├── .dockerignore ├── .editorconfig ├── .github ├── ISSUE_TEMPLATE ├── ISSUE_TEMPLATE.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── add-depr-ticket-to-depr-board.yml │ ├── add-remove-label-on-comment.yml │ ├── commitlint.yml │ ├── mysql-5.7-build.yml │ ├── playbook-test.yml │ ├── self-assign-issue.yml │ ├── syntax-test.yml │ └── upgrade-python-requirements.yml ├── .gitignore ├── AUTHORS ├── CHANGELOG.md ├── LICENSE.TXT ├── Makefile ├── README.rst ├── docker.mk ├── docker ├── README.rst ├── build │ ├── analytics_pipeline │ │ ├── Dockerfile │ │ ├── acceptance.json │ │ ├── bootstrap.sh │ │ ├── devstack.sh │ │ └── hive-site.xml.template │ ├── analytics_pipeline_hadoop_datanode │ │ ├── Dockerfile │ │ └── datanode.sh │ ├── analytics_pipeline_hadoop_namenode │ │ ├── Dockerfile │ │ └── namenode.sh │ ├── analytics_pipeline_hadoop_nodemanager │ │ ├── Dockerfile │ │ └── nodemanager.sh │ ├── analytics_pipeline_hadoop_resourcemanager │ │ ├── Dockerfile │ │ └── resourcemanager.sh │ ├── analytics_pipeline_spark_master │ │ ├── Dockerfile │ │ └── master.sh │ ├── analytics_pipeline_spark_worker │ │ ├── Dockerfile │ │ └── worker.sh │ ├── automated │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── bionic-common │ │ └── Dockerfile │ ├── chrome │ │ └── Dockerfile │ ├── credentials │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ └── credentials.yml │ ├── designer │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── docker-tools │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── ecommerce │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ └── ecommerce.yml │ ├── ecomworker │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ ├── ecomworker.yml │ │ └── inventory │ ├── edxapp │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ ├── devstack.yml │ │ ├── lms.yml │ │ └── studio.yml │ ├── elasticsearch-devstack │ │ └── Dockerfile │ ├── elasticsearch │ │ └── Dockerfile │ ├── enterprise_catalog │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ └── enterprise_catalog.yml │ ├── firefox │ │ └── Dockerfile │ ├── flower │ │ ├── Dockerfile │ │ ├── README.txt │ │ └── flowerconfig.py │ ├── focal-common │ │ └── Dockerfile │ ├── forum │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── github-actions-runner │ │ ├── Dockerfile │ │ ├── README.rst │ │ └── actions-runner.sh │ ├── graphite │ │ └── Dockerfile │ ├── jenkins_analytics │ │ ├── Dockerfile.noci │ │ └── ansible_overrides.yml │ ├── mongo │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── mysql │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ └── docker-entrypoint.sh │ ├── nginx │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── notes │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ ├── edx_notes_api.yml │ │ └── inventory │ ├── rabbitmq │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ ├── run_rabbitmq.sh │ │ └── sample.json │ ├── registrar │ │ ├── Dockerfile │ │ ├── ansible_overrides.yml │ │ └── registrar.yml │ ├── tableau │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── tools_jenkins │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ ├── trusty-common │ │ └── Dockerfile │ ├── xenial-common │ │ └── Dockerfile │ ├── xqueue │ │ ├── Dockerfile │ │ └── ansible_overrides.yml │ └── xqwatcher │ │ ├── Dockerfile │ │ └── ansible_overrides.yml ├── devstack_common_ansible_overrides.yml └── plays │ ├── ansible.cfg │ ├── automated.yml │ ├── credentials.yml │ ├── designer.yml │ ├── docker-tools.yml │ ├── ecommerce.yml │ ├── ecomworker.yml │ ├── edxapp.yml │ ├── elasticsearch.yml │ ├── enterprise_catalog.yml │ ├── forum.yml │ ├── jenkins_analytics.yml │ ├── jenkins_tools.yml │ ├── library │ ├── mongo.yml │ ├── mysql.yml │ ├── nginx.yml │ ├── notes.yml │ ├── rabbitmq.yml │ ├── registrar.yml │ ├── roles │ ├── tableau.yml │ ├── xqueue.yml │ └── xqwatcher.yml ├── documentation ├── 0001-ansible-code-conventions.rst └── decisions │ └── 0001-mongo-4.2-upgrade.rst ├── openedx.yaml ├── playbooks ├── active_instances_in_asg.py ├── add-ubuntu-key.yml ├── aide.yml ├── alton.yml ├── analytics-jenkins.yml ├── analytics_single.yml ├── analyticsapi.yml ├── ansible.cfg ├── antivirus.yml ├── apply-security.yml ├── authn_frontend.yml ├── automated.yml ├── aws.yml ├── blockstore.yml ├── bootstrap_python.yml ├── callback_plugins │ └── sqs.py ├── cluster_rabbitmq.yml ├── commerce_coordinator.yml ├── common.yml ├── common_edx_base.yml ├── commoncluster.yml ├── conductor.yml ├── connect_sandbox.yml ├── continuous_delivery │ ├── ansible.cfg │ ├── cleanup.yml │ ├── create_ami.yml │ ├── launch_instance.yml │ ├── prospectus_download_redirects.yml │ ├── roles │ ├── rollback_migrations.yml │ ├── run_management_command.yml │ ├── run_migrations.yml │ ├── templates │ │ └── local │ │ │ ├── ami_template.yml.j2 │ │ │ ├── inventory.j2 │ │ │ ├── key.pem.j2 │ │ │ └── launch_template.yml.j2 │ └── upload_assets.yml ├── course_authoring.yml ├── create_all_user_types.yml ├── create_cname.yml ├── create_db_and_users.yml ├── create_django_ida.yml ├── create_mongo_users.yml ├── create_pgsql_db_and_users.yml ├── create_rds.yml ├── create_role.yml ├── create_user.yml ├── credentials.yml ├── demo.yml ├── deploy_nginx_all_roles.yml ├── deploy_nginx_for_dbt_docs.yml ├── designer.yml ├── devstack_ami.yml ├── discovery.yml ├── ec2.ini ├── ec2.py ├── ecommerce.yml ├── ecomworker.yml ├── edx-auth-proxy.yml ├── edx-east ├── edx-monitoring.yml ├── edx_ansible.yml ├── edx_continuous_integration.yml ├── edx_jenkins_tests.yml ├── edx_maintenance.yml ├── edx_mirror.yml ├── edx_provision.yml ├── edxapp.yml ├── elasticsearch.yml ├── enterprise_catalog.yml ├── flower.yml ├── forum.yml ├── ghost.yml ├── go-agent-docker.yml ├── group_vars │ ├── README.rst │ └── tag_environment_prod ├── insights.yml ├── insightvm_agent.yml ├── inventory.ini ├── jenkins_admin.yml ├── jenkins_data_engineering.yml ├── jenkins_data_engineering_new.yml ├── jenkins_it.yml ├── learner_dashboard.yml ├── learner_portal.yml ├── learning.yml ├── library │ ├── ec2_acl │ ├── ec2_group_local │ ├── ec2_iam_role │ ├── ec2_lookup │ ├── ec2_rt │ ├── ec2_subnet │ ├── ec2_tag_local │ ├── ec2_vpc_local │ ├── mongodb_replica_set │ ├── mongodb_rs_config │ ├── mongodb_rs_status │ ├── mongodb_step_down │ ├── rds_local │ └── util_map ├── library_authoring.yml ├── license_manager.yml ├── lifecycle_inventory.py ├── log_server.yml ├── manage_edxapp_users_and_groups.yml ├── masters_sandbox.yml ├── masters_sandbox_update.yml ├── mfe_flags_setup.yml ├── minos.yml ├── mongo.yml ├── mongo_3_0.yml ├── mongo_3_2.yml ├── mongo_3_4.yml ├── mongo_3_6.yml ├── mongo_4_0.yml ├── mongo_4_2.yml ├── mongo_4_4.yml ├── mongo_5_0.yml ├── mongo_6_0.yml ├── mongo_7_0.yml ├── mongo_mms.yml ├── mongo_rolling_upgrade.yml ├── mongo_upgrade_hidden_secondaries.yml ├── mysql.yml ├── neo4j.yml ├── newrelic_mongo_monitor.yml ├── notes.yml ├── oauth_client_setup.yml ├── openedx_native.yml ├── opensearch.yml ├── ora2.yml ├── ora_grading.yml ├── payment.yml ├── populate_configuration_model.yml ├── profile.yml ├── program_console.yml ├── promote_rds_secondary.yml ├── prospectus.yml ├── prospectus_sandbox.yml ├── rabbitmq.yml ├── redirector.yml ├── redis.yml ├── registrar.yml ├── remove-ubuntu-key.yml ├── restart_supervisor.yml ├── retire_host.yml ├── roles │ ├── ad_hoc_reporting │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ └── bin │ │ │ │ ├── mongo-user-auth.sh.j2 │ │ │ │ ├── mongo.sh.j2 │ │ │ │ ├── mysql.sh.j2 │ │ │ │ └── rds-iam.sh.j2 │ │ │ └── etc │ │ │ └── mongorc.js.j2 │ ├── add_user │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── aide │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ └── default │ │ │ └── aide.j2 │ ├── analytics_api │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── analytics_pipeline │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── acceptance.json │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── client.cfg.j2 │ ├── ansible-role-django-ida │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── defaults │ │ │ └── main.yml.j2 │ │ │ ├── docker │ │ │ ├── build │ │ │ │ └── ROLE_NAME │ │ │ │ │ ├── Dockerfile.j2 │ │ │ │ │ ├── ansible_overrides.yml.j2 │ │ │ │ │ └── inventory │ │ │ └── plays │ │ │ │ └── ROLE_NAME.yml.j2 │ │ │ ├── header.j2 │ │ │ ├── meta │ │ │ └── main.yml.j2 │ │ │ ├── tasks │ │ │ └── main.yml.j2 │ │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── ROLE_NAME │ │ │ ├── ROLE_NAME.sh.j2 │ │ │ ├── ROLE_NAME_env.j2 │ │ │ ├── ROLE_NAME_gunicorn.py.j2 │ │ │ └── devstack.sh.j2 │ │ │ ├── nginx │ │ │ └── sites-available │ │ │ │ └── ROLE_NAME.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── ROLE_NAME.conf.j2 │ ├── ansible-role │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── defaults │ │ │ └── main.yml.j2 │ │ │ ├── header.j2 │ │ │ ├── meta │ │ │ └── main.yml.j2 │ │ │ └── tasks │ │ │ └── main.yml.j2 │ ├── ansible_debug │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── dumpall.json.j2 │ │ │ └── dumpall.yml.j2 │ ├── antivirus │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── s3_bucket_virus_scan.sh.j2 │ │ │ └── server_virus_scan.sh.j2 │ ├── apache │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── lms.j2 │ │ │ └── ports.conf.j2 │ ├── authn │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── automated │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── 99-automated.j2 │ │ │ └── home │ │ │ └── automator │ │ │ └── .ssh │ │ │ └── authorized_keys.j2 │ ├── aws │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── boto.cfg.j2 │ │ │ ├── mtu.j2 │ │ │ ├── requirements.txt.j2 │ │ │ └── send-logs-to-s3.j2 │ ├── aws_cloudwatch_agent │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── amazon-cloudwatch-agent.json.j2 │ ├── aws_devstack │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── blockstore │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── browsers │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── geckodriver │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── xvfb.conf.j2 │ │ │ └── xvfb.service.j2 │ ├── cassandra │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── cassandra.yaml.j2 │ ├── codejail │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── apparmor-template │ │ │ └── sudoers-template │ ├── commerce_coordinator │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── common │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── bash_profile │ │ │ └── ssh_key_forward │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx_rsyslog.j2 │ │ │ ├── etc │ │ │ ├── cron.hourly │ │ │ │ └── logrotate.j2 │ │ │ └── logrotate.d │ │ │ │ ├── hourly │ │ │ │ ├── edx_logrotate.j2 │ │ │ │ └── edx_logrotate_tracking_log.j2 │ │ │ │ └── ntp.j2 │ │ │ ├── hostname.j2 │ │ │ ├── hosts.j2 │ │ │ └── log-ntp-alerts.sh.j2 │ ├── common_vars │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── conductor │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── config-encoders │ │ ├── .gitignore │ │ ├── LICENSE │ │ ├── README.rst │ │ ├── filter_plugins │ │ │ └── config_encoders.py │ │ └── meta │ │ │ └── main.yml │ ├── course_authoring │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── credentials │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── datadog-uninstall │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── datadog │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── dbt_docs_nginx │ │ ├── README.md │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── nginx │ │ │ ├── dbt_files_sync.sh.j2 │ │ │ └── nginx.conf.j2 │ ├── demo │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── deploy.yml │ │ │ └── main.yml │ ├── designer │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── discovery │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── docker-tools │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── ecommerce │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── ecomworker │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── ecomworker │ │ │ ├── ecomworker.sh.j2 │ │ │ └── ecomworker_env.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── ecomworker.conf.j2 │ ├── edx-sandbox │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ └── update-motd.d │ │ │ └── terminate_motd.j2 │ ├── edx_ansible │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ └── main.yml │ │ └── templates │ │ │ ├── dumpall.yml.j2 │ │ │ ├── pre-box.j2 │ │ │ ├── show-repo-heads.j2 │ │ │ └── update.j2 │ ├── edx_django_service │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── app │ │ │ ├── app-workers.sh.j2 │ │ │ ├── app.sh.j2 │ │ │ ├── app_env.j2 │ │ │ ├── app_gunicorn.py.j2 │ │ │ └── devstack.sh.j2 │ │ │ ├── nginx │ │ │ └── sites-available │ │ │ │ ├── app.j2 │ │ │ │ └── concerns │ │ │ │ ├── admin_urls_access_from_restricted_cidrs.j2 │ │ │ │ ├── app-common.j2 │ │ │ │ ├── basic-auth.j2 │ │ │ │ ├── cors-add-header.j2 │ │ │ │ ├── cors-build-map.j2 │ │ │ │ ├── handle-ip-disclosure.j2 │ │ │ │ ├── handle-tls-terminated-elsewhere-ip-disclosure.j2 │ │ │ │ ├── handle-tls-terminated-elsewhere-redirect.j2 │ │ │ │ ├── proxy-to-app.j2 │ │ │ │ ├── robots.j2 │ │ │ │ ├── s3_maintenance.j2 │ │ │ │ ├── static-assets.j2 │ │ │ │ └── upstream.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ ├── app-workers.conf.j2 │ │ │ └── app.conf.j2 │ ├── edx_django_service_with_rendered_config │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── app │ │ │ ├── app.sh.j2 │ │ │ ├── app_env.j2 │ │ │ ├── app_gunicorn.py.j2 │ │ │ └── devstack.sh.j2 │ │ │ ├── nginx │ │ │ └── sites-available │ │ │ │ ├── app.j2 │ │ │ │ └── concerns │ │ │ │ ├── admin_urls_access_from_restricted_cidrs.j2 │ │ │ │ ├── app-common.j2 │ │ │ │ ├── basic-auth.j2 │ │ │ │ ├── cors-add-header.j2 │ │ │ │ ├── cors-build-map.j2 │ │ │ │ ├── handle-ip-disclosure.j2 │ │ │ │ ├── handle-tls-terminated-elsewhere-ip-disclosure.j2 │ │ │ │ ├── handle-tls-terminated-elsewhere-redirect.j2 │ │ │ │ ├── proxy-to-app.j2 │ │ │ │ ├── robots.j2 │ │ │ │ ├── s3_maintenance.j2 │ │ │ │ ├── static-assets.j2 │ │ │ │ └── upstream.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── app.conf.j2 │ ├── edx_maintenance │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── edx_notes_api │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── edx_notes_api │ │ │ ├── devstack.sh.j2 │ │ │ ├── edx_notes_api.sh.j2 │ │ │ ├── edx_notes_api_env.j2 │ │ │ └── edx_notes_api_gunicorn.py.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── edx_notes_api.conf.j2 │ ├── edx_service │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── config.yml.j2 │ ├── edx_service_with_rendered_config │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── config.yml.j2 │ ├── edx_themes │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── edxapp │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ ├── main.yml │ │ │ ├── python_sandbox_env.yml │ │ │ ├── service_variant_config.yml │ │ │ ├── site_configuration.yml │ │ │ └── tag_ec2.yml │ │ ├── templates │ │ │ ├── .npmrc.j2 │ │ │ ├── 95-sandbox-sudoer.j2 │ │ │ ├── boto.j2 │ │ │ ├── cms.auth.json.j2 │ │ │ ├── cms.env.json.j2 │ │ │ ├── cms_gunicorn.py.j2 │ │ │ ├── code.sandbox.j2 │ │ │ ├── course.xml.j2 │ │ │ ├── devstack.sh.j2 │ │ │ ├── edx │ │ │ │ ├── app │ │ │ │ │ ├── edxapp │ │ │ │ │ │ ├── beat_scheduler.sh.j2 │ │ │ │ │ │ ├── cms.sh.j2 │ │ │ │ │ │ ├── lms.sh.j2 │ │ │ │ │ │ ├── reload_cms_config.sh.j2 │ │ │ │ │ │ ├── reload_lms_config.sh.j2 │ │ │ │ │ │ └── worker.sh.j2 │ │ │ │ │ └── supervisor │ │ │ │ │ │ └── conf.d.available │ │ │ │ │ │ ├── cms.conf.j2 │ │ │ │ │ │ ├── lms.conf.j2 │ │ │ │ │ │ └── workers.conf.j2 │ │ │ │ └── bin │ │ │ │ │ ├── edxapp-migrate-cms.j2 │ │ │ │ │ ├── edxapp-migrate-lms.j2 │ │ │ │ │ ├── edxapp-runserver-cms.j2 │ │ │ │ │ ├── edxapp-runserver-lms.j2 │ │ │ │ │ ├── edxapp-shell-cms.j2 │ │ │ │ │ ├── edxapp-shell-lms.j2 │ │ │ │ │ ├── edxapp-update-assets.j2 │ │ │ │ │ └── edxapp_common.j2 │ │ │ ├── edxapp_env.j2 │ │ │ ├── git_ssh.sh.j2 │ │ │ ├── lms.auth.json.j2 │ │ │ ├── lms.env.json.j2 │ │ │ ├── lms.yml.j2 │ │ │ ├── lms_gunicorn.py.j2 │ │ │ ├── newrelic.ini.j2 │ │ │ ├── revisions.yml.j2 │ │ │ ├── site_configuration.json.j2 │ │ │ └── studio.yml.j2 │ │ └── vars │ │ │ └── devstack.yml │ ├── edxapp_common │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── edxlocal │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── elasticsearch │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ └── etc │ │ │ │ └── elasticsearch │ │ │ │ ├── elasticsearch.yml.j2 │ │ │ │ └── jvm.options.j2 │ │ │ ├── etc │ │ │ └── default │ │ │ │ └── elasticsearch.j2 │ │ │ └── lib │ │ │ └── systemd │ │ │ └── system │ │ │ └── elasticsearch.service.j2 │ ├── enhanced_networking │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── enterprise_catalog │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── flower │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── flower │ │ │ ├── flower_env.j2 │ │ │ └── flowerconfig.py.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── flower.conf.j2 │ ├── forum │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ ├── main.yml │ │ │ ├── tag_ec2.yml │ │ │ └── test.yml │ │ └── templates │ │ │ ├── cs_comments_service.conf.j2 │ │ │ ├── cs_comments_service.j2 │ │ │ ├── devstack.sh.j2 │ │ │ ├── forum-supervisor.sh.j2 │ │ │ ├── forum.conf.j2 │ │ │ ├── forum_env.j2 │ │ │ └── java.sh.j2 │ ├── gh_mirror │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── repos_from_orgs.py │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── orgs.yml.j2 │ ├── ghost │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── git_clone │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── gitreload │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── course_pull.yml │ │ │ ├── deploy.yml │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── gitreload │ │ │ ├── gitreload_gunicorn.py.j2 │ │ │ └── gr.env.json.j2 │ │ │ └── supervisor │ │ │ └── conf.available.d │ │ │ └── gitreload.conf.j2 │ ├── gluster │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── go-agent-docker-server │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ └── go-agent-docker-server │ │ │ └── autoregister.properties.j2 │ ├── grafana │ │ ├── .gitignore │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── conf │ │ │ └── grafana.ini.j2 │ ├── graphite │ │ ├── LICENSE │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── carbon.yml │ │ │ ├── graphite-api.yml │ │ │ ├── main.yml │ │ │ └── whisper.yml │ │ └── templates │ │ │ ├── carbon │ │ │ ├── conf │ │ │ │ ├── carbon.conf.j2 │ │ │ │ ├── storage-aggregation.conf.j2 │ │ │ │ └── storage-schemas.conf.j2 │ │ │ └── systemd │ │ │ │ └── carbon-cache.service.j2 │ │ │ └── graphite-api │ │ │ ├── conf │ │ │ └── graphite-api.yml.j2 │ │ │ └── systemd │ │ │ ├── graphite-api.service.j2 │ │ │ └── graphite-api.socket.j2 │ ├── hadoop_common │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── core-site.xml.j2 │ │ │ ├── etc │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ ├── hdfs-datanode.service.j2 │ │ │ │ ├── hdfs-namenode.service.j2 │ │ │ │ ├── mapreduce-historyserver.service.j2 │ │ │ │ ├── yarn-nodemanager.service.j2 │ │ │ │ ├── yarn-proxyserver.service.j2 │ │ │ │ └── yarn-resourcemanager.service.j2 │ │ │ ├── hadoop-env.sh.j2 │ │ │ ├── hadoop_user_ssh_config.j2 │ │ │ ├── hdfs-site.xml.j2 │ │ │ ├── hdfs.conf.j2 │ │ │ ├── mapred-site.xml.j2 │ │ │ ├── yarn-site.xml.j2 │ │ │ └── yarn.conf.j2 │ ├── hadoop_master │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── haproxy │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── haproxy.cfg.j2 │ │ │ ├── haproxy.logrotate.j2 │ │ │ └── haproxy.rsyslog.j2 │ ├── hermes │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── pre_hermes_checks.sh │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── hermes-systemd.service.j2 │ │ │ ├── hermes.sh.j2 │ │ │ ├── hermes_env.j2 │ │ │ └── sudoers.j2 │ ├── hive │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── hive-env.sh.j2 │ │ │ └── hive-site.xml.j2 │ ├── hotg │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── hotg │ │ │ ├── Config.groovy.j2 │ │ │ ├── server.xml.j2 │ │ │ └── supervisor_wrapper.sh.j2 │ │ │ └── supervisor │ │ │ └── conf.d │ │ │ └── hotg.conf.j2 │ ├── insights │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ ├── insights │ │ │ ├── insights.sh.j2 │ │ │ └── insights_env.j2 │ │ │ └── supervisor │ │ │ └── conf.d.available │ │ │ └── insights.conf.j2 │ ├── insightvm_agent │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── jenkins_admin │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── var │ │ │ └── jenkins │ │ │ ├── aws_config.j2 │ │ │ ├── boto.j2 │ │ │ ├── hudson.plugins.s3.S3BucketPublisher.xml.j2 │ │ │ └── jobs │ │ │ └── backup-jenkins │ │ │ └── config.xml.j2 │ ├── jenkins_analytics │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── execute_jenkins_cli.yaml │ │ │ └── main.yml │ │ └── templates │ │ │ ├── addCredentials.groovy │ │ │ ├── credentials_file.json.j2 │ │ │ ├── jenkins.config.main.xml │ │ │ ├── jenkins.user.config.xml │ │ │ └── seedJob.groovy │ ├── jenkins_common │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── ec2 │ │ │ │ └── mongo_init_script.sh │ │ │ ├── splunk │ │ │ │ └── splunk.groovy │ │ │ └── xml │ │ │ │ └── seed_job.xml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── config │ │ │ ├── credentials.yml.j2 │ │ │ ├── ec2_config.yml.j2 │ │ │ ├── email_ext_config.yml.j2 │ │ │ ├── ghprb_config.yml.j2 │ │ │ ├── git_config.yml.j2 │ │ │ ├── github_config.yml.j2 │ │ │ ├── github_oauth.yml.j2 │ │ │ ├── groovy_config.yml.j2 │ │ │ ├── job_config_history.yml.j2 │ │ │ ├── log_config.yml.j2 │ │ │ ├── mailer_config.yml.j2 │ │ │ ├── main_config.yml.j2 │ │ │ ├── mask_passwords_config.yml.j2 │ │ │ ├── plugins.yml.j2 │ │ │ ├── properties_config.yml.j2 │ │ │ ├── python_config.yml.j2 │ │ │ ├── saml_config.yml.j2 │ │ │ ├── security.yml.j2 │ │ │ ├── seed_config.yml.j2 │ │ │ ├── slack_config.yml.j2 │ │ │ ├── splunk_config.yml.j2 │ │ │ ├── timestamper_config.yml.j2 │ │ │ └── user_config.yml.j2 │ │ │ ├── etc │ │ │ ├── logrotate.d │ │ │ │ └── jenkins_log.j2 │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── jenkins.service.j2 │ │ │ └── jenkins-env.sh.j2 │ ├── jenkins_data_engineering │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── xml │ │ │ │ └── seed_job.xml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── jenkins.user.config.xml │ ├── jenkins_data_engineering_new │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── xml │ │ │ │ └── seed_job.xml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── system.yml │ │ └── templates │ │ │ └── jenkins.user.config.xml │ ├── jenkins_it │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── jenkins_master │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── datadog.yml │ │ │ └── main.yml │ ├── jscover │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── jwt_signature │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── app_config.yml.j2 │ ├── kibana │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── sample_dashboard.json │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── default.