refactoring common and aws inclusion

refactoring common inclusion based on comments

removing motd template from common

Removing sshd template

relocating temlates

relocating templates

Relocating dhclient templates

explicit play depends

Update responsibilities

indent

further dependency updates

additional updates

Common dependency for server utils

Supervisor is required for role integrity

Typos

further template ownership changes

docker/build/course-discovery/Dockerfile

@@ -7,7 +7,7 @@
 # This allows the dockerfile to update /edx/app/edx_ansible/edx_ansible
 # with the currently checked-out configuration repo.
 
-FROM edxops/trusty-common
+FROM edxops/trusty-common:hacking
 MAINTAINER edxops
 
 ARG COURSE_DISCOVERY_VERSION=master

docker/plays/forum.yml

@@ -6,6 +6,6 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
-    - commmon_vars
+    - common_vars
     - docker
     - forum

playbooks/edx-east/aide.yml

@@ -6,6 +6,7 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - aide
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/alton.yml

@@ -7,4 +7,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - alton

playbooks/edx-east/analytics_single.yml

@@ -9,6 +9,7 @@
     ENABLE_SPLUNKFORWARDER: False
     ENABLE_NEWRELIC: False
   roles:
+    - aws
     - mysql
     - edxlocal
     - analytics_api

playbooks/edx-east/analyticsapi.yml

@@ -8,10 +8,10 @@
     ENABLE_NEWRELIC: False
     CLUSTER_NAME: 'analytics-api'
   roles:
+    - aws
     - role: nginx
       nginx_sites:
         - analytics_api
-    - aws
     - analytics_api
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/antivirus.yml

@@ -3,6 +3,7 @@
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - antivirus
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/aws.yml

@@ -6,4 +6,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - common
     - aws

playbooks/edx-east/course_discovery.yml

@@ -8,10 +8,10 @@
     ENABLE_NEWRELIC: False
     CLUSTER_NAME: 'course-discovery'
   roles:
+    - aws
     - role: nginx
       nginx_default_sites:
         - course-discovery
-    - aws
     - course_discovery
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/deploy_nginx_all_roles.yml

@@ -8,6 +8,7 @@
     - roles/xserver/defaults/main.yml
   roles:
     - common
+    - aws
     - role: nginx
       nginx_sites:
       - cms

playbooks/edx-east/devpi.yml

@@ -6,4 +6,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - devpi

playbooks/edx-east/ecommerce.yml

@@ -8,12 +8,12 @@
     ENABLE_NEWRELIC: False
     CLUSTER_NAME: 'ecommerce'
   roles:
+    - aws
     - role: nginx
       nginx_sites:
         - ecommerce
       nginx_default_sites:
         - ecommerce
-    - aws
     - ecommerce
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/edx_jenkins_tests.yml

@@ -14,6 +14,7 @@
     - "{{ secure_dir }}/vars/edx_jenkins_tests.yml"
   roles:
     - common
+    - aws
     - role: nginx
       nginx_sites:
       - lms

playbooks/edx-east/edx_notifier.yml

@@ -6,6 +6,7 @@
     - "{{ secure_dir }}/vars/users.yml"
   gather_facts: True
   roles:
+    - aws
     - role: virtualenv
       virtualenv_user: "notifier"
       virtualenv_user_home: "/opt/wwc/notifier"
@@ -20,6 +21,7 @@
     - "{{ secure_dir }}/vars/users.yml"
   gather_facts: True
   roles:
+    - aws
     - role: virtualenv
       virtualenv_user: "notifier"
       virtualenv_user_home: "/opt/wwc/notifier"
@@ -34,6 +36,7 @@
     - "{{ secure_dir }}/vars/users.yml"
   gather_facts: True
   roles:
+    - aws
     - role: virtualenv
       virtualenv_user: "notifier"
       virtualenv_user_home: "/opt/wwc/notifier"
@@ -48,6 +51,7 @@
     - "{{ secure_dir }}/vars/users.yml"
   gather_facts: True
   roles:
+    - aws
     - role: virtualenv
       virtualenv_user: "notifier"
       virtualenv_user_home: "/opt/wwc/notifier"
@@ -63,6 +67,7 @@
   gather_facts: True
   vars:
   roles:
+    - aws
     - role: virtualenv
       virtualenv_user: "notifier"
       virtualenv_user_home: "/opt/wwc/notifier"

