Add support for private/alternate themes

Revert "Revert "Merge pull request #3029 from edx/revert-2990-saleem-latif/MAYN-198""

This reverts commit 44107557, reversing
changes made to 4e5122de.

* mattdrayer: Update command syntax + add SSH key cleanup

playbooks/roles/ecommerce/defaults/main.yml

@@ -103,6 +103,13 @@ ECOMMERCE_PAYMENT_PROCESSOR_CONFIG:
 ECOMMERCE_PLATFORM_NAME: 'Your Platform Name Here'
 ECOMMERCE_THEME_SCSS: 'sass/themes/default.scss'
 
+# Directory name inside edx-themes repo that contain ecommerce themes
+ECOMMERCE_THEMES_DIR_NAME: 'ecommerce'
+
+ECOMMERCE_COMPREHENSIVE_THEME_DIR: !!null
+ECOMMERCE_ENABLE_COMPREHENSIVE_THEMING: false
+ECOMMERCE_DEFAULT_SITE_THEME: !!null
+
 # Celery
 ECOMMERCE_BROKER_USERNAME: 'celery'
 ECOMMERCE_BROKER_PASSWORD: 'celery'
@@ -114,8 +121,6 @@ ECOMMERCE_BROKER_URL: 'amqp://{{ ECOMMERCE_BROKER_USERNAME }}:{{ ECOMMERCE_BROKE
 
 ECOMMERCE_SUPPORT_URL: 'SET_ME_PLEASE'
 
-ECOMMERCE_DEFAULT_SITE_THEME: !!null
-
 ECOMMERCE_SERVICE_CONFIG:
   SECRET_KEY: '{{ ECOMMERCE_SECRET_KEY }}'
   TIME_ZONE: '{{ ECOMMERCE_TIME_ZONE }}'
@@ -159,7 +164,10 @@ ECOMMERCE_SERVICE_CONFIG:
 
   BROKER_URL: '{{ ECOMMERCE_BROKER_URL }}'
 
-  DEFAULT_SITE_THEME: '{{ ECOMMERCE_DEFAULT_SITE_THEME }}'
+  # Theming config
+  COMPREHENSIVE_THEME_DIR: "{{ ECOMMERCE_COMPREHENSIVE_THEME_DIR }}"
+  ENABLE_COMPREHENSIVE_THEMING: "{{ ECOMMERCE_ENABLE_COMPREHENSIVE_THEMING }}"
+  DEFAULT_SITE_THEME: "{{ ECOMMERCE_DEFAULT_SITE_THEME }}"
 
 
 ECOMMERCE_REPOS:
@@ -171,7 +179,6 @@ ECOMMERCE_REPOS:
     DESTINATION: "{{ ecommerce_code_dir }}"
     SSH_KEY: "{{ ECOMMERCE_GIT_IDENTITY }}"
 
-
 ECOMMERCE_GUNICORN_WORKERS: "2"
 ECOMMERCE_GUNICORN_EXTRA: ""
 ECOMMERCE_GUNICORN_EXTRA_CONF: ""

playbooks/roles/ecommerce/meta/main.yml

@@ -22,4 +22,6 @@ dependencies:
     edx_service_packages:
       debian: "{{ ecommerce_debian_pkgs }}"
       redhat: "{{ ecommerce_redhat_pkgs }}"
+  - role: edx-themes
+    when: "{{ ECOMMERCE_ENABLE_COMPREHENSIVE_THEMING }}"
   - oraclejdk

playbooks/roles/ecommerce/tasks/main.yml

@@ -10,17 +10,25 @@
 #
 #
 # Tasks for role ecommerce
-# 
+#
 # Overview:
-# 
+#
 #
 # Dependencies:
 #
-# 
+#
 # Example play:
 #
 #
 