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── config.js.j2 │ ├── launch_ec2 │ │ └── tasks │ │ │ └── main.yml │ ├── learner_portal │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── library_authoring │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── license_manager │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── local_dev │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── ftplugin-python.vim │ │ │ ├── gitconfig │ │ │ ├── vimrc │ │ │ └── x11_display │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── app_bashrc.j2 │ │ │ └── share_x11.j2 │ ├── logstash │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── template_logstash.json │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── default.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── logstash.conf.j2 │ │ │ └── logstash.upstart.conf.j2 │ ├── mariadb │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── cluster.yml │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ └── mysql │ │ │ └── conf.d │ │ │ └── galera.cnf.j2 │ ├── memcache │ │ └── tasks │ │ │ └── main.yml │ ├── mfe │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ └── nginx │ │ │ └── sites-available │ │ │ ├── app.j2 │ │ │ └── concerns │ │ │ ├── basic-auth.j2 │ │ │ ├── handle-ip-disclosure.j2 │ │ │ ├── handle-tls-terminated-elsewhere-ip-disclosure.j2 │ │ │ ├── handle-tls-terminated-elsewhere-redirect.j2 │ │ │ ├── mfe-common.j2 │ │ │ ├── mfe.j2 │ │ │ └── robots.j2 │ ├── mfe_deployer │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ └── nginx │ │ │ └── sites-available │ │ │ ├── app.j2 │ │ │ └── concerns │ │ │ ├── basic-auth.j2 │ │ │ ├── handle-ip-disclosure.j2 │ │ │ ├── handle-tls-terminated-elsewhere-ip-disclosure.j2 │ │ │ ├── handle-tls-terminated-elsewhere-redirect.j2 │ │ │ ├── mfe.j2 │ │ │ └── robots.j2 │ ├── mfe_flags_setup │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── minos │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ └── etc │ │ │ │ └── minos │ │ │ │ └── conf.d │ │ │ │ ├── BellwetherVoter.yml.j2 │ │ │ │ ├── ProccessQuiescenceVoterPython.yml.j2 │ │ │ │ ├── RolledTrackingLogVoter.yml.j2 │ │ │ │ ├── TrackingLogVoter.yml.j2 │ │ │ │ └── ZippedTrackingLogVoter.yml.j2 │ │ │ └── tmp │ │ │ └── git-identity.sh.j2 │ ├── mongo │ ├── mongo_2_6 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── backup-mongo-to-s3.j2 │ │ │ ├── create_root.js.j2 │ │ │ ├── etc │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── mongod.service.j2 │ │ │ ├── mongo-s3-backup-s3cfg.j2 │ │ │ ├── mongodb.conf.j2 │ │ │ └── repset_init.js.j2 │ ├── mongo_3_0 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── disable-transparent-hugepages.conf │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_3_2 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ ├── disable-transparent-hugepages.service │ │ │ │ └── mongod.service.d │ │ │ │ └── restart.conf │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── backup-mongo.sh.j2 │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_3_4 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_3_6 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_4_0 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_4_2 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_4_4 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_5_0 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_6_0 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_7_0 │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-transparent-hugepages.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-mongo-serverStatus.sh.j2 │ │ │ ├── mongo_logrotate.j2 │ │ │ └── mongod.conf.j2 │ ├── mongo_client │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── mongo_mms │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── mongo_newrelic_monitor │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── mongodb-config.yml.j2 │ ├── mount_ebs │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── munin_node │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── munin-edx │ │ └── tasks │ │ │ └── main.yml │ ├── mysql │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ ├── mysql.yml │ │ │ └── remove_mysql_experimental.yml │ │ └── templates │ │ │ └── default_character_sets_and_collations.cnf.j2 │ ├── neo4j │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── edx │ │ │ └── app │ │ │ └── nginx │ │ │ └── sites-available │ │ │ └── coursegraph.j2 │ ├── newrelic_infrastructure │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── edx │ │ │ │ └── bin │ │ │ │ └── write_nr_display_name_config.sh │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ ├── newrelic-infra.j2 │ │ │ └── newrelic-infra │ │ │ └── logging.d │ │ │ └── logs.yml.j2 │ ├── nginx │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ ├── app │ │ │ │ └── nginx │ │ │ │ │ ├── robots.txt.j2 │ │ │ │ │ └── sites-available │ │ │ │ │ ├── analytics_api.j2 │ │ │ │ │ ├── basic-auth.j2 │ │ │ │ │ ├── cms.j2 │ │ │ │ │ ├── cms_proxy.j2 │ │ │ │ │ ├── common-settings.j2 │ │ │ │ │ ├── conductor.j2 │ │ │ │ │ ├── credentials.j2 │ │ │ │ │ ├── edx_exams.j2 │ │ │ │ │ ├── edx_notes_api.j2 │ │ │ │ │ ├── empty_json.j2 │ │ │ │ │ ├── extra_locations_lms.j2 │ │ │ │ │ ├── forum.j2 │ │ │ │ │ ├── gh_mirror.j2 │ │ │ │ │ ├── gitreload.j2 │ │ │ │ │ ├── grafana.j2 │ │ │ │ │ ├── graphite.j2 │ │ │ │ │ ├── handle-ip-disclosure.j2 │ │ │ │ │ ├── handle-tls-redirect-and-ip-disclosure.j2 │ │ │ │ │ ├── handle-tls-terminated-elsewhere-ip-disclosure.j2 │ │ │ │ │ ├── insights.j2 │ │ │ │ │ ├── jenkins.j2 │ │ │ │ │ ├── kibana.j2 │ │ │ │ │ ├── learner_portal.j2 │ │ │ │ │ ├── lms.j2 │ │ │ │ │ ├── lms_proxy.j2 │ │ │ │ │ ├── maps.j2 │ │ │ │ │ ├── nginx_redirect.j2 │ │ │ │ │ ├── program_console.j2 │ │ │ │ │ ├── prospectus.j2 │ │ │ │ │ ├── python_lib.zip.j2 │ │ │ │ │ ├── robots.j2 │ │ │ │ │ ├── s3_maintenance.j2 │ │ │ │ │ ├── static-files-extra.j2 │ │ │ │ │ ├── static-files.j2 │ │ │ │ │ ├── subscriptions.j2 │ │ │ │ │ └── xqueue.j2 │ │ │ └── var │ │ │ │ └── nginx │ │ │ │ └── server-static │ │ │ │ └── server-template.j2 │ │ │ └── etc │ │ │ ├── logrotate.d │ │ │ ├── edx_logrotate_nginx_access.j2 │ │ │ └── edx_logrotate_nginx_error.j2 │ │ │ └── nginx │ │ │ └── nginx.conf.j2 │ ├── nltk │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── oauth2_proxy │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ ├── main.yml │ │ │ ├── tag_ec2.yml │ │ │ └── test.yml │ │ └── templates │ │ │ ├── oauth2_proxy.cfg.j2 │ │ │ └── oauth2_proxy_supervisor.conf.j2 │ ├── oauth_client_setup │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── opensearch │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ └── etc │ │ │ │ └── opensearch │ │ │ │ ├── jvm.options.j2 │ │ │ │ └── opensearch.yml.j2 │ │ │ └── lib │ │ │ └── systemd │ │ │ └── system │ │ │ └── opensearch.service.j2 │ ├── openstack │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── log-sync-env.sh.j2 │ │ │ └── send-logs-to-swift.j2 │ ├── oraclejdk │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── java.sh.j2 │ ├── payment │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── postfix_queue │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── program_console │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── prospectus │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── .env.environment.j2 │ │ │ └── prospectus_env.j2 │ ├── python │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── rabbitmq │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ └── app │ │ │ │ └── rabbitmq │ │ │ │ ├── log-rabbitmq-memory.sh.j2 │ │ │ │ └── log-rabbitmq-queues.sh.j2 │ │ │ ├── erlang.cookie.j2 │ │ │ ├── etc │ │ │ ├── logrotate.d │ │ │ │ └── rabbitmq.j2 │ │ │ └── rabbitmq │ │ │ │ └── rabbitmq.config.j2 │ │ │ └── rabbitmq-env.conf.j2 │ ├── rbenv │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── ruby_env.j2 │ ├── redis │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ └── redis │ │ │ └── redis.conf.j2 │ ├── registrar │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── s3fs │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── security │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── tmp │ │ │ │ └── GHOST.c │ │ ├── tasks │ │ │ ├── main.yml │ │ │ ├── security-amazon.yml │ │ │ └── security-ubuntu.yml │ │ └── templates │ │ │ └── etc │ │ │ └── apt │ │ │ └── apt.conf.d │ │ │ ├── 10periodic │ │ │ ├── 20unattended-upgrade │ │ │ └── 50unattended-upgrades │ ├── server_utils │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── shibboleth │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── attribute-map.xml.j2 │ │ │ ├── shibboleth2.xml.j2 │ │ │ ├── sp.key.j2 │ │ │ └── sp.pem.j2 │ ├── simple_theme │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── default_skeleton │ │ │ │ └── lms │ │ │ │ │ └── static │ │ │ │ │ └── sass │ │ │ │ │ ├── discussion │ │ │ │ │ └── lms-discussion-bootstrap.scss │ │ │ │ │ ├── lms-course.scss │ │ │ │ │ ├── lms-main-v1.scss │ │ │ │ │ └── partials │ │ │ │ │ └── lms │ │ │ │ │ └── theme │ │ │ │ │ ├── _variables-v1.scss │ │ │ │ │ └── _variables.scss │ │ │ └── example_static_dir │ │ │ │ ├── cms │ │ │ │ └── images │ │ │ │ │ └── logo.png │ │ │ │ └── lms │ │ │ │ ├── images │ │ │ │ ├── favicon.ico │ │ │ │ └── logo.png │ │ │ │ └── js │ │ │ │ └── myscript.js │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── deploy.yml │ │ │ └── main.yml │ │ └── templates │ │ │ ├── i18n │ │ │ └── domain.po.j2 │ │ │ └── lms │ │ │ └── static │ │ │ └── sass │ │ │ ├── _lms-overrides.scss.j2 │ │ │ ├── common-variables.scss.j2 │ │ │ └── partials │ │ │ └── lms │ │ │ └── theme │ │ │ └── _variables-v1.scss.j2 │ ├── snort │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── etc │ │ │ ├── cron.daily │ │ │ └── oinkmaster.j2 │ │ │ ├── oinkmaster.conf.j2 │ │ │ └── snort │ │ │ ├── snort.conf.j2 │ │ │ └── snort.debian.conf.j2 │ ├── splunk-server │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── opt │ │ │ └── splunk │ │ │ ├── bin │ │ │ └── coldToFrozenS3.j2 │ │ │ └── etc │ │ │ ├── apps │ │ │ └── search │ │ │ │ └── local │ │ │ │ ├── indexes.conf.j2 │ │ │ │ ├── props.conf.j2 │ │ │ │ └── savedsearches.conf.j2 │ │ │ └── system │ │ │ └── local │ │ │ ├── alert_actions.conf.j2 │ │ │ ├── inputs.conf.j2 │ │ │ ├── props.conf.j2 │ │ │ ├── transforms.conf.j2 │ │ │ └── web.conf.j2 │ ├── splunkforwarder │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── opt │ │ │ └── splunkforwarder │ │ │ └── etc │ │ │ └── system │ │ │ └── local │ │ │ ├── inputs.conf.j2 │ │ │ ├── outputs.conf.j2 │ │ │ └── server.conf.j2 │ ├── sqlite_fix │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── sqoop │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── sqoop-env.sh.j2 │ ├── stop_all_edx_services │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── supervisor │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── pre_supervisor_checks.py │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── edx │ │ │ ├── app │ │ │ │ └── supervisor │ │ │ │ │ └── supervisord.conf.j2 │ │ │ └── bin │ │ │ │ └── supervisorctl.j2 │ │ │ └── etc │ │ │ └── init │ │ │ ├── supervisor-systemd.service.j2 │ │ │ └── supervisor-upstart.conf.j2 │ ├── swapfile │ │ ├── LICENSE │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── tableau │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── registration.json.j2 │ │ │ └── secrets.j2 │ ├── tableau_de │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── tsm_status.sh.j2 │ ├── test_build_server │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ └── test-development-environment.sh │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── testcourses │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── deploy.yml │ │ │ ├── import_course.yml │ │ │ └── main.yml │ ├── tinymce_plugins │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── import_tinymce_plugin.yml │ │ │ ├── main.yml │ │ │ └── rebuild_tinymce_files.yml │ ├── tools_jenkins │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── user │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── authorized_keys.j2 │ │ │ ├── default.bashrc.j2 │ │ │ ├── default.profile.j2 │ │ │ ├── restricted.bashrc.j2 │ │ │ └── restricted.sudoers.conf.j2 │ ├── user_retirement_pipeline │ │ ├── README.rst │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── config.yml.j2 │ │ │ └── retire_users.sh.j2 │ ├── vhost │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── etc │ │ │ ├── dhcp │ │ │ │ └── dhclient.conf.j2 │ │ │ ├── init │ │ │ │ └── sync-on-stop.conf.j2 │ │ │ ├── motd.tail.j2 │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── sync-logs-on-exit.service.j2 │ │ │ └── sync-logs-on-exit.j2 │ ├── xqueue │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── devstack.sh.j2 │ │ │ ├── xqueue.conf.j2 │ │ │ ├── xqueue_consumer.conf.j2 │ │ │ ├── xqueue_env.j2 │ │ │ └── xqueue_gunicorn.py.j2 │ └── xqwatcher │ │ ├── defaults │ │ └── main.yml │ │ ├── meta │ │ └── main.yml │ │ ├── tasks │ │ ├── code_jail.yml │ │ ├── deploy.yml │ │ ├── deploy_courses.yml │ │ ├── deploy_watcher.yml │ │ └── main.yml │ │ └── templates │ │ ├── edx │ │ └── app │ │ │ ├── supervisor │ │ │ └── conf.d │ │ │ │ └── xqwatcher.conf.j2 │ │ │ └── xqwatcher │ │ │ ├── conf.d │ │ │ └── course.json.j2 │ │ │ ├── data │ │ │ └── requirements.txt.j2 │ │ │ └── xqwatcher.json.j2 │ │ └── etc │ │ ├── apparmor.d │ │ └── code.jail.j2 │ │ └── sudoers.d │ │ ├── 95-course-sandbox.j2 │ │ └── 95-xqwatcher.j2 ├── run_role.yml ├── sample_vars │ ├── passwords.yml │ ├── server_vars.yml │ └── test-mongo.yml ├── security.sh ├── security.yml ├── set_hostname.yml ├── snort.yml ├── splunk.yml ├── splunk_config_backup.yml ├── splunkforwarder.yml ├── stop_all_edx_services.yml ├── tableau.yml ├── tableau_de.yml ├── tanaguru.yml ├── test-rolling.yml ├── testcourses.yml ├── tools-gp.yml ├── tools_jenkins.yml ├── users.yml ├── vagrant-analytics.yml ├── vagrant-cluster.yml ├── vpc_admin.yml ├── worker.yml ├── xqueue.yml └── xqwatcher.yml ├── requirements.txt ├── requirements ├── asym-crypto-yaml.txt ├── aws.in ├── base.in ├── cloudflare.in ├── common_constraints.txt ├── constraints.txt ├── elasticsearch.in ├── jenkins.in ├── pingdom.in ├── pip-tools.in ├── pip-tools.txt ├── pip.in ├── pip.txt └── vpc-tools.in ├── requirements3.txt ├── test.mk ├── tests ├── test_mongodb_replica_set.py ├── test_playbooks.sh └── validate_templates.sh ├── util ├── README.rst ├── ansible_msg.py ├── asg_event_notifications_util.py ├── aws_ip_locator │ ├── example │ ├── ipcollector.py │ └── requirements.txt ├── bake_config.sh ├── check_for_key_collisions │ ├── README.md │ ├── check_for_key_collisions.py │ └── requirements.txt ├── check_rds_configs │ ├── check_rds_configs.py │ └── requirements.txt ├── cloudflare │ └── by_origin_purger │ │ ├── README.md │ │ ├── purger.py │ │ └── requirements.txt ├── cluster_instance_monitoring.py ├── config │ └── merge_json_to_yaml ├── course-permutation-tool │ ├── README.rst │ └── permutations.json ├── create_data_czar │ ├── assign_czar_org_groups.py │ ├── create_data_czar.py │ ├── create_org_data_czar_policy.py │ └── remove_data_czar.py ├── csmh-extended │ ├── migrate-same-database-instance.sh │ ├── migrate-separate-database-instances.sh │ └── slow-delete.sh ├── elasticsearch │ ├── copy-index.sh │ ├── forums-incremental-reindex.sh │ ├── requirements.txt │ └── verify-index-copy.py ├── elb_tls_policy_management_util │ ├── elb_tls_policy_management_util.py │ ├── examples │ └── requirements.txt ├── helm_values_to_rst_table_util │ ├── README.md │ ├── helm_values_to_rst_table_util.py │ └── requirements3.txt ├── install │ ├── ansible-bootstrap.sh │ ├── generate-passwords.sh │ ├── native.sh │ └── sandbox.sh ├── jenkins │ ├── add_new_xqueues_to_dashboard │ │ ├── __init__.py │ │ ├── add_xqueue_to_dashboard.py │ │ └── requirements.txt │ ├── ansible-provision.sh │ ├── app-container-provisioner.sh │ ├── ascii-convert.sh │ ├── assume-role.sh │ ├── check-ses-limits.py │ ├── check_table_size │ │ ├── check_table_size.py │ │ └── requirements.txt │ ├── cloudflare-hit-rate.py │ ├── demo-course-provisioner.sh │ ├── django-admin.sh │ ├── export_dead_locks │ │ ├── export_dead_locks.py │ │ └── requirements.txt │ ├── export_slow_logs │ │ ├── export_slow_query_logs.py │ │ └── requirements.txt │ ├── extend-sandbox-termination.py │ ├── get-rc-branches.sh │ ├── helm_update_checker │ │ ├── helm_update_checker.py │ │ └── requirements.txt │ ├── kustomize_update_checker │ │ ├── kustomize_update_checker.py │ │ └── requirements.txt │ ├── list_mysql_process │ │ ├── list_mysql_process.py │ │ └── requirements.txt │ ├── missing_alerts_checker │ │ └── missing_alerts_checker.py │ ├── primary_keys │ │ ├── __init__.py │ │ ├── check_primary_keys.py │ │ └── requirements.txt │ ├── rds_alarms_checker │ │ ├── missing_rds_alarms.py │ │ └── requirements.txt │ ├── requirements-cloudflare.txt │ ├── requirements.txt │ ├── run-ansible.sh │ ├── virtualenv_tools.sh │ └── worker-container-provisioner.sh ├── maintenance.sh ├── old │ └── import_xml_courses.py ├── parsefiles.py ├── parsefiles_config.yml ├── pingdom │ ├── .gitignore │ ├── README.rst │ ├── create_pingdom_alerts.py │ ├── example.yml │ └── requirements.txt ├── post-pip-compile.sh ├── publish_rds_logs_to_cloudwatch.py ├── rabbitmq │ └── shovel.py ├── rds_sgs │ ├── rds_sgs.py │ └── requirements.txt ├── s3_acl.py ├── s3_obj_acl.py ├── tableau │ └── installer.sh └── vpc-tools │ ├── asg_lifcycle_watcher.py │ ├── requirements.txt │ ├── sanitize-db-prod_grader.sql │ ├── tag-old-ebs.py │ ├── vpc_dns.py │ └── vpcutil.py └── vagrant ├── README.rst ├── base ├── analytics_jenkins │ └── Vagrantfile ├── analyticstack │ ├── Vagrantfile │ └── ansible.cfg ├── cluster │ ├── Vagrantfile │ ├── ansible.cfg │ └── inventory.ini ├── test_playbook │ ├── Vagrantfile │ └── ansible.cfg └── test_role │ ├── Vagrantfile │ └── ansible.cfg └── release └── analyticstack └── Vagrantfile /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !playbooks/ 3 | !docker/build/* 4 | !docker/devstack_common_ansible_overrides.yml 5 | !docker/build/*/*.yml 6 | docker/build/*/Dockerfile 7 | !docker/plays/ 8 | !util/install/ 9 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # This file is for unifying the coding style for different editors and IDEs. 2 | # More information at http://EditorConfig.org 3 | 4 | root = true 5 | 6 | [*] 7 | charset = utf-8 8 | end_of_line = lf 9 | indent_size = 4 10 | indent_style = space 11 | insert_final_newline = true 12 | max_line_length = 120 13 | trim_trailing_whitespace = true 14 | 15 | [*.{yml,yaml}] 16 | indent_size = 2 17 | 18 | [*.rst] 19 | max_line_length = 79 20 | 21 | [*.mk] 22 | indent_style = tab 23 | indent_size = 8 24 | 25 | [Makefile] 26 | indent_style = tab 27 | indent_size = 8 28 | -------------------------------------------------------------------------------- /.github/workflows/commitlint.yml: -------------------------------------------------------------------------------- 1 | # Run commitlint on the commit messages in a pull request. 