playbooks/edx-east/edx_provision.yml

@@ -59,6 +59,7 @@
   roles:
     # rerun common to set the hostname, nginx to set basic auth
     - common
+    - aws
     - edx-sandbox
     - role: nginx
       nginx_sites:

playbooks/edx-east/elasticsearch.yml

@@ -25,6 +25,7 @@
       when: elb_pre_post
   roles:
     - common
+    - aws
     - oraclejdk
     - elasticsearch
   post_tasks:

playbooks/edx-east/flower.yml

@@ -6,4 +6,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - flower

playbooks/edx-east/insights.yml

@@ -8,10 +8,10 @@
     ENABLE_NEWRELIC: True
     CLUSTER_NAME: 'insights'
   roles:
+    - aws
     - role: nginx
       nginx_sites:
         - insights
-    - aws
     - insights 
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/jenkins_admin.yml

@@ -7,4 +7,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - jenkins_admin

playbooks/edx-east/jenkins_testeng_master.yml

@@ -46,7 +46,7 @@
         followSymlink: false
 
   roles:
-    - common
+    - aws
     - role: datadog
       when: COMMON_ENABLE_DATADOG
     - jenkins_master

playbooks/edx-east/jenkins_worker.yml

@@ -17,6 +17,7 @@
     - roles/xserver/defaults/main.yml
     - roles/forum/defaults/main.yml
   roles:
+    - aws
     - mysql
     - edxlocal
     - mongo

playbooks/edx-east/jenkins_worker_sitespeedio.yml

@@ -17,4 +17,5 @@
     - roles/xserver/defaults/main.yml
     - roles/forum/defaults/main.yml
   roles:
+    - aws
     - jenkins_worker

playbooks/edx-east/locust.yml

+
 - name: Deploy Locust
   hosts: all
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - locust

playbooks/edx-east/minos.yml

@@ -6,6 +6,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
-    - common
     - aws
     - minos

playbooks/edx-east/mongo.yml

@@ -3,6 +3,7 @@
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - mongo
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/notes.yml

@@ -7,10 +7,10 @@
     ENABLE_SPLUNKFORWARDER: False
     ENABLE_NEWRELIC: True
   roles:
+    - aws
     - role: nginx
       nginx_sites:
         - edx_notes_api
-    - aws
     - edx_notes_api 
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/programs.yml

@@ -8,12 +8,12 @@
     ENABLE_NEWRELIC: False
     CLUSTER_NAME: 'programs'
   roles:
+    - aws
     - role: nginx
       nginx_sites:
         - programs
       nginx_default_sites:
         - programs
-    - aws
     - programs
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/sitespeedio.yml

@@ -3,4 +3,5 @@
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - sitespeedio

playbooks/edx-east/snort.yml

@@ -6,6 +6,7 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - snort
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/splunk.yml

@@ -9,6 +9,7 @@
     ENABLE_SPLUNKFORWARDER: True
     ENABLE_NEWRELIC: True 
   roles:
+    - aws
     - datadog
     - splunkforwarder
     - newrelic

playbooks/edx-east/tanaguru.yml

@@ -3,5 +3,6 @@
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - mysql
     - tanaguru 

playbooks/edx-east/tools-gp.yml

@@ -10,4 +10,5 @@
     serial_count: 1
   serial: "{{ serial_count }}"
   roles:
+    - aws
     - ad_hoc_reporting 

playbooks/edx-east/xqueue.yml

@@ -30,7 +30,7 @@
     - role: nginx
       nginx_sites:
       - xqueue
-    - role: xqueue
+    - xqueue
     - role: datadog
       when: COMMON_ENABLE_DATADOG
     - role: splunkforwarder

