staff_grading'
@@ -173,6 +172,11 @@ edxapp_lms_app_port: 8000
 edxapp_lms_xml_app_port: 8030
 edxapp_lms_preview_app_port: 8020
+edxapp_cms_app_address: 127.0.0.1
+edxapp_lms_app_address: 127.0.0.1
+edxapp_lms_xml_app_address: 127.0.0.1
+edxapp_lms_preview_app_address: 127.0.0.1
 # These vars are for creating the application json config
 # files.  There are two for each service that uses the
 # 'edx-platform' code.  Defining them will create the upstart
@@ -182,9 +186,9 @@ edxapp_lms_preview_app_port: 8020
 service_variants_enabled:
  - lms
-  - lms-xml
  - cms
-  - lms-preview
+edxapp_lms_env: 'lms.envs.aws'
 #Number of gunicorn worker processes to spawn, as a multiplier to number of virtual cores
@@ -202,8 +206,10 @@ edxapp_theme_source_repo: 'https://github.com/Stanford-Online/edx-theme.git'
 edxapp_theme_version: 'HEAD'
 # make this the public URL instead of writable
-lms_source_repo: https://github.com/edx/edx-platform.git
+edx_platform_repo: https://github.com/edx/edx-platform.git
-lms_version: 'release'
+# `edx_platform_commit` can be anything that git recognizes as a commit
+# reference, including a tag, a branch name, or a commit hash
+edx_platform_commit: 'release'
 local_requirements_file:  "{{ edx_platform_code_dir }}/requirements/edx/local.txt"
 pre_requirements_file:    "{{ edx_platform_code_dir }}/requirements/edx/pre.txt"
 post_requirements_file:   "{{ edx_platform_code_dir }}/requirements/edx/post.txt"
@@ -258,7 +264,6 @@ lms_debian_pkgs:
  - libxslt1-dev
  - lynx-cur
  - maven2
-  - mongodb
  - mongodb-clients
  - mysql-client
  - npm
@@ -307,3 +312,6 @@ deploy_environment:
  RBENV_ROOT: "{{ rbenv_root }}"
  GEM_HOME: "{{ gem_home }}"
  PATH: "{{ venv_dir }}/bin:{{ edx_platform_code_dir }}/bin:{{ rbenv_root }}/bin:{{ rbenv_root }}/shims:{{ gem_home }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+# Worker Settings
+worker_django_settings_module: 'aws'
--- a/playbooks/roles/edxapp/tasks/collect_static.yml
+++ b/playbooks/roles/edxapp/tasks/collect_static.yml
-# Gather lms assets using rake if possible
- name: gather lms static assets with rake
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ lms_variant }} rake lms:gather_assets:aws
-  when: grep_gather_assets.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
-# Gather lms assets using django if necessary(When rake doesn't know how)
- name: gather lms static assets with django
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws --noinput --verbosity=0
-  when: grep_gather_assets.rc != 0 and check_lms_collect_static.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
-# Gather cms assets using rake if possible
- name: gather cms static assets with rake
-#  script: gather_assets.sh
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ cms_variant }} rake cms:gather_assets:aws
-  when: grep_gather_assets.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
- name: gather cms static assets with django
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws --noinput --verbosity=0
-  when: grep_gather_assets.rc != 0 and check_cms_collect_static.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
- name: update cms templates
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py update_templates --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
-  when: check_cms_update_templates.rc == 0
-  notify:
-  - restart edxapp
-  sudo: yes
-  sudo_user: www-data
-  environment: "{{ deploy_environment }}"
-  tags:
-  - cms
-  - deploy
-# Add failure checks for if no static assets were deployed.
- name: lms asset static failure check
-  shell: /bin/false
-  when: grep_gather_assets.rc != 0 and check_lms_collect_static.rc != 0
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - deploy
- name: cms asset static failure check
-  shell: /bin/false
-  when: grep_gather_assets.rc != 0 and check_cms_collect_static.rc != 0
-  tags:
-  - cms
-  - deploy
--- a/playbooks/roles/edxapp/tasks/deploy.yml
+++ b/playbooks/roles/edxapp/tasks/deploy.yml
@@ -16,8 +16,16 @@
  - deploy
 # Do A Checkout
- name: git checkout edx-platform repo into $app_base_dir
+- name: edxapp | checkout edx-platform repo into {{edx_platform_code_dir}}
-  git: dest={{edx_platform_code_dir}} repo={{lms_source_repo}} version={{lms_version}}
+  git: dest={{edx_platform_code_dir}} repo={{edx_platform_repo}} version={{edx_platform_commit}}
+  tags:
+  - lms
+  - cms
+  - install
+  - deploy
+- name: git clean after checking out edx-platform
+  shell: cd {{edx_platform_code_dir}} && git clean -xdf
  tags:
  - lms
  - cms
@@ -31,6 +39,7 @@
  - lms
  - cms
  - install
+  - deploy
 - name: checkout theme
  git: dest={{app_base_dir}}/themes/{{edxapp_theme_name}} repo={{edxapp_theme_source_repo}} version={{edxapp_theme_version}}
@@ -149,56 +158,35 @@
 - name: changing group ownership to www-data for everything in the venv (workaround)
  shell: chgrp -R www-data {{ venv_dir }}
-# This check needs to be run to see if rake can be used but its failure should not stop the run.
- name: check if rake gather_assets is available
-  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} rake -T | grep gather_assets
-  environment: "{{ deploy_environment }}"
-  register: grep_gather_assets
-  ignore_errors: yes
-  tags:
-  - lms
-  - lms-preview
-  - lms-xml
-  - cms
-  - deploy
- name: check if django can collect lms static data
+# Gather lms assets using rake if possible
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py help collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=lms.envs.aws
+- name: gather lms static assets with rake
-  register: check_lms_collect_static
+  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ lms_variant }} rake lms:gather_assets:aws
+  notify:
+  - restart edxapp
  sudo: yes
  sudo_user: www-data
+  when: celery_worker is not defined
  environment: "{{ deploy_environment }}"
-  ignore_errors: yes
  tags:
  - lms
  - lms-preview
  - lms-xml
  - deploy
- name: check if django can collect cms static data
+# Gather cms assets using rake if possible
-  shell: SERVICE_VARIANT={{ lms_variant }} django-admin.py help collectstatic --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
+- name: gather cms static assets with rake
-  register: check_cms_collect_static
+  shell: executable=/bin/bash chdir={{ edx_platform_code_dir }} SERVICE_VARIANT={{ cms_variant }} rake cms:gather_assets:aws
-  sudo: yes
+  notify:
-  sudo_user: www-data
+  - restart edxapp
-  environment: "{{ deploy_environment }}"
-  ignore_errors: yes
-  tags:
-  - cms
-  - deploy
- name: check if django can update cms templates
-  shell: SERVICE_VARIANT={{ cms_variant }} django-admin.py help update_templates --pythonpath={{ edx_platform_code_dir }} --settings=cms.envs.aws
-  register: check_cms_update_templates
  sudo: yes
  sudo_user: www-data
+  when: celery_worker is not defined
  environment: "{{ deploy_environment }}"
-  ignore_errors: yes
  tags:
  - cms
  - deploy
- include: collect_static.yml
-  when: celery_worker is not defined
 # https://code.launchpad.net/~wligtenberg/django-openid-auth/mysql_fix/+merge/22726
 # This is necessary for when syncdb is run and the django_openid_auth module is installed,
@@ -226,6 +214,17 @@
  - cms
  - syncdb
+- name: db migrate
+  shell: sudo -u www-data SERVICE_VARIANT=lms /opt/edx/bin/django-admin.py migrate --noinput --settings=lms.envs.aws --pythonpath=/opt/wwc/edx-platform
+  when: migrate_only is defined and migrate_only|lower == "yes"
+  tags:
+  - deploy
+  - lms
+  - lms-xml
+  - lms-preview
+  - cms
+  - syncdb
 - name: restart edxapp
  service: name=edxapp state=restarted
  when: celery_worker is not defined

--- a/playbooks/roles/edxapp/tasks/ruby.yml
+++ b/playbooks/roles/edxapp/tasks/ruby.yml
@@ -57,28 +57,28 @@
 - name: rbenv | create temporary directory
  command: mktemp -d
  register: tempdir
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
  tags:
  - ruby
  - install
 - name: rbenv | clone ruby-build repo
  git: repo=https://github.com/sstephenson/ruby-build.git dest=${tempdir.stdout}/ruby-build
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
  tags:
  - ruby
  - install
 - name: rbenv | install ruby-build
  command: ./install.sh chdir=${tempdir.stdout}/ruby-build
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
  tags:
  - ruby
  - install
 - name: rbenv | remove temporary directory
  file: path=${tempdir.stdout} state=absent
-  when_failed: $rbuild_present
+  when: rbuild_present|failed
  tags:
  - ruby
  - install
@@ -93,21 +93,21 @@
 - name: rbenv | install ruby $ruby_version
  shell: RBENV_ROOT=${rbenv_root} rbenv install $ruby_version
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
  tags:
  - ruby
  - install
 - name: rbenv | set global ruby $ruby_version
  shell: RBENV_ROOT=${rbenv_root} rbenv global $ruby_version
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
  tags:
  - ruby
  - install
 - name: rbenv | rehash
  shell: RBENV_ROOT=${rbenv_root} rbenv rehash
-  when_failed: $ruby_installed
+  when: ruby_installed|failed
  tags:
  - ruby
  - install

--- a/playbooks/roles/edxapp/templates/cms.conf.j2
+++ b/playbooks/roles/edxapp/templates/cms.conf.j2
@@ -17,6 +17,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.cms }}
 env WORKERS={{ worker_core_mult.cms }}
 {% endif %}
 env PORT={{edxapp_cms_app_port}}
+env ADDRESS={{edxapp_cms_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=cms.envs.aws
 env SERVICE_VARIANT="cms"
@@ -24,4 +25,4 @@ env SERVICE_VARIANT="cms"
 chdir {{edx_platform_code_dir}}
 setuid www-data
-exec {{venv_dir}}/bin/gunicorn_django -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} --settings=cms.envs.aws
+exec {{venv_dir}}/bin/gunicorn_django -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} --settings=cms.envs.aws
--- a/playbooks/roles/edxapp/templates/edx-worker-cms.conf.j2
+++ b/playbooks/roles/edxapp/templates/edx-worker-cms.conf.j2
@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=cms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
@@ -21,4 +21,4 @@ setuid www-data
 chdir {{edx_platform_code_dir}}
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py $SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
--- a/playbooks/roles/edxapp/templates/edx-worker-lms-xml.conf.j2
+++ b/playbooks/roles/edxapp/templates/edx-worker-lms-xml.conf.j2
@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
@@ -21,4 +21,4 @@ setuid www-data
 chdir {{edx_platform_code_dir}}
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py lms --service-variant=$SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
--- a/playbooks/roles/edxapp/templates/edx-worker-lms.conf.j2
+++ b/playbooks/roles/edxapp/templates/edx-worker-lms.conf.j2
@@ -13,7 +13,7 @@ instance edx.${SERVICE_VARIANT}.core.${QUEUE}
 #env NEWRELIC={{venv_dir}}/bin/newrelic-admin
 env CONCURRENCY=${CONCURRENCY}
 env LOGLEVEL=info
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{worker_django_settings_module}}
 env PYTHONPATH={{edx_platform_code_dir}}
 env SERVICE_VARIANT=${SERVICE_VARIANT}
@@ -21,4 +21,4 @@ setuid www-data
 chdir {{edx_platform_code_dir}}
-exec {{venv_dir}}/bin/django-admin.py celery worker --settings=$DJANGO_SETTINGS_MODULE --pythonpath=$PYTHONPATH --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
+exec {{venv_dir}}/bin/python {{edx_platform_code_dir}}/manage.py lms --service-variant=$SERVICE_VARIANT --settings=$DJANGO_SETTINGS_MODULE celery worker --loglevel=$LOGLEVEL --queues=edx.${SERVICE_VARIANT}.core.${QUEUE} --hostname=edx.${SERVICE_VARIANT}.core.${QUEUE}.`hostname` --concurrency=$CONCURRENCY
--- a/playbooks/roles/edxapp/templates/lms-preview.conf.j2
+++ b/playbooks/roles/edxapp/templates/lms-preview.conf.j2
@@ -18,6 +18,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms_preview }}
 env WORKERS={{ worker_core_mult.lms_preview }}
 {% endif %}
 env PORT={{edxapp_lms_preview_app_port}}
+env ADDRESS={{edxapp_lms_preview_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=lms.envs.aws
 env SERVICE_VARIANT="lms-preview"
@@ -25,7 +26,7 @@ env SERVICE_VARIANT="lms-preview"
 chdir {{edx_platform_code_dir}}
 setuid www-data
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
 post-start script
  while true

--- a/playbooks/roles/edxapp/templates/lms-xml.conf.j2
+++ b/playbooks/roles/edxapp/templates/lms-xml.conf.j2
@@ -17,6 +17,7 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms_xml }}
 env WORKERS={{ worker_core_mult.lms_xml }}
 {% endif %}
 env PORT={{edxapp_lms_xml_app_port}}
+env ADDRESS={{edxapp_lms_xml_app_address}}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=lms.envs.aws
 env SERVICE_VARIANT="lms-xml"
@@ -24,7 +25,7 @@ env SERVICE_VARIANT="lms-xml"
 chdir {{edx_platform_code_dir}}
 setuid www-data
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}}  lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}}  lms.wsgi
 post-start script
  while true