2 | 3 | name: Lint Commit Messages 4 | 5 | on: 6 | - pull_request 7 | 8 | jobs: 9 | commitlint: 10 | uses: openedx/.github/.github/workflows/commitlint.yml@master 11 | -------------------------------------------------------------------------------- /.github/workflows/self-assign-issue.yml: -------------------------------------------------------------------------------- 1 | # This workflow runs when a comment is made on the ticket 2 | # If the comment starts with "assign me" it assigns the author to the 3 | # ticket (case insensitive) 4 | 5 | name: Assign comment author to ticket if they say "assign me" 6 | on: 7 | issue_comment: 8 | types: [created] 9 | 10 | jobs: 11 | self_assign_by_comment: 12 | uses: openedx/.github/.github/workflows/self-assign-issue.yml@master 13 | -------------------------------------------------------------------------------- /docker/build/analytics_pipeline_hadoop_datanode/datanode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | datadir=`echo $HDFS_CONF_dfs_datanode_data_dir | perl -pe 's#file://##'` 4 | if [ ! -d $datadir ]; then 5 | echo "Datanode data directory not found: $datadir" 6 | exit 2 7 | fi 8 | 9 | $HADOOP_PREFIX/bin/hdfs --config $HADOOP_CONF_DIR datanode 10 | -------------------------------------------------------------------------------- /docker/build/analytics_pipeline_hadoop_nodemanager/nodemanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | $HADOOP_PREFIX/bin/yarn --config $HADOOP_CONF_DIR nodemanager 4 | -------------------------------------------------------------------------------- /docker/build/analytics_pipeline_hadoop_resourcemanager/resourcemanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | $HADOOP_PREFIX/bin/yarn --config $HADOOP_CONF_DIR resourcemanager 4 | -------------------------------------------------------------------------------- /docker/build/analytics_pipeline_spark_master/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export SPARK_MASTER_HOST=`hostname` 4 | 5 | . "/spark/sbin/spark-config.sh" 6 | 7 | . "/spark/bin/load-spark-env.sh" 8 | 9 | mkdir -p $SPARK_MASTER_LOG 10 | 11 | setsid /spark/sbin/start-history-server.sh >/dev/null 2>&1 < /dev/null & 12 | 13 | cd /spark/bin && /spark/sbin/../bin/spark-class org.apache.spark.deploy.master.Master \ 14 | --ip $SPARK_MASTER_HOST --port $SPARK_MASTER_PORT --webui-port $SPARK_MASTER_WEBUI_PORT >> $SPARK_MASTER_LOG/spark-master.out 15 | -------------------------------------------------------------------------------- /docker/build/analytics_pipeline_spark_worker/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | . "/spark/sbin/spark-config.sh" 4 | 5 | . "/spark/bin/load-spark-env.sh" 6 | 7 | mkdir -p $SPARK_WORKER_LOG 8 | 9 | /spark/sbin/../bin/spark-class org.apache.spark.deploy.worker.Worker \ 10 | --webui-port $SPARK_WORKER_WEBUI_PORT $SPARK_MASTER >> $SPARK_WORKER_LOG/spark-worker.out 11 | -------------------------------------------------------------------------------- /docker/build/automated/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM edxops/xenial-common:latest 2 | LABEL maintainer="edxops" 3 | 4 | ADD . /edx/app/edx_ansible/edx_ansible 5 | COPY docker/build/automated/ansible_overrides.yml / 6 | WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays 7 | RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook -vvvv automated.yml \ 8 | -i '127.0.0.1,' -c local \ 9 | -e@/ansible_overrides.yml 10 | WORKDIR /edx/app 11 | -------------------------------------------------------------------------------- /docker/build/chrome/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM selenium/standalone-chrome-debug:3.14.0-arsenic 2 | LABEL maintainer="edxops" 3 | 4 | USER root 5 | 6 | # Install a password generator 7 | RUN apt-get update -qqy \ 8 | && apt-get -qqy install \ 9 | pwgen \ 10 | && rm -rf /var/lib/apt/lists/* /var/cache/apt/* 11 | 12 | USER seluser 13 | 14 | CMD export VNC_PASSWORD=$(pwgen -s -1 $(shuf -i 10-20 -n 1)) \ 15 | && x11vnc -storepasswd $VNC_PASSWORD /home/seluser/.vnc/passwd \ 16 | && echo "Chrome VNC password: $VNC_PASSWORD" \ 17 | && /opt/bin/entry_point.sh 18 | 19 | EXPOSE 4444 5900 20 | -------------------------------------------------------------------------------- /docker/build/designer/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | COMMON_GIT_PATH: 'edx' 3 | 4 | COMMON_MYSQL_MIGRATE_USER: '{{ DESIGNER_MYSQL_USER }}' 5 | COMMON_MYSQL_MIGRATE_PASS: '{{ DESIGNER_MYSQL_PASSWORD }}' 6 | 7 | DESIGNER_MYSQL_HOST: 'edx.devstack.mysql' 8 | DESIGNER_DJANGO_SETTINGS_MODULE: 'designer.settings.devstack' 9 | DESIGNER_GUNICORN_EXTRA: '--reload' 10 | DESIGNER_MEMCACHE: ['edx.devstack.memcached:11211'] 11 | DESIGNER_EXTRA_APPS: [] 12 | DESIGNER_URL_ROOT: 'http://designer:18808' 13 | 14 | edx_django_service_is_devstack: true 15 | -------------------------------------------------------------------------------- /docker/build/docker-tools/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | DOCKER_TLD: "edx" 3 | -------------------------------------------------------------------------------- /docker/build/ecomworker/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | DOCKER_TLD: "edx" 4 | devstack: true 5 | -------------------------------------------------------------------------------- /docker/build/ecomworker/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost 3 | -------------------------------------------------------------------------------- /docker/build/edxapp/devstack.yml: -------------------------------------------------------------------------------- 1 | ../../../playbooks/roles/edxapp/vars/devstack.yml -------------------------------------------------------------------------------- /docker/build/elasticsearch-devstack/Dockerfile: -------------------------------------------------------------------------------- 1 | # docker build -f docker/build/elasticsearch-devstack/Dockerfile . -t edxops/elasticsearch:devstack 2 | 3 | FROM elasticsearch:1.5.2 4 | LABEL maintainer="edxops" 5 | 6 | # Install the elastcisearch-head plugin (https://mobz.github.io/elasticsearch-head/) 7 | RUN /usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head 8 | -------------------------------------------------------------------------------- /docker/build/elasticsearch/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM edxops/xenial-common:latest 2 | LABEL maintainer="edxops" 3 | 4 | ADD . /edx/app/edx_ansible/edx_ansible 5 | WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays 6 | 7 | # Role is currently untagged 8 | RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook elasticsearch.yml -c local \ 9 | -i '127.0.0.1,' 10 | 11 | WORKDIR /etc/elasticsearch 12 | CMD service elasticsearch start && sleep 5 && tail -f /edx/var/log/elasticsearch/elasticsearch.log 13 | EXPOSE 9200 9300 14 | -------------------------------------------------------------------------------- /docker/build/flower/README.txt: -------------------------------------------------------------------------------- 1 | Example: 2 | $ docker build . -t edxops/flower:latest 3 | $ docker run -it --rm -p 127.0.0.1:5555:5555 edxops/flower:latest --broker=redis://:@some-redis-url.com:6379 flower --conf=flowerconfig.py 4 | 5 | $ curl localhost:5555 6 | 7 | 8 | Example with oauth: 9 | docker run -it --rm -p 127.0.0.1:5555:5555 -e OAUTH2_KEY="xxxyyy.apps.googleusercontent.com" -e OAUTH2_SECRET="xxxxx" -e OAUTH2_REDIRECT_URI="flower-url.com/login" -e AUTH=".*@domain.org" edxops/flower:latest flower --broker=redis://myuser:mypass@my-redis.com:6379 10 | -------------------------------------------------------------------------------- /docker/build/flower/flowerconfig.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | address = os.getenv('ADDRESS', "0.0.0.0") 4 | port = os.getenv('PORT', 5555) 5 | 6 | oauth2_key = os.getenv('OAUTH2_KEY', None) 7 | oauth2_secret = os.getenv('OAUTH2_SECRET', None) 8 | oauth2_redirect_uri = os.getenv('OAUTH2_REDIRECT_URI', None) 9 | auth = os.getenv('AUTH', None) 10 | -------------------------------------------------------------------------------- /docker/build/forum/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | FLOCK_TLD: "edx" 4 | 5 | FORUM_MONGO_HOSTS: 6 | - mongo.{{ FLOCK_TLD }} 7 | 8 | FORUM_ELASTICSEARCH_HOST: "es.{{ FLOCK_TLD }}" 9 | FORUM_USE_TCP: "true" 10 | FORUM_RACK_ENV: "staging" 11 | FORUM_SINATRA_ENV: "staging" 12 | 13 | devstack: "true" 14 | -------------------------------------------------------------------------------- /docker/build/github-actions-runner/README.rst: -------------------------------------------------------------------------------- 1 | Usage 2 | ##### 3 | 4 | Create image: 5 | 6 | - This must be run from the root of the configuration repository 7 | - ``docker build -f docker/build/github-actions-runner/Dockerfile . -t openedx/github-actions-runner`` 8 | 9 | Start the container with this: 10 | 11 | ``docker run -ti -v /var/lib/docker.sock:/var/lib/docker.sock -e GITHUB_ACCESS_TOKEN=xxxxxxxx -e GITHUB_ORGANIZATION=abc openedx/github-actions-runner`` 12 | -------------------------------------------------------------------------------- /docker/build/graphite/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM edxops/xenial-common:latest 2 | LABEL maintainer="edxops" 3 | 4 | USER root 5 | ADD . /edx/app/edx_ansible/edx_ansible 6 | WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays 7 | 8 | RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook edx-monitoring.yml -c local \ 9 | -i '127.0.0.1,' 10 | -------------------------------------------------------------------------------- /docker/build/jenkins_analytics/Dockerfile.noci: -------------------------------------------------------------------------------- 1 | FROM edxops/xenial-common:latest 2 | LABEL maintainer="edxops" 3 | 4 | USER root 5 | RUN apt-get update 6 | 7 | ADD . /edx/app/edx_ansible/edx_ansible 8 | WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays 9 | COPY docker/build/jenkins_analytics/ansible_overrides.yml / 10 | RUN PYTHONUNBUFFERED=1 /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook -v jenkins_analytics.yml -i '127.0.0.1,' -c local -e@/ansible_overrides.yml 11 | -------------------------------------------------------------------------------- /docker/build/mongo/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM edxops/xenial-common:latest 2 | LABEL maintainer="edxops" 3 | 4 | ADD . /edx/app/edx_ansible/edx_ansible 5 | COPY docker/build/mongo/ansible_overrides.yml / 6 | 7 | WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays 8 | 9 | RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook mongo.yml \ 10 | -i '127.0.0.1,' -c local \ 11 | -t 'install' \ 12 | -e@/ansible_overrides.yml 13 | 14 | WORKDIR /edx/app 15 | EXPOSE 27017 16 | -------------------------------------------------------------------------------- /docker/build/mongo/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /docker/build/mysql/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | FLOCK_TLD: "edx" 3 | 4 | -------------------------------------------------------------------------------- /docker/build/nginx/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | FLOCK_TLD: "edx" 4 | -------------------------------------------------------------------------------- /docker/build/notes/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost 3 | -------------------------------------------------------------------------------- /docker/build/rabbitmq/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | FLOCK_TLD: "edx" 3 | -------------------------------------------------------------------------------- /docker/build/rabbitmq/run_rabbitmq.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ulimit -n 1024 4 | exec rabbitmq-server $@ -------------------------------------------------------------------------------- /docker/build/registrar/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | COMMON_GIT_PATH: 'edx' 3 | 4 | COMMON_MYSQL_MIGRATE_USER: '{{ REGISTRAR_MYSQL_USER }}' 5 | COMMON_MYSQL_MIGRATE_PASS: '{{ REGISTRAR_MYSQL_PASSWORD }}' 6 | 7 | REGISTRAR_MYSQL_HOST: 'edx.devstack.mysql' 8 | REGISTRAR_DJANGO_SETTINGS_MODULE: 'registrar.settings.devstack' 9 | REGISTRAR_GUNICORN_EXTRA: '--reload' 10 | REGISTRAR_MEMCACHE: ['edx.devstack.memcached:11211'] 11 | REGISTRAR_EXTRA_APPS: [] 12 | 13 | REGISTRAR_SECRET_KEY: 'hBiEM5pDr8GsZv1lh6GKmD0c9SF5Z00TFEoRY1zSmCxijFrR' 14 | 15 | edx_django_service_is_devstack: true 16 | -------------------------------------------------------------------------------- /docker/build/tableau/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | TABLEAU_ADMIN_USER: tableau 3 | TABLEAU_ADMIN_PASSWORD: 'password' 4 | TABLEAU_SERVER_ADMIN_USER: "tableau-admin" 5 | TABLEAU_SERVER_ADMIN_PASSWORD: "password" 6 | 7 | TABLEAU_REGISTRATION_CONFIG_USER_FIRST_NAME: "Saleem" 8 | TABLEAU_REGISTRATION_CONFIG_USER_LAST_NAME: "Latif" 9 | TABLEAU_REGISTRATION_CONFIG_USER_TITLE: "Software Engineer" 10 | TABLEAU_REGISTRATION_CONFIG_USER_EMAIL: "saleem@edx.org" 11 | TABLEAU_REGISTRATION_CONFIG_USER_PHONE: "" 12 | -------------------------------------------------------------------------------- /docker/build/tools_jenkins/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | DOCKER_TLD: "edx" 3 | jenkins_venv_src_dir: "../../util/jenkins" 4 | 5 | -------------------------------------------------------------------------------- /docker/build/trusty-common/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:trusty 2 | LABEL maintainer="edxops" 3 | ENV CONFIGURATION_REPO="https://github.com/openedx/configuration.git" 4 | ENV CONFIGURATION_VERSION="master" 5 | 6 | ADD util/install/ansible-bootstrap.sh /tmp/ansible-bootstrap.sh 7 | RUN chmod +x /tmp/ansible-bootstrap.sh 8 | RUN /tmp/ansible-bootstrap.sh 9 | -------------------------------------------------------------------------------- /docker/build/xqueue/ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | XQUEUE_SYSLOG_SERVER: "localhost" 3 | XQUEUE_RABBITMQ_HOSTNAME: "edx.devstack.rabbit" 4 | XQUEUE_MYSQL_HOST: "edx.devstack.mysql57" 5 | XQUEUE_SETTINGS: "devstack" 6 | xqueue_gunicorn_port: 18040 7 | xqueue_gunicorn_host: 0.0.0.0 8 | devstack: true 9 | -------------------------------------------------------------------------------- /docker/devstack_common_ansible_overrides.yml: -------------------------------------------------------------------------------- 1 | 2 | # These variables are loaded into most devstack images via their Dockerfile 3 | 4 | EDXAPP_LMS_BASE: 'edx.devstack.lms:18000' 5 | EDXAPP_LMS_ROOT_URL: 'http://{{ EDXAPP_LMS_BASE }}' 6 | EDXAPP_LMS_PUBLIC_ROOT_URL: 'http://localhost:18000' 7 | 8 | COMMON_OAUTH_BASE_URL: '{{ EDXAPP_LMS_PUBLIC_ROOT_URL }}' 9 | COMMON_OAUTH_URL_ROOT: '{{ EDXAPP_LMS_ROOT_URL }}/oauth2' 10 | COMMON_JWT_AUDIENCE: 'lms-key' 11 | COMMON_JWT_SECRET_KEY: 'lms-secret' 12 | -------------------------------------------------------------------------------- /docker/plays/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | 3 | jinja2_extensions=jinja2.ext.do 4 | roles_path=../plays:../../playbooks/roles 5 | library=../../playbooks/library 6 | 7 | [ssh_connection] 8 | ssh_args=-o ControlMaster=auto -o ControlPersist=60s -o ControlPath="~/.ansible/tmp/ansible-ssh-%h-%p-%r" -o ServerAliveInterval=30 9 | -------------------------------------------------------------------------------- /docker/plays/automated.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy autom 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - automated 8 | -------------------------------------------------------------------------------- /docker/plays/credentials.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy credentials 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - credentials 10 | -------------------------------------------------------------------------------- /docker/plays/designer.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy designer 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - designer 10 | -------------------------------------------------------------------------------- /docker/plays/docker-tools.yml: -------------------------------------------------------------------------------- 1 | - name: build a VM with docker-tools 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - docker-tools 8 | -------------------------------------------------------------------------------- /docker/plays/ecommerce.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy ecommerce 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - ecommerce 10 | - sqlite_fix 11 | - browsers 12 | -------------------------------------------------------------------------------- /docker/plays/ecomworker.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy ecommerce worker 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - ecomworker 11 | -------------------------------------------------------------------------------- /docker/plays/edxapp.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy edxapp 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - edxapp 11 | -------------------------------------------------------------------------------- /docker/plays/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | become: True 3 | roles: 4 | - common 5 | - oraclejdk 6 | - elasticsearch 7 | -------------------------------------------------------------------------------- /docker/plays/enterprise_catalog.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy enterprise catalog 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - enterprise_catalog 10 | -------------------------------------------------------------------------------- /docker/plays/forum.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy forum 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - forum 11 | -------------------------------------------------------------------------------- /docker/plays/jenkins_analytics.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy the analytics jenkins 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - jenkins_analytics 11 | -------------------------------------------------------------------------------- /docker/plays/jenkins_tools.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy the tools jenkins 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - tools_jenkins 11 | -------------------------------------------------------------------------------- /docker/plays/library: -------------------------------------------------------------------------------- 1 | ../../playbooks/library/ -------------------------------------------------------------------------------- /docker/plays/mongo.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy MongoDB 3.2 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - mongo_3_2 8 | -------------------------------------------------------------------------------- /docker/plays/mysql.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy MySQL 5.6 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - mysql 8 | -------------------------------------------------------------------------------- /docker/plays/nginx.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy nginx 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - role: nginx 11 | nginx_sites: 12 | - lms 13 | - cms 14 | - xqueue 15 | - certs 16 | - forum 17 | nginx_default_sites: 18 | - lms 19 | nginx_extra_sites: "{{ NGINX_EDXAPP_EXTRA_SITES }}" 20 | nginx_extra_configs: "{{ NGINX_EDXAPP_EXTRA_CONFIGS }}" 21 | -------------------------------------------------------------------------------- /docker/plays/notes.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy Notes 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: edx_notes_api 10 | -------------------------------------------------------------------------------- /docker/plays/rabbitmq.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy rabbitmq 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - rabbitmq 11 | -------------------------------------------------------------------------------- /docker/plays/registrar.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy registrar 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - registrar 10 | -------------------------------------------------------------------------------- /docker/plays/roles: -------------------------------------------------------------------------------- 1 | ../../playbooks/roles/ -------------------------------------------------------------------------------- /docker/plays/tableau.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy tableau 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | CLUSTER_NAME: 'tableau' 8 | serial: "{{ serial_count }}" 9 | roles: 10 | - tableau 11 | -------------------------------------------------------------------------------- /docker/plays/xqueue.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy xqueue 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - xqueue 8 | -------------------------------------------------------------------------------- /docker/plays/xqwatcher.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy xqwatcher 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - common 7 | - xqwatcher 8 | -------------------------------------------------------------------------------- /openedx.yaml: -------------------------------------------------------------------------------- 1 | # This file describes this Open edX repo, as described in OEP-2: 2 | # http://open-edx-proposals.readthedocs.io/en/latest/oeps/oep-0002.html#specification 3 | 4 | nick: conf 5 | openedx-release: {ref: master} 6 | oeps: 7 | oep-2: true 8 | oep-7: true 9 | oep-18: true 10 | -------------------------------------------------------------------------------- /playbooks/aide.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy aide IDS 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - aide 12 | - role: datadog 13 | when: COMMON_ENABLE_DATADOG 14 | - role: splunkforwarder 15 | when: COMMON_ENABLE_SPLUNKFORWARDER 16 | - role: datadog-uninstall 17 | when: not COMMON_ENABLE_DATADOG 18 | -------------------------------------------------------------------------------- /playbooks/alton.yml: -------------------------------------------------------------------------------- 1 | # Configure an admin instance with jenkins and asgard. 