From e0a66e48063cf87bd8f626d801f7a5b1cd553c29 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Mon, 6 Jul 2015 15:41:10 -0400 Subject: [PATCH 01/13] Update to use the dash name for studio. Use studio- instead of studio. so that ssl works correctly. --- playbooks/roles/launch_ec2/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/launch_ec2/tasks/main.yml b/playbooks/roles/launch_ec2/tasks/main.yml index ef3156b6f57..a02aaebc756 100644 --- a/playbooks/roles/launch_ec2/tasks/main.yml +++ b/playbooks/roles/launch_ec2/tasks/main.yml @@ -74,7 +74,7 @@ zone: "{{ dns_zone }}" type: CNAME ttl: 300 - record: "studio.{{ dns_name }}.{{ dns_zone }}" + record: "studio-{{ dns_name }}.{{ dns_zone }}" value: "{{ item.public_dns_name }}" with_items: ec2.instances From a60a9b22b87508eb9eae7e5340fb79351b6fc2af Mon Sep 17 00:00:00 2001 From: Kevin Falcone Date: Mon, 6 Jul 2015 16:30:40 -0400 Subject: [PATCH 02/13] DEVOPS-2222 switch to dash instead of . so SSL works. We have a wildcard cert for *.sandbox.edx.org but not for *.*.sandbox.edx.org --- playbooks/roles/launch_ec2/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/launch_ec2/tasks/main.yml b/playbooks/roles/launch_ec2/tasks/main.yml index a02aaebc756..b2737b423d9 100644 --- a/playbooks/roles/launch_ec2/tasks/main.yml +++ b/playbooks/roles/launch_ec2/tasks/main.yml @@ -86,7 +86,7 @@ zone: "{{ dns_zone }}" type: CNAME ttl: 300 - record: "preview.{{ dns_name }}.{{ dns_zone }}" + record: "preview-{{ dns_name }}.{{ dns_zone }}" value: "{{ item.public_dns_name }}" with_items: ec2.instances From 2d02e665c93cd5366f30188588989b86e8d57123 Mon Sep 17 00:00:00 2001 From: Kevin Falcone Date: Mon, 6 Jul 2015 16:33:16 -0400 Subject: [PATCH 03/13] DEVOPS-2222 use a dash name rather than a . name We have SSL for *.sandbox.edx.org but not for *.*.sandbox.edx.org so things like studio.sandbox.edx.org don't serve the right SSL cert. --- util/jenkins/ansible-provision.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/jenkins/ansible-provision.sh b/util/jenkins/ansible-provision.sh index 8e5e990a8e1..2f6f554132e 100644 --- a/util/jenkins/ansible-provision.sh +++ b/util/jenkins/ansible-provision.sh @@ -173,9 +173,9 @@ if [[ $edx_internal == "true" ]]; then # user and set edx_internal to True so that # xserver is installed cat << EOF >> $extra_vars_file -EDXAPP_PREVIEW_LMS_BASE: preview.${deploy_host} +EDXAPP_PREVIEW_LMS_BASE: preview-${deploy_host} EDXAPP_LMS_BASE: ${deploy_host} -EDXAPP_CMS_BASE: studio.${deploy_host} +EDXAPP_CMS_BASE: studio-${deploy_host} EDXAPP_SITE_NAME: ${deploy_host} CERTS_DOWNLOAD_URL: "http://${deploy_host}:18090" CERTS_VERIFY_URL: "http://${deploy_host}:18090" From 5c9e232374a1df52d5325e98aa6d525d3ed10ef9 Mon Sep 17 00:00:00 2001 From: Max Rothman Date: Thu, 9 Jul 2015 10:49:08 -0400 Subject: [PATCH 04/13] Move db-clone.py to sysadmin repo --- util/vpc-tools/db-clone.py | 181 ------------------------------------- 1 file changed, 181 deletions(-) delete mode 100644 util/vpc-tools/db-clone.py diff --git a/util/vpc-tools/db-clone.py b/util/vpc-tools/db-clone.py deleted file mode 100644 index 6f1173a9ec9..00000000000 --- a/util/vpc-tools/db-clone.py +++ /dev/null @@ -1,181 +0,0 @@ -#!