--- a/playbooks/roles/edxapp/templates/lms.conf.j2
+++ b/playbooks/roles/edxapp/templates/lms.conf.j2
@@ -15,14 +15,15 @@ env WORKERS={{ ansible_processor|length * worker_core_mult.lms }}
 env WORKERS={{ worker_core_mult.lms }}
 {% endif %}
 env PORT={{edxapp_lms_app_port}}
+env ADDRESS={{edxapp_lms_app_address}}
 env LANG=en_US.UTF-8
-env DJANGO_SETTINGS_MODULE=lms.envs.aws
+env DJANGO_SETTINGS_MODULE={{ edxapp_lms_env }}
 env SERVICE_VARIANT="lms"
 chdir {{edx_platform_code_dir}}
 setuid www-data
-exec {{venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
+exec {{venv_dir}}/bin/gunicorn --preload -b $ADDRESS:$PORT -w $WORKERS --timeout=300 --pythonpath={{edx_platform_code_dir}} lms.wsgi
 post-start script
  while true

--- a/playbooks/roles/elasticsearch/vars/main.yml
+++ b/playbooks/roles/elasticsearch/vars/main.yml
--- a/playbooks/roles/elasticsearch/tasks/main.yml
+++ b/playbooks/roles/elasticsearch/tasks/main.yml
@@ -28,3 +28,9 @@
  tags:
    - elasticsearch
    - install
+- name: elasticsearch | Ensure elasticsearch is enabled and started
+  service: name=elasticsearch state=started enabled=yes
+  tags:
+    - elasticsearch
+    - install
--- a/playbooks/roles/forum/vars/main.yml
+++ b/playbooks/roles/forum/vars/main.yml
--- a/playbooks/roles/forum/tasks/test.yml
+++ b/playbooks/roles/forum/tasks/test.yml
 ---
 - name: forum | test that the required service are listening
-  wait_for: port={{ item.port }} timeout=10
+  wait_for: port={{ item.port }} host={{ item.host }} timeout=10
  with_items: "{{ forum_services }}"
  tags:
  - forum

--- a/playbooks/roles/launch_instance/vars/main.yml
+++ b/playbooks/roles/launch_instance/vars/main.yml
--- a/playbooks/roles/nginx/vars/main.yml
+++ b/playbooks/roles/nginx/vars/main.yml
--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@@ -8,6 +8,14 @@
  - nginx
  - install
+- name: nginx | Server configuration file
+  copy: src={{secure_dir}}/files/nginx.conf dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
+  when: nginx_conf is defined
+  notify: nginx | restart nginx
+  tags:
+  - nginx
+  - install
 # Standard configuration that is common across all roles
 # Default values for these variables are set in group_vars/all
 # Note: remove spaces in {{..}}, otherwise you will get a template parsing error.

--- a/playbooks/roles/nginx/tasks/nginx_site.yml
+++ b/playbooks/roles/nginx/tasks/nginx_site.yml
 # Requires nginx package
 ---
 - name: nginx | Copying nginx config {{ site_name }}
-  template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }}
+  template: src={{ item }} dest=/etc/nginx/sites-available/{{ site_name }} owner=root group=root mode=0600
  first_available_file:
+  - "{{ local_dir }}/nginx/templates/{{ template_subdir }}/{{ site_name }}.j2"
  - "{{ local_dir }}/nginx/templates/{{ site_name }}.j2"
  # seems like paths in first_available_file must be relative to the playbooks dir
  - "roles/nginx/templates/{{ site_name }}.j2" 
  notify: nginx | restart nginx
-  when_set: $nginx_role_run
+  when: nginx_role_run is defined
  tags:
  - nginx
  - lms
@@ -18,7 +19,7 @@
 - name: nginx | Creating nginx config link {{ site_name }}
  file: src=/etc/nginx/sites-available/{{ site_name }} dest=/etc/nginx/sites-enabled/{{ site_name }} state={{ state }} owner=root group=root
  notify: nginx | restart nginx
-  when_set: $nginx_role_run
+  when: nginx_role_run is defined
  tags:
  - nginx
  - lms

--- a/playbooks/roles/notifier/vars/main.yml
+++ b/playbooks/roles/notifier/vars/main.yml
@@ -4,14 +4,15 @@ notifier_user: "notifier"
 notifier_web_user: "www-user"
 notifier_home: "/opt/wwc/notifier"
 notifier_venv_dir: "{{ notifier_home }}/virtualenvs/notifier"
+notifier_db_dir: "{{ notifier_home }}/db"
 notifier_source_repo: "git@github.com:edx/notifier.git"
 notifier_code_dir: "{{ notifier_home }}/src"
-notifier_version: "rc/digests"
+notifier_version: "master"
 notifier_git_identity_path: "{{ secure_dir }}/files/git-identity"
 notifier_requirements_file: "{{ notifier_code_dir }}/requirements.txt"
 notifier_log_level: "INFO"
 notifier_rsyslog_enabled: "yes"
-notifier_digest_task_interval: "5"
+notifier_digest_task_interval: "1440"
 notifier_env: "Development"
@@ -20,7 +21,7 @@ notifier_email_host: "localhost"
 notifier_email_port: 25
 notifier_email_user: ""
 notifier_email_pass: ""
-notifier_email_host: ""
+notifier_email_use_tls: "False"
 notifier_email_domain: "notifications.edx.org"
 notifier_email_rewrite_recipient: ""
@@ -41,6 +42,8 @@ notifier_supervisor_log_dest: "/mnt/logs/supervisor"
 notifer_requests_ca_bundle: "/etc/ssl/certs/ca-certificates.crt"
+notifier_dd_api_key: "NOT_USED"    # data dog
 notifier_debian_pkgs:
  - apparmor-utils
  - build-essential
@@ -60,7 +63,13 @@ notifier_debian_pkgs:
 #
 notifier_env_vars:
  NOTIFIER_ENV: "{{ notifier_env }}"
+  NOTIFIER_DB_DIR: "{{ notifier_db_dir }}"
  EMAIL_BACKEND: "{{ notifier_email_backend }}"
+  EMAIL_HOST: "{{ notifier_email_host }}"
+  EMAIL_PORT: "{{ notifier_email_port }}"
+  EMAIL_HOST_USER: "{{ notifier_email_user }}"
+  EMAIL_HOST_PASSWORD: "{{ notifier_email_pass }}"
+  EMAIL_USE_TLS: "{{ notifier_email_use_tls }}"
  EMAIL_DOMAIN: "{{ notifier_email_domain }}"
  EMAIL_REWRITE_RECIPIENT: "{{ notifier_email_rewrite_recipient }}"
  LMS_URL_BASE: "{{ notifier_lms_url_base }}"