2 | # Usage: ansible-playbook alton.yml -i , -e /admin/edx_admin.yml -e /admin/admin.yml 3 | - name: Configure instance(s) 4 | hosts: all 5 | become: True 6 | gather_facts: True 7 | vars: 8 | serial_count: 1 9 | serial: "{{ serial_count }}" 10 | roles: 11 | - role: aws 12 | when: COMMON_ENABLE_AWS_ROLE 13 | - alton 14 | -------------------------------------------------------------------------------- /playbooks/analytics-jenkins.yml: -------------------------------------------------------------------------------- 1 | # Usage: ansible-playbook -i jenkins-host, -e@path/to/jenkins-extra-vars.yml -e@path/to/secure.yml -e 'COMMON_ENABLE_NEWRELIC=false' -e 'COMMON_ENABLE_DATADOG=false' 2 | 3 | - name: Configure instance(s) 4 | hosts: all 5 | become: True 6 | roles: 7 | - role: jenkins_analytics 8 | ansible_ssh_user: ubuntu 9 | - role: nginx 10 | nginx_sites: 11 | - jenkins 12 | nginx_default_sites: 13 | - jenkins 14 | -------------------------------------------------------------------------------- /playbooks/antivirus.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy Antivirus Scanner 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - role: aws 7 | when: COMMON_ENABLE_AWS_ROLE 8 | - antivirus 9 | - role: datadog 10 | when: COMMON_ENABLE_DATADOG 11 | - role: splunkforwarder 12 | when: COMMON_ENABLE_SPLUNKFORWARDER 13 | - role: datadog-uninstall 14 | when: not COMMON_ENABLE_DATADOG 15 | 16 | -------------------------------------------------------------------------------- /playbooks/authn_frontend.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy Authn MFE Frontend 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'authn' 8 | AUTHN_ENABLED: True 9 | AUTHN_SANDBOX_BUILD: False 10 | roles: 11 | - role: authn 12 | - role: splunkforwarder 13 | when: COMMON_ENABLE_SPLUNKFORWARDER 14 | - role: newrelic_infrastructure 15 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 16 | -------------------------------------------------------------------------------- /playbooks/automated.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy automated role 2 | hosts: all 3 | sudo: True 4 | gather_facts: True 5 | roles: 6 | # - aws 7 | - automated 8 | - role: datadog 9 | when: COMMON_ENABLE_DATADOG 10 | - role: splunkforwarder 11 | when: COMMON_ENABLE_SPLUNKFORWARDER 12 | - role: datadog-uninstall 13 | when: not COMMON_ENABLE_DATADOG 14 | 15 | -------------------------------------------------------------------------------- /playbooks/aws.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy aws 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - role: aws 11 | when: COMMON_ENABLE_AWS_ROLE 12 | -------------------------------------------------------------------------------- /playbooks/bootstrap_python.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Runs the python bootstratpping role against an ubuntu machine 3 | # This is not as complete as ansible_bootstrap.sh (intentionally so) 4 | # This lets you get python2.7 installed on a machine so you can followup 5 | # with your actual playbook or role. The key is gather_facts: False. 6 | # 7 | # Usage: 8 | # ansible-playbook ./bootstrap_python.yml -i "hostname," 9 | # 10 | - hosts: all 11 | become: True 12 | gather_facts: True 13 | roles: 14 | - role: python 15 | when: ansible_distribution_release != 'focal' 16 | -------------------------------------------------------------------------------- /playbooks/common.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy common 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - role: datadog 11 | when: COMMON_ENABLE_DATADOG 12 | - role: splunkforwarder 13 | when: COMMON_ENABLE_SPLUNKFORWARDER 14 | - role: datadog-uninstall 15 | when: not COMMON_ENABLE_DATADOG 16 | 17 | -------------------------------------------------------------------------------- /playbooks/continuous_delivery/roles: -------------------------------------------------------------------------------- 1 | ../roles -------------------------------------------------------------------------------- /playbooks/continuous_delivery/templates/local/ami_template.yml.j2: -------------------------------------------------------------------------------- 1 | ami_id: {{ ami_register.image_id }} 2 | ami_message: {{ ami_register.msg }} 3 | ami_state: {{ ami_register.state }} 4 | {{ ami_tags.tags | to_nice_yaml }} -------------------------------------------------------------------------------- /playbooks/continuous_delivery/templates/local/inventory.j2: -------------------------------------------------------------------------------- 1 | {% for instance in ec2_instance_register.instances %} 2 | {% if ec2_assign_public_ip %} 3 | {{ instance.public_ip }} 4 | {% else %} 5 | {{ instance.private_ip }} 6 | {% endif %} 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/continuous_delivery/templates/local/key.pem.j2: -------------------------------------------------------------------------------- 1 | {{ ssh_key_register.key.private_key }} -------------------------------------------------------------------------------- /playbooks/continuous_delivery/templates/local/launch_template.yml.j2: -------------------------------------------------------------------------------- 1 | keypair_id: {{ unique_key_name.stdout }} 2 | key_material_file: {{ artifact_path }}/key.pem 3 | instance_id: {{ ec2_instance_register.instances[0].id }} 4 | instance_ip: {{ ec2_instance_register.instances[0].public_ip }} 5 | -------------------------------------------------------------------------------- /playbooks/course_authoring.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy the Course Authoring MFE 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'course-authoring' 8 | COURSE_AUTHORING_ENABLED: True 9 | COURSE_AUTHORING_SANDBOX_BUILD: False 10 | roles: 11 | - role: course_authoring 12 | MFE_NAME: course-authoring 13 | - role: splunkforwarder 14 | when: COMMON_ENABLE_SPLUNKFORWARDER 15 | - role: newrelic_infrastructure 16 | when: COMMON_ENABLE_NEWRELICE_INFRASTRUCTURE -------------------------------------------------------------------------------- /playbooks/create_cname.yml: -------------------------------------------------------------------------------- 1 | # Creates a cname for a sandbox ec2 instance 2 | - name: Creates a CNAME 3 | hosts: all 4 | gather_facts: False 5 | tasks: 6 | - name: Add DNS name 7 | route53: 8 | overwrite: yes 9 | command: create 10 | zone: "{{ dns_zone }}" 11 | type: CNAME 12 | ttl: 300 13 | record: "{{ dns_name }}.{{ dns_zone }}" 14 | value: "{{ sandbox }}" 15 | 16 | 17 | -------------------------------------------------------------------------------- /playbooks/create_django_ida.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Creates a new ansible role 3 | # Usage: 4 | # ansible-playbook ./create_django_ida.yml -i "localhost," -c local -e my_role_name=my_awesome_role 5 | # 6 | - hosts: localhost 7 | gather_facts: False 8 | roles: 9 | - ansible-role-django-ida 10 | -------------------------------------------------------------------------------- /playbooks/create_role.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Creates a new ansible role 3 | # Usage: 4 | # ansible-playbook -c local --limit "localhost," ./create_role.yml -i "localhost," -e my_role_name=my_awesome_role 5 | # 6 | - hosts: localhost 7 | gather_facts: False 8 | roles: 9 | - ansible-role 10 | -------------------------------------------------------------------------------- /playbooks/demo.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy demo course 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - demo 10 | - role: datadog 11 | when: COMMON_ENABLE_DATADOG 12 | - role: splunkforwarder 13 | when: COMMON_ENABLE_SPLUNKFORWARDER 14 | - role: datadog-uninstall 15 | when: not COMMON_ENABLE_DATADOG 16 | -------------------------------------------------------------------------------- /playbooks/deploy_nginx_all_roles.yml: -------------------------------------------------------------------------------- 1 | - name: Configure instance(s) 2 | hosts: all 3 | become: True 4 | gather_facts: False 5 | vars_files: 6 | - roles/edxapp/defaults/main.yml 7 | - roles/xqueue/defaults/main.yml 8 | roles: 9 | - common 10 | - role: aws 11 | when: COMMON_ENABLE_AWS_ROLE 12 | - role: nginx 13 | nginx_sites: 14 | - cms 15 | - lms 16 | - xqueue 17 | nginx_default_sites: 18 | - lms 19 | -------------------------------------------------------------------------------- /playbooks/deploy_nginx_for_dbt_docs.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy dbt-docs server 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - aws 7 | - nginx 8 | - aws_cloudwatch_agent 9 | - dbt_docs_nginx -------------------------------------------------------------------------------- /playbooks/devstack_ami.yml: -------------------------------------------------------------------------------- 1 | - name: Build cloud devstack AMI 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_DATADOG: False 7 | ENABLE_NEWRELIC: False 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - role: aws_devstack 12 | -------------------------------------------------------------------------------- /playbooks/edx-auth-proxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Bootstrap instance(s) 3 | hosts: all 4 | gather_facts: no 5 | become: True 6 | roles: 7 | - role: python 8 | tags: 9 | - install 10 | - install:system-requirements 11 | 12 | - name: Configure instance(s) 13 | hosts: all 14 | become: True 15 | gather_facts: True 16 | roles: 17 | - oauth2_proxy 18 | -------------------------------------------------------------------------------- /playbooks/edx-east: -------------------------------------------------------------------------------- 1 | . -------------------------------------------------------------------------------- /playbooks/edx-monitoring.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Bootstrap instance(s) 3 | hosts: all 4 | gather_facts: no 5 | become: True 6 | roles: 7 | - role: python 8 | tags: 9 | - install 10 | - install:system-requirements 11 | 12 | - name: Configure instance(s) 13 | hosts: all 14 | become: True 15 | gather_facts: True 16 | roles: 17 | - graphite 18 | - grafana 19 | - role: nginx 20 | nginx_sites: 21 | - graphite 22 | - grafana 23 | -------------------------------------------------------------------------------- /playbooks/edx_ansible.yml: -------------------------------------------------------------------------------- 1 | - name: Install edx_ansible 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - edx_ansible 11 | -------------------------------------------------------------------------------- /playbooks/edx_mirror.yml: -------------------------------------------------------------------------------- 1 | # ansible-playbook --limit tag_Name_mirror edx_mirror.yml --user ubuntu -i ec2.py 2 | - name: Configure instance(s) 3 | hosts: all 4 | become: True 5 | gather_facts: False 6 | roles: 7 | - role: nginx 8 | nginx_sites: 9 | - gh_mirror 10 | tags: ['r_nginx'] 11 | - role: gh_mirror 12 | tags: ['r_gh_mirror'] 13 | 14 | -------------------------------------------------------------------------------- /playbooks/flower.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy celery flower (monitoring tool) 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - flower 12 | -------------------------------------------------------------------------------- /playbooks/ghost.yml: -------------------------------------------------------------------------------- 1 | - name: Install gh-ost 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - common 10 | - ghost 11 | 12 | -------------------------------------------------------------------------------- /playbooks/go-agent-docker.yml: -------------------------------------------------------------------------------- 1 | # ansible-playbook -i 'admin.edx.org,' ./hotg.yml -e@/path/to/ansible/vars/edx.yml -e@/path/to/secure/ansible/vars/edx_admin.yml 2 | 3 | - name: Install go-agent-docker-server 4 | hosts: all 5 | become: True 6 | gather_facts: True 7 | roles: 8 | - role: aws 9 | when: COMMON_ENABLE_AWS_ROLE 10 | - go-agent-docker-server 11 | -------------------------------------------------------------------------------- /playbooks/group_vars/README.rst: -------------------------------------------------------------------------------- 1 | After EC2 discovery variables in the files that match any of the discovered 2 | groups will be set. 3 | 4 | For convenience a single variable is set for every Group tag for conditional 5 | task execution. 6 | -------------------------------------------------------------------------------- /playbooks/group_vars/tag_environment_prod: -------------------------------------------------------------------------------- 1 | --- 2 | secure_dir: '../../configuration-secure/ansible' 3 | local_dir: '../../configuration-secure/ansible/local' 4 | -------------------------------------------------------------------------------- /playbooks/insightvm_agent.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy insightvm_agent 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - insightvm_agent 12 | -------------------------------------------------------------------------------- /playbooks/inventory.ini: -------------------------------------------------------------------------------- 1 | [localhost] 2 | 127.0.0.1 3 | -------------------------------------------------------------------------------- /playbooks/jenkins_it.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Bootstrap instance(s) 3 | hosts: all 4 | gather_facts: no 5 | become: True 6 | roles: 7 | - python 8 | 9 | - name: Configure instance(s) 10 | hosts: all 11 | become: True 12 | gather_facts: True 13 | vars: 14 | COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE: True 15 | COMMON_SECURITY_UPDATES: yes 16 | SECURITY_UPGRADE_ON_ANSIBLE: true 17 | 18 | roles: 19 | - role: aws 20 | when: COMMON_ENABLE_AWS_ROLE 21 | - docker-tools 22 | - jenkins_it 23 | -------------------------------------------------------------------------------- /playbooks/learning.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy learning MFE Frontend 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'learning' 8 | MYMFE_ENABLED: True 9 | MYMFE_SANDBOX_BUILD: False 10 | roles: 11 | - role: mfe 12 | MFE_NAME: learning 13 | MFE_VERSION: '{{ LEARNING_MFE_VERSION }}' 14 | - role: splunkforwarder 15 | when: COMMON_ENABLE_SPLUNKFORWARDER 16 | - role: newrelic_infrastructure 17 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 18 | -------------------------------------------------------------------------------- /playbooks/library_authoring.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy the Library Authoring MFE 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'library-authoring' 8 | LIBRARY_AUTHORING_ENABLED: True 9 | LIBRARY_AUTHORING_SANDBOX_BUILD: False 10 | roles: 11 | - role: library_authoring 12 | MFE_NAME: library-authoring 13 | - role: splunkforwarder 14 | when: COMMON_ENABLE_SPLUNKFORWARDER 15 | - role: newrelic_infrastructure 16 | when: COMMON_ENABLE_NEWRELICE_INFRASTRUCTURE -------------------------------------------------------------------------------- /playbooks/log_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Build a kibana/logstash/elasticsearch server for capturing and 3 | # analyzing logs. 4 | - name: Configure syslog server 5 | hosts: all 6 | become: True 7 | roles: 8 | - common 9 | - oraclejdk 10 | - elasticsearch 11 | - logstash 12 | - kibana 13 | - role: nginx 14 | nginx_sites: 15 | - kibana 16 | -------------------------------------------------------------------------------- /playbooks/mfe_flags_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Setup required MFE waffle flags 4 | hosts: all 5 | become: True 6 | gather_facts: True 7 | vars_files: 8 | - "roles/common_vars/defaults/main.yml" 9 | - "roles/edxapp/defaults/main.yml" 10 | roles: 11 | - role: mfe_flags_setup 12 | -------------------------------------------------------------------------------- /playbooks/minos.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy edxapp 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - minos 12 | -------------------------------------------------------------------------------- /playbooks/mongo.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy MongoDB 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - role: aws 7 | when: COMMON_ENABLE_AWS_ROLE 8 | - mongo 9 | - role: datadog 10 | when: COMMON_ENABLE_DATADOG 11 | - role: splunkforwarder 12 | when: COMMON_ENABLE_SPLUNKFORWARDER 13 | - role: newrelic_infrastructure 14 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 15 | - role: datadog-uninstall 16 | when: not COMMON_ENABLE_DATADOG 17 | 18 | -------------------------------------------------------------------------------- /playbooks/mongo_mms.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy mongo_mms instance 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - mongo_mms 12 | - role: datadog 13 | when: COMMON_ENABLE_DATADOG 14 | - role: datadog-uninstall 15 | when: not COMMON_ENABLE_DATADOG 16 | -------------------------------------------------------------------------------- /playbooks/mysql.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy MySQL 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - mysql 7 | -------------------------------------------------------------------------------- /playbooks/newrelic_mongo_monitor.yml: -------------------------------------------------------------------------------- 1 | 2 | - name: Configure newrelic mongo monitoring 3 | hosts: all 4 | become: True 5 | gather_facts: True 6 | roles: 7 | - mongo_newrelic_monitor 8 | -------------------------------------------------------------------------------- /playbooks/ora_grading.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy the ORA Grading MFE Frontend 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'ora-grading' 8 | ORA_GRADING_ENABLED: True 9 | ORA_GRADING_SANDBOX_BUILD: False 10 | roles: 11 | - role: mfe 12 | MFE_NAME: ora-grading 13 | - role: splunkforwarder 14 | when: COMMON_ENABLE_SPLUNKFORWARDER 15 | - role: newrelic_infrastructure 16 | when: COMMON_ENABLE_NEWRELICE_INFRASTRUCTURE 17 | 18 | -------------------------------------------------------------------------------- /playbooks/payment.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy payment MFE Frontend 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'payment' 8 | PAYMENT_MFE_ENABLED: True 9 | PAYMENT_MFE_SANDBOX_BUILD: False 10 | roles: 11 | - role: payment 12 | MFE_NAME: payment 13 | - role: splunkforwarder 14 | when: COMMON_ENABLE_SPLUNKFORWARDER 15 | - role: newrelic_infrastructure 16 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 17 | -------------------------------------------------------------------------------- /playbooks/profile.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy profile Frontend 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | ENABLE_NEWRELIC: False 7 | CLUSTER_NAME: 'profile' 8 | PROFILE_MFE_ENABLED: True 9 | PROFILE_MFE_SANDBOX_BUILD: False 10 | roles: 11 | - role: mfe 12 | MFE_NAME: profile 13 | MFE_VERSION: '{{ PROFILE_MFE_VERSION }}' 14 | - role: splunkforwarder 15 | when: COMMON_ENABLE_SPLUNKFORWARDER 16 | - role: newrelic_infrastructure 17 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 18 | -------------------------------------------------------------------------------- /playbooks/prospectus_sandbox.yml: -------------------------------------------------------------------------------- 1 | # Restarts supervisor and nginx tasks for a sandbox 2 | 3 | - name: restart supervisor/nginx for a sandbox 4 | hosts: all 5 | become: True 6 | gather_facts: True 7 | 8 | tasks: 9 | - name: stop supervisor 10 | shell: > 11 | sudo service supervisor stop 12 | 13 | - name: stop nginx 14 | shell: > 15 | sudo service nginx stop 16 | 17 | - name: kill www-data tasks 18 | shell: > 19 | sudo pkill -u www-data 20 | 21 | - name: restart nginx 22 | shell: > 23 | sudo service nginx start -------------------------------------------------------------------------------- /playbooks/redis.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy redis 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - role: aws 7 | when: COMMON_ENABLE_AWS_ROLE 8 | - redis 9 | - role: datadog 10 | when: COMMON_ENABLE_DATADOG 11 | - role: splunkforwarder 12 | when: COMMON_ENABLE_SPLUNKFORWARDER 13 | - role: newrelic_infrastructure 14 | when: COMMON_ENABLE_NEWRELIC_INFRASTRUCTURE 15 | - role: datadog-uninstall 16 | when: not COMMON_ENABLE_DATADOG 17 | 18 | -------------------------------------------------------------------------------- /playbooks/restart_supervisor.yml: -------------------------------------------------------------------------------- 1 | - name: restarts supervisor 2 | hosts: all 3 | become: True 4 | gather_facts: False 5 | vars_files: 6 | - roles/common_vars/defaults/main.yml 7 | - roles/supervisor/defaults/main.yml 8 | tasks: 9 | - name: supervisor | restart supervisor 10 | service: 11 | name: "{{ supervisor_service }}" 12 | state: restarted 13 | register: rc 14 | until: rc is succeeded 15 | retries: 5 16 | -------------------------------------------------------------------------------- /playbooks/roles/ad_hoc_reporting/templates/edx/bin/mysql.