Merge pull request #3181 from edx/arbab/xserver-rewrite

rewrite ansible tasks using YAML style

Merge pull request #3181 from edx/arbab/xserver-rewrite
rewrite ansible tasks using YAML style
facaa038 · Arbab Nazar · GitHub · 36a140b6 · 437a1765 · facaa038
Commit facaa038 authored Jun 29, 2016 by Arbab Nazar Committed by GitHub Jun 29, 2016
Showing with 169 additions and 133 deletions

playbooks/roles/xserver/handlers/main.yml
+7 -7

playbooks/roles/xserver/tasks/deploy.yml
+101 -67

playbooks/roles/xserver/tasks/ec2.yml
+13 -12

playbooks/roles/xserver/tasks/main.yml
+48 -47

No files found.
--- a/playbooks/roles/xserver/handlers/main.yml
+++ b/playbooks/roles/xserver/handlers/main.yml
@@ -15,10 +15,9 @@
 #
 - name: restart xserver
-  supervisorctl: >
+  supervisorctl:
-    name=xserver
+    name: xserver
-    supervisorctl_path={{ supervisor_ctl }}
+    supervisorctl_path: "{{ supervisor_ctl }}"
-    config={{ supervisor_cfg }}
+    config: "{{ supervisor_cfg }}"
-    state=restarted
+    state: restarted
  when: not disable_edx_services
\ No newline at end of file
--- a/playbooks/roles/xserver/tasks/deploy.yml
+++ b/playbooks/roles/xserver/tasks/deploy.yml
- name: "writing supervisor script"
+- name: Writing supervisor script
-  template: >
+  template:
-    src=xserver.conf.j2 dest={{ supervisor_available_dir }}/xserver.conf
+    src: xserver.conf.j2
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+    dest: "{{ supervisor_available_dir }}/xserver.conf"
+    owner: "{{ supervisor_user }}"
+    group: "{{ common_web_user }}"
+    mode: "0644"
- name: "enable supervisor script"
+- name: Enable supervisor script
-  file: >
+  file:
-    src={{ supervisor_available_dir }}/xserver.conf
+    src: "{{ supervisor_available_dir }}/xserver.conf"
-    dest={{ supervisor_cfg_dir }}/xserver.conf
+    dest: "{{ supervisor_cfg_dir }}/xserver.conf"
-    owner={{ supervisor_user }} group={{ common_web_user }} mode=0644
+    owner: "{{ supervisor_user }}"
-    state=link force=yes
+    group: "{{ common_web_user }}"
+    mode: "0644"
+    state: link
+    force: yes
  when: not disable_edx_services
- name: "add gunicorn configuration file"
+- name: Add gunicorn configuration file
-  template: >
+  template:
-    src=xserver_gunicorn.py.j2 dest={{ xserver_app_dir }}/xserver_gunicorn.py
+    src: xserver_gunicorn.py.j2
+    dest: "{{ xserver_app_dir }}/xserver_gunicorn.py"
  become_user: "{{ xserver_user }}"
  notify:
    - restart xserver
- name: checkout code
+- name: Checkout code
-  git_2_0_1: >
+  git_2_0_1:
-    dest={{ xserver_code_dir }} repo={{ xserver_source_repo }} version={{xserver_version}}
+    dest: "{{ xserver_code_dir }}"
-    accept_hostkey=yes
+    repo: "{{ xserver_source_repo }}"
+    version: "{{xserver_version}}"
+    accept_hostkey: yes
  become_user: "{{ xserver_user }}"
  register: xserver_checkout
-  notify: restart xserver
+  notify:
+    - restart xserver
- name: install requirements
+- name: Install requirements
-  pip: >
+  pip:
-    requirements="{{ xserver_requirements_file }}" virtualenv="{{ xserver_venv_dir }}" state=present
+    requirements: "{{ xserver_requirements_file }}"
-    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+    virtualenv: "{{ xserver_venv_dir }}"
+    state: present
+    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver
- name: install sandbox requirements
+- name: Install sandbox requirements
-  pip: >
+  pip:
-    requirements="{{ xserver_requirements_file }}" virtualenv="{{ xserver_venv_sandbox_dir }}" state=present
+    requirements: "{{ xserver_requirements_file }}"
-    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+    virtualenv: "{{ xserver_venv_sandbox_dir }}"
+    state: present
+    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver
- name: create xserver application config
+- name: Create xserver application config
-  template: src=xserver.env.json.j2 dest={{ xserver_app_dir }}/env.json
+  template:
+    src: xserver.env.json.j2
+    dest: "{{ xserver_app_dir }}/env.json"