--- a/playbooks/roles/notifier/files/git_ssh.sh
+++ b/playbooks/roles/notifier/files/git_ssh.sh
-#!/bin/sh
-exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"
--- a/playbooks/roles/notifier/files/opt/notifier/bin/forums_digest.sh
+++ b/playbooks/roles/notifier/files/opt/notifier/bin/forums_digest.sh
-#!/bin/bash
-. $HOME/.bashrc
-minutes=$1
-digest_date=`date --utc '+%Y-%m-%dT%H:%MZ'`
-cd /opt/wwc/notifier/src && /opt/wwc/notifier/virtualenvs/notifier/bin/python /opt/wwc/notifier/src/manage.py forums_digest --to_datetime=${digest_date} --minutes=${minutes}
--- a/playbooks/roles/notifier/handlers/main.yml
+++ b/playbooks/roles/notifier/handlers/main.yml
@@ -4,20 +4,20 @@
 ## for future compliance, when the API comes on line.
 ##
- name: notifier | install notifier-celery-beat
+- name: notifier | install notifier-scheduler
-  supervisorctl: name=notifier-celery-beat state=present
+  supervisorctl: name=notifier-scheduler state=present
 - name: notifier | install notifier-celery-workers
  supervisorctl: name=notifier-celery-workers state=present
 - name: notifier | restart notifier
-  supervisorctl: name=notifier-celery-beat state=restarted
+  supervisorctl: name=notifier-scheduler state=restarted
  notify:
    - notifier | install notifier-celery-workers
-    - notifier | install notifier-celery-beat
+    - notifier | install notifier-scheduler
- name: notifier | restart notifier-celery-beat
+- name: notifier | restart notifier-scheduler
-  supervisorctl: name=notifier-celery-beat state=restarted
+  supervisorctl: name=notifier-scheduler state=restarted
 - name: notifier | restart notifier-celery-workers
  supervisorctl: name=notifier-celery-workers state=restarted
--- a/playbooks/roles/notifier/tasks/deploy.yml
+++ b/playbooks/roles/notifier/tasks/deploy.yml
-#
+---
-# TODO: Needed while this repo is private
-#
- name: notifier | upload ssh script
-  copy: 
-    src=git_ssh.sh dest=/tmp/git_ssh.sh 
-    force=yes owner=root group=adm mode=750
-  notify:
-    - notifier | restart notifier
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-#
-# TODO: Needed while this repo is private
-#
- name: notifier | install read-only ssh key required for checkout
-  copy: 
-    src={{ notifier_git_identity_path }} dest=/etc/git-identity 
-    force=yes owner=ubuntu group=adm mode=60
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
 - name: notifier | stop notifier-celery-beat
  supervisorctl: name=notifier-celery-beat state=restarted
+  ignore_errors: yes
 - name: notifier | stop notifier-celery-workers
  supervisorctl: name=notifier-celery-workers state=restarted
+  ignore_errors: yes
 - name: notifier | checkout code
  git: 
    dest={{ notifier_code_dir }} repo={{ notifier_source_repo }} 
    version={{ notifier_version }}
-  environment:
-    GIT_SSH: /tmp/git_ssh.sh
  notify:
    - notifier | restart notifier
  tags:
@@ -46,40 +19,14 @@
    - install
    - update
-#
+- name: notifier | source repo group perms
-# TODO: Needed while this repo is private
-#
- name: notifier | update src permissions
  file: 
-    path={{ notifier_code_dir }} state=directory owner={{ notifier_user }} 
+    path={{ notifier_source_repo }} mode=2775 state=directory
-    group={{ notifier_user }} mode=2750 recurse=yes
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-#
-# TODO: Needed while this repo is private
-#
- name: notifier | remove read-only ssh key for the content repo
-  file: path=/etc/git-identity state=absent
-  tags:
-  - notifier
-  - deploy
-  - install
-  - update
-#
-# TODO: Needed while this repo is private
-#
- name: notifier | remove ssh script
-  file: path=/tmp/git_ssh.sh state=absent
  tags:
-  - notifier
+    - notifier
-  - deploy
+    - deploy
-  - install
+    - install
-  - update
+    - update
 - name: notifier | install application requirements
  pip: 

--- a/playbooks/roles/notifier/tasks/main.yml
+++ b/playbooks/roles/notifier/tasks/main.yml
@@ -96,7 +96,6 @@
    owner={{ notifier_user }} 
    group={{ notifier_user }}
 - name: notifier | ensure .bashrc exists
  shell: touch {{ notifier_home }}/.bashrc
  sudo: true  
@@ -126,16 +125,17 @@
  - install
  - update
- name: notifier | create notifier/bin directory
+- name: notifier | create notifier DB directory
-  file: 
+  file:
-    path="{{ notifier_home }}/bin" mode=2775 state=directory
+    path="{{ notifier_db_dir }}" mode=2775 state=directory
  tags:
  - notifier
  - install
  - update
- name: notifier | make the script executable
+- name: notifier | create notifier/bin directory
-  file: path={{ notifier_home }}/bin/forums_digest.sh state=file mode=2755
+  file: 
+    path="{{ notifier_home }}/bin" mode=2775 state=directory
  tags:
  - notifier
  - install
@@ -159,13 +159,13 @@
  - install
  - update
- name: notifier | supervisord config for celery beat
+- name: notifier | supervisord config for scheduler
  template: 
-    src=etc/supervisor/conf.d/notifier-celery-beat.conf.j2 dest=/etc/supervisor/conf.d/notifier-celery-beat.conf 
+    src=etc/supervisor/conf.d/notifier-scheduler.conf.j2 dest=/etc/supervisor/conf.d/notifier-scheduler.conf 
-  notify: notifier | restart notifier-celery-beat
+  notify: notifier | restart notifier-scheduler
  tags:
  - notifier
  - install
  - update
 - include: deploy.yml
\ No newline at end of file
--- a/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-beat.conf.j2
+++ b/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-beat.conf.j2
 ;
 ;  {{ ansible_managed }}
 ;
-[program:notifier-celery-beat]
+[program:notifier-scheduler]
-command={{ notifier_venv_dir }}/bin/python manage.py celery beat -l DEBUG
+command={{ notifier_venv_dir }}/bin/python manage.py scheduler
 process_name=%(program_name)s
 numprocs=1
@@ -18,15 +18,15 @@ stopsignal=TERM
 stopwaitsecs=10
 user=notifier
 redirect_stderr=false
-stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-celery-beat-stdout.log
+stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-scheduler-stdout.log
 stdout_logfile_maxbytes=1MB
 stdout_logfile_backups=10
 stdout_capture_maxbytes=1MB
-stderr_logfile={{notifier_supervisor_log_dest }}/notifier-celery-beat-stderr.log
+stderr_logfile={{notifier_supervisor_log_dest }}/notifier-scheduler-stderr.log
 stderr_logfile_maxbytes=1MB
 stderr_logfile_backups=10
 stderr_capture_maxbytes=1MB
-environment=PID='/var/tmp/notifier-celery-beat.pid',LANG=en_US.UTF-8,
+environment=PID='/var/tmp/notifier-scheduler.pid',LANG=en_US.UTF-8,
 {%- for name,value in notifier_env_vars.items() -%}
 {{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
 {%- endfor -%}
\ No newline at end of file
--- a/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-workers.conf.j2
+++ b/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-celery-workers.conf.j2
@@ -3,7 +3,7 @@
 ;
 [program:notifier-celery-workers]
-command={{ notifier_venv_dir }}/bin/python manage.py celery worker -l DEBUG
+command={{ notifier_venv_dir }}/bin/python manage.py celery worker -l {{ notifier_log_level }}
 process_name=%(program_name)s
 numprocs=1