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | mysql -u {{ COMMON_MYSQL_READ_ONLY_USER }} -h {{ item.db_host }} -p"{{ COMMON_MYSQL_READ_ONLY_PASS }}" {{ item.db_name }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/ad_hoc_reporting/templates/etc/mongorc.js.j2: -------------------------------------------------------------------------------- 1 | // we only ever connect to secondaries, avoid people needing to remember to type this 2 | rs.secondaryOk(); 3 | 4 | // This uses the DB name rather than the replica set, which I think is more useful 5 | var prompt = function() { 6 | return db.getName() + "> "; 7 | } 8 | -------------------------------------------------------------------------------- /playbooks/roles/add_user/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role add_user 12 | # 13 | 14 | # Allow this role to be duplicated in dependencies 15 | allow_duplicates: yes 16 | -------------------------------------------------------------------------------- /playbooks/roles/aide/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | AIDE_REPORT_EMAIL: 'root' 4 | -------------------------------------------------------------------------------- /playbooks/roles/analytics_pipeline/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role analytics_pipeline 12 | 13 | dependencies: 14 | - common 15 | - hadoop_master 16 | - hive 17 | - sqoop 18 | -------------------------------------------------------------------------------- /playbooks/roles/analytics_pipeline/templates/client.cfg.j2: -------------------------------------------------------------------------------- 1 | [hadoop] 2 | version: {{ ANALYTICS_PIPELINE_LUIGI_HADOOP_VERSION }} 3 | command: {{ ANALYTICS_PIPELINE_LUIGI_HADOOP_COMMAND }} 4 | streaming-jar: {{ ANALYTICS_PIPELINE_LUIGI_HADOOP_STREAMING_JAR }} 5 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role-django-ida/templates/docker/build/ROLE_NAME/ansible_overrides.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {{ role_name }}_gunicorn_host: 127.0.0.1 3 | {{ role_name|upper }}_MYSQL: 'db' 4 | {{ role_name|upper }}_DJANGO_SETTINGS_MODULE: '{{ role_name }}.settings.devstack' 5 | {{ role_name|upper }}_MYSQL_MATCHER: '%' 6 | 7 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role-django-ida/templates/docker/build/ROLE_NAME/inventory: -------------------------------------------------------------------------------- 1 | [local] 2 | localhost 3 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role-django-ida/templates/docker/plays/ROLE_NAME.yml.j2: -------------------------------------------------------------------------------- 1 | - name: Deploy {{ role_name|replace('_', ' ')|title }} 2 | hosts: all 3 | sudo: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ '{{' }} serial_count }}" 8 | roles: 9 | - nginx 10 | - role: {{ role_name }} 11 | nginx_default_sites: 12 | - {{ role_name }} -------------------------------------------------------------------------------- /playbooks/roles/ansible-role-django-ida/templates/header.j2: -------------------------------------------------------------------------------- 1 | # 2 | # edX Configuration 3 | # 4 | # github: https://github.com/openedx/configuration 5 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 6 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 7 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 8 | # 9 | # 10 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role-django-ida/templates/templates/edx/app/ROLE_NAME/ROLE_NAME_env.j2: -------------------------------------------------------------------------------- 1 | # {{ '{{' }} ansible_managed }} 2 | 3 | {{ '{%' }} for name,value in {{ role_name }}_environment.items() -%} 4 | {{ '{%' }}- if value -%} 5 | export {{ '{{' }} name }}="{{ '{{' }} value }}" 6 | {{ '{%' }} endif %} 7 | {{ '{%' }}- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role/templates/defaults/main.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% include 'roles/ansible-role/templates/header.j2' %} 3 | # 4 | # Defaults for role {{ my_role_name }} 5 | # 6 | 7 | # 8 | # vars are namespaced with the module name. 9 | # 10 | {{ my_role_name }}_role_name: {{ my_role_name }} 11 | 12 | # 13 | # OS packages 14 | # 15 | 16 | {{ my_role_name }}_debian_pkgs: [] 17 | 18 | {{ my_role_name }}_redhat_pkgs: [] 19 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role/templates/header.j2: -------------------------------------------------------------------------------- 1 | # 2 | # edX Configuration 3 | # 4 | # github: https://github.com/openedx/configuration 5 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 6 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 7 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 8 | # 9 | # 10 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role/templates/meta/main.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% include 'roles/ansible-role/templates/header.j2' %} 3 | # 4 | # Role includes for role {{ my_role_name }} 5 | # 6 | # Example: 7 | # 8 | # dependencies: 9 | # - { 10 | # role: my_role 11 | # my_role_var0: "foo" 12 | # my_role_var1: "bar" 13 | # } 14 | -------------------------------------------------------------------------------- /playbooks/roles/ansible-role/templates/tasks/main.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% include 'roles/ansible-role/templates/header.j2' %} 3 | 4 | # 5 | # Tasks for role {{ my_role_name }} 6 | # 7 | # Overview: 8 | # 9 | # 10 | # Dependencies: 11 | # 12 | # 13 | # Example play: 14 | # 15 | # 16 | 17 | - name: stub ansible task 18 | debug: msg="This is a stub task created by the ansible-role role" 19 | notify: notify me 20 | -------------------------------------------------------------------------------- /playbooks/roles/antivirus/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | # 11 | # 12 | # Handlers for role antivirus 13 | # 14 | # Overview: 15 | # 16 | # 17 | -------------------------------------------------------------------------------- /playbooks/roles/antivirus/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role antivirus 12 | # 13 | dependencies: 14 | - common 15 | -------------------------------------------------------------------------------- /playbooks/roles/antivirus/templates/server_virus_scan.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | {% if ANTIVIRUS_SCAN_DIRECTORY is defined %} 4 | dir_to_scan="{{ ANTIVIRUS_SCAN_DIRECTORY }}" 5 | {% endif %} 6 | 7 | log_dir={{ antivirus_log_dir }} 8 | 9 | clamout=$(clamscan -ri $dir_to_scan); 10 | malware=$(echo "$clamout" | grep -i 'Infected' | cut -d ' ' -f3) 11 | 12 | if [[ "$malware" -ne 0 ]]; then 13 | echo -e "Malware Found\n$clamout" >> "$log_dir/clamav.log" 14 | fi 15 | -------------------------------------------------------------------------------- /playbooks/roles/apache/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apache_ports: 3 | - 80 4 | apache_sites: 5 | - lms 6 | apache_template_dir: '.' 7 | -------------------------------------------------------------------------------- /playbooks/roles/apache/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart apache 3 | service: 4 | name: apache2 5 | state: restarted 6 | tags: 7 | - deploy 8 | -------------------------------------------------------------------------------- /playbooks/roles/apache/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/apache/templates/ports.conf.j2: -------------------------------------------------------------------------------- 1 | {%- for port in apache_ports -%} 2 | NameVirtualHost *:{{ port }} 3 | Listen {{ port }} 4 | {% endfor %} 5 | -------------------------------------------------------------------------------- /playbooks/roles/authn/defaults/main.yml: -------------------------------------------------------------------------------- 1 | authn_env_extra: 2 | SHOW_CONFIGURABLE_EDX_FIELDS: "{{ AUTHN_SHOW_CONFIGURABLE_EDX_FIELDS }}" 3 | -------------------------------------------------------------------------------- /playbooks/roles/authn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Build Authn MFE 2 | include_role: 3 | name: mfe 4 | vars: 5 | MFE_NAME: authn 6 | MFE_VERSION: '{{ AUTHN_MFE_VERSION }}' 7 | MFE_SITE_NAME: 'Your Platform Name Here' 8 | MFE_NPM_OVERRIDES: '{{ AUTHN_MFE_NPM_OVERRIDES | default(MFE_DEPLOY_NPM_OVERRIDES) }}' 9 | MFE_ENVIRONMENT_EXTRA: '{{ authn_env_extra | default(MFE_DEPLOY_ENVIRONMENT_EXTRA) }}' 10 | MFE_GIT_PATH: 'openedx' 11 | -------------------------------------------------------------------------------- /playbooks/roles/automated/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | 11 | # Allow this role to be duplicated in dependencies. 12 | allow_duplicates: yes 13 | -------------------------------------------------------------------------------- /playbooks/roles/automated/templates/99-automated.j2: -------------------------------------------------------------------------------- 1 | {% for command in item.value.sudo_commands %} 2 | {% if "python_prefix" in command and command.python_prefix != "" -%} 3 | {{ item.key }} ALL=({{ command.sudo_user }}) SETENV:NOPASSWD:{{ command.python_prefix }} {{ command.command | replace('\'', '') }} 4 | {% endif %} 5 | {{ item.key }} ALL=({{ command.sudo_user }}) SETENV:NOPASSWD:{{ command.command | replace('\'', '') }} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/automated/templates/home/automator/.ssh/authorized_keys.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for line in item.value.authorized_keys -%} 4 | {{ line }} 5 | {% endfor %} -------------------------------------------------------------------------------- /playbooks/roles/aws/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role aws 12 | # 13 | dependencies: 14 | - role: vhost 15 | VHOST_NAME: "{{ vhost_name }}" 16 | -------------------------------------------------------------------------------- /playbooks/roles/aws/templates/boto.cfg.j2: -------------------------------------------------------------------------------- 1 | [Boto] 2 | http_socket_timeout = 3 3 | -------------------------------------------------------------------------------- /playbooks/roles/aws/templates/mtu.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ifconfig {{ ansible_default_ipv4.interface }} mtu 1500 3 | -------------------------------------------------------------------------------- /playbooks/roles/aws_devstack/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: common 4 | -------------------------------------------------------------------------------- /playbooks/roles/blockstore/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Role to deploy Blockstore, the next-generation Open edX Learning Object Repository 3 | # 4 | # github: https://github.com/openedx/blockstore 5 | # 6 | # 7 | # Tasks for role blockstore 8 | # 9 | # Overview: This role's tasks come from edx_django_service. 10 | # 11 | # 12 | # Dependencies: 13 | # 14 | # 15 | # Example play: 16 | # 17 | # 18 | -------------------------------------------------------------------------------- /playbooks/roles/browsers/files/geckodriver: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/local/bin/geckodriver-bin "$@" --marionette-port 2828 4 | -------------------------------------------------------------------------------- /playbooks/roles/browsers/templates/xvfb.conf.j2: -------------------------------------------------------------------------------- 1 | description "Xvfb X Server" 2 | start on (net-device-up and local-filesystems and runlevel [2345]) 3 | stop on runlevel [016] 4 | exec /usr/bin/Xvfb {{ browser_xvfb_display }} -screen 0 1024x768x24 5 | respawn 6 | respawn limit 15 5 7 | -------------------------------------------------------------------------------- /playbooks/roles/browsers/templates/xvfb.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Xvfb X Server 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart=/usr/bin/Xvfb {{ browser_xvfb_display }} -screen 0 1024x768x24 7 | 8 | [Install] 9 | WantedBy=multi-user.target 10 | -------------------------------------------------------------------------------- /playbooks/roles/cassandra/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - oraclejdk -------------------------------------------------------------------------------- /playbooks/roles/codejail/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | codejail_debian_packages: 3 | - apparmor-utils 4 | CODEJAIL_PYTHON_VERSIONS: 5 | - python3.8 6 | codejail_sandbox_user: 'sandbox' 7 | codejail_sandbox_group: 'sandbox' 8 | codejail_sandbox_name_base: 'codejail_sandbox' 9 | codejail_sandbox_env: '/home/{{ codejail_sandbox_user }}/{{ codejail_sandbox_name_base }}' 10 | codejail_sandbox_caller: 'ubuntu' 11 | -------------------------------------------------------------------------------- /playbooks/roles/common/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Common variables are defined in the common_vars role on which this 4 | # role depends. This is to allow sharing vars without creating 5 | # side-effects. Any vars requred by this role should be added to 6 | # common_vars/defaults/main.yml 7 | # 8 | -------------------------------------------------------------------------------- /playbooks/roles/common/files/bash_profile: -------------------------------------------------------------------------------- 1 | # .bash_profile 2 | 3 | # Get the aliases and functions 4 | if [ -f ~/.bashrc ]; then 5 | . ~/.bashrc 6 | fi -------------------------------------------------------------------------------- /playbooks/roles/common/files/ssh_key_forward: -------------------------------------------------------------------------------- 1 | Defaults env_keep+=SSH_AUTH_SOCK 2 | -------------------------------------------------------------------------------- /playbooks/roles/common/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common_vars 4 | - server_utils 5 | - role: user 6 | user_info: "{{ COMMON_USER_INFO }}" 7 | - role: security 8 | when: COMMON_SECURITY_UPDATES 9 | -------------------------------------------------------------------------------- /playbooks/roles/common/templates/etc/cron.hourly/logrotate.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | test -x /usr/sbin/logrotate || exit 0 4 | /usr/sbin/logrotate /etc/logrotate.d/hourly 5 | -------------------------------------------------------------------------------- /playbooks/roles/common/templates/etc/logrotate.d/ntp.j2: -------------------------------------------------------------------------------- 1 | {{ COMMON_LOG_DIR }}/ntp.log { 2 | compress 3 | dateext 4 | dateformat -%Y%m%d-%s 5 | missingok 6 | daily 7 | rotate 3 8 | } 9 | -------------------------------------------------------------------------------- /playbooks/roles/common/templates/hostname.j2: -------------------------------------------------------------------------------- 1 | {{ COMMON_HOSTNAME }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/common/templates/hosts.j2: -------------------------------------------------------------------------------- 1 | 127.0.0.1 {{ COMMON_HOSTNAME }} localhost 2 | 3 | # The following lines are desirable for IPv6 capable hosts 4 | ::1 ip6-localhost ip6-loopback 5 | fe00::0 ip6-localnet 6 | ff00::0 ip6-mcastprefix 7 | ff02::1 ip6-allnodes 8 | ff02::2 ip6-allrouters 9 | ff02::3 ip6-allhosts 10 | -------------------------------------------------------------------------------- /playbooks/roles/common_vars/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # There should never be any side-effecting tasks included in this role. 4 | # It is used solely for making shared variables available across roles. -------------------------------------------------------------------------------- /playbooks/roles/conductor/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/conductor/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/conductor/tasks/main.yml -------------------------------------------------------------------------------- /playbooks/roles/config-encoders/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | -------------------------------------------------------------------------------- /playbooks/roles/config-encoders/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | -------------------------------------------------------------------------------- /playbooks/roles/course_authoring/defaults/main.yml: -------------------------------------------------------------------------------- 1 | course_authoring_env_extra: 2 | STUDIO_BASE_URL: 'https://studio-{{COMMON_DEPLOY_HOSTNAME}}' 3 | 4 | -------------------------------------------------------------------------------- /playbooks/roles/course_authoring/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx -------------------------------------------------------------------------------- /playbooks/roles/course_authoring/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Build Course Authoring MFE 2 | include_role: 3 | name: mfe 4 | vars: 5 | MFE_ENVIRONMENT_EXTRA: '{{ course_authoring_env_extra | default(MFE_DEPLOY_ENVIRONMENT_EXTRA) }}' -------------------------------------------------------------------------------- /playbooks/roles/credentials/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | # 11 | # 12 | # Tasks for role credentials 13 | # 14 | # Overview: This role's tasks come from edx_django_service. 15 | # 16 | # 17 | # Dependencies: 18 | # 19 | # 20 | # Example play: 21 | # 22 | # 23 | -------------------------------------------------------------------------------- /playbooks/roles/datadog-uninstall/defaults/main.yml: -------------------------------------------------------------------------------- 1 | datadog_uninstall_apt_key: "0x382E94DE" 2 | DATADOG_UNINSTALL_UBUNTU_APT_KEYSERVER: "http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=" 3 | -------------------------------------------------------------------------------- /playbooks/roles/datadog-uninstall/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove apt key for datadog 3 | apt_key: 4 | id: "382E94DE" 5 | url: "{{ DATADOG_UNINSTALL_UBUNTU_APT_KEYSERVER }}{{ datadog_uninstall_apt_key }}" 6 | state: absent 7 | 8 | - name: Uninstall apt repository for datadog 9 | apt_repository: 10 | repo: 'deb http://apt.datadoghq.com/ stable main' 11 | state: absent 12 | 13 | 14 | - name: Uninstall datadog agent 15 | apt: 16 | name: "datadog-agent" 17 | state: absent 18 | -------------------------------------------------------------------------------- /playbooks/roles/datadog/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | datadog_api_key: "{{ datadog_api_key }}" 4 | datadog_config: "{{ datadog_config }}" 5 | datadog_checks: "{{ datadog_checks }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/datadog/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/datadog/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # datadog 4 | # 5 | # Overview: 6 | # 7 | # Installs datadog 8 | ## 9 | # Dependencies: 10 | # 11 | # Example play: 12 | # roles: 13 | # - common 14 | # - datadog 15 | # 16 | 17 | - name: Install Datadog role from Ansible Galaxy 18 | ansible.builtin.command: ansible-galaxy install datadog.datadog 19 | delegate_to: localhost 20 | become: false 21 | 22 | - name: Install datadog Agent 23 | include_role: 24 | name: datadog.datadog 25 | -------------------------------------------------------------------------------- /playbooks/roles/dbt_docs_nginx/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Populate the cloudwatch_procstat_patterns with patterns that you want to pass to the procstat config. 2 | cloudwatch_procstat_patterns: ['nginx', 'cloudwatch-agent'] 3 | -------------------------------------------------------------------------------- /playbooks/roles/dbt_docs_nginx/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/dbt_docs_nginx/meta/main.yml -------------------------------------------------------------------------------- /playbooks/roles/dbt_docs_nginx/templates/nginx/dbt_files_sync.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo aws s3 sync s3://{{ s3_bucket }}/ /usr/share/nginx/html/ --delete --include "*" -------------------------------------------------------------------------------- /playbooks/roles/demo/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/designer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | # 11 | # 12 | # Tasks for role designer 13 | # 14 | # Overview: This role's tasks come from edx_django_service. 15 | # 16 | # 17 | # Dependencies: 18 | # 19 | # 20 | # Example play: 21 | # 22 | # 23 | -------------------------------------------------------------------------------- /playbooks/roles/discovery/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | # 11 | # 12 | # Tasks for role discovery 13 | # 14 | # Overview: This role's tasks come from edx_django_service. 