Merge pull request #424 from edx/jarv/jenkins-var-updates-for-deploy

Jarv/jenkins var updates for deploy

playbooks/edx-east/deploy_rabbitmq.yml

+- name: Deploy rabbitmq
+  hosts: all
+  sudo: True
+  gather_facts: False
+  roles:
+    - rabbitmq

playbooks/edx-east/edx_provision.yml

@@ -19,8 +19,10 @@
 - name: Configure instance(s)
   hosts: launched
   sudo: True
-  gather_facts: True
+  gather_facts: False
   roles:
     # gh_users hash must be passed
     # in as a -e variable
     - gh_users
+    # use the default hostname
+    - hostname

playbooks/edx-east/restart_supervisor.yml

+- name: restarts supervisor
+  hosts: all
+  sudo: True
+  gather_facts: False
+  vars_files:
+    - roles/common/defaults/main.yml
+    - roles/supervisor/defaults/main.yml
+  tasks:
+    - name: supervisor | restart supervisor
+      service: >
+        name={{ supervisor_service }}
+        state=restarted

playbooks/roles/certs/tasks/main.yml

@@ -64,7 +64,6 @@
     dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
     owner={{ certs_user }} mode=0600
   register: certs_gpg_key
-  tags: deploy
 
 
 - name: certs | load the gpg key

playbooks/roles/edxlocal/defaults/main.yml

@@ -2,5 +2,5 @@
 edxlocal_debian_pkgs:
   - python-mysqldb
   - mysql-server-5.5
-  - postfix 
+  - postfix
   - python-pycurl

playbooks/roles/gh_users/tasks/main.yml

@@ -12,7 +12,8 @@
 #      - mark
 
 
-- fail: gh_users list must be defined for this parameterized role
+- name: gh_users | checking for gh_users list
+  fail: msg="gh_users list must be defined for this parameterized role"
   when: not gh_users
 
 - name: gh_users | create gh group
@@ -21,26 +22,26 @@
 # TODO: give limited sudo access to this group
 - name: gh_users | grant full sudo access to gh group
   copy: >
-    content="%adm ALL=(ALL) NOPASSWD:ALL"
+    content="%gh ALL=(ALL) NOPASSWD:ALL"
     dest=/etc/sudoers.d/gh owner=root group=root
     mode=0440 validate='visudo -cf %s'
 
 - name: gh_users | create github users
   user:
-    name={{ item }} group=gh
+    name={{ item }} groups=gh
     shell=/bin/bash
   with_items: gh_users
 
 - name: gh_users | create .ssh directory
   file:
     path=/home/{{ item }}/.ssh state=directory mode=0700
-    owner={{ item }} group={{ item }}
+    owner={{ item }}
   with_items: gh_users
 
 - name: gh_users | copy github key[s] to .ssh/authorized_keys
   get_url:
-    url=https://github.com/{{ item.user }}.keys
-    dest=/home/{{ item.user }}/.ssh/authorized_keys mode=0600
-    owner={{ item.user }} group={{ item.user }}
+    url=https://github.com/{{ item }}.keys
+    dest=/home/{{ item }}/.ssh/authorized_keys mode=0600
+    owner={{ item }}
   with_items: gh_users
 

playbooks/roles/hostname/defaults/main.yml

+---
+hostname: edx-server

playbooks/roles/hostname/tasks/main.yml

+---
+# Simple role to change a hostname on an ubuntu server
+
+- name: hostname | update /etc/hosts
+  template: src=hosts.j2 dest=/etc/hosts
+  register: etc_hosts
+
+- name: hostname | update /etc/hostname
+  template: src=hostname.j2 dest=/etc/hostname
+  register: etc_hostname
+
+- name: hostname | run hostname
+  shell: >
+    hostname -F /etc/hostname
+  when: etc_hosts.changed or etc_hostname.changed
+
+

playbooks/roles/hostname/templates/hostname.j2

+{{ hostname }}

playbooks/roles/hostname/templates/hosts.j2

+127.0.0.1 {{ hostname }} localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts

playbooks/roles/launch_ec2/tasks/main.yml

 # Launches an ec2 instance and blocks until the instance is up
-# adds it to the host group 
+# adds it to the host group
 # Will terminate an instance if one and only one already exists
 # with the same name
 