--- a/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-scheduler.conf.j2
+++ b/playbooks/roles/notifier/templates/etc/supervisor/conf.d/notifier-scheduler.conf.j2
+;
+;  {{ ansible_managed }}
+;
+[program:notifier-scheduler]
+command={{ notifier_venv_dir }}/bin/python manage.py scheduler
+process_name=%(program_name)s
+numprocs=1
+directory={{ notifier_code_dir }}
+umask=022
+autostart=true
+autorestart=true
+startsecs=10
+startretries=3
+exitcodes=0,2
+stopsignal=TERM
+stopwaitsecs=10
+user=notifier
+redirect_stderr=false
+stdout_logfile={{ notifier_supervisor_log_dest }}/notifier-scheduler-stdout.log
+stdout_logfile_maxbytes=1MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=1MB
+stderr_logfile={{notifier_supervisor_log_dest }}/notifier-scheduler-stderr.log
+stderr_logfile_maxbytes=1MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=1MB
+environment=PID='/var/tmp/notifier-scheduler.pid',LANG=en_US.UTF-8,
+{%- for name,value in notifier_env_vars.items() -%}
+{{name}}="{{value}}"{%- if not loop.last -%},{%- endif -%}
+{%- endfor -%}
\ No newline at end of file
--- a/playbooks/roles/ora/vars/main.yml
+++ b/playbooks/roles/ora/vars/main.yml
@@ -4,8 +4,10 @@ ora_code_dir: "{{ app_base_dir }}/edx-ora"
 # Default nginx listen port
 # These should be overrided if you want
 # to serve all content on port 80
-ora_venv_dir: "{{ venv_dir }}"
+ora_user: "edx-ora"
-ease_venv_dir: "{{ venv_dir }}"
+ora_user_home: "/opt/edx-ora"
+ora_venv_dir: "{{ ora_user_home }}/virtualenvs/{{ ora_user }}"
+ease_venv_dir: "{{ ora_venv_dir }}"
 ora_gunicorn_workers: 4
 ora_nginx_port: 18091
 ora_gunicorn_port: 8091

--- a/playbooks/roles/ora/tasks/deploy.yml
+++ b/playbooks/roles/ora/tasks/deploy.yml
@@ -41,7 +41,7 @@
 # Do Post Checkout Tasks.
 - name: ora | change permissions on ora code dir
-  file: path={{ora_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  file: path={{ora_code_dir}} state=directory owner={{ ora_user }} group={{ ora_user }} mode=755 recurse=yes
  notify:
    - ora | restart edx-ora
    - ora | restart edx-ora-celery
@@ -85,7 +85,7 @@
  - deploy
 - name: ora | syncdb and migrate
-  shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  shell: sudo -u {{ ora_user }} SERVICE_VARIANT=ora {{ora_venv_dir}}/bin/django-admin.py syncdb --migrate --noinput --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
  when: migrate_db is defined and migrate_db|lower == "yes"
  notify:
    - ora | restart edx-ora
@@ -96,7 +96,7 @@
  - deploy
 - name: ora | create users
-  shell: sudo -u www-data {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
+  shell: sudo -u {{ ora_user }} SERVICE_VARIANT=ora {{ora_venv_dir}}/bin/django-admin.py update_users --settings=edx_ora.aws --pythonpath={{ora_code_dir}}
  notify:
    - ora | restart edx-ora
    - ora | restart edx-ora-celery

--- a/playbooks/roles/ora/tasks/ease.yml
+++ b/playbooks/roles/ora/tasks/ease.yml
@@ -37,7 +37,7 @@
 # Do Post Checkout Tasks.
 - name: ora | change permissions on ease code dir
-  file: path={{ease_code_dir}} state=directory owner=www-data group=www-data mode=755 recurse=yes
+  file: path={{ease_code_dir}} state=directory owner={{ ora_user }} group={{ ora_user }} mode=755 recurse=yes
  tags:
  - ease
  - deploy

--- a/playbooks/roles/ora/tasks/main.yml
+++ b/playbooks/roles/ora/tasks/main.yml
@@ -3,13 +3,8 @@
 #  - common/tasks/main.yml
 #  - nginx/tasks/main.yml
 ---
- name: ora | Change permissions on datadir
-  file: path={{ora_code_dir}}/../data state=directory owner=www-data group=www-data
-  tags:
-  - ora
 - name: ora | Create ml_models directory
-  file: path={{ora_code_dir}}/../ml_models state=directory owner=www-data group=www-data
+  file: path={{ora_code_dir}}/../ml_models state=directory owner={{ ora_user }} group={{ ora_user }}
  tags:
  - ora
@@ -20,12 +15,12 @@
  - ora
 - name: ora | create ora application config
-  template: src=ora.env.json.j2 dest={{ora_code_dir}}/../env.json mode=0640 owner=www-data group=adm
+  template: src=ora.env.json.j2 dest={{ora_code_dir}}/../ora.env.json mode=0640 owner={{ ora_user }} group=adm
  tags:
  - ora
 - name: ora | create ora auth file
-  template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../auth.json mode=0640 owner=www-data group=adm
+  template: src=ora.auth.json.j2 dest={{ora_code_dir}}/../ora.auth.json mode=0640 owner={{ ora_user }} group=adm
  tags:
  - ora
@@ -45,16 +40,6 @@
  tags:
  - ora
- name: ora | create the ora virtual environment
-  file: path={{ ora_venv_dir }} owner=root group=adm mode=2775 state=directory
-  tags:
-  - ora
- name: ora | bootstrap the ora virtual environment
-  command: /usr/local/bin/virtualenv {{ ora_venv_dir }} --distribute creates={{ora_venv_dir}}/bin/activate
-  tags:
-  - ora
 # Install nginx site
 - include: ../../nginx/tasks/nginx_site.yml state=link site_name=ora

