Don't source the ruby env before running bundler

`retries` don't work without `until`

The `retries` statement is just ignored unless an `until` clause
is provided.

https://github.com/ansible/ansible/issues/20802

* Add OAUTH_DELETE_EXPIRED to LMS Envs
* Adding comments and CHANGELOG entry

Nothing seems to be using this module.

And it's written in the old ansible module style.

This cleans up a warning about wait being defined twice in this task

allow custom blacklist rules for splunk forwarder

  [WARNING]: While constructing a mapping from /var/lib/go-agent/pipelines
  /loadtest-
  credentials/configuration/playbooks/continuous_delivery/launch_instance.yml,
  line 68, column 7, found a duplicate dict key (wait). Using last defined value
  only.

Include the Environment-Deployment when announcing an AMI build

Otherwise, we see 3 edxapp AMI builds per gocd pipeline, but have
no idea which one is which.  Similar issue for IDAs where you get at
least 2 AMIs.

We get S3 timeouts a few times a week

Retry if we can't get to github.

We sometimes can't get to github because of intermittent network issues. We should
try a few times before we declare it a failure.

Use ansible core module ec2_ami

Be able to configure the analytics dashboard name.

This message is no longer useful.

Disable what we can and move on for now.

Some AMIs are missing the 'apt-daily-upgrade.timer' job and are failing.

See OPS-2365

It was more useful previously when we were monitoring the pipelines more closely but
is now just treated as noise in chat.

Found another new security upgrader running on our 16.04 machines

Make edx_service stricter about edx_service_config

This appears to have come in when we updated our base AMI.

This worked before because edx_service_config was undefined, now
we have a default empty dict which causes the same behavior (skips the
app file generation step).  This is used by xqwatcher and harstorage.

If we prefer to change those roles instead, I'm not wedded to this fix.

Tag on our standard nrsysmond rider for New Relic

Update mariadb role for Xenial and add groups capability

This was overriding using a nonexistant jenkins var

Jenkins wasn't updated when this code was changed, so THEME_DIRS
was always null.  We're now going to just set the correct directories
in the internal sandbox config which removes the need for this var
setting here.

Make nginx server template more accessible and configurable.

Accessibility: add lang of template, add alt image parameter in case the image is important (as a logo), convert h2 into a paragraph.
Configurable: add nginx variables with default values for configuring the view of the nginx server template.

Ansible will then skip the task and not write a config file.
I content that we want ansible to bail out if the dict it gets
in edx_service_config is invalid.

I'll need to change the two roles that pass no config (xqwatcher
and harstorage) to pass {} which will evaluate to false and skip
making a config.

Noticed this when manually testing config changes and saw missing
files rather than syntax errors.  In particular, this will make
our config checking code much better.