15 | # 16 | # 17 | # Dependencies: 18 | # 19 | # 20 | # Example play: 21 | # 22 | # 23 | -------------------------------------------------------------------------------- /playbooks/roles/docker-tools/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | dependencies: 4 | - common 5 | -------------------------------------------------------------------------------- /playbooks/roles/ecomworker/templates/edx/app/ecomworker/ecomworker_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in ecommerce_worker_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/ecomworker/templates/edx/app/supervisor/conf.d.available/ecomworker.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # {{ ansible_managed }} 3 | # 4 | [program:{{ ecommerce_worker_service_name }}] 5 | 6 | command={{ ecommerce_worker_home }}/{{ ecommerce_worker_service_name }}.sh 7 | user={{ common_web_user }} 8 | directory={{ ecommerce_worker_code_dir }} 9 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 10 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 11 | killasgroup=true 12 | stopasgroup=true 13 | -------------------------------------------------------------------------------- /playbooks/roles/edx_ansible/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role edx_ansible 12 | 13 | dependencies: 14 | - common_vars 15 | -------------------------------------------------------------------------------- /playbooks/roles/edx_ansible/templates/dumpall.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {{ vars | to_nice_yaml }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edx_ansible/templates/show-repo-heads.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Display the head commit for all our git repos 4 | 5 | echo "With status..." 6 | 7 | # Look in .git directories. Only two levels down to avoid virtualenvs. 8 | 9 | for d in {{ COMMON_APP_DIR }}/*/*/.git; do 10 | d=$(dirname $d) 11 | echo "---- $d ----" 12 | git -C $d log -1 --format='%ci (%h) %cn: %s %d' 13 | git -C $d status --short 14 | done 15 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service/templates/edx/app/app/app_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in edx_django_service_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service/templates/edx/app/nginx/sites-available/concerns/admin_urls_access_from_restricted_cidrs.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ADMIN_ACCESS_CIDRS and EDX_DJANGO_SERVICE_ENABLE_ADMIN_URLS_RESTRICTION %} 2 | location ~ ^/({{ EDX_DJANGO_SERVICE_ADMIN_URLS|join("|") }}) { 3 | real_ip_header X-Forwarded-For; 4 | set_real_ip_from {{ NGINX_TRUSTED_IP_CIDRS }}; 5 | {% for cidr in NGINX_ADMIN_ACCESS_CIDRS %} 6 | allow {{ cidr }}; 7 | {% endfor %} 8 | deny all; 9 | try_files $uri @proxy_to_app; 10 | } 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service/templates/edx/app/nginx/sites-available/concerns/basic-auth.j2: -------------------------------------------------------------------------------- 1 | {% if edx_django_service_enable_basic_auth|bool %} 2 | satisfy any; 3 | 4 | allow 127.0.0.1; 5 | 6 | {% for cidr in COMMON_BASIC_AUTH_EXCEPTIONS %} 7 | allow {{ cidr }}; 8 | {% endfor %} 9 | 10 | deny all; 11 | 12 | auth_basic "Restricted"; 13 | auth_basic_user_file {{ nginx_htpasswd_file }}; 14 | 15 | index index.html 16 | proxy_set_header X-Forwarded-Proto https; 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service/templates/edx/app/nginx/sites-available/concerns/robots.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ROBOT_RULES|length > 0 %} 2 | location /robots.txt { 3 | root {{ nginx_app_dir }}; 4 | try_files $uri /robots.txt =404; 5 | } 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service/templates/edx/app/nginx/sites-available/concerns/upstream.j2: -------------------------------------------------------------------------------- 1 | upstream {{ edx_django_service_name }}_app_server { 2 | {% for host in nginx_edx_django_service_gunicorn_hosts %} 3 | server {{ host }}:{{ edx_django_service_gunicorn_port }} fail_timeout=0; 4 | {% endfor %} 5 | } 6 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service_with_rendered_config/templates/edx/app/app/app_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in edx_django_service_with_rendered_config_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service_with_rendered_config/templates/edx/app/nginx/sites-available/concerns/basic-auth.j2: -------------------------------------------------------------------------------- 1 | {% if edx_django_service_with_rendered_config_enable_basic_auth|bool %} 2 | satisfy any; 3 | 4 | allow 127.0.0.1; 5 | 6 | {% for cidr in COMMON_BASIC_AUTH_EXCEPTIONS %} 7 | allow {{ cidr }}; 8 | {% endfor %} 9 | 10 | deny all; 11 | 12 | auth_basic "Restricted"; 13 | auth_basic_user_file {{ nginx_htpasswd_file }}; 14 | 15 | index index.html 16 | proxy_set_header X-Forwarded-Proto https; 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service_with_rendered_config/templates/edx/app/nginx/sites-available/concerns/robots.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ROBOT_RULES|length > 0 %} 2 | location /robots.txt { 3 | root {{ nginx_app_dir }}; 4 | try_files $uri /robots.txt =404; 5 | } 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/edx_django_service_with_rendered_config/templates/edx/app/nginx/sites-available/concerns/upstream.j2: -------------------------------------------------------------------------------- 1 | upstream {{ edx_django_service_with_rendered_config_service_name }}_app_server { 2 | {% for host in nginx_edx_django_service_with_rendered_config_gunicorn_hosts %} 3 | server {{ host }}:{{ edx_django_service_with_rendered_config_gunicorn_port }} fail_timeout=0; 4 | {% endfor %} 5 | } 6 | -------------------------------------------------------------------------------- /playbooks/roles/edx_notes_api/templates/edx/app/edx_notes_api/edx_notes_api_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in edx_notes_api_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/edx_notes_api/templates/edx/app/supervisor/conf.d.available/edx_notes_api.conf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # {{ ansible_managed }} 3 | # 4 | 5 | [program:{{ edx_notes_api_service_name }}] 6 | 7 | command={{ edx_notes_api_home }}/{{ edx_notes_api_service_name }}.sh 8 | user={{ common_web_user }} 9 | directory={{ edx_notes_api_code_dir }} 10 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)-stdout.log 11 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)-stderr.log 12 | killasgroup=true 13 | stopasgroup=true 14 | -------------------------------------------------------------------------------- /playbooks/roles/edx_service/templates/config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # {{ ansible_managed }} 3 | 4 | {% if edx_service_config_filter_nones -%} 5 | {% for key, value in edx_service_config.copy().items() -%} 6 | {% if value is none -%} 7 | {% do edx_service_config.pop(key) %} 8 | {%- endif %} 9 | {%- endfor %} 10 | {%- endif %} 11 | 12 | {{ edx_service_config | to_nice_yaml }} 13 | -------------------------------------------------------------------------------- /playbooks/roles/edx_service_with_rendered_config/templates/config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # {{ ansible_managed }} 3 | 4 | {% if edx_service_with_rendered_config_filter_nones -%} 5 | {% for key, value in edx_service_with_rendered_config_service_config.copy().items() -%} 6 | {% if value is none -%} 7 | {% do edx_service_with_rendered_config_service_config.pop(key) %} 8 | {%- endif %} 9 | {%- endfor %} 10 | {%- endif %} 11 | 12 | {{ edx_service_with_rendered_config_service_config | to_nice_yaml }} 13 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: supervisor 5 | supervisor_spec: 6 | - service: edxapp 7 | migration_check_services: "lms,cms,workers" 8 | python: "{{ edxapp_venv_bin }}/python" 9 | code: "{{ edxapp_code_dir | default(None) }}" 10 | env: "{{ edxapp_app_dir | default(None) }}/edxapp_env" 11 | - edxapp_common 12 | - nltk 13 | - role: edx_themes 14 | theme_users: 15 | - "{{ edxapp_user }}" 16 | when: EDXAPP_ENABLE_COMPREHENSIVE_THEMING 17 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/.npmrc.j2: -------------------------------------------------------------------------------- 1 | registry={{ COMMON_NPM_MIRROR_URL }} 2 | prefix={{ edxapp_npm_dir }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/boto.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/edxapp/templates/boto.j2 -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/cms.auth.json.j2: -------------------------------------------------------------------------------- 1 | {% do cms_auth_config.update(EDXAPP_CMS_AUTH_EXTRA) %} 2 | {{ cms_auth_config | to_nice_json }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/cms.env.json.j2: -------------------------------------------------------------------------------- 1 | {% do cms_env_config.update(EDXAPP_CMS_ENV_EXTRA) %} 2 | {{ cms_env_config | to_nice_json }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/course.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/app/supervisor/conf.d.available/cms.conf.j2: -------------------------------------------------------------------------------- 1 | [program:cms] 2 | 3 | 4 | command={{ edxapp_app_dir }}/cms.sh 5 | 6 | user={{ common_web_user }} 7 | directory={{ edxapp_code_dir }} 8 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 9 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 10 | killasgroup=true 11 | stopasgroup=true 12 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/app/supervisor/conf.d.available/lms.conf.j2: -------------------------------------------------------------------------------- 1 | [program:lms] 2 | 3 | command={{ edxapp_app_dir }}/lms.sh 4 | 5 | user={{ common_web_user }} 6 | directory={{ edxapp_code_dir }} 7 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 8 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 9 | killasgroup=true 10 | stopasgroup=true 11 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/bin/edxapp-runserver-cms.j2: -------------------------------------------------------------------------------- 1 | {% include "edxapp_common.j2" %} 2 | 3 | sudo -E -u {{ edxapp_user }} env "PATH=$PATH" {{ edxapp_venv_bin}}/python manage.py cms runserver {{ edxapp_cms_gunicorn_port }} --settings $EDX_PLATFORM_SETTINGS 4 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/bin/edxapp-runserver-lms.j2: -------------------------------------------------------------------------------- 1 | {% include "edxapp_common.j2" %} 2 | 3 | sudo -E -u {{ edxapp_user }} env "PATH=$PATH" {{ edxapp_venv_bin}}/python manage.py lms runserver {{ edxapp_lms_gunicorn_port }} --settings $EDX_PLATFORM_SETTINGS 4 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/bin/edxapp-shell-cms.j2: -------------------------------------------------------------------------------- 1 | {% include "edxapp_common.j2" %} 2 | 3 | sudo -E -u {{ edxapp_user }} env "PATH=$PATH" {{ edxapp_venv_bin}}/python manage.py cms shell --settings $EDX_PLATFORM_SETTINGS 4 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edx/bin/edxapp-shell-lms.j2: -------------------------------------------------------------------------------- 1 | {% include "edxapp_common.j2" %} 2 | 3 | sudo -E -u {{ edxapp_user }} env "PATH=$PATH" {{ edxapp_venv_bin}}/python manage.py lms shell --settings $EDX_PLATFORM_SETTINGS 4 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/edxapp_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% for name,value in edxapp_environment.items() %} 3 | {%- if value %} 4 | export {{ name }}="{{ value }}" 5 | {%- endif %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/git_ssh.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | {% if EDXAPP_USE_GIT_IDENTITY %} 3 | exec /usr/bin/ssh -o StrictHostKeyChecking=no -i {{ edxapp_git_identity }} "$@" 4 | {% else %} 5 | exec /usr/bin/ssh -o StrictHostKeyChecking=no "$@" 6 | {% endif %} -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/lms.auth.json.j2: -------------------------------------------------------------------------------- 1 | {% do lms_auth_config.update(EDXAPP_LMS_AUTH_EXTRA) %} 2 | {{ lms_auth_config | to_nice_json }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/lms.env.json.j2: -------------------------------------------------------------------------------- 1 | {% do lms_env_config.update(EDXAPP_LMS_ENV_EXTRA) %} 2 | {{ lms_env_config | to_nice_json }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/lms.yml.j2: -------------------------------------------------------------------------------- 1 | {% if lms_combined_config %} 2 | {% do lms_combined_config.update(EDXAPP_LMS_ENV_EXTRA) %} 3 | {{ lms_combined_config | to_nice_yaml }} 4 | {% endif %} 5 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/revisions.yml.j2: -------------------------------------------------------------------------------- 1 | {% if edxapp_revisions_config %} 2 | {{ edxapp_revisions_config | to_nice_yaml }} 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/site_configuration.json.j2: -------------------------------------------------------------------------------- 1 | {{ item['values'] | to_nice_json }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/templates/studio.yml.j2: -------------------------------------------------------------------------------- 1 | {% if cms_combined_config %} 2 | {% do cms_combined_config.update(EDXAPP_CMS_ENV_EXTRA) %} 3 | {{ cms_combined_config | to_nice_yaml }} 4 | {% endif %} 5 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp/vars/devstack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # The only difference between these requirements and the role defaults is the 3 | # use of "development.txt" instead of "base.txt". This set of requirements 4 | # should not be used in production. 5 | development_requirements_file: "{{ edxapp_code_dir }}/requirements/edx/development.txt" 6 | 7 | edxapp_requirements_files: 8 | - "{{ custom_requirements_file }}" 9 | - "{{ development_requirements_file }}" 10 | -------------------------------------------------------------------------------- /playbooks/roles/edxapp_common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install system packages 3 | apt: 4 | name: "{{ edxapp_common_debian_pkgs }}" 5 | state: present 6 | update_cache: yes 7 | register: install_pkgs 8 | until: install_pkgs is success 9 | retries: 10 10 | delay: 5 11 | tags: 12 | - install 13 | - install:base 14 | -------------------------------------------------------------------------------- /playbooks/roles/edxlocal/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - mysql 5 | -------------------------------------------------------------------------------- /playbooks/roles/elasticsearch/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/enhanced_networking/defaults/main.yml: -------------------------------------------------------------------------------- 1 | profile: edx 2 | compatible_instance_types: ['c3', 'c4', 'd2', 'i2', 'm4', 'r3'] -------------------------------------------------------------------------------- /playbooks/roles/flower/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart flower 3 | supervisorctl: 4 | state: restarted 5 | supervisorctl_path: "{{ supervisor_ctl }}" 6 | config: "{{ supervisor_cfg }}" 7 | name: "{{ FLOWER_USER }}" 8 | become: true 9 | become_user: "{{ supervisor_service_user }}" 10 | -------------------------------------------------------------------------------- /playbooks/roles/flower/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - supervisor 5 | -------------------------------------------------------------------------------- /playbooks/roles/flower/templates/edx/app/flower/flower_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% for name,value in flower_environment.items() %} 3 | {%- if value %} 4 | export {{ name }}="{{ value }}" 5 | {%- endif %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/flower/templates/edx/app/flower/flowerconfig.py.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | address = "{{ FLOWER_ADDRESS }}" 3 | port = {{ FLOWER_PORT }} 4 | oauth2_key = "{{ FLOWER_OAUTH2_KEY }}" 5 | oauth2_secret = "{{ FLOWER_OAUTH2_SECRET }}" 6 | oauth2_redirect_uri = "{{ FLOWER_OAUTH2_REDIRECT }}" 7 | auth = "{{ FLOWER_AUTH_REGEX }}" 8 | basic_auth = {{ FLOWER_BASIC_AUTH }} 9 | -------------------------------------------------------------------------------- /playbooks/roles/flower/templates/edx/app/supervisor/conf.d.available/flower.conf.j2: -------------------------------------------------------------------------------- 1 | [program:{{ FLOWER_USER }}] 2 | 3 | environment=PATH="{{ flower_deploy_path }}" 4 | user={{ common_web_user }} 5 | command={{ flower_venv_bin }}/celery --broker {{ flower_broker }} flower --conf={{ flower_conf_dir }}/flowerconfig.py 6 | stdout_logfile={{ supervisor_log_dir }}/{{ FLOWER_USER }}-stdout.log 7 | stderr_logfile={{ supervisor_log_dir }}/{{ FLOWER_USER }}-stderr.log 8 | -------------------------------------------------------------------------------- /playbooks/roles/forum/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart the forum service 3 | supervisorctl: 4 | name: forum 5 | supervisorctl_path: "{{ supervisor_ctl }}" 6 | config: "{{ supervisor_cfg }}" 7 | state: restarted 8 | when: forum_installed is defined and not disable_edx_services 9 | -------------------------------------------------------------------------------- /playbooks/roles/forum/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - supervisor 5 | - role: rbenv 6 | rbenv_user: "{{ forum_user }}" 7 | rbenv_dir: "{{ forum_app_dir }}" 8 | rbenv_ruby_version: "{{ FORUM_RUBY_VERSION }}" 9 | -------------------------------------------------------------------------------- /playbooks/roles/forum/tasks/tag_ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get instance information 3 | action: ec2_metadata_facts 4 | 5 | - name: tag instance 6 | ec2_tag: 7 | resource: "{{ ansible_ec2_instance_id }}" 8 | region: "{{ ansible_ec2_placement_region }}" 9 | tags: 10 | "version:forum" : "{{ forum_source_repo }} {{ forum_checkout.after }}" 11 | when: forum_checkout.after is defined 12 | -------------------------------------------------------------------------------- /playbooks/roles/forum/tasks/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: test that the required service are listening 3 | wait_for: 4 | port: "{{ item.port }}" 5 | host: "{{ item.host }}" 6 | timeout: 30 7 | with_items: "{{ forum_services }}" 8 | when: not disable_edx_services 9 | 10 | - name: test that mongo replica set members are listing 11 | wait_for: 12 | port: "{{ FORUM_MONGO_PORT }}" 13 | host: "{{ item }}" 14 | timeout: 30 15 | with_items: "{{ FORUM_MONGO_HOSTS }}" 16 | when: not disable_edx_services 17 | -------------------------------------------------------------------------------- /playbooks/roles/forum/templates/cs_comments_service.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | description "Comments Service" 4 | 5 | start on runlevel [2345] 6 | stop on runlevel [!2345] 7 | 8 | env PID=/var/tmp/comments_service.pid 9 | 10 | chdir {{ forum_code_dir }} 11 | 12 | script 13 | . {{ forum_app_dir }}/forum_env 14 | {{ forum_app_dir }}/.rbenv/shims/ruby app.rb 15 | 16 | end script 17 | -------------------------------------------------------------------------------- /playbooks/roles/forum/templates/forum.conf.j2: -------------------------------------------------------------------------------- 1 | [program:forum] 2 | command={{ forum_supervisor_wrapper }} 3 | priority=999 4 | user={{ common_web_user }} 5 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 6 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 7 | killasgroup=true 8 | stopasgroup=true 9 | stopsignal=QUIT 10 | -------------------------------------------------------------------------------- /playbooks/roles/forum/templates/forum_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in item.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | 9 | eval "$(rbenv init -)" 10 | -------------------------------------------------------------------------------- /playbooks/roles/forum/templates/java.sh.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | export JAVA_HOME="{{ java_home }}" 4 | export PATH=$JAVA_HOME/bin:$PATH -------------------------------------------------------------------------------- /playbooks/roles/gh_mirror/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - supervisor 5 | -------------------------------------------------------------------------------- /playbooks/roles/gh_mirror/templates/orgs.yml.