/usr/bin/env python -u -import boto -import boto.route53 -import boto.route53.record -import boto.ec2.elb -import boto.rds2 -import time -from argparse import ArgumentParser, RawTextHelpFormatter -import datetime -import sys -from vpcutil import rds_subnet_group_name_for_stack_name, all_stack_names -import os - -description = """ - - Creates a new RDS instance using restore - from point in time using the latest available backup. - The new db will be the same size as the original. - The name of the db will remain the same, the master db password - will be changed and is set on the command line. - - If stack-name is provided the RDS instance will be launched - in the VPC that corresponds to that name. - - New db name defaults to "from---" - A new DNS entry will be created for the RDS when provided - on the command line - -""" - -RDS_SIZES = [ - 'db.m1.small', - 'db.m1.large', - 'db.m1.xlarge', - 'db.m2.xlarge', - 'db.m2.2xlarge', - 'db.m2.4xlarg', -] - -def parse_args(args=sys.argv[1:]): - - stack_names = all_stack_names() - rds = boto.rds2.connect_to_region('us-east-1') - dbs = [db['DBInstanceIdentifier'] - for db in rds.describe_db_instances()['DescribeDBInstancesResponse']['DescribeDBInstancesResult']['DBInstances']] - - parser = ArgumentParser(description=description, formatter_class=RawTextHelpFormatter) - parser.add_argument('--vpc', default=None, action="store_true", - help='this is for a vpc') - parser.add_argument('--security-group', default=None, - help='security group name that should be assigned to the new RDS instance (vpc only!)') - parser.add_argument('--subnet', default=None, - help='subnet that should be used for the RDS instance (vpc only!)') - parser.add_argument('-t', '--type', choices=RDS_SIZES, - default='db.m1.small', help='RDS size to create instances of') - parser.add_argument('-d', '--db-source', choices=dbs, - default=u'stage-edx', help="source db to clone") - parser.add_argument('-p', '--password', - help="password for the new database", metavar="NEW PASSWORD") - parser.add_argument('-r', '--region', default='us-east-1', - help="region to connect to") - parser.add_argument('--dns', - help="dns entry for the new rds instance") - parser.add_argument('--clean-wwc', action="store_true", - default=False, - help="clean the wwc db after launching it into the vpc, removing sensitive data") - parser.add_argument('--clean-prod-grader', action="store_true", - default=False, - help="clean the prod_grader db after launching it into the vpc, removing sensitive data") - parser.add_argument('--dump', action="store_true", - default=False, - help="create a sql dump after launching it into the vpc") - parser.add_argument('-s', '--secret-var-files', action="append", required=True, - help="use one or more secret var files to run ansible against the host to update db users") - parser.add_argument('-o', '--dest-option-group', default="default:mysql-5-6", - help="the option group for the new rds.") - - return parser.parse_args(args) - - -def wait_on_db_status(db_name, region='us-east-1', wait_on='available', aws_id=None, aws_secret=None): - rds = boto.rds2.connect_to_region(region) - while True: - statuses = rds.describe_db_instances(db_name)['DescribeDBInstancesResponse']['DescribeDBInstancesResult']['DBInstances'] - if len(statuses) > 1: - raise Exception("More than one instance returned for {0}".format(db_name)) - if statuses[0]['DBInstanceStatus'] == wait_on: - print("Status is: {}".format(wait_on)) - break - sys.stdout.write("status is {}..