Merge pull request #377 from edx/jarv/xserver-updates

Jarv/xserver updates

Merge pull request #377 from edx/jarv/xserver-updates
Jarv/xserver updates
f414e194 · John Jarvis · 08bc94b6 · ed8ca484 · f414e194 · f414e194
Commit f414e194 authored Oct 30, 2013 by John Jarvis
6 changed files
--- a/playbooks/edx-east/deploy_xserver.yml
+++ b/playbooks/edx-east/deploy_xserver.yml
@@ -5,4 +5,5 @@
  roles:
    - common
    - supervisor
-    - xserver
+    - role: xserver
+      tags: ['xserver']
--- a/playbooks/roles/xserver/defaults/main.yml
+++ b/playbooks/roles/xserver/defaults/main.yml
@@ -5,14 +5,17 @@ XSERVER_NGINX_PORT: 18050
 XSERVER_BASIC_AUTH: False

 XSERVER_RUN_URL: ''
-XSERVER_GRADER_ROOT: ''
 XSERVER_LOGGING_ENV: 'sandbox'
 XSERVER_SYSLOG_SERVER: ''
-# by default do not check out the content
-# repo needed on the xserver for grading
-# python submissions, TODO: replace with an open
-# source repo
-XSERVER_GRADER_CHECKOUT: False
+# For 6.00x use "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
+XSERVER_GRADER_DIR: !!null
+# For 6.00x use "git@github.com:/MITx/6.00x.git"
+XSERVER_GRADER_SOURCE: !!null
+# This must be set to run this role
+# Example: "{{ secure_dir }}/files/git-identity"
+XSERVER_LOCAL_GIT_IDENTITY: !!null
+
+# Internal role vars below this line

 xserver_app_dir: "{{ COMMON_APP_DIR }}/xserver"
 xserver_code_dir: "{{ xserver_app_dir }}/xserver"
@@ -24,24 +27,22 @@ xserver_venv_bin: "{{ xserver_venv_dir }}/bin"
 xserver_user: "xserver"
 xserver_sandbox_user: "xserver-sandbox"
 xserver_log_dir: "{{ COMMON_LOG_DIR }}/xserver"
+xserver_grader_root: "{{ XSERVER_GRADER_DIR }}/graders"
+xserver_git_identity: "{{ xserver_app_dir }}/{{ XSERVER_LOCAL_GIT_IDENTITY|basename }}"

 xserver_env_config:
  RUN_URL: $XSERVER_RUN_URL
-  GRADER_ROOT: $XSERVER_GRADER_ROOT
+  GRADER_ROOT: $xserver_grader_root
  LOGGING_ENV: $XSERVER_LOGGING_ENV
  LOG_DIR: "{{ xserver_log_dir }}"
  SYSLOG_SERVER: $XSERVER_SYSLOG_SERVER
  SANDBOX_PYTHON: '{{ xserver_venv_sandbox_dir }}/bin/python'

-xserver_git_identity_path: "{{ secure_dir }}/files/git-identity"
 xserver_source_repo: "git://github.com/edx/xserver.git"
 # This should probably be overridden in the playbook or groupvars
 # with the default pointing to the head of master.
-xserver_version: HEAD
-
-xserver_grader_dir: "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
-xserver_grader_source: "git@github.com:/MITx/6.00x.git"
-xserver_grader_version: HEAD
+xserver_version: master
+xserver_grader_version: master


 xserver_requirements_file: "{{ xserver_code_dir }}/requirements.txt"

--- a/playbooks/roles/xserver/files/git-identity-example
+++ b/playbooks/roles/xserver/files/git-identity-example
-example identity file
--- a/playbooks/roles/xserver/tasks/deploy.yml
+++ b/playbooks/roles/xserver/tasks/deploy.yml
@@ -28,24 +28,29 @@
  - deploy

 - name: xserver | install read-only ssh key for the content repo that is required for grading
-  copy: src={{ item }} dest=/etc/git-identity force=yes owner=ubuntu group=adm mode=60
-  first_available_file:
-    - "{{ secure_dir }}/files/git-identity"
-    - "git-identity-example"
+  copy: >
+    src={{ XSERVER_LOCAL_GIT_IDENTITY }} dest={{ xserver_git_identity }}
+    owner={{ xserver_user }} group={{ xserver_user }} mode=0600
+  tags:
+  - deploy
+
+- name: xserver | upload ssh script
+  template: >
+    src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
+    owner={{ xserver_user }} mode=750
  tags:
  - deploy

 - name: xserver | checkout grader code
-  git: dest={{ xserver_grader_dir }} repo={{ xserver_grader_source }} version={{ xserver_grader_version }}
+  git: dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
  environment:
    GIT_SSH: /tmp/git_ssh.sh
-  when: XSERVER_GRADER_CHECKOUT
  sudo_user: "{{ xserver_user }}"
  tags:
  - deploy

 - name: xserver | remove read-only ssh key for the content repo
-  file: path=/etc/git-identity state=absent
+  file: path={{ xserver_git_identity }} state=absent
  tags:
  - deploy


--- a/playbooks/roles/xserver/tasks/main.yml
+++ b/playbooks/roles/xserver/tasks/main.yml
@@ -3,6 +3,14 @@
 # access to the edX 6.00x repo which is not public
 ---

+- name: xserver | checking for grader info
+  fail: msg="You must define XSERVER_GRADER_DIR and XSERVER_GRADER_SOURCE to use this role!"
+  when: not XSERVER_GRADER_DIR or not XSERVER_GRADER_SOURCE
+
+- name: xserver | checking for git identity
+  fail: msg="You must define XSERVER_LOCAL_GIT_IDENTITY to use this role"
+  when: not XSERVER_LOCAL_GIT_IDENTITY
+
 - name: xserver | create application user
  user: >
    name="{{ xserver_user }}"
@@ -27,6 +35,7 @@
    - "{{ xserver_app_dir }}"
    - "{{ xserver_venvs_dir }}"
    - "{{ xserver_data_dir }}"
+    - "{{ xserver_data_dir }}/data"

 - name: xserver | create sandbox sudoers file
  template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
@@ -57,9 +66,6 @@
 - name: xserver | setup upstart script
  template: src=xserver.conf.j2 dest=/etc/init/xserver.conf owner=root group=root

- name: xserver | upload ssh script
-  copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=adm mode=750
-
 - include: deploy.yml

 - name: xserver | enforce app-armor rules

--- a/playbooks/roles/xserver/files/git_ssh.sh
+++ b/playbooks/roles/xserver/files/git_ssh.sh
 #!/bin/sh
-exec /usr/bin/ssh -o StrictHostKeyChecking=no -i /etc/git-identity "$@"
+exec /usr/bin/ssh -o StrictHostKeyChecking=no -i {{ xserver_git_identity }} "$@"