playbooks/edx-east/xserver.yml

@@ -10,7 +10,7 @@
     - role: nginx
       nginx_sites:
       - xserver
-    - role: xserver
+    - xserver
     - role: datadog
       when: COMMON_ENABLE_DATADOG
     - role: splunkforwarder

playbooks/edx-east/xsy.yml

@@ -4,4 +4,5 @@
   sudo: True
   gather_facts: True
   roles:
+    - aws
     - xsy

playbooks/roles/ad_hoc_reporting/meta/main.yml

@@ -11,8 +11,9 @@
 # Role includes for role bastion
 #
 dependencies:
+  - common
   - role: user
     user_info: "{{ AD_HOC_REPORTING_USER_INFO }}"
     tags:
       - users
-  - aws
+

playbooks/roles/alton/meta/main.yml

@@ -20,5 +20,6 @@
 # }
 
 dependencies:
+  - common
   - supervisor
   - redis

playbooks/roles/analytics_api/meta/main.yml

@@ -20,6 +20,8 @@
 # }
 
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ analytics_api_service_name }}"
     edx_service_config: "{{ ANALYTICS_API_SERVICE_CONFIG }}"
@@ -29,4 +31,3 @@ dependencies:
     edx_service_packages:
       debian: "{{ analytics_api_debian_pkgs }}"
       redhat: "{{ analytics_api_redhat_pkgs }}"
-  - supervisor

playbooks/roles/antivirus/meta/main.yml

@@ -11,4 +11,4 @@
 # Role includes for role antivirus
 # 
 dependencies:
-  - aws
+  - common
\ No newline at end of file

playbooks/roles/aws/tasks/main.yml

@@ -128,3 +128,35 @@
   - "/usr/share/landscape/landscape-sysinfo.wrapper"
   - "/etc/update-motd.d/51-cloudguest"
   - "/etc/update-motd.d/91-release-upgrade"
+
+- name: update /etc/dhcp/dhclient.conf
+  template: 
+    src: etc/dhcp/dhclient.conf.j2 
+    dest: /etc/dhcp/dhclient.conf
+  when: COMMON_CUSTOM_DHCLIENT_CONFIG
+
+- name: copy the MOTD template in place
+  template:
+    dest: "{{ item.dest }}"
+    src: "{{ item.src }}"
+    owner: root 
+    group: root 
+    mode: "{{ item.mode | default(644) }}"
+  with_items:
+    - { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }
+
+- name: Copy the sshd_config template in place
+  template:
+    dest: "{{ item.dest }}"
+    src: "{{ item.src }}"
+    owner: root 
+    group: root 
+    mode: "{{ item.mode | default(644) }}"
+  register: sshd_config
+  with_items:
+    - { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
+
+- name: restart ssh
+  service: name=ssh state=restarted
+  sudo: True
+  when: sshd_config.changed

playbooks/roles/aws/templates/etc/motd.tail.j2

+******************************************************************* 
+*         _ __  __                                                *  
+*   _   _| |\ \/ /  This system is for the use of authorized      * 
+* / -_) _` | >  <   users only.  Usage of this system may be      *
+* \___\__,_|/_/\_\  monitored and recorded by system personnel.   *
+*                                                                 *
+* Anyone using this system expressly consents to such monitoring  *
+* and is advised that if such monitoring reveals possible         *
+* evidence of criminal activity, system personnel may provide the *
+* evidence from such monitoring to law enforcement officials.     *
+*                                                                 *
+*******************************************************************

playbooks/roles/aws/templates/etc/ssh/sshd_config.j2

+# {{ ansible_managed }}
+#
+# Changes from the default Ubuntu ssh config:
+#  - LogLevel set to VERBOSE
+#
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel VERBOSE
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication {{ COMMON_SSH_PASSWORD_AUTH }}
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes

playbooks/roles/certs/meta/main.yml

 dependencies:
-  - supervisor
+  - common
+  - supervisor
\ No newline at end of file

playbooks/roles/common/defaults/main.yml

----
+--
 
 # Common variables are defined in the common_vars role on which this
 # role depends.  This is to allow sharing vars without creating

playbooks/roles/common/handlers/main.yml

----
-- name: restart rsyslogd
-  service: name=rsyslog state=restarted
-  sudo: True
-- name: restart ssh
-  service: name=ssh state=restarted
-  sudo: True

playbooks/roles/common/tasks/main.yml

@@ -85,12 +85,6 @@
   shell: hostname -F /etc/hostname
   when: COMMON_HOSTNAME|length >0 and (etc_hosts.changed or etc_hostname.changed)
 