\n".format(statuses[0]['DBInstanceStatus'])) - sys.stdout.flush() - time.sleep(10) - return - -if __name__ == '__main__': - args = parse_args() - sanitize_wwc_sql_file = os.path.join(os.path.dirname(os.path.realpath(__file__)), "sanitize-db-wwc.sql") - sanitize_prod_grader_sql_file = os.path.join(os.path.dirname(os.path.realpath(__file__)), "sanitize-db-prod_grader.sql") - play_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../playbooks/edx-east") - - rds = boto.rds2.connect_to_region(args.region) - restore_dbid = 'from-{0}-{1}-{2}'.format(args.db_source, datetime.date.today(), int(time.time())) - restore_args = dict( - source_db_instance_identifier=args.db_source, - target_db_instance_identifier=restore_dbid, - use_latest_restorable_time=True, - db_instance_class=args.type, - option_group_name=args.dest_option_group, - ) - if args.vpc: - restore_args['db_subnet_group_name'] = args.subnet - rds.restore_db_instance_to_point_in_time(**restore_args) - wait_on_db_status(restore_dbid) - print("Getting db host") - db_host = rds.describe_db_instances(restore_dbid)['DescribeDBInstancesResponse']['DescribeDBInstancesResult']['DBInstances'][0]['Endpoint']['Address'] - - modify_args = dict( - apply_immediately=True - ) - if args.password: - modify_args['master_user_password'] = args.password - - if args.vpc: - modify_args['vpc_security_group_ids'] = [args.security_group] - else: - # dev-edx is the default security group for dbs that - # are not in the vpc, it allows connections from the various - # NAT boxes and from sandboxes - modify_args['db_security_groups'] = ['dev-edx'] - - # Update the db immediately - print("Updating db instance: {}".format(modify_args)) - rds.modify_db_instance(restore_dbid, **modify_args) - print("Waiting 15 seconds before checking to see if db is available") - time.sleep(15) - wait_on_db_status(restore_dbid) - print("Waiting another 15 seconds") - time.sleep(15) - if args.clean_wwc: - # Run the mysql clean sql file - sanitize_cmd = """mysql -u root -p{root_pass} -h{db_host} wwc < {sanitize_wwc_sql_file} """.format( - root_pass=args.password, - db_host=db_host, - sanitize_wwc_sql_file=sanitize_wwc_sql_file) - print("Running {}".format(sanitize_cmd)) - os.system(sanitize_cmd) - - if args.clean_prod_grader: - # Run the mysql clean sql file - sanitize_cmd = """mysql -u root -p{root_pass} -h{db_host} prod_grader < {sanitize_prod_grader_sql_file} """.format( - root_pass=args.password, - db_host=db_host, - sanitize_prod_grader_sql_file=sanitize_prod_grader_sql_file) - print("Running {}".format(sanitize_cmd)) - os.system(sanitize_cmd) - - if args.secret_var_files: - extra_args = "" - for secret_var_file in args.secret_var_files: - extra_args += " -e@{}".format(secret_var_file) - - db_cmd = """cd {play_path} && ansible-playbook -c local -i 127.0.0.1, create_dbs.yml """ \ - """{extra_args} -e "edxapp_db_root_user=root xqueue_db_root_user=root" """ \ - """ -e "db_root_pass={root_pass}" """ \ - """ -e "EDXAPP_MYSQL_HOST={db_host}" """ \ - """ -e "XQUEUE_MYSQL_HOST={db_host}" """.format( - root_pass=args.password, - extra_args=extra_args, - db_host=db_host, - play_path=play_path) - print("Running {}".format(db_cmd)) - os.system(db_cmd) - - if args.dns: - dns_cmd = """cd {play_path} && ansible-playbook -c local -i 127.0.0.1, create_cname.yml """ \ - """-e "dns_zone=edx.org dns_name={dns} sandbox={db_host}" """.format( - play_path=play_path, - dns=args.dns, - db_host=db_host) - print("Running {}".format(dns_cmd)) - os.system(dns_cmd) From e50f8ebd0d06b3938d9be8e7b43a4de4895d552e Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 9 Jul 2015 15:26:42 -0400 Subject: [PATCH 05/13] Don't pkill some services. Certain services will shutdown gracefully and so they may not be dead by the time this task is run. Those services should not be explicitly killed since they may need to do things like finish a grading run or other instructor tasks. --- playbooks/roles/stop_all_edx_services/handlers/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/stop_all_edx_services/handlers/main.yml