--- a/playbooks/roles/ora/templates/edx-ora-celery.conf.j2
+++ b/playbooks/roles/ora/templates/edx-ora-celery.conf.j2
@@ -10,8 +10,9 @@ respawn
 respawn limit 3 30
 env DJANGO_SETTINGS_MODULE=edx_ora.aws
+env SERVICE_VARIANT=ora
 chdir {{ ora_code_dir }}
-setuid www-data
+setuid {{ ora_user }}
 exec {{ ora_venv_dir }}/bin/python {{ ora_code_dir }}/manage.py celeryd --loglevel=info --settings=edx_ora.aws --pythonpath={{ ora_code_dir}} -B --autoscale=4,1
--- a/playbooks/roles/ora/templates/edx-ora.conf.j2
+++ b/playbooks/roles/ora/templates/edx-ora.conf.j2
@@ -14,11 +14,12 @@ env WORKERS={{ ora_gunicorn_workers }}
 env PORT={{ ora_gunicorn_port }}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=edx_ora.aws
+env SERVICE_VARIANT=ora
 pre-start script
 end script
 chdir {{ ora_code_dir }}
-setuid www-data
+setuid {{ ora_user }}
 exec {{ ora_venv_dir}}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=90 --pythonpath={{ ora_code_dir}} edx_ora.wsgi
--- a/playbooks/roles/oraclejdk/vars/main.yml
+++ b/playbooks/roles/oraclejdk/vars/main.yml
--- a/playbooks/roles/oraclejdk/templates/java.sh.j2
+++ b/playbooks/roles/oraclejdk/templates/java.sh.j2
-export JAVA_HOME="{{ java_link }}"
+export JAVA_HOME="{{oraclejdk_link}}"
 export PATH=$JAVA_HOME/bin:$PATH
--- a/playbooks/roles/rabbitmq/vars/main.yml
+++ b/playbooks/roles/rabbitmq/vars/main.yml
@@ -14,12 +14,15 @@ rabbitmq_mnesia_folder: "{{rabbitmq_cookie_dir}}/mnesia"
 rabbitmq_port: 5672
 rabbitmq_management_port: 15672
+rabbitmq_ip: "{{ ansible_default_ipv4.address }}"
 rabbitmq_auth_config:
  erlang_cookie: "CHANGE ME"
-  admin:
+  admins:
  - name: 'admin'
    password: 'the example admin password'
+  - name: 'edx'
+    password: 'edx'
 # If the system is running out of an Amazon Web Services
 # cloudformation stack, this group name can used to pull out
@@ -29,4 +32,4 @@ rabbitmq_aws_stack_name: "tag_aws_cloudformation_stack-name_"
 rabbitmq_clustered_hosts: []
 rabbitmq_plugins:
  - rabbitmq_management
\ No newline at end of file
--- a/playbooks/roles/rabbitmq/tasks/main.yml
+++ b/playbooks/roles/rabbitmq/tasks/main.yml
@@ -13,7 +13,7 @@
  apt_repository: repo="{{rabbitmq_repository}}" state=present
 - name: rabbitmq | install rabbitmq
-  apt: pkg={{rabbitmq_pkg}} state=present
+  apt: pkg={{rabbitmq_pkg}} state=present update_cache=yes
 - name: rabbitmq | stop rabbit cluster
  service: name=rabbitmq-server state=stopped
@@ -52,6 +52,9 @@
 - name: rabbitmq | start rabbit nodes
  service: name=rabbitmq-server state=restarted
+- name: rabbitmq | wait for rabbit to start
+  wait_for: port={{ rabbitmq_management_port }} delay=2
 - name: rabbitmq | remove guest user
  rabbitmq_user: user="guest" state=absent
@@ -78,4 +81,4 @@
 - name: rabbitmq | ensure rabbitmqadmin attributes
  file: 
    path=/usr/local/bin/rabbitmqadmin owner=root 
    group=root mode=0655
\ No newline at end of file
--- a/playbooks/roles/rabbitmq/templates/rabbitmq-env.conf.j2
+++ b/playbooks/roles/rabbitmq/templates/rabbitmq-env.conf.j2
 RABBITMQ_NODE_PORT={{ rabbitmq_port }}
-RABBITMQ_NODE_IP_ADDRESS={{ ansible_default_ipv4.address }}
+RABBITMQ_NODE_IP_ADDRESS={{ rabbitmq_ip }}
--- a/playbooks/roles/rbenv/vars/main.yml
+++ b/playbooks/roles/rbenv/vars/main.yml
--- a/playbooks/roles/rbenv/tasks/main.yml
+++ b/playbooks/roles/rbenv/tasks/main.yml
@@ -136,20 +136,30 @@
  - ruby
  - install
+- name: rbenv | if ruby-build exists, which versions we can install
+  command: /usr/local/bin/ruby-build --definitions
+  when: rbuild_present|success
+  register: installable_ruby_vers
+  ignore_errors: yes
+  tags:
+  - ruby
+  - install
+### in this block, we (re)install ruby-build if it doesn't exist or if it can't install the requested version
 - name: rbenv | create temporary directory
  command: mktemp -d
  register: tempdir
  sudo: true  
-  sudo_user: "{{ rbenv_user }}" 
+  sudo_user: "{{ rbenv_user }}"
-  when: rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
  tags:
  - ruby
  - install
 - name: rbenv | clone ruby-build repo
  git: repo=https://github.com/sstephenson/ruby-build.git dest={{ tempdir.stdout }}/ruby-build
-  when:  rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
-  sudo: true  
+  sudo: true
  sudo_user: "{{ rbenv_user }}" 
  tags:
  - ruby
@@ -157,14 +167,14 @@
 - name: rbenv | install ruby-build
  command: ./install.sh chdir={{ tempdir.stdout }}/ruby-build
-  when: rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
  tags:
  - ruby
  - install
 - name: rbenv | remove temporary directory
  file: path={{ tempdir.stdout }} state=absent
-  when: rbuild_present|failed
+  when: rbuild_present|failed or (installable_ruby_vers is defined and rbenv_ruby_version not in installable_ruby_vers)
  tags:
  - ruby
  - install

--- a/playbooks/roles/shibboleth/vars/main.yml
+++ b/playbooks/roles/shibboleth/vars/main.yml
--- a/playbooks/roles/virtualenv/vars/main.yml
+++ b/playbooks/roles/virtualenv/vars/main.yml
--- a/playbooks/roles/xqueue/vars/main.yml
+++ b/playbooks/roles/xqueue/vars/main.yml
@@ -10,6 +10,10 @@ xqueue_code_dir: "{{ app_base_dir }}/xqueue"
 xqueue_nginx_port: 18040
 xqueue_gunicorn_port: 8040
+xqueue_user: "xqueue"
+xqueue_user_home: "/opt/xqueue"
+xqueue_venv_dir: "{{ xqueue_user_home }}/virtualenvs/{{ xqueue_user }}"
 xqueue_env_config:
  'XQUEUES':
    # push queue
@@ -35,6 +39,7 @@ xqueue_auth_config:
  'DATABASES':
    'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'xqueue', 'USER': 'root', 'PASSWORD': '', 'HOST': 'localhost', 'PORT': '3306' }
+xqueue_create_db: 'yes'
 xqueue_source_repo: https://github.com/edx/xqueue.git
 xqueue_version: 'HEAD'
 xqueue_pre_requirements_file:    "{{ xqueue_code_dir }}/pre-requirements.txt"