-- name: update /etc/dhcp/dhclient.conf
-  template: 
-    src: etc/dhcp/dhclient.conf.j2 
-    dest: /etc/dhcp/dhclient.conf
-  when: COMMON_CUSTOM_DHCLIENT_CONFIG
-
 - name: Copy the templates to their respestive destination
   template:
     dest: "{{ item.dest }}"
@@ -98,10 +92,16 @@
     owner: root 
     group: root 
     mode: "{{ item.mode | default(644) }}"
+  register: config_templates
   with_items:
     - { src: 'edx_rsyslog.j2', dest: '/etc/rsyslog.d/99-edx.conf' }
     - { src: 'etc/logrotate.d/hourly/edx_logrotate.j2', dest: '/etc/logrotate.d/hourly/edx-services' }
     - { src: 'etc/cron.hourly/logrotate.j2', dest: '/etc/cron.hourly/logrotate', mode: '555' }
     - { src: 'etc/logrotate.d/hourly/edx_logrotate_tracking_log.j2', dest: '/etc/logrotate.d/hourly/tracking.log' }
-    - { src: '{{ COMMON_MOTD_TEMPLATE }}', dest: '/etc/motd.tail', mode: '755' }
-    - { src: 'sshd_config.j2', dest: '/etc/ssh/sshd_config' }
+
+  # TODO: restarts no matter which template has changed, need to examine
+  # the results
+- name: restart rsyslogd
+  service: name=rsyslog state=restarted
+  sudo: True
+  when: config_templates.changed

playbooks/roles/course_discovery/meta/main.yml

@@ -19,6 +19,8 @@
 #   my_role_var1: "bar"
 # }
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ course_discovery_service_name }}"
     edx_service_config: "{{ COURSE_DISCOVERY_SERVICE_CONFIG }}"
@@ -28,4 +30,3 @@ dependencies:
     edx_service_packages:
       debian: "{{ course_discovery_debian_pkgs }}"
       redhat: "{{ course_discovery_redhat_pkgs }}"
-  - supervisor

playbooks/roles/devpi/meta/main.yml

 ---
 dependencies:
+  - common
   - role: supervisor
     supervisor_app_dir: "{{ devpi_supervisor_app_dir }}"
     supervisor_data_dir: "{{ devpi_supervisor_data_dir }}"

playbooks/roles/ecommerce/meta/main.yml

@@ -11,6 +11,8 @@
 # Role includes for role ecommerce
 # 
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ ecommerce_service_name }}"
     edx_service_config: "{{ ECOMMERCE_SERVICE_CONFIG }}"
@@ -20,5 +22,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ ecommerce_debian_pkgs }}"
       redhat: "{{ ecommerce_redhat_pkgs }}"
-  - supervisor
   - oraclejdk

playbooks/roles/ecomworker/meta/main.yml

@@ -12,6 +12,7 @@
 
 dependencies:
   - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ ecommerce_worker_service_name }}"
     edx_service_config: "{{ ECOMMERCE_WORKER_SERVICE_CONFIG }}"
@@ -21,4 +22,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ ecommerce_worker_debian_pkgs }}"
       redhat: "{{ ecommerce_worker_redhat_pkgs }}"
-  - supervisor
+

playbooks/roles/edx_notes_api/meta/main.yml

@@ -20,6 +20,8 @@
 # }
 
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ edx_notes_api_service_name }}"
     edx_service_config: "{{ edx_notes_api_service_config }}"
@@ -29,4 +31,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ edx_notes_api_debian_pkgs }}"
       redhat: "{{ edx_notes_api_redhat_pkgs }}"
-  - supervisor
+