b/playbooks/roles/stop_all_edx_services/handlers/main.yml index 66297b96fae..be361c7dca1 100644 --- a/playbooks/roles/stop_all_edx_services/handlers/main.yml +++ b/playbooks/roles/stop_all_edx_services/handlers/main.yml @@ -42,8 +42,9 @@ - name: stop mongodb service: name=mongodb state=stopped arguments="{{ STOP_ALL_EDX_SERVICES_EXTRA_ARGS }}" +# Celery and Supervisord should not be killed because they may have long running tasks that need to finish - name: kill processes by user - shell: pkill -u {{ item }} || true + shell: pgrep -u {{ item }} -lf | grep -v celery | grep -v supervisord | grep -v gunicorn | awk '{ print $1}' | xargs -I {} kill {} || true with_items: - www-data - devpi.supervisor From e4c1b4070eda87e417643e136acb5b68d09291d4 Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 9 Jul 2015 19:52:40 -0400 Subject: [PATCH 06/13] Switch to a single python process voter. Minos updated with this PR: https://github.com/edx-ops/edx-minos/pull/15 --- playbooks/roles/minos/tasks/main.yml | 3 +-- .../etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2 | 3 --- .../etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2 | 3 --- .../edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2 | 3 --- .../etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2 | 3 --- .../edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml | 4 ++++ 6 files changed, 5 insertions(+), 14 deletions(-) delete mode 100644 playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2 delete mode 100644 playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2 delete mode 100644 playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2 delete mode 100644 playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2 create mode 100644 playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml diff --git a/playbooks/roles/minos/tasks/main.yml b/playbooks/roles/minos/tasks/main.yml index 33407817b2a..6b065db7fed 100644 --- a/playbooks/roles/minos/tasks/main.yml +++ b/playbooks/roles/minos/tasks/main.yml @@ -58,8 +58,7 @@ mode=0755 owner=root group=root with_items: - "BellwetherVoter" - - "ProccessQuienscenceVoterCelery" - - "ProccessQuienscenceVoterGunicorn" + - "ProccessQuiescenceVoterPython" - "TrackingLogVoter" - "ZippedTrackingLogVoter" - "RolledTrackingLogVoter" diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2 b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2 deleted file mode 100644 index 99abe60e5c3..00000000000 --- a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterCelery.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ -ProccessQuiescenceVoter: - config: - process_name: 'celery' \ No newline at end of file diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2 b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2 deleted file mode 100644 index f1239b9d3bd..00000000000 --- a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuienscenceVoterGunicorn.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ -ProccessQuiescenceVoter: - config: - process_name: 'gunicorn' \ No newline at end of file diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2 b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2 deleted file mode 100644 index 99abe60e5c3..00000000000 --- a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterCelery.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ -ProccessQuiescenceVoter: - config: - process_name: 'celery' \ No newline at end of file diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2 b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2 deleted file mode 100644 index f1239b9d3bd..00000000000 --- a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterGunicorn.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ -ProccessQuiescenceVoter: - config: - process_name: 'gunicorn' \ No newline at end of file diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml new file mode 100644 index 00000000000..e35ef92821f --- /dev/null +++ b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml @@ -0,0 +1,4 @@ +ProccessQuiescenceVoter: + config: + process_name: 'python' + username: '{{ common_web_user }}' From 1d0d81819074b2227c55ca253685043aedaf488f Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 9 Jul 2015 20:57:44 -0400 Subject: [PATCH 07/13] Pin the version of minos. --- playbooks/roles/minos/defaults/main.yml | 3 ++- playbooks/roles/minos/tasks/main.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/minos/defaults/main.yml b/playbooks/roles/minos/defaults/main.yml index 533a4fdbb8c..dbc89ff1fa8 100644 --- a/playbooks/roles/minos/defaults/main.yml +++ b/playbooks/roles/minos/defaults/main.yml @@ -30,7 +30,8 @@ minos_voter_cfg: "{{ COMMON_CFG_DIR }}/{{ minos_service_name }}/conf.d/" minos_git_ssh: "/tmp/git.sh" minos_git_identity: "{{ minos_app_dir }}/minos-git-identity" minos_edx_server_tools_repo: "git@github.com/edx-ops/edx-minos.git" -minos_edx_server_tools_version: "release" +minos_edx_server_tools_branch: "release" +minos_edx_server_tools_version: "0.2" minos_requirement: "git+ssh://{{ minos_edx_server_tools_repo }}@{{ minos_edx_server_tools_version }}#egg=edx-minos" # diff --git a/playbooks/roles/minos/tasks/main.yml b/playbooks/roles/minos/tasks/main.yml index 6b065db7fed..2c94b6f9746 100644 --- a/playbooks/roles/minos/tasks/main.yml +++ b/playbooks/roles/minos/tasks/main.yml @@ -89,6 +89,7 @@ virtualenv="{{ minos_app_dir }}/venvs/" state=present extra_args="--exists-action w" + version="{{ minos_edx_server_tools_version }}" environment: GIT_SSH: "{{ minos_git_ssh }}" with_items: From d076c4083db264d87e73b4be014f79823cf8672a Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Thu, 9 Jul 2015 21:00:21 -0400 Subject: [PATCH 08/13] Name the template correctly. --- ...scenceVoterPython.yml => ProccessQuiescenceVoterPython.yml.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/roles/minos/templates/edx/etc/minos/conf.d/{ProccessQuiescenceVoterPython.yml => ProccessQuiescenceVoterPython.yml.j2} (100%) diff --git a/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml b/playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml.j2 similarity index 100% rename from playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml rename to playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml.j2 From d3115887656dd4e978e64b037f5049778ebeb988 Mon Sep 17 00:00:00 2001 From: Nickersoft Date: Thu, 9 Jul 2015 15:25:51 -0400 Subject: [PATCH 09/13] Configuration now includes JWT issuer and expiration date --- playbooks/roles/ecommerce/defaults/main.yml | 9 ++++++--- playbooks/roles/edxapp/defaults/main.yml | 3 +++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/ecommerce/defaults/main.yml b/playbooks/roles/ecommerce/defaults/main.yml index 2eb5c63d88d..643ba86e9c9 100644 --- a/playbooks/roles/ecommerce/defaults/main.yml +++ b/playbooks/roles/ecommerce/defaults/main.yml @@ -9,7 +9,7 @@ # ## # Defaults for role ecommerce -# +# ECOMMERCE_GIT_IDENTITY: !!null @@ -42,9 +42,10 @@ ECOMMERCE_EDX_API_KEY: 'put-your-edx-api-auth-token-here' ECOMMERCE_ECOMMERCE_URL_ROOT: 'https://www.example.com' ECOMMERCE_LMS_URL_ROOT: 'https://www.example.com' ECOMMERCE_JWT_SECRET_KEY: 