+# Copy themes directories.
+# When synchronizing we need to make sure that directory path ends with a trailing slash,
+# otherwise synchronize will copy the src directory instead of the files/dirs included within the src directory
+- name: synchronize theme directories
+  command: "rsync -a {{ THEMES_CODE_DIR }}/{{ ECOMMERCE_THEMES_DIR_NAME }}/ {{ ECOMMERCE_COMPREHENSIVE_THEME_DIR }}"
+  sudo_user: "{{ ecommerce_user }}"
+  when: ECOMMERCE_ENABLE_COMPREHENSIVE_THEMING and THEMES_CODE_DIR is defined
+
 - name: "add gunicorn configuration file"
   template: >
     src=edx/app/ecommerce/ecommerce_gunicorn.py.j2

playbooks/roles/edx-themes/defaults/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
+# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Defaults for role themes
+#
+themes_service_name: "edx-themes"
+themes_user: "{{ themes_service_name }}"
+themes_home: "{{ COMMON_CFG_DIR }}/{{ themes_service_name }}"
+
+THEMES_CODE_DIR: "{{ themes_home }}/{{ themes_service_name }}"
+
+THEMES_GIT_IDENTITY: !!null
+THEMES_GIT_PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"
+THEMES_GIT_MIRROR: "{{ COMMON_GIT_MIRROR }}"
+THEMES_GIT_PATH: "{{ COMMON_GIT_PATH }}"
+THEMES_REPO: "sample-themes.git"
+THEMES_VERSION: "master"
+
+
+THEMES_REPOS:
+  - PROTOCOL: "{{ THEMES_GIT_PROTOCOL }}"
+    DOMAIN: "{{ THEMES_GIT_MIRROR }}"
+    PATH: "{{ THEMES_GIT_PATH }}"
+    REPO: "{{ THEMES_REPO }}"
+    VERSION: "{{ THEMES_VERSION }}"
+    DESTINATION: "{{ THEMES_CODE_DIR }}"
+    SSH_KEY: "{{ THEMES_GIT_IDENTITY }}"

playbooks/roles/edx-themes/tasks/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
+# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role themes
+#
+# Overview:
+#
+# This role performs the repetive tasks that most edX roles
+# require in our default configuration.
+#
+# Example play:
+#
+# Rather than being included in the play, this role
+# is included as a dependency by other roles in the meta/main.yml
+# file.  The including role should add the following
+# dependency definition.
+#
+# dependencies:
+#   - role: themes
+#     when do_setup_themes
+#
+
+# Generating an ssh key so service users can do a git
+# clone over ssh for public repositories without any
+# additional configuration
+- name: create application user
+  user:
+    name: "{{ themes_user }}"
+    home: "{{ themes_home }}"
+    createhome: yes
+    shell: /bin/false
+    generate_ssh_key: yes
+  tags:
+    - install
+    - install:base
+
+# Assumes that the home directory has been created above.
+# In some cases(vagrant boxes) the home directory gets created
+# but does not have the current owner and group. In vagrant for
+# example we were seeing it defaulting it to `root` for both.
+# The item that is a blank string ("") ensures the ownership
+# of the home directory is always correct before proceeding.
+- name: create themes home dirs
+  file:
+    path: "{{ themes_home }}/{{ item }}"
+    state: directory
+    owner: "{{ themes_user }}"
+    group: "{{ common_web_group }}"
+  with_items:
+    - ""
+  tags:
+    - install
+    - install:base
+
+- name: set git fetch.prune to ignore deleted remote refs
+  shell: git config --global fetch.prune true
+  sudo_user: "{{ themes_user }}"
+  when: THEMES_REPOS is defined
+  tags:
+    - install
+    - install:code
+
+- name: validate git protocol
+  fail: msg='THEMES_REPOS.PROTOCOL must be "https" or "ssh"'
+  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh") and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: install read-only ssh key
+  copy:
+    dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+    content: "{{ item.SSH_KEY }}"
+    owner: "{{ themes_user }}"
+    group: "{{ themes_user }}"
+    mode: 0600
+  when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over ssh
+  git_2_0_1:
+    repo: "git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}"
+    dest: "{{ item.DESTINATION }}"
+    version: "{{ item.VERSION }}"
+    accept_hostkey: yes
+    key_file: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+  sudo_user: "{{ themes_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "ssh" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: checkout code over https
+  git_2_0_1:
+    repo: "https://{{ item.DOMAIN }}/{{ item.PATH }}/{{ item.REPO }}"
+    dest: "{{ item.DESTINATION }}"
+    version: "{{ item.VERSION }}"
+  sudo_user: "{{ themes_user }}"
+  register: code_checkout
+  when: item.PROTOCOL == "https" and THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code
+
+- name: remove read-only ssh key
+  file:
+    dest: "{{ themes_home }}/.ssh/{{ item.REPO }}"
+    state: absent
+  when: THEMES_REPOS is defined
+  with_items: THEMES_REPOS
+  tags:
+    - install
+    - install:code