-- name: lookup tags for terminating existing instance
+- name: launch_ec2 | lookup tags for terminating existing instance
   local_action:
     module: ec2_lookup
     region: "{{ region }}"
@@ -12,7 +12,8 @@
   register: tag_lookup
   when: terminate_instance == true
 
-- debug: msg="Too many results returned, not terminating!"
+- name: launch_ec2 | checking for other instances
+  debug: msg="Too many results returned, not terminating!"
   when: terminate_instance == true and tag_lookup.instance_ids|length > 1
 
 - name: terminating single instance
@@ -23,14 +24,14 @@
     instance_ids: ${tag_lookup.instance_ids}
   when: terminate_instance == true and tag_lookup.instance_ids|length == 1
 
-- name: launch_ec2 | Launch ec2 instance 
-  local_action: 
-    module: ec2 
+- name: launch_ec2 | Launch ec2 instance
+  local_action:
+    module: ec2
     keypair: "{{ keypair }}"
     group: "{{ security_group }}"
     instance_type: "{{ instance_type }}"
     image: "{{ ami }}"
-    wait: true 
+    wait: true
     region: "{{ region }}"
     instance_tags: "{{instance_tags}}"
     root_ebs_size: "{{ root_ebs_size }}"
@@ -75,17 +76,17 @@
 
 - name: launch_ec2 | Add new instance to host group
   local_action: >
-    add_host 
-      hostname={{ item.public_ip }} 
-      groupname=launched 
+    add_host
+      hostname={{ item.public_ip }}
+      groupname=launched
   with_items: "{{ ec2.instances }}"
 
 - name: launch_ec2 | Wait for SSH to come up
   local_action: >
-    wait_for 
+    wait_for
       host={{ item.public_dns_name }}
       state=started
-      port=22 
-      delay=60 
+      port=22
+      delay=60
       timeout=320
   with_items: "{{ ec2.instances }}"

playbooks/roles/rabbitmq/defaults/main.yml

@@ -15,6 +15,9 @@ RABBITMQ_CLUSTERED: !!null
 
 # Internal role variables below this line
 
+# option to force deletion of the mnesia dir
+rabbitmq_refresh: false
+
 rabbitmq_apt_key: "http://www.rabbitmq.com/rabbitmq-signing-key-public.asc"
 rabbitmq_repository: "deb http://www.rabbitmq.com/debian/ testing main"
 rabbitmq_pkg: "rabbitmq-server"

playbooks/roles/rabbitmq/tasks/main.yml

@@ -18,6 +18,11 @@
 - name: rabbitmq | stop rabbit cluster
   service: name=rabbitmq-server state=stopped
 
+# in case there are lingering processes, ignore errors
+# silently
+- name: rabbitmq | send sigterm to any running rabbitmq processes
+  shell: killall beam rabbitmq-server epmd || true
+
 # Defaulting to /var/lib/rabbitmq
 - name: rabbitmq | create cookie directory
   file: >
@@ -56,7 +61,7 @@
 # that can conflict with the clustering information.
 - name: rabbitmq | remove mnesia configuration
   file: path={{rabbitmq_mnesia_folder}} state=absent
-  when: erlang_cookie.changed or cluster_configuration.changed
+  when: erlang_cookie.changed or cluster_configuration.changed or rabbitmq_refresh
 
 - name: rabbitmq | start rabbit nodes
   service: name=rabbitmq-server state=restarted