'generated-key-that-matches-ECOMMERCE_API_SIGNING_KEY-in-edxapp' +ECOMMERCE_JWT_VERIFY_EXPIRATION: true # Generated by the app that you're using as your auth source -# in most cases this will be the edx-platform +# in most cases this will be the edx-platform ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY : 'some-secret' ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET : 'some-secret' ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY : 'some-secret' @@ -104,6 +105,8 @@ ECOMMERCE_SERVICE_CONFIG: LMS_DASHBOARD_URL: '{{ ECOMMERCE_LMS_URL_ROOT }}/dashboard' JWT_AUTH: JWT_SECRET_KEY: '{{ ECOMMERCE_JWT_SECRET_KEY }}' + JWT_ISSUER: '{{ ECOMMERCE_LMS_URL_ROOT }}/oauth2' + JWT_VERIFY_EXPIRATION: '{{ ECOMMERCE_JWT_VERIFY_EXPIRATION }}' SOCIAL_AUTH_EDX_OIDC_KEY: '{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_KEY }}' SOCIAL_AUTH_EDX_OIDC_SECRET: '{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_SECRET }}' SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY: '{{ ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY }}' @@ -131,7 +134,7 @@ ECOMMERCE_REPOS: DESTINATION: "{{ ecommerce_code_dir }}" SSH_KEY: "{{ ECOMMERCE_GIT_IDENTITY }}" - + ECOMMERCE_GUNICORN_WORKERS: "2" ECOMMERCE_GUNICORN_EXTRA: "" ECOMMERCE_GUNICORN_EXTRA_CONF: "" diff --git a/playbooks/roles/edxapp/defaults/main.yml b/playbooks/roles/edxapp/defaults/main.yml index 011ad729a2d..59b37f4d7f5 100644 --- a/playbooks/roles/edxapp/defaults/main.yml +++ b/playbooks/roles/edxapp/defaults/main.yml @@ -229,6 +229,7 @@ EDXAPP_BULK_EMAIL_DEFAULT_FROM_EMAIL: 'no-reply@example.com' EDXAPP_BULK_EMAIL_LOG_SENT_EMAILS: false EDXAPP_UNIVERSITY_EMAIL: 'university@example.com' EDXAPP_PRESS_EMAIL: 'press@example.com' +EDXAPP_JWT_EXPIRATION: 30 # Number of seconds until expiration EDXAPP_PLATFORM_TWITTER_ACCOUNT: '@YourPlatformTwitterAccount' EDXAPP_PLATFORM_FACEBOOK_ACCOUNT: 'http://www.facebook.com/YourPlatformFacebookAccount' @@ -717,6 +718,8 @@ generic_env_config: &edxapp_generic_env WIKI_ENABLED: true SYSLOG_SERVER: "{{ EDXAPP_SYSLOG_SERVER }}" LOG_DIR: "{{ COMMON_DATA_DIR }}/logs/edx" + JWT_ISSUER: "https://{{ EDXAPP_LMS_BASE }}/oauth2" + JWT_EXPIRATION: '{{ EDXAPP_JWT_EXPIRATION }}' #must end in slash (https://docs.djangoproject.com/en/1.4/ref/settings/#media-url) MEDIA_URL: "{{ EDXAPP_MEDIA_URL }}/" From 8b86520a8a83aaffc8b9f7a779f8ef8414bf554c Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Fri, 10 Jul 2015 11:24:35 -0400 Subject: [PATCH 10/13] Bump the version up again. --- playbooks/roles/minos/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/minos/defaults/main.yml b/playbooks/roles/minos/defaults/main.yml index dbc89ff1fa8..26737c2ec1e 100644 --- a/playbooks/roles/minos/defaults/main.yml +++ b/playbooks/roles/minos/defaults/main.yml @@ -31,7 +31,7 @@ minos_git_ssh: "/tmp/git.sh" minos_git_identity: "{{ minos_app_dir }}/minos-git-identity" minos_edx_server_tools_repo: "git@github.com/edx-ops/edx-minos.git" minos_edx_server_tools_branch: "release" -minos_edx_server_tools_version: "0.2" +minos_edx_server_tools_version: "0.3" minos_requirement: "git+ssh://{{ minos_edx_server_tools_repo }}@{{ minos_edx_server_tools_version }}#egg=edx-minos" # From e523089bd368f5ab7ba0f3a47d32b6c6d94cbfaf Mon Sep 17 00:00:00 2001 From: Feanil Patel Date: Fri, 10 Jul 2015 12:48:44 -0400 Subject: [PATCH 11/13] Update the minos requirement var. Changed what version means but forgot to update the minos_requirement var. --- playbooks/roles/minos/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/minos/defaults/main.yml b/playbooks/roles/minos/defaults/main.yml index 