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {{ gh_mirror_orgs | to_nice_yaml }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/ghost/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | GHOST_VERSION: 1.0.48 3 | ghost_package_name: gh-ost 4 | ghost_download_target: "/tmp/{{ ghost_package_name }}_{{ GHOST_VERSION }}.deb" 5 | ghost_package_url: https://github.com/github/gh-ost/releases/download/v{{ GHOST_VERSION }}/gh-ost_{{ GHOST_VERSION }}_amd64.deb 6 | -------------------------------------------------------------------------------- /playbooks/roles/git_clone/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role git_clone 12 | # 13 | 14 | # Allow this role to be duplicated in dependencies 15 | allow_duplicates: yes 16 | -------------------------------------------------------------------------------- /playbooks/roles/gitreload/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role gitreload 12 | # 13 | dependencies: 14 | - common 15 | - supervisor 16 | -------------------------------------------------------------------------------- /playbooks/roles/gitreload/templates/edx/app/gitreload/gr.env.json.j2: -------------------------------------------------------------------------------- 1 | {{ gitreload_env | to_nice_json }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/gitreload/templates/edx/app/supervisor/conf.available.d/gitreload.conf.j2: -------------------------------------------------------------------------------- 1 | [program:gitreload] 2 | 3 | user={{ common_web_user }} 4 | directory={{ gitreload_dir }} 5 | umask=002 6 | 7 | command={{ gitreload_venv }}/bin/gunicorn -c {{ gitreload_dir }}/gitreload_gunicorn.py {{ GITRELOAD_GUNICORN_EXTRA }} gitreload.web:app 8 | 9 | environment=PID=/var/tmp/gitreload.pid 10 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 11 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 12 | killasgroup=true 13 | stopasgroup=true 14 | -------------------------------------------------------------------------------- /playbooks/roles/gluster/defaults/main.yml: -------------------------------------------------------------------------------- 1 | gluster_primary_ip: 127.0.0.1 2 | gluster_peers: 3 | gluster_volumes: 4 | - path: /mnt/gfsv0 5 | name: gfsv0 6 | replicas: 2 7 | cache_size: 128MB 8 | security: "*" 9 | mount_location: /mnt/data 10 | -------------------------------------------------------------------------------- /playbooks/roles/go-agent-docker-server/README.rst: -------------------------------------------------------------------------------- 1 | In order to use this role you must use a specific set of AMIs 2 | ############################################################# 3 | 4 | `This role is for use with the AWS ECS AMIs listed here`_ 5 | 6 | .. _This role is for use with the AWS ECS AMIs listed here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_container_instance.html 7 | -------------------------------------------------------------------------------- /playbooks/roles/go-agent-docker-server/templates/edx/app/go-agent-docker-server/autoregister.properties.j2: -------------------------------------------------------------------------------- 1 | agent.auto.register.key={{ GO_SERVER_AUTO_REGISTER_KEY }} 2 | agent.auto.register.resources={{ GO_AGENT_DOCKER_RESOURCES }} 3 | agent.auto.register.environments={{ GO_AGENT_DOCKER_ENVIRONMENT }} -------------------------------------------------------------------------------- /playbooks/roles/grafana/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/grafana/.gitignore -------------------------------------------------------------------------------- /playbooks/roles/grafana/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: common 4 | tags: 5 | - always 6 | - config-encoders 7 | -------------------------------------------------------------------------------- /playbooks/roles/grafana/templates/conf/grafana.ini.j2: -------------------------------------------------------------------------------- 1 | {{ grafana_config | encode_ini }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: common 4 | tags: 5 | - always 6 | - config-encoders 7 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/tasks/whisper.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: checkout Whisper 3 | git: 4 | repo: "{{ GRAPHITE_WHISPER_GIT_URL }}" 5 | dest: "{{ graphite_root }}/src/whisper" 6 | version: "{{ GRAPHITE_WHISPER_VERSION }}" 7 | tags: 8 | - install 9 | - install:code 10 | 11 | - name: install Whisper 12 | command: "{{ graphite_root }}/bin/python setup.py install" 13 | args: 14 | chdir: "{{ graphite_root }}/src/whisper" 15 | creates: "{{ graphite_root }}/bin/whisper-create.py" 16 | tags: 17 | - install 18 | - install:app-requirements 19 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/templates/carbon/conf/carbon.conf.j2: -------------------------------------------------------------------------------- 1 | {{ CARBON_CONF | encode_ini }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/templates/carbon/conf/storage-schemas.conf.j2: -------------------------------------------------------------------------------- 1 | # Schema definitions for Whisper files. Entries are scanned in order, 2 | # and first match wins. This file is scanned for changes every 60 seconds. 3 | 4 | {{ CARBON_STORAGE_SCHEMAS_OVERRIDE | default(CARBON_STORAGE_SCHEMAS) | encode_ini }} 5 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/templates/graphite-api/conf/graphite-api.yml.j2: -------------------------------------------------------------------------------- 1 | {{ GRAPHITE_API_CONF | encode_yaml }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/graphite/templates/graphite-api/systemd/graphite-api.socket.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=graphite-api socket 3 | 4 | [Socket] 5 | SocketUser={{ graphite_user }} 6 | SocketGroup={{ graphite_group }} 7 | ListenStream={{ graphite_root }}/run/graphite-api.sock 8 | 9 | [Install] 10 | WantedBy=sockets.target 11 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role hadoop_common 12 | 13 | dependencies: 14 | - oraclejdk -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/core-site.xml.j2: -------------------------------------------------------------------------------- 1 | {% do HADOOP_CORE_SITE_DEFAULT_CONFIG.update(HADOOP_CORE_SITE_EXTRA_CONFIG) %} 2 | 3 | 4 | 5 | 6 | {% for key, value in HADOOP_CORE_SITE_DEFAULT_CONFIG.items() %} 7 | 8 | {{ key }} 9 | {{ value }} 10 | 11 | {% endfor %} 12 | 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/hdfs-datanode.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop Distributed File System Data Node 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/hadoop-daemon.sh --script hdfs start datanode 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/hadoop-daemon.sh --script hdfs stop datanode 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/hdfs-namenode.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop Distributed File System Name Node 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/hadoop-daemon.sh --script hdfs start namenode 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/hadoop-daemon.sh --script hdfs stop namenode 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/mapreduce-historyserver.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop MapReduce History Server 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/mr-jobhistory-daemon.sh start historyserver 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/mr-jobhistory-daemon.sh stop historyserver 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/yarn-nodemanager.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop YARN Node Manager 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh start nodemanager 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh stop nodemanager 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/yarn-proxyserver.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop YARN Proxy Server 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh start proxyserver 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh stop proxyserver 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/etc/systemd/system/yarn-resourcemanager.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Hadoop YARN Resource Manager 3 | 4 | [Service] 5 | Type=forking 6 | ExecStart={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh start resourcemanager 7 | ExecStop={{ HADOOP_COMMON_HOME }}/sbin/yarn-daemon.sh stop resourcemanager 8 | User={{ hadoop_common_user }} 9 | Group={{ hadoop_common_group }} 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/hadoop_user_ssh_config.j2: -------------------------------------------------------------------------------- 1 | Host localhost 2 | StrictHostKeyChecking no 3 | 4 | Host 0.0.0.0 5 | StrictHostKeyChecking no -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/hdfs-site.xml.j2: -------------------------------------------------------------------------------- 1 | {% do HDFS_SITE_DEFAULT_CONFIG.update(HDFS_SITE_EXTRA_CONFIG) %} 2 | 3 | 4 | 5 | {% for key, value in HDFS_SITE_DEFAULT_CONFIG.items() %} 6 | 7 | {{ key }} 8 | {{ value }} 9 | 10 | {% endfor %} 11 | 12 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/hdfs.conf.j2: -------------------------------------------------------------------------------- 1 | description "hdfs" 2 | 3 | start on starting yarn 4 | stop on stopping yarn 5 | 6 | setuid {{ hadoop_common_user }} 7 | 8 | pre-start script 9 | . {{ HADOOP_COMMON_CONF_DIR }}/hadoop-env.sh 10 | start-dfs.sh 11 | end script 12 | 13 | post-stop script 14 | . {{ HADOOP_COMMON_CONF_DIR }}/hadoop-env.sh 15 | stop-dfs.sh 16 | end script 17 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/mapred-site.xml.j2: -------------------------------------------------------------------------------- 1 | {% do MAPRED_SITE_DEFAULT_CONFIG.update(mapred_site_config) %} 2 | 3 | 4 | 5 | {% for key, value in MAPRED_SITE_DEFAULT_CONFIG.items() %} 6 | 7 | {{ key }} 8 | {{ value }} 9 | 10 | {% endfor %} 11 | 12 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/yarn-site.xml.j2: -------------------------------------------------------------------------------- 1 | {% do YARN_SITE_DEFAULT_CONFIG.update(yarn_site_config) %} 2 | 3 | 4 | {% for key, value in YARN_SITE_DEFAULT_CONFIG.items() %} 5 | 6 | {{ key }} 7 | {{ value }} 8 | 9 | {% endfor %} 10 | 11 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_common/templates/yarn.conf.j2: -------------------------------------------------------------------------------- 1 | description "yarn" 2 | 3 | start on runlevel [2345] 4 | stop on runlevel [!2345] 5 | 6 | setuid {{ hadoop_common_user }} 7 | 8 | pre-start script 9 | . {{ HADOOP_COMMON_CONF_DIR }}/hadoop-env.sh 10 | start-yarn.sh 11 | end script 12 | 13 | post-stop script 14 | . {{ HADOOP_COMMON_CONF_DIR }}/hadoop-env.sh 15 | stop-yarn.sh 16 | end script 17 | -------------------------------------------------------------------------------- /playbooks/roles/hadoop_master/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role hadoop_master 12 | 13 | dependencies: 14 | - hadoop_common 15 | -------------------------------------------------------------------------------- /playbooks/roles/haproxy/templates/haproxy.cfg.j2: -------------------------------------------------------------------------------- 1 | # this config needs haproxy-1.1.28 or haproxy-1.2.1 2 | 3 | global 4 | log /dev/log local0 info 5 | log /dev/log local0 notice 6 | #log loghost local0 info 7 | maxconn 4096 8 | #chroot /usr/share/haproxy 9 | user haproxy 10 | group haproxy 11 | daemon 12 | #debug 13 | #quiet 14 | {{ haproxy_extra_global_config }} 15 | 16 | defaults 17 | {{ haproxy_default_config }} 18 | 19 | {%- for app in haproxy_applications -%} 20 | {{ app }} 21 | 22 | {%- endfor -%} 23 | -------------------------------------------------------------------------------- /playbooks/roles/haproxy/templates/haproxy.logrotate.j2: -------------------------------------------------------------------------------- 1 | {{ COMMON_LOG_DIR }}/haproxy/*.log { 2 | weekly 3 | missingok 4 | rotate 7 5 | compress 6 | delaycompress 7 | notifempty 8 | create 640 root adm 9 | sharedscripts 10 | postrotate 11 | /etc/init.d/haproxy reload > /dev/null 12 | endscript 13 | } 14 | -------------------------------------------------------------------------------- /playbooks/roles/haproxy/templates/haproxy.rsyslog.j2: -------------------------------------------------------------------------------- 1 | if ($programname == 'haproxy' and $syslogseverity-text == 'info') then -{{ COMMON_LOG_DIR }}/haproxy/haproxy-info.log 2 | & ~ 3 | if ($programname == 'haproxy' and $syslogseverity-text == 'notice') then -{{ COMMON_LOG_DIR }}/haproxy/haproxy-notice.log 4 | & ~ 5 | -------------------------------------------------------------------------------- /playbooks/roles/hermes/templates/hermes_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% for name,value in hermes_environment.items() %} 3 | {%- if value %} 4 | export {{ name }}="{{ value }}" 5 | {%- endif %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/hermes/templates/sudoers.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for line in HERMES_ALLOWED_SUDO_COMMANDS %} 4 | {{ hermes_user }} ALL=(root) NOPASSWD: {{ line }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /playbooks/roles/hive/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role hive 12 | 13 | dependencies: 14 | - hadoop_common 15 | -------------------------------------------------------------------------------- /playbooks/roles/hive/templates/hive-env.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export HIVE_HOME={{ HIVE_HOME }} 4 | export PATH=$PATH:$HIVE_HOME/bin 5 | -------------------------------------------------------------------------------- /playbooks/roles/hive/templates/hive-site.xml.j2: -------------------------------------------------------------------------------- 1 | {% do HIVE_SITE_DEFAULT_CONFIG.update(HIVE_SITE_EXTRA_CONFIG) %} 2 | 3 | 4 | 5 | {% for key, value in HIVE_SITE_DEFAULT_CONFIG.items() %} 6 | 7 | {{ key }} 8 | {{ value }} 9 | 10 | {% endfor %} 11 | 12 | -------------------------------------------------------------------------------- /playbooks/roles/hotg/templates/edx/app/supervisor/conf.d/hotg.conf.j2: -------------------------------------------------------------------------------- 1 | [program:{{ HOTG_SERVICE_NAME }}] 2 | directory={{ hotg_app_dir }} 3 | command={{ hotg_app_dir }}/supervisor_wrapper.sh 4 | stdout_logfile=syslog 5 | stderr_logfile=syslog 6 | user={{ common_web_user }} -------------------------------------------------------------------------------- /playbooks/roles/insights/templates/edx/app/insights/insights_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in insights_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/insights/templates/edx/app/supervisor/conf.d.available/insights.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [program:{{ insights_service_name }}] 4 | 5 | command={{ insights_app_dir }}/insights.sh 6 | user={{ common_web_user }} 7 | directory={{ insights_code_dir }} 8 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 9 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 10 | killasgroup=true 11 | stopasgroup=true 12 | -------------------------------------------------------------------------------- /playbooks/roles/insightvm_agent/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | r7_installer_location: /tmp/rapid7_agent_installer.sh 4 | R7_TOKEN: "SET-ME-PLEASE" 5 | R7_BUCKET: "SET-ME-PLEASE (ex. bucket-name)" 6 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_admin/templates/edx/var/jenkins/aws_config.j2: -------------------------------------------------------------------------------- 1 | {% for deployment, creds in JENKINS_ADMIN_AWS_CREDENTIALS.items() %} 2 | [profile {{ deployment }}] 3 | aws_access_key_id = {{ creds.access_id }} 4 | aws_secret_access_key = {{ creds.secret_key }} 5 | 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_admin/templates/edx/var/jenkins/boto.j2: -------------------------------------------------------------------------------- 1 | {% for deployment, creds in JENKINS_ADMIN_AWS_CREDENTIALS.items() %} 2 | [profile {{ deployment }}] 3 | aws_access_key_id = {{ creds.access_id }} 4 | aws_secret_access_key = {{ creds.secret_key }} 5 | 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_admin/templates/edx/var/jenkins/hudson.plugins.s3.S3BucketPublisher.xml.j2: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {{ JENKINS_ADMIN_S3_PROFILE.name }} 6 | {{ JENKINS_ADMIN_S3_PROFILE.access_key }} 7 | {{ JENKINS_ADMIN_S3_PROFILE.secret_key }} 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_analytics/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - role: jenkins_master 3 | jenkins_plugins: "{{ jenkins_analytics_plugins }}" 4 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_analytics/templates/credentials_file.json.j2: -------------------------------------------------------------------------------- 1 | {{ JENKINS_ANALYTICS_CREDENTIALS|to_json }} -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/files/ec2/mongo_init_script.sh: -------------------------------------------------------------------------------- 1 | # This confirms that mongo is running and is accessible on localhost 2 | # It could expose internal network problems, in which case the worker should not be used 3 | # Mongo seems to spend a bit of time starting. 4 | i=0 5 | 6 | while [ $i -lt 45 ]; do 7 | mongo --quiet --eval 'db.getMongo().getDBNames()' 2>/dev/null 1>&2 8 | if [ $? -eq 0 ]; then 9 | break 10 | else 11 | sleep 2 12 | i=$[$i+1] 13 | fi 14 | done 15 | 16 | mongo --quiet --eval 'db.getMongo().getDBNames()' 17 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/files/splunk/splunk.groovy: -------------------------------------------------------------------------------- 1 | //send job metadata and junit reports with page size set to 50 (each event contains max 50 test cases) 2 | splunkins.sendTestReport(50) 3 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/git_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | NAME: '{{ JENKINS_GIT_NAME }}' 3 | EMAIL: '{{ JENKINS_GIT_EMAIL }}' 4 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/github_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% for config in jenkins_common_github_configs %} 3 | - CREDENTIAL_ID: '{{ config.CREDENTIAL_ID }}' 4 | MANAGE_HOOKS: '{{ config.MANAGE_HOOKS }}' 5 | USE_CUSTOM_API_URL: '{{ config.USE_CUSTOM_API_URL }}' 6 | API_URL: '{{ config.API_URL }}' 7 | CACHE_SIZE: {{ config.CACHE_SIZE}} 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/github_oauth.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | GITHUB_WEB_URI: 'https://github.com' 3 | GITHUB_API_URI: 'https://api.github.com' 4 | CLIENT_ID: '{{ JENKINS_SECURITY_CLIENT_ID }}' 5 | CLIENT_SECRET: '{{ JENKINS_SECURITY_CLIENT_SECRET }}' 6 | SCOPES: '{{ jenkins_common_security_scopes }}' 7 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/groovy_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | GROOVY_INSTALLATIONS: 3 | {% for installation in jenkins_common_groovy_installations %} 4 | - NAME: '{{ installation.NAME }}' 5 | HOME: '{{ installation.HOME }}' 6 | VERSION: '{{ installation.VERSION }}' 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/log_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% for recorder in jenkins_common_log_list %} 3 | - LOG_RECORDER: '{{ recorder.LOG_RECORDER }}' 4 | LOGGERS: 5 | {% for log in recorder.LOGGERS %} 6 | - name: '{{ log.name }}' 7 | log_level: '{{ log.log_level }}' 8 | {% endfor %} 9 | {% endfor %} 10 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/mailer_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | SMTP_SERVER: '{{ JENKINS_MAILER_SMTP_SERVER }}' 3 | REPLY_TO_ADDRESS: '{{ JENKINS_MAILER_REPLY_TO_ADDRESS }}' 4 | DEFAULT_SUFFIX: '{{ JENKINS_MAILER_DEFAULT_SUFFIX }}' 5 | SMTP_AUTH_USERNAME: '{{ JENKINS_MAILER_SMTP_AUTH_USERNAME }}' 6 | SMTP_AUTH_PASSWORD: '{{ JENKINS_MAILER_SMTP_AUTH_PASSWORD }}' 7 | SMTP_PORT: '{{ jenkins_common_mailer_port }}' 8 | USE_SSL: '{{ jenkins_common_mailer_use_ssl }}' 9 | CHAR_SET: '{{ jenkins_common_mailer_char_set }}' 10 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/mask_passwords_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | MASKED_PARAMETER_CLASSES: 3 | {% for class in JENKINS_MASK_PASSWORDS_CLASSES %} 4 | - '{{ class }}' 5 | {% endfor %} 6 | NAME_PASSWORD_PAIRS: 7 | {% for pair in JENKINS_MASK_PASSWORDS_PAIRS %} 8 | - NAME: '{{ pair.NAME }}' 9 | PASSWORD: '{{ pair.PASSWORD }}' 10 | {% endfor %} 11 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/plugins.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% for plugin in jenkins_common_plugins_list %} 3 | - name: '{{ plugin.name }}' 4 | version: '{{ plugin.version }}' 5 | group: '{{ plugin.group }}' 6 | {% endfor %} 7 | 8 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/properties_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% for key_value in jenkins_common_system_properties %} 3 | - KEY: '{{ key_value.KEY }}' 4 | VALUE: "{{ key_value.VALUE }}" 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/python_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | PYTHON_INSTALLATIONS: 3 | {% for installation in jenkins_common_python_installations %} 4 | - PYTHON_ALIAS: '{{ installation.PYTHON_ALIAS }}' 5 | PYTHON_PATH: '{{ installation.PYTHON_PATH }}' 6 | PYTHON_PROPERTIES: [] 7 | {% for property in installation.PYTHON_PROPERTIES %} 8 | - property 9 | {% endfor %} 10 | {% endfor %} 11 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/seed_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | NAME: '{{ jenkins_common_seed_name }}' 3 | XML_PATH: '{{ jenkins_common_seed_path }}' 4 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/slack_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | SLACK_BASE_URL: '{{ JENKINS_SLACK_BASE_URL }}' 3 | IS_SLACK_BOT: '{{ JENKINS_IS_SLACK_BOT }}' 4 | SLACK_ROOM: '{{ JENKINS_SLACK_ROOM }}' 5 | SLACK_TEAM_DOMAIN: '{{ JENKINS_SLACK_TEAM_DOMAIN }}' 6 | # The following must be an id of a credential created in 7 | # src/main/groovy/3importCredentials.groovy 8 | SLACK_CREDENTIAL_ID: '{{ JENKINS_SLACK_CREDENTIAL_ID }}' 9 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/timestamper_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | SYSTEM_CLOCK_FORMAT: "{{ jenkins_common_timestamper_system_clock_format }}" 3 | ELAPSED_TIME_FORMAT: "{{ jenkins_common_timestamper_elapsed_time_format }}" 4 | ENABLED_ON_PIPELINES: {{ jenkins_common_timestamper_enabled_on_pipelines }} 5 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/config/user_config.