--- a/playbooks/roles/xqueue/tasks/deploy.yml
+++ b/playbooks/roles/xqueue/tasks/deploy.yml
@@ -20,7 +20,7 @@
 # Do Post Checkout Tasks.
 - name: xqueue | create xqueue code dir
-  file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data mode=755
+  file: path={{xqueue_code_dir}} state=directory owner={{ xqueue_user }} group={{ xqueue_user }} mode=755
  tags:
  - xqueue
  - deploy
@@ -30,29 +30,29 @@
 # portions of the deploy needs to be incorporated here.
 - name: xqueue | sets permissions on xqueue code dir and contents
-  file: path={{xqueue_code_dir}} state=directory owner=www-data group=www-data recurse=yes
+  file: path={{xqueue_code_dir}} state=directory owner={{ xqueue_user }} group={{ xqueue_user }} recurse=yes
  # Post Checkout tasks will get run as handlers when the {{ xqueue_code_dir }} is ready.
  # Look at the handlers/main.yml in this role for a description of the tasks stated below.
  tags:
  - xqueue
  - deploy
-# Install the python pre requirements into {{ venv_dir }}
+# Install the python pre requirements into {{ xqueue_venv_dir }}
 - name : install python pre-requirements
-  pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  pip: requirements="{{xqueue_pre_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
  tags:
  - xqueue
  - deploy
-# Install the python post requirements into {{ venv_dir }}
+# Install the python post requirements into {{ xqueue_venv_dir }}
 - name : install python post-requirements
-  pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{venv_dir}}" state=present
+  pip: requirements="{{xqueue_post_requirements_file}}" virtualenv="{{xqueue_venv_dir}}" state=present
  tags:
  - xqueue
  - deploy
 - name: xqueue | syncdb and migrate
-  shell: sudo -u www-data /opt/edx/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: sudo -u {{ xqueue_user }} SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py syncdb --migrate --noinput --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
  when: migrate_db is defined and migrate_db|lower == "yes"
  tags:
  - xqueue
@@ -60,7 +60,7 @@
  - deploy
 - name: xqueue | create users
-  shell: sudo -u www-data /opt/edx/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
+  shell: sudo -u {{ xqueue_user }} SERVICE_VARIANT=xqueue {{ xqueue_venv_dir }}/bin/django-admin.py update_users --settings=xqueue.aws_settings --pythonpath=/opt/wwc/xqueue
  when: update_users is defined
  tags:
  - xqueue

--- a/playbooks/roles/xqueue/tasks/main.yml
+++ b/playbooks/roles/xqueue/tasks/main.yml
@@ -3,11 +3,6 @@
 #  - common/tasks/main.yml
 #  - nginx/tasks/main.yml
 ---
- name: xqueue | Change permissions on datadir
-  file: path={{app_base_dir}}/data state=directory owner=www-data group=www-data
-  tags:
-  - xqueue
 # Check out xqueue repo to {{xqueue_code_dir}}
 - name: xqueue | install git and its recommends
  apt: pkg=git state=present install_recommends=yes 
@@ -30,9 +25,10 @@
    login_password={{xqueue_auth_config.DATABASES.default.PASSWORD}}
    state=present
    encoding=utf8
+  when: xqueue_create_db is defined and xqueue_create_db|lower == "yes"
 - name: xqueue | create xqueue application config
-  template: src=xqueue.env.json.j2 dest={{app_base_dir}}/env.json mode=0640 owner=www-data group=adm
+  template: src=xqueue.env.json.j2 dest={{app_base_dir}}/xqueue.env.json mode=0640 owner={{ xqueue_user }} group=adm
  notify:
  - xqueue | restart xqueue
  - xqueue | restart xqueue consumer
@@ -40,7 +36,7 @@
  - xqueue
 - name: xqueue | create xqueue auth file
-  template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/auth.json mode=0640 owner=www-data group=adm
+  template: src=xqueue.auth.json.j2 dest={{app_base_dir}}/xqueue.auth.json mode=0640 owner={{ xqueue_user }} group=adm
  notify:
  - xqueue | restart xqueue
  - xqueue | restart xqueue consumer