util/jenkins/ansible-deploy.sh

-#!/usr/bin/env bash
-
-# Ansible deployment wrapper script that
-# assumes the following parameters set
-# as environment variables
-# 
-# {edxapp,forum,xqueue,xserver,ora} - true/false
-# {edxapp,forum,xqueue,xserver,ora}_version - commit or tag
- 
-export BOTO_CONFIG=/var/lib/jenkins/${aws_account}.boto
-if [[ -z $WORKSPACE ]]; then
-    dir=$(dirname $0)
-    source "$dir/ascii-convert.sh"
-else
-    source "$WORKSPACE/util/jenkins/ascii-convert.sh"
-fi
-
-if [[ -z $github_username  ]]; then
-  github_username=$BUILD_USER_ID
-fi
-
-if [[ ! -f $BOTO_CONFIG ]]; then
-  echo "AWS credentials not found for $aws_account"
-  exit 1
-fi
-
-extra_vars="/var/tmp/extra-vars-$$.yml"
-
-if [[ -z $deploy_host ]]; then
-  deploy_host="${github_username}.m.sandbox.edx.org"
-fi
-
-cat << EOF > $extra_vars
----
-
-EDXAPP_PREVIEW_LMS_BASE: preview.${deploy_host}
-EDXAPP_LMS_BASE: ${deploy_host}
-EDXAPP_LMS_NGINX_PORT: 80
-EDXAPP_LMS_PREVIEW_NGINX_PORT: 80
-EDXAPP_CMS_NGINX_PORT: 80
-
-edx_platform_commit: $edxapp_version
-forum_version: $forum_version
-xqueue_version: $xqueue_version
-xserver_version: $xserver_version
-ora_version: $ora_version
-ease_version: $ease_version
-
-ansible_ssh_private_key_file: /var/lib/jenkins/${keypair}.pem
-COMMON_PYPI_MIRROR_URL: 'https://pypi.edx.org/root/pypi/+simple/'
-COMMON_GIT_MIRROR: 'git.edx.org'
-
-migrate_only: '$run_migration'
-
-XSERVER_GRADER_DIR: "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
-XSERVER_GRADER_SOURCE: "git@github.com:/MITx/6.00x.git"
-XSERVER_LOCAL_GIT_IDENTITY: /var/lib/jenkins/git-identity-edx-pull
-
-EOF
-
-cat $extra_vars
-
-echo "Deploying to $deploy_host"
-
-declare -A deploy
-
-deploy[edxapp]=$edxapp
-deploy[forum]=$forum
-deploy[xqueue]=$xqueue
-deploy[xserver]=$xserver
-deploy[ora]=$ora
-
-ssh-keygen -f "/var/lib/jenkins/.ssh/known_hosts" -R "$deploy_host"
-
-cd playbooks/edx-east
-
-# If reconfigure was selected run non-deploy tasks for all roles
-if [[ $reconfigure == "true" ]]; then
-    ansible-playbook -vvvv edx_continuous_integration.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu --skip-tags deploy
-fi
-
-# Run deploy tasks for the roles selected
-for i in "${!deploy[@]}"; do
-    if [[ ${deploy[$i]} == "true" ]]; then
-        ansible-playbook -vvvv deploy_${i}.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu --tags deploy
-    fi
-done
-rm -f "$extra_vars"
-

util/jenkins/ansible-provision.sh

@@ -48,7 +48,7 @@ fi
 
 if [[ -z $ami ]]; then
   if [[ $server_type == "full_edx_installation" ]]; then
-    ami="ami-65db8b0c"
+    ami="ami-dfe4bcb6"
   elif [[ $server_type == "ubuntu_12.04" ]]; then
     ami="ami-d0f89fb9"
   fi
@@ -63,13 +63,21 @@ if [[ -z $instance_type ]]; then
 
 fi
 
-cat << EOF > $extra_vars
----
-EDXAPP_PREVIEW_LMS_BASE: preview.${dns_name}.${dns_zone}
-EDXAPP_LMS_BASE: ${dns_name}.${dns_zone}
-EDXAPP_LMS_PREVIEW_NGINX_PORT: 80
-EDXAPP_CMS_NGINX_PORT: 80
-ansible_ssh_private_key_file: /var/lib/jenkins/${keypair}.pem
+deploy_host="${dns_name}.${dns_zone}"
+ssh-keygen -f "/var/lib/jenkins/.ssh/known_hosts" -R "$deploy_host"
+
+if [[ -z $WORKSPACE ]]; then
+    dir=$(dirname $0)
+    source "$dir/ascii-convert.sh"
+else
+    source "$WORKSPACE/util/jenkins/create-var-file.sh"
+fi
+
+cd playbooks/edx-east
+
+if [[ $recreate == "true" ]]; then
+    # vars specific to provisioning added to $extra-vars
+    cat << EOF >> $extra_vars
 dns_name: $dns_name
 keypair: $keypair
 instance_type: $instance_type
@@ -79,26 +87,48 @@ region: $region
 instance_tags: '{"environment": "$environment", "github_username": "$github_username", "Name": "$name_tag", "source": "jenkins", "owner": "$BUILD_USER"}'
 root_ebs_size: $root_ebs_size
 name_tag: $name_tag
-COMMON_PYPI_MIRROR_URL: 'https://pypi.edx.org/root/pypi/+simple/'
-COMMON_GIT_MIRROR: 'git.edx.org'
 gh_users:
   - jarv
   - feanil
   - e0d
   - ${github_username}
 dns_zone: $dns_zone
+rabbitmq_refresh: True
 EOF
+    cat $extra_vars
+    # run the tasks to launch an ec2 instance from AMI
+    ansible-playbook edx_provision.yml  -i inventory.ini -e "@${extra_vars}"  --user ubuntu
+
+    if [[ $server_type == "full_edx_installation" ]]; then
+        # additional tasks that need to be run if the
+        # entire edx stack is brought up from an AMI
+        ansible-playbook deploy_rabbitmq.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu
+        ansible-playbook restart_supervisor.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu
+    fi
+fi
 