26737c2ec1e..39fe4f2d8f1 100644 --- a/playbooks/roles/minos/defaults/main.yml +++ b/playbooks/roles/minos/defaults/main.yml @@ -32,7 +32,7 @@ minos_git_identity: "{{ minos_app_dir }}/minos-git-identity" minos_edx_server_tools_repo: "git@github.com/edx-ops/edx-minos.git" minos_edx_server_tools_branch: "release" minos_edx_server_tools_version: "0.3" -minos_requirement: "git+ssh://{{ minos_edx_server_tools_repo }}@{{ minos_edx_server_tools_version }}#egg=edx-minos" +minos_requirement: "git+ssh://{{ minos_edx_server_tools_repo }}@{{ minos_edx_server_tools_branch }}#egg=edx-minos" # # OS packages From 8f86e231b4524ff9cbaad7eb228dfd8de98b9489 Mon Sep 17 00:00:00 2001 From: Max Rothman Date: Mon, 13 Jul 2015 14:24:42 -0400 Subject: [PATCH 12/13] Update instance type used to build amis --- util/jenkins/build-ami.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/jenkins/build-ami.sh b/util/jenkins/build-ami.sh index 27d920a7608..4c2dd2042e8 100755 --- a/util/jenkins/build-ami.sh +++ b/util/jenkins/build-ami.sh @@ -112,4 +112,4 @@ cd util/vpc-tools/ echo "$vars" > /var/tmp/$BUILD_ID-extra-vars.yml cat /var/tmp/$BUILD_ID-extra-vars.yml -python -u abbey.py -p $play -t c3.large -d $deployment -e $environment -i /edx/var/jenkins/.ssh/id_rsa $base_params $blessed_params $playbookdir_params --vars /var/tmp/$BUILD_ID-extra-vars.yml -c $BUILD_NUMBER --configuration-version $configuration --configuration-secure-version $configuration_secure -k $jenkins_admin_ec2_key --configuration-secure-repo $jenkins_admin_configuration_secure_repo $configurationprivate_params $hipchat_params $cleanup_params $notification_params +python -u abbey.py -p $play -t m4.large -d $deployment -e $environment -i /edx/var/jenkins/.ssh/id_rsa $base_params $blessed_params $playbookdir_params --vars /var/tmp/$BUILD_ID-extra-vars.yml -c $BUILD_NUMBER --configuration-version $configuration --configuration-secure-version $configuration_secure -k $jenkins_admin_ec2_key --configuration-secure-repo $jenkins_admin_configuration_secure_repo $configurationprivate_params $hipchat_params $cleanup_params $notification_params From d38e1be85ea52699dfa9352a2a21b7c3ad95a08f Mon Sep 17 00:00:00 2001 From: Max Rothman Date: Tue, 14 Jul 2015 14:43:38 -0400 Subject: [PATCH 13/13] AWS is out of m4s :( --- util/jenkins/build-ami.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/jenkins/build-ami.sh b/util/jenkins/build-ami.sh index 4c2dd2042e8..a73876ba6d6 100755 --- a/util/jenkins/build-ami.sh +++ b/util/jenkins/build-ami.sh @@ -112,4 +112,4 @@ cd util/vpc-tools/ echo "$vars" > /var/tmp/$BUILD_ID-extra-vars.yml cat /var/tmp/$BUILD_ID-extra-vars.yml -python -u abbey.py -p $play -t m4.large -d $deployment -e $environment -i /edx/var/jenkins/.ssh/id_rsa $base_params $blessed_params $playbookdir_params --vars /var/tmp/$BUILD_ID-extra-vars.yml -c $BUILD_NUMBER --configuration-version $configuration --configuration-secure-version $configuration_secure -k $jenkins_admin_ec2_key --configuration-secure-repo $jenkins_admin_configuration_secure_repo $configurationprivate_params $hipchat_params $cleanup_params $notification_params +python -u abbey.py -p $play -t m3.large -d $deployment -e $environment -i /edx/var/jenkins/.ssh/id_rsa $base_params $blessed_params $playbookdir_params --vars /var/tmp/$BUILD_ID-extra-vars.yml -c $BUILD_NUMBER --configuration-version $configuration --configuration-secure-version $configuration_secure -k $jenkins_admin_ec2_key --configuration-secure-repo $jenkins_admin_configuration_secure_repo $configurationprivate_params $hipchat_params $cleanup_params $notification_params