  become_user: "{{ xserver_user }}"
-  notify: restart xserver
+  notify:
+    - restart xserver
- name: install read-only ssh key for the content repo that is required for grading
+- name: Install read-only ssh key for the content repo that is required for grading
-  copy: >
+  copy:
-    content="{{ XSERVER_GIT_IDENTITY }}" dest={{ xserver_git_identity }}
+    content: "{{ XSERVER_GIT_IDENTITY }}"
-    owner={{ xserver_user }} group={{ xserver_user }} mode=0600
+    dest: "{{ xserver_git_identity }}"
-  notify: restart xserver
+    owner: "{{ xserver_user }}"
+    group: "{{ xserver_user }}"
+    mode: "0600"
+  notify:
+    - restart xserver
- name: upload ssh script
+- name: Upload ssh script
-  template: >
+  template:
-    src=git_ssh.sh.j2 dest=/tmp/git_ssh.sh
+    src: git_ssh.sh.j2
-    owner={{ xserver_user }} mode=750
+    dest: "/tmp/git_ssh.sh"
-  notify: restart xserver
+    owner: "{{ xserver_user }}"
+    mode: "0750"
+  notify:
+    - restart xserver
- name: checkout grader code
+- name: Checkout grader code
-  git_2_0_1: >
+  git_2_0_1:
-    dest={{ XSERVER_GRADER_DIR }} repo={{ XSERVER_GRADER_SOURCE }} version={{ xserver_grader_version }}
+    dest: "{{ XSERVER_GRADER_DIR }}"
-    accept_hostkey=yes
+    repo: "{{ XSERVER_GRADER_SOURCE }}"
+    version: "{{ xserver_grader_version }}"
+    accept_hostkey: yes
  environment:
-    GIT_SSH: /tmp/git_ssh.sh
+    GIT_SSH: "/tmp/git_ssh.sh"
-  notify: restart xserver
+  notify: 
+    - restart xserver
  register: xserver_grader_checkout
  become_user: "{{ xserver_user }}"
- name: remove read-only ssh key for the content repo
+- name: Remove read-only ssh key for the content repo
-  file: path={{ xserver_git_identity }} state=absent
+  file:
-  notify: restart xserver
+    path: "{{ xserver_git_identity }}"
+    state: absent
+  notify:
+    - restart xserver
  # call supervisorctl update. this reloads
  # the supervisorctl config and restarts
  # the services if any of the configurations
  # have changed.
  #
- name: update supervisor configuration
+- name: Update supervisor configuration
  shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
  register: supervisor_update
  changed_when: supervisor_update.stdout is defined and supervisor_update.stdout != ""
  when: not disable_edx_services
- name: ensure xserver is started
+- name: Ensure xserver is started
-  supervisorctl: >
+  supervisorctl:
-    name=xserver
+    name: xserver
-    supervisorctl_path={{ supervisor_ctl }}
+    supervisorctl_path: "{{ supervisor_ctl }}"
-    config={{ supervisor_cfg }}
+    config: "{{ supervisor_cfg }}"
-    state=started
+    state: started
  when: not disable_edx_services
- name: create a symlink for venv python
+- name: Create a symlink for venv python
-  file: >
+  file:
-    src="{{ xserver_venv_bin }}/{{ item }}"
+    src: "{{ xserver_venv_bin }}/{{ item }}"
-    dest={{ COMMON_BIN_DIR }}/{{ item }}.xserver
+    dest: "{{ COMMON_BIN_DIR }}/{{ item }}.xserver"
-    state=link
+    state: link
  with_items:
-  - python
+    - python
-  - pip
+    - pip
- name: enforce app-armor rules
+- name: Enforce app-armor rules
-  command: aa-enforce {{ xserver_venv_sandbox_dir }}
+  command: "aa-enforce {{ xserver_venv_sandbox_dir }}"
- include: ec2.yml tags=deploy
+- include: ec2.yml
  when: COMMON_TAG_EC2_INSTANCE
+  tags:
+    - deploy
--- a/playbooks/roles/xserver/tasks/ec2.yml
+++ b/playbooks/roles/xserver/tasks/ec2.yml
 ---
+- name: Get instance information
- name: get instance information
  action: ec2_facts
- name: tag instance for xserver
+- name: Tag instance for xserver
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
+  ec2_tag:
-  args:
+    resource: "{{ ansible_ec2_instance_id }}"
-    tags:
+    region: "{{ ansible_ec2_placement_region }}"
-      "version:xserver" : "{{ xserver_source_repo }} {{ xserver_checkout.after|truncate(7,True,'') }}"
+  tags:
+    "version:xserver" : "{{ xserver_source_repo }} {{ xserver_checkout.after|truncate(7,True,'') }}"
  when: xserver_checkout.after is defined