+declare -A deploy
 
-cat $extra_vars
+deploy[edxapp]=$edxapp
+deploy[forum]=$forum
+deploy[xqueue]=$xqueue
+deploy[xserver]=$xserver
+deploy[ora]=$ora
+deploy[discern]=$discern
+deploy[certs]=$certs
 
 
-cd playbooks/edx-east
-# run the tasks to launch an ec2 instance from AMI
-ansible-playbook -vvvv edx_provision.yml  -i inventory.ini -e "@${extra_vars}"  --user ubuntu
-# run tasks to update application config files for the sandbox hostname
-if [[ $server_type == "full_edx_installation" ]]; then
-    ansible-playbook -vvvv edx_continuous_integration.yml  -i "${dns_name}.${dns_zone}," -e "@${extra_vars}" --user ubuntu --tags "lms-env,cms-env,lms-preview-env"
+# If reconfigure was selected run non-deploy tasks for all roles
+if [[ $reconfigure == "true" ]]; then
+    ansible-playbook edx_continuous_integration.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu --skip-tags deploy
 fi
-rm -f "$extra_vars"
 
+# Run deploy tasks for the roles selected
+for i in "${!deploy[@]}"; do
+    if [[ ${deploy[$i]} == "true" ]]; then
+        ansible-playbook deploy_${i}.yml -i "${deploy_host}," -e "@${extra_vars}" --user ubuntu --tags deploy
+    fi
+done
+
+
+rm -f "$extra_vars"

util/jenkins/create-var-file.sh

+# creates a var file with common values for
+# both deployment and provisioning
+cat << EOF > $extra_vars
+---
+ansible_ssh_private_key_file: /var/lib/jenkins/${keypair}.pem
+EDXAPP_PREVIEW_LMS_BASE: preview.${deploy_host}
+EDXAPP_LMS_BASE: ${deploy_host}
+EDXAPP_LMS_NGINX_PORT: 80
+EDXAPP_LMS_PREVIEW_NGINX_PORT: 80
+EDXAPP_CMS_NGINX_PORT: 80
+COMMON_PYPI_MIRROR_URL: 'https://pypi.edx.org/root/pypi/+simple/'
+COMMON_GIT_MIRROR: 'git.edx.org'
+XSERVER_GRADER_DIR: "{{ xserver_data_dir }}/data/content-mit-600x~2012_Fall"
+XSERVER_GRADER_SOURCE: "git@github.com:/MITx/6.00x.git"
+XSERVER_LOCAL_GIT_IDENTITY: /var/lib/jenkins/git-identity-edx-pull
+CERTS_LOCAL_GIT_IDENTITY: /var/lib/jenkins/git-identity-edx-pull
+CERTS_AWS_KEY: $(cat /var/lib/jenkins/certs-aws-key)
+CERTS_AWS_ID: $(cat /var/lib/jenkins/certs-aws-id) 
+CERTS_BUCKET: "verify-test.edx.org"
+migrate_db: "yes"
+openid_workaround: True
+edx_platform_commit: $edxapp_version
+forum_version: $forum_version
+xqueue_version: $xqueue_version
+xserver_version: $xserver_version
+ora_version: $ora_version
+ease_version: $ease_version
+
+rabbitmq_ip: "127.0.0.1"
+rabbitmq_refresh: True
+EOF