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | {% for user in JENKINS_USER_LIST %} 3 | - USERNAME: '{{ user.USERNAME }}' 4 | PASSWORD: '{{ user.PASSWORD }}' 5 | EMAIL_ADDRESS: '{{ user.EMAIL_ADDRESS }}' 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/etc/logrotate.d/jenkins_log.j2: -------------------------------------------------------------------------------- 1 | # Put in place by ansible 2 | 3 | /var/log/jenkins/*jenkins.log { 4 | weekly 5 | copytruncate 6 | missingok 7 | rotate 52 8 | compress 9 | delaycompress 10 | notifempty 11 | } 12 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_common/templates/jenkins-env.sh.j2: -------------------------------------------------------------------------------- 1 | export JENKINS_HOME='{{ jenkins_common_home }}' 2 | export JENKINS_CONFIG_PATH='{{ jenkins_common_config_path }}' 3 | export JENKINS_VERSION='{{ JENKINS_COMMON_VERSION }}' 4 | export JENKINS_WAR_SOURCE='{{ jenkins_common_war_source}}' 5 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_data_engineering_new/tasks/system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create jenkins group 3 | group: name={{ jenkins_group }} state=present 4 | 5 | # The Jenkins account needs a login shell because Jenkins uses scp 6 | - name: Add the jenkins user to the group and configure shell 7 | user: 8 | name: '{{ jenkins_user }}' 9 | groups: '{{ jenkins_groups }}' 10 | append: yes 11 | shell: /bin/bash -------------------------------------------------------------------------------- /playbooks/roles/jenkins_master/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart Jenkins 3 | service: 4 | name: jenkins 5 | state: restarted 6 | tags: 7 | - manage 8 | - manage:start 9 | 10 | - name: start nginx 11 | service: 12 | name: nginx 13 | state: started 14 | tags: 15 | - manage 16 | - manage:start 17 | 18 | - name: reload nginx 19 | service: 20 | name: nginx 21 | state: reloaded 22 | tags: 23 | - manage 24 | - manage:start 25 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_master/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | - role: oraclejdk 6 | tags: java 7 | -------------------------------------------------------------------------------- /playbooks/roles/jenkins_master/tasks/datadog.yml: -------------------------------------------------------------------------------- 1 | - name: Enable jenkins datadog 2 | shell: cp /etc/dd-agent/conf.d/jenkins.yaml.example /etc/dd-agent/conf.d/jenkins.yaml 3 | args: 4 | creates: /etc/dd-agent/conf.d/jenkins.yaml 5 | notify: restart the datadog service 6 | -------------------------------------------------------------------------------- /playbooks/roles/jscover/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Installs JSCover jar. 3 | # Java is a pre-requisite for JSCover. This role is not responsible 4 | # for installing Java. 5 | # 6 | jscover_role_name: jscover 7 | 8 | # JSCover direct download URL 9 | JSCOVER_VERSION: "1.0.2" 10 | jscover_url: "http://files.edx.org/testeng/JSCover-{{ JSCOVER_VERSION }}.zip" 11 | -------------------------------------------------------------------------------- /playbooks/roles/jwt_signature/templates/app_config.yml.j2: -------------------------------------------------------------------------------- 1 | {% if app_combined_config %} 2 | {{ app_combined_config | to_nice_yaml }} 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /playbooks/roles/kibana/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | KIBANA_SERVER_NAME: "192.168.33.10" 3 | KIBANA_NGINX_PORT: 80 4 | KIBANA_SSL_NGINX_PORT: 443 5 | 6 | kibana_app_dir: /edx/app/kibana 7 | kibana_file: kibana-3.0.0.tar.gz 8 | kibana_url: "https://download.elasticsearch.org/kibana/kibana/{{ kibana_file }}" 9 | -------------------------------------------------------------------------------- /playbooks/roles/kibana/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart nginx 3 | service: name=nginx state=restarted 4 | 5 | - name: reload nginx 6 | service: name=nginx state=reloaded 7 | -------------------------------------------------------------------------------- /playbooks/roles/kibana/meta/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/learner_portal/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/library_authoring/defaults/main.yml: -------------------------------------------------------------------------------- 1 | library_authoring_env_extra: 2 | STUDIO_BASE_URL: 'https://studio-{{COMMON_DEPLOY_HOSTNAME}}' -------------------------------------------------------------------------------- /playbooks/roles/library_authoring/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx -------------------------------------------------------------------------------- /playbooks/roles/library_authoring/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Build Library Authoring MFE 2 | include_role: 3 | name: mfe 4 | vars: 5 | MFE_ENVIRONMENT_EXTRA: '{{ library_authoring_env_extra | default(MFE_DEPLOY_ENVIRONMENT_EXTRA) }}' -------------------------------------------------------------------------------- /playbooks/roles/local_dev/files/ftplugin-python.vim: -------------------------------------------------------------------------------- 1 | " Python specific syntax handling 2 | 3 | " indent according to pep-8 rules (4 char, all spaces) 4 | setlocal tabstop=8 5 | setlocal expandtab 6 | setlocal shiftwidth=4 7 | setlocal softtabstop=4 8 | setlocal smarttab 9 | setlocal smartindent 10 | setlocal cinwords=if,elif,else,for,while,with,try,except,finally,def,class 11 | 12 | " Don't auto-align block comments to column 1 13 | inoremap # X# 14 | -------------------------------------------------------------------------------- /playbooks/roles/local_dev/files/gitconfig: -------------------------------------------------------------------------------- 1 | [branch] 2 | autosetupmerge = true 3 | autosetuprebase = always 4 | [push] 5 | default = current 6 | -------------------------------------------------------------------------------- /playbooks/roles/local_dev/files/x11_display: -------------------------------------------------------------------------------- 1 | Defaults env_keep+=DISPLAY 2 | -------------------------------------------------------------------------------- /playbooks/roles/local_dev/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: jscover 4 | JSCOVER_VERSION: "{{ LOCALDEV_JSCOVER_VERSION }}" 5 | -------------------------------------------------------------------------------- /playbooks/roles/local_dev/templates/share_x11.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Change permissions on the X11 session cookie 4 | # so application users can use the same X11 session. 5 | # This is very insecure and should *only* be used for local VMs. 6 | if [ -f {{ localdev_xauthority }} ]; then 7 | chmod og+r {{ localdev_xauthority }} 8 | fi 9 | -------------------------------------------------------------------------------- /playbooks/roles/logstash/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart logstash 3 | service: name=logstash state=restarted 4 | 5 | -------------------------------------------------------------------------------- /playbooks/roles/logstash/meta/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - elasticsearch 5 | -------------------------------------------------------------------------------- /playbooks/roles/memcache/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Installs memcached 2 | 3 | - name: Install memcached 4 | apt: 5 | name: memcached 6 | state: present 7 | update_cache: yes 8 | tags: 9 | - install 10 | - install:memcache 11 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/README.rst: -------------------------------------------------------------------------------- 1 | 2 | MFE base role 3 | ############# 4 | 5 | Base role to build MFEs. For deployments it is recommended to use the `mfe_deployer`_ role. 6 | 7 | .. _mfe_deployer: ../mfe_deployer 8 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: add_user 5 | user_name: "{{ MFE_USER }}" 6 | user_home: "{{ MFE_HOME }}" 7 | group_name: "{{ common_web_group }}" 8 | - role: git_clone 9 | repo_owner: "{{ MFE_USER }}" 10 | repo_group: "{{ common_web_group }}" 11 | GIT_REPOS: "{{ MFE_REPOS }}" 12 | git_home: "{{ MFE_HOME }}" 13 | when: MFE_REPOS is defined 14 | 15 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/templates/edx/app/nginx/sites-available/concerns/basic-auth.j2: -------------------------------------------------------------------------------- 1 | {% if MFE_ENABLE_BASIC_AUTH|bool %} 2 | satisfy any; 3 | 4 | allow 127.0.0.1; 5 | 6 | {% for cidr in COMMON_BASIC_AUTH_EXCEPTIONS %} 7 | allow {{ cidr }}; 8 | {% endfor %} 9 | 10 | deny all; 11 | 12 | auth_basic "Restricted"; 13 | auth_basic_user_file {{ nginx_htpasswd_file }}; 14 | 15 | index index.html 16 | proxy_set_header X-Forwarded-Proto https; 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/templates/edx/app/nginx/sites-available/concerns/handle-tls-terminated-elsewhere-redirect.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %} 2 | if ($scheme != "https") 3 | { 4 | set $do_redirect_to_https "true"; 5 | } 6 | 7 | {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %} 8 | if ($http_x_forwarded_proto = "http") 9 | { 10 | set $do_redirect_to_https "true"; 11 | } 12 | {% endif %} 13 | 14 | if ($do_redirect_to_https = "true") 15 | { 16 | return 301 https://$host$request_uri; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/templates/edx/app/nginx/sites-available/concerns/mfe-common.j2: -------------------------------------------------------------------------------- 1 | {% if MFE_NGINX_READ_TIMEOUT %} 2 | proxy_read_timeout {{ MFE_NGINX_READ_TIMEOUT }}; 3 | {% endif %} 4 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/templates/edx/app/nginx/sites-available/concerns/mfe.j2: -------------------------------------------------------------------------------- 1 | root {{ MFE_CODE_DIR }}/dist/; 2 | location / { 3 | 4 | # Inform downstream caches to take certain headers into account when reading/writing to cache. 5 | add_header 'Vary' 'Accept-Encoding,Origin'; 6 | 7 | try_files $uri /index.html; 8 | } 9 | -------------------------------------------------------------------------------- /playbooks/roles/mfe/templates/edx/app/nginx/sites-available/concerns/robots.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ROBOT_RULES|length > 0 %} 2 | location /robots.txt { 3 | root {{ nginx_app_dir }}; 4 | try_files $uri /robots.txt =404; 5 | } 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/mfe_deployer/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/mfe_deployer/templates/edx/app/nginx/sites-available/concerns/basic-auth.j2: -------------------------------------------------------------------------------- 1 | {% if MFE_ENABLE_BASIC_AUTH|bool %} 2 | satisfy any; 3 | 4 | allow 127.0.0.1; 5 | 6 | {% for cidr in COMMON_BASIC_AUTH_EXCEPTIONS %} 7 | allow {{ cidr }}; 8 | {% endfor %} 9 | 10 | deny all; 11 | 12 | auth_basic "Restricted"; 13 | auth_basic_user_file {{ nginx_htpasswd_file }}; 14 | 15 | index index.html 16 | proxy_set_header X-Forwarded-Proto https; 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /playbooks/roles/mfe_deployer/templates/edx/app/nginx/sites-available/concerns/mfe.j2: -------------------------------------------------------------------------------- 1 | {% for mfe in deploy_mfes %} 2 | 3 | location ~ ^{{ mfe.public_path }}?(.*)$ { 4 | root {{ COMMON_APP_DIR }}/{{ mfe.name }}/{{ mfe.repo }}/dist/; 5 | try_files /$1 {{ mfe.public_path }}index.html; 6 | } 7 | 8 | {% endfor %} 9 | -------------------------------------------------------------------------------- /playbooks/roles/mfe_deployer/templates/edx/app/nginx/sites-available/concerns/robots.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ROBOT_RULES|length > 0 %} 2 | location /robots.txt { 3 | root {{ nginx_app_dir }}; 4 | try_files $uri /robots.txt =404; 5 | } 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/mfe_flags_setup/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | MFE_FLAGS_SETUP_FLAGS_LIST: 4 | - account.redirect_to_microfrontend 5 | - order_history.redirect_to_microfrontend 6 | -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/edx/etc/minos/conf.d/BellwetherVoter.yml.j2: -------------------------------------------------------------------------------- 1 | BellwetherVoter: 2 | config: -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/edx/etc/minos/conf.d/ProccessQuiescenceVoterPython.yml.j2: -------------------------------------------------------------------------------- 1 | ProccessQuiescenceVoter: 2 | config: 3 | process_name: 'python' 4 | username: '{{ common_web_user }}' 5 | -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/edx/etc/minos/conf.d/RolledTrackingLogVoter.yml.j2: -------------------------------------------------------------------------------- 1 | RolledTrackingLogVoter: 2 | config: 3 | tracking_directory: '{{ COMMON_LOG_DIR }}/tracking' -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/edx/etc/minos/conf.d/TrackingLogVoter.yml.j2: -------------------------------------------------------------------------------- 1 | TrackingLogVoter: 2 | config: 3 | aws_profile: !!null 4 | local_directory: '{{ COMMON_LOG_DIR }}/tracking' 5 | s3_bucket: '{{ COMMON_OBJECT_STORE_LOG_SYNC_BUCKET }}' 6 | bucket_path_prefix: 'logs/tracking' 7 | -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/edx/etc/minos/conf.d/ZippedTrackingLogVoter.yml.j2: -------------------------------------------------------------------------------- 1 | ZippedTrackingLogVoter: 2 | config: 3 | tracking_directory: '{{ COMMON_LOG_DIR }}/tracking' -------------------------------------------------------------------------------- /playbooks/roles/minos/templates/tmp/git-identity.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec /usr/bin/ssh -o StrictHostKeyChecking=no {% if MINOS_GIT_IDENTITY %}-i {{ minos_git_identity }}{% endif %} "$@" 3 | -------------------------------------------------------------------------------- /playbooks/roles/mongo: -------------------------------------------------------------------------------- 1 | mongo_3_2 -------------------------------------------------------------------------------- /playbooks/roles/mongo_2_6/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart mongo 3 | service: 4 | name: mongod 5 | state: restarted 6 | 7 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_2_6/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_2_6/templates/mongo-s3-backup-s3cfg.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | access_key = {{ MONGO_S3_BACKUP_AWS_ACCESS_KEY }} 3 | secret_key = {{ MONGO_S3_BACKUP_AWS_SECRET_KEY }} 4 | bucket_location = US 5 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_0/files/disable-transparent-hugepages.conf: -------------------------------------------------------------------------------- 1 | description "set transparent hugepage to never" 2 | 3 | start on starting mongod 4 | task 5 | 6 | script 7 | echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled 8 | echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag 9 | end script 10 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_0/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart mongo 3 | service: name=mongod state=restarted 4 | 5 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_0/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_0/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_2/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_2/files/etc/systemd/system/mongod.service.d/restart.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | Restart=always 3 | RestartSec=5 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_2/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_2/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_4/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_4/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_4/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_6/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_6/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_3_6/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_0/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_0/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_0/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_2/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_2/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_2/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_4/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_4/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_4_4/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_5_0/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_5_0/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_5_0/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_6_0/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_6_0/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_6_0/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_7_0/files/etc/systemd/system/disable-transparent-hugepages.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Disable Transparent Hugepage before MongoDB boots" 3 | Before=mongod.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' 8 | ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' 9 | 10 | [Install] 11 | RequiredBy=mongod.service 12 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_7_0/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: mount_ebs 5 | volumes: "{{ MONGO_VOLUMES }}" 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_7_0/templates/log-mongo-serverStatus.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Using JSON.stringify forces output of normal JSON, as opposed to Mongo's weird non-compliant extended JSON 3 | /usr/bin/mongo -u {{ MONGO_ADMIN_USER }} --authenticationDatabase admin -p '{{ MONGO_ADMIN_PASSWORD }}' --quiet <<< 'JSON.stringify(db.serverStatus())' 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_client/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | MONGO_VERSION_MAJOR_MINOR: "4.2" 3 | MONGODB_REPO: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse" 4 | MONGODB_REPO_BIONIC: "deb http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/{{ MONGO_VERSION_MAJOR_MINOR }} multiverse" 5 | MONGO_CLIENT_VERSION: "4.2.14" 6 | 7 | mongo_client_debian_pkgs: 8 | - "mongodb-org-shell={{ MONGO_CLIENT_VERSION }}" 9 | - "mongodb-org-tools={{ MONGO_CLIENT_VERSION }}" 10 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_mms/defaults/main.yml: -------------------------------------------------------------------------------- 1 | 2 | base_url: "https://cloud.mongodb.com/download/agent" 3 | pkg_arch: "amd64" 4 | pkg_format: "deb" 5 | os_version: "ubuntu1604" 6 | 7 | mongodb_agent_dir: "/data" 8 | mongodb_agent_user: "mongodb" 9 | mongodb_agent: 10 | - agent: mongodb-mms-automation-agent-manager 11 | version: "13.7.0.8514-1" 12 | config: "/etc/mongodb-mms/automation-agent.config" 13 | dir: "automation" 14 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_mms/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart mms 3 | service: name=mongodb-mms-monitoring-agent state=restarted 4 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_newrelic_monitor/defaults/main.yml: -------------------------------------------------------------------------------- 1 | MONGO_NEWRELIC_MONITOR_USER: 'newrelic-monitor' 2 | MONGO_NEWRELIC_MONITOR_PASSWORD: 'SET-ME-PLEASE' 3 | MONGO_NEWRELIC_USER_AUTH_SOURCE: 'admin' 4 | MONGO_NEWRELIC_CLUSTER_NAME: 'mongo-cluster' 5 | MONGO_NEWRELIC_LABELS: '{}' # eg '{ "env": "prod", "label": "my-label" }' 6 | -------------------------------------------------------------------------------- /playbooks/roles/mongo_newrelic_monitor/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - newrelic_infrastructure 4 | -------------------------------------------------------------------------------- /playbooks/roles/munin_node/files/munin-edx: -------------------------------------------------------------------------------- 1 | [iostat] 2 | env.SHOW_NUMBERED 1 -------------------------------------------------------------------------------- /playbooks/roles/mysql/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/mysql/tasks/remove_mysql_experimental.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Stop mysql service 3 | service: 4 | name: mysql 5 | state: stopped 6 | 7 | - name: Remove experimental apt repository 8 | apt_repository: 9 | repo: 'deb http://ppa.launchpad.net/ondrej/mysql-experimental/ubuntu precise main' 10 | state: absent 11 | 12 | - name: Remove experimental version of mysql 13 | apt: 14 | name: "{{ item }}" 15 | state: absent 16 | purge: yes 17 | with_items: 18 | - mysql-server-5.6 19 | - mysql