--- a/playbooks/roles/xqueue/templates/xqueue.conf.j2
+++ b/playbooks/roles/xqueue/templates/xqueue.conf.j2
@@ -7,7 +7,11 @@ respawn
 respawn limit 3 30
 env PID=/var/tmp/xqueue.pid
-env WORKERS={{ ansible_processor_cores * 2 }}
+{% if ansible_processor|length > 0 %}
+env WORKERS={{ ansible_processor|length * 2 }}
+{% else %}
+env WORKERS=2
+{% endif %}
 env PORT={{ xqueue_gunicorn_port }}
 env LANG=en_US.UTF-8
 env DJANGO_SETTINGS_MODULE=xqueue.aws_settings
@@ -15,6 +19,6 @@ env SERVICE_VARIANT="xqueue"
 chdir {{ xqueue_code_dir }}
-setuid www-data
+setuid {{ xqueue_user }}
-exec {{ venv_dir }}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{ xqueue_code_dir }} xqueue.wsgi
+exec {{ xqueue_venv_dir }}/bin/gunicorn --preload -b 127.0.0.1:$PORT -w $WORKERS --timeout=300 --pythonpath={{ xqueue_code_dir }} xqueue.wsgi
--- a/playbooks/roles/xqueue/templates/xqueue_consumer.conf.j2
+++ b/playbooks/roles/xqueue/templates/xqueue_consumer.conf.j2
@@ -11,7 +11,8 @@ respawn limit 3 30
 env LANG=en_US.UTF-8
 env WORKERS_PER_QUEUE={{xqueue_env_config.XQUEUE_WORKERS_PER_QUEUE}}
+env SERVICE_VARIANT="xqueue"
 chdir {{xqueue_code_dir}}
-setuid www-data
+setuid {{ xqueue_user }}
-exec {{venv_dir}}/bin/django-admin.py run_consumer --pythonpath={{xqueue_code_dir}} --settings=xqueue.aws_settings $WORKERS_PER_QUEUE
+exec {{xqueue_venv_dir}}/bin/django-admin.py run_consumer --pythonpath={{xqueue_code_dir}} --settings=xqueue.aws_settings $WORKERS_PER_QUEUE
--- a/playbooks/roles/xserver/vars/main.yml
+++ b/playbooks/roles/xserver/vars/main.yml
--- a/playbooks/vagrant-fullstack.yml
+++ b/playbooks/vagrant-fullstack.yml
@@ -12,14 +12,18 @@
    - nginx
    - edxlocal
    - edxapp
-    - rabbitmq
+    - { role: 'rabbitmq', rabbitmq_ip: '127.0.0.1' }
-    - xqueue
+    - { role: 'edxapp', celery_worker: True }
-    - xserver
    - oraclejdk
    - elasticsearch
-    - { role: 'edxapp', celery_worker: True }
    - role: rbenv
      rbenv_user: "{{ forum_user }}"
      rbenv_user_home: "{{ forum_home }}"
      rbenv_ruby_version: "{{ forum_ruby_version }}"
    - forum
+    - role: virtualenv
+      virtualenv_user: "{{ xqueue_user }}"
+      virtualenv_user_home: "{{ xqueue_user_home }}"
+      virtualenv_name: "{{ xqueue_user }}"
+    - { role: "xqueue", update_users: True }
+    - xserver
\ No newline at end of file
--- a/util/vpc-tools/vpc-dns.py
+++ b/util/vpc-tools/vpc-dns.py
 """vpc-dns.py
 Usage:
-    vpc-dns.py create-zone vpc <vpc-id>
+    vpc-dns.py create-zone (vpc <vpc_id> | stack-name <stack_name>)
    vpc-dns.py (-h --help)
    vpc-dns.py (-v --version)
@@ -12,6 +12,7 @@ Options:
 import boto
 from boto.route53.record import ResourceRecordSets
 from docopt import docopt
+from vpcutil import vpc_for_stack_name
 class VPCDns:
    BACKEND_ZONE = "Z4AI6ADZTL3HN"
@@ -106,8 +107,13 @@ class VPCDns:
 VERSION="0.1"
 def dispatch(args):
+    if args.get("vpc"):
-    vpc_id = args.get("<vpc-id>")
+      vpc_id = args.get("<vpc_id>")
+    elif args.get("stack-name"):
+      stack_name = args.get("<stack_name>")
+      vpc_id = vpc_for_stack_name(stack_name)
+    else:
+      raise Exception("No vpc_id or stack_name provided.")
    c = VPCDns(vpc_id=vpc_id)

--- a/util/vpc-tools/vpc-tools.py
+++ b/util/vpc-tools/vpc-tools.py
 """VPC Tools.
 Usage:
-    vpc-tools.py ssh-config (vpc <vpc_id> | stack-name <stack_name>) identity-file <identity_file> user <user> [config-file <config_file>] [strict-host-check <strict_host_check>]
+    vpc-tools.py ssh-config (vpc <vpc_id> | stack-name <stack_name>) identity-file <identity_file> user <user> [(config-file <config_file>)] [(strict-host-check <strict_host_check>)]
    vpc-tools.py (-h --help)
    vpc-tools.py (-v --version)
@@ -12,11 +12,12 @@ Options:
 """
 import boto
 from docopt import docopt
+from vpcutil import vpc_for_stack_name
 VERSION="vpc tools 0.1"
 DEFAULT_USER="ubuntu"
-DEFAULT_HOST_CHECK="yes"
+DEFAULT_HOST_CHECK="ask"
 JUMPBOX_CONFIG = """
    Host {jump_box}
@@ -43,13 +44,6 @@ def dispatch(args):
    if args.get("ssh-config"):
        _ssh_config(args)
-def vpc_for_stack_name(stack_name):
-    cfn = boto.connect_cloudformation()
-    resources = cfn.list_stack_resources(stack_name)
-    for resource in resources:
-      if resource.resource_type == 'AWS::EC2::VPC':
-        return resource.physical_resource_id
 def _ssh_config(args):
    if args.get("vpc"):
      vpc_id = args.get("<vpc_id>")
@@ -57,7 +51,7 @@ def _ssh_config(args):
      stack_name = args.get("<stack_name>")
      vpc_id = vpc_for_stack_name(stack_name)
    else:
-      raise Exception("No way to know which vpc to query.")
+      raise Exception("No vpc_id or stack_name provided.")
    vpc = boto.connect_vpc()
@@ -75,7 +69,7 @@ def _ssh_config(args):
    if config_file:
      config_file = "-F {}".format(config_file)
    else:
-      config_file = "nothing"
+      config_file = ""
    jump_box = "{vpc_id}-jumpbox".format(vpc_id=vpc_id)
    friendly = "{vpc_id}-{logical_id}-{instance_id}"

--- a/util/vpc-tools/vpcutil.py
+++ b/util/vpc-tools/vpcutil.py
+import boto
+def vpc_for_stack_name(stack_name):
+    cfn = boto.connect_cloudformation()
+    resources = cfn.list_stack_resources(stack_name)
+    for resource in resources:
+      if resource.resource_type == 'AWS::EC2::VPC':
+        return resource.physical_resource_id
--- a/vagrant/fullstack/Vagrantfile
+++ b/vagrant/fullstack/Vagrantfile
@@ -17,9 +17,8 @@ Vagrant.configure("2") do |config|
  config.vm.provision :ansible do |ansible|
    # point Vagrant at the location of your playbook you want to run
    ansible.playbook = "../../playbooks/vagrant-fullstack.yml"
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
    ansible.extra_vars = { c_skip_grader_checkout: 'True' }
-    ansible.verbose = true
+    ansible.verbose = "extra"
  end
 end
--- a/vagrant/shortstack-xml/Vagrantfile
+++ b/vagrant/shortstack-xml/Vagrantfile
@@ -18,7 +18,7 @@ Vagrant.configure("2") do |config|
    # point Vagrant at the location of your playbook you want to run
    ansible.playbook = "../../playbooks/vagrant-shortstack-xml.yml"
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
-    ansible.verbose = true
+    ansible.verbose = "extra"
  end
 end
--- a/vagrant/shortstack/Vagrantfile
+++ b/vagrant/shortstack/Vagrantfile
@@ -17,8 +17,10 @@ Vagrant.configure("2") do |config|
  config.vm.provision :ansible do |ansible|
    # point Vagrant at the location of your playbook you want to run
    ansible.playbook = "../../playbooks/vagrant-shortstack.yml"
+    ansible.inventory_path = "../../playbooks/vagrant/inventory.ini"
-    ansible.inventory_file = "../../playbooks/vagrant/inventory.ini"
+    ansible.verbose = "extra"
-    ansible.verbose = true
+    # to target the master branch of edx-platform, instead of the release branch,
+    # just uncomment this line
+    # ansible.extra_vars = { edx_platform_commit: "master" }
  end
 end