- name: tag instance for xserver grader
+- name: Tag instance for xserver grader
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
+  ec2_tag:
-  args:
+    resource: "{{ ansible_ec2_instance_id }}"
-    tags:
+    region: "{{ ansible_ec2_placement_region }}"
-      "version:xserver_grader" : "{{ XSERVER_GRADER_SOURCE }} {{ xserver_grader_checkout.after|truncate(7,True,'') }}"
+  tags:
+    "version:xserver_grader" : "{{ XSERVER_GRADER_SOURCE }} {{ xserver_grader_checkout.after|truncate(7,True,'') }}"
  when: xserver_grader_checkout.after is defined
--- a/playbooks/roles/xserver/tasks/main.yml
+++ b/playbooks/roles/xserver/tasks/main.yml
@@ -2,37 +2,25 @@
 # As of right now this role requires
 # access to the edX 6.00x repo which is not public
 ---
+- name: Create application user
+  user:
+    name: "{{ xserver_user }}"
+    home: "{{ xserver_app_dir }}"
+    createhome: no
+    shell: /bin/false
- name: checking for grader info
+- name: Create application sandbox user
-  fail: msg="You must define XSERVER_GRADER_DIR"
+  user:
-  when: XSERVER_GRADER_DIR|length == 0
+    name: "{{ xserver_sandbox_user }}"
+    createhome: no
+    shell: /bin/false
- fail: msg="You must define XSERVER_GRADER_SOURCE"
+- name: Create xserver app and data dirs
-  when: XSERVER_GRADER_SOURCE|length == 0
+  file:
+    path: "{{ item }}"
- name: checking for git identity
+    state: directory
-  fail: msg="You must define XSERVER_GIT_IDENTITY to use this role"
+    owner: "{{ xserver_user }}"
-  when: XSERVER_GIT_IDENTITY|length == 0
+    group: "{{ common_web_group }}"
- name: create application user
-  user: >
-    name="{{ xserver_user }}"
-    home="{{ xserver_app_dir }}"
-    createhome=no
-    shell=/bin/false
- name: create application sandbox user
-  user: >
-    name="{{ xserver_sandbox_user }}"
-    createhome=no
-    shell=/bin/false
- name: create xserver app and data dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ xserver_user }}"
-    group="{{ common_web_group }}"
  with_items:
    - "{{ xserver_app_dir }}"
    # needed for the ansible 1.5 git module
@@ -41,30 +29,43 @@
    - "{{ xserver_data_dir }}"
    - "{{ xserver_data_dir }}/data"
- name: create sandbox sudoers file
+- name: Create sandbox sudoers file
-  template: src=99-sandbox.j2 dest=/etc/sudoers.d/99-sandbox owner=root group=root mode=0440
+  template:
+    src: 99-sandbox.j2
+    dest: "/etc/sudoers.d/99-sandbox"
+    owner: root
+    group: root
+    mode: "0440"
 # Make sure this line is in the common-session file.
- name: ensure pam-limits module is loaded
+- name: Ensure pam-limits module is loaded
  lineinfile:
-    dest=/etc/pam.d/common-session
+    dest: /etc/pam.d/common-session
-    regexp="session required pam_limits.so"
+    regexp: "session required pam_limits.so"
-    line="session required pam_limits.so"
+    line: "session required pam_limits.so"
- name: set sandbox limits
+- name: Set sandbox limits
-  template: src={{ item }} dest=/etc/security/limits.d/sandbox.conf
+  template:
+    src: "{{ item }}"
+    dest: "/etc/security/limits.d/sandbox.conf"
  first_available_file:
-  - "{{ secure_dir }}/sandbox.conf.j2"
+    - "{{ secure_dir }}/sandbox.conf.j2"
-  - "sandbox.conf.j2"
+    - "sandbox.conf.j2"
- name: install system dependencies of xserver
+- name: Install system dependencies of xserver
-  apt: pkg={{ item }} state=present
+  apt:
-  with_items: xserver_debian_pkgs
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ xserver_debian_pkgs }}"
- name: load python-sandbox apparmor profile
+- name: Load python-sandbox apparmor profile
-  template: src={{ item }} dest=/etc/apparmor.d/edx_apparmor_sandbox
+  template:
+    src: "{{ item }}"
+    dest: "/etc/apparmor.d/edx_apparmor_sandbox"
  first_available_file:
-  - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
+    - "{{ secure_dir }}/files/edx_apparmor_sandbox.j2"
-  - "usr.bin.python-sandbox.j2"
+    - "usr.bin.python-sandbox.j2"
- include: deploy.yml tags=deploy
+- include: deploy.yml
+  tags:
+    - deploy