playbooks/roles/edxapp/meta/main.yml

 ---
 dependencies:
-  - edxapp_common
+  - common
   - supervisor
+  - edxapp_common
   - role: rbenv
     rbenv_user: "{{ edxapp_user }}"
     rbenv_dir: "{{ edxapp_app_dir }}"

playbooks/roles/flower/meta/main.yml

 ---
 dependencies:
+  - common
   - supervisor
-  - devpi

playbooks/roles/forum/meta/main.yml

 ---
 dependencies:
+  - common
   - supervisor
   - role: rbenv
     # TODO: setting the rbenv ownership to

playbooks/roles/gh_mirror/meta/main.yml

 ---
 dependencies:
+  - common
   - supervisor

playbooks/roles/insights/meta/main.yml

@@ -11,6 +11,8 @@
 # Role includes for role insights
 # 
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ insights_service_name }}"
     edx_service_config: "{{ INSIGHTS_CONFIG }}"
@@ -20,4 +22,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ insights_debian_pkgs }}"
       redhat: "{{ insights_redhat_pkgs }}"
-  - supervisor
+

playbooks/roles/jenkins_admin/meta/main.yml

@@ -20,7 +20,6 @@
 # }
 dependencies:
   - common
-  - aws
   - edxapp_common
   - role: jenkins_master
     jenkins_plugins: "{{ jenkins_admin_plugins }}"

playbooks/roles/locust/meta/main.yml

@@ -11,6 +11,8 @@
 # Role includes for role locust
 # 
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ locust_service_name }}"
     edx_service_config: "{{ LOCUST_SERVICE_CONFIG }}"
@@ -20,4 +22,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ locust_debian_pkgs }}"
       redhat: "{{ locust_redhat_pkgs }}"
-  - supervisor
+

playbooks/roles/notifier/meta/main.yml

 ---
 dependencies:
-  - supervisor
+  - common
+  - supervisor
\ No newline at end of file

playbooks/roles/programs/meta/main.yml

@@ -19,6 +19,8 @@
 #   my_role_var1: "bar"
 # }
 dependencies:
+  - common
+  - supervisor
   - role: edx_service
     edx_service_name: "{{ programs_service_name }}"
     edx_service_config: "{{ PROGRAMS_SERVICE_CONFIG }}"
@@ -28,4 +30,4 @@ dependencies:
     edx_service_packages:
       debian: "{{ programs_debian_pkgs }}"
       redhat: "{{ programs_redhat_pkgs }}"
-  - supervisor
+

playbooks/roles/server_utils/meta/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Role includes for role insights
+# 
+dependencies:
+  - common
+
+

playbooks/roles/sitespeedio/meta/main.yml

@@ -12,6 +12,7 @@
 #
 
 dependencies:
+  - common
   - role: oraclejdk
     oraclejdk_version: "8u60"
     oraclejdk_base: "jdk1.8.0_60"

playbooks/roles/vhost/tasks/main.yml

@@ -29,14 +29,12 @@
     owner: root 
     group: root 
     mode: "{{ item.mode | default(644) }}"
+  register: config_templates
   with_items:
     - { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }
     - { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
     
-- name: restart rsyslogd
-  service: name=rsyslog state=restarted
-  sudo: True
-
 - name: restart ssh
   service: name=ssh state=restarted
   sudo: True
+  when: config_templates.changed

playbooks/roles/xqueue/meta/main.yml

 ---
 dependencies:
+  - common
   - supervisor

playbooks/roles/xqwatcher/meta/main.yml

@@ -13,6 +13,7 @@
 # the role name are service name differ by _ and -, the latter isn't safe
 # random corners of ansible/jinga/python variable expansion.
 dependencies:
+  - common
   - role: edx_service
     edx_service_name: "{{ xqwatcher_service_name }}"
     edx_service_repos: "{{ XQWATCHER_REPOS }}"

playbooks/roles/xserver/meta/main.yml

 ---
 dependencies:
+  - common
   - supervisor

playbooks/roles/xsy/meta/main.yml

@@ -20,4 +20,5 @@
 # }
 
 dependencies:
+  - common
   - supervisor