Skip to content

C
configuration
Commit e6595927 by John Jarvis
Options

xserver role cleanup

parent 0864ba1c
Showing with 22 additions and 13 deletions
playbooks/roles/xserver/defaults/main.yml
...@@ -8,9 +8,12 @@ XSERVER_RUN_URL: '' ...@@ -8,9 +8,12 @@ XSERVER_RUN_URL: ''
XSERVER_LOGGING_ENV: 'sandbox' XSERVER_LOGGING_ENV: 'sandbox'
XSERVER_SYSLOG_SERVER: '' XSERVER_SYSLOG_SERVER: ''
# For 6.00x use "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall" # For 6.00x use "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
XSERVER_GRADER_DIR: "" XSERVER_GRADER_DIR: !!null
# For 6.00x use "git@github.com:/MITx/6.00x.git" # For 6.00x use "git@github.com:/MITx/6.00x.git"
XSERVER_GRADER_SOURCE: "" XSERVER_GRADER_SOURCE: !!null
# This must be set to run this role
# Example: "{{ secure_dir }}/files/git-identity"
XSERVER_LOCAL_GIT_IDENTITY: !!null
# by default do not check out the content # by default do not check out the content
...@@ -29,6 +32,8 @@ xserver_user: "xserver" ...@@ -29,6 +32,8 @@ xserver_user: "xserver"
xserver_sandbox_user: "xserver-sandbox" xserver_sandbox_user: "xserver-sandbox"
xserver_log_dir: "{{ COMMON_LOG_DIR }}/xserver" xserver_log_dir: "{{ COMMON_LOG_DIR }}/xserver"
xserver_grader_root: "{{ XSERVER_GRADER_DIR }}/graders" xserver_grader_root: "{{ XSERVER_GRADER_DIR }}/graders"
xserver_git_identity: "{{ xserver_app_dir }}/{{ XSERVER_LOCAL_GIT_IDENTITY|basename }}"
xserver_env_config: xserver_env_config:
RUN_URL: $XSERVER_RUN_URL RUN_URL: $XSERVER_RUN_URL
GRADER_ROOT: $xserver_grader_root GRADER_ROOT: $xserver_grader_root
...@@ -37,7 +42,6 @@ xserver_env_config: ...@@ -37,7 +42,6 @@ xserver_env_config:
SYSLOG_SERVER: $XSERVER_SYSLOG_SERVER SYSLOG_SERVER: $XSERVER_SYSLOG_SERVER
SANDBOX_PYTHON: '{{ xserver_venv_sandbox_dir }}/bin/python' SANDBOX_PYTHON: '{{ xserver_venv_sandbox_dir }}/bin/python'
xserver_git_identity_path: "{{ secure_dir }}/files/git-identity"
xserver_source_repo: "git://github.com/edx/xserver.git" xserver_source_repo: "git://github.com/edx/xserver.git"
# This should probably be overridden in the playbook or groupvars # This should probably be overridden in the playbook or groupvars
# with the default pointing to the head of master. # with the default pointing to the head of master.
......
playbooks/roles/xserver/tasks/deploy.yml
...@@ -28,13 +28,17 @@ ...@@ -28,13 +28,17 @@
- deploy - deploy
- name: xserver | install read-only ssh key for the content repo that is required for grading - name: xserver | install read-only ssh key for the content repo that is required for grading
copy: src={{ item }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60 copy: >
first_available_file: src={{ XSERVER_LOCAL_GIT_IDENTITY }} dest={{ xserver_git_identity }}
- "{{ secure_dir }}/files/git-identity" owner={{ xserver_user }} group={{ xserver_user }} mode=0600
- "git-identity-example"
tags: tags:
- deploy - deploy
- name: xserver | upload ssh script
template: >
src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
owner={{ xserver_user }} mode=750
- name: xserver | checkout grader code - name: xserver | checkout grader code
git: dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }} git: dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
environment: environment:
...@@ -44,7 +48,7 @@ ...@@ -44,7 +48,7 @@
- deploy - deploy
- name: xserver | remove read-only ssh key for the content repo - name: xserver | remove read-only ssh key for the content repo
file: path=/etc/git-identity state=absent file: path={{ xserver_git_identity }}
tags: tags:
- deploy - deploy
......
playbooks/roles/xserver/tasks/main.yml
...@@ -5,7 +5,11 @@ ...@@ -5,7 +5,11 @@
- name: xserver | checking for grader info - name: xserver | checking for grader info
fail: msg="You must define XSERVER_GRADER_DIR and XSERVER_GRADER_SOURCE to use this role!" fail: msg="You must define XSERVER_GRADER_DIR and XSERVER_GRADER_SOURCE to use this role!"
when: XSERVER_GRADER_DIR == "" or XSERVER_GRADER_SOURCE == "" when: not XSERVER_GRADER_DIR or not XSERVER_GRADER_SOURCE
- name: xserver | checking for git identity
fail: msg="You must define XSERVER_LOCAL_GIT_IDENTITY to use this role"
when: not XSERVER_LOCAL_GIT_IDENTITY
- name: xserver | create application user - name: xserver | create application user
user: > user: >
...@@ -62,9 +66,6 @@ ...@@ -62,9 +66,6 @@
- name: xserver | setup upstart script - name: xserver | setup upstart script
template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root
- name: xserver | upload ssh script
copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
- include: deploy.yml - include: deploy.yml
- name: xserver | enforce app-armor rules - name: xserver | enforce app-armor rules
......
playbooks/roles/xserver/files/git_ssh.sh playbooks/roles/xserver/templates/git_ssh.sh.j2
#!/bin/sh #!/bin/sh
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@" exec /usr/bin/ssh -o StrictHostKeyChecking=no -i {{ xserver_git_identity }} "$@"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment