# # edX Configuration # # github: https://github.com/edx/configuration # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions # license: https://github.com/edx/configuration/blob/master/LICENSE.TXT # # Usage: ansible-playbook -i lms-host-1, -e@/path/to/group/configfile -e@/path/to/user/configfile # # Overview: # This playbook ensures that the specified users and groups exist in the targeted # edxapp cluster. # # Users have the following properties: # - username (required, str) # - email (required, str) # - groups (optional, list[str]) # - superuser (optional, bool) # - staff (optional, bool) # - remove (optional, bool): ensures the user does not exist # - unusable_password (optional, bool): ensures the password is unusable # # Groups can have the following properties: # - name (required, str) # - permissions (optional, list[str]) # - remove (optional, bool): ensures the group does not exist # # Example: # # users: # - username: bobby # email: bobby@droptabl.es # groups: [group1, group2] # superuser: true # staff: true # # - username: fred # email: fred@smith # remove: true # # - username: smitty # email: smitty@werbenmanjens.en # groups: [group1] # # - username: frank # email: frank@bigcorp.com # staff: false # superuser: false # unusable_password: true # groups: [] # # - username: zoe # email: zoe@example.com # initial_password_hash: 'pbkdf2_sha256$20000$levJ6jdVYCsu$gdBLGf2DNPqfaKdcETXtFocRU8Kk+sMsIvKkmw1dKbY=' # # groups: # - name: group3 # remove: true # # - name: group1 # permissions: # - permission1 # - permission2 # # - name: group2 # permissions: [permission3] # # NB: to get a list of all available permissions, run the following code: # # from django.contrib.auth.models import Permission # for perm in Permission.objects.all(): # print '{}:{}:{}'.format(perm.content_type.app_label, perm.content_type.model, perm.codename) # - hosts: all vars: python_path: /edx/bin/python.edxapp manage_path: /edx/bin/manage.edxapp ignore_user_creation_errors: no deployment_settings: "{{ EDXAPP_SETTINGS | default('aws') }}" vars_files: - roles/common_vars/defaults/main.yml tasks: - name: Manage groups shell: > {{ python_path }} {{ manage_path }} lms --settings={{ deployment_settings }} manage_group {{ item.name | quote }} {% if item.get('permissions', []) | length %}--permissions {{ item.permissions | default([]) | map('quote') | join(' ') }}{% endif %} {% if item.get('remove') %}--remove{% endif %} with_items: "{{ django_groups }}" become: true become_user: "{{ common_web_user }}" - name: Manage users shell: > {{ python_path }} {{ manage_path }} lms --settings={{ deployment_settings }} manage_user {{ item.username | quote }} {{ item.email | quote }} {% if item.get('groups', []) | length %}--groups {{ item.groups | default([]) | map('quote') | join(' ') }}{% endif %} {% if item.get('remove') %}--remove{% endif %} {% if item.get('superuser') %}--superuser{% endif %} {% if item.get('staff') %}--staff{% endif %} {% if item.get('unusable_password') %}--unusable-password{% endif %} {% if item.get('initial_password_hash') %}--initial-password-hash {{ item.initial_password_hash | quote }}{% endif %} with_items: "{{ django_users }}" register: manage_users_result failed_when: (manage_users_result | failed) and not (ignore_user_creation_errors | bool) become: true become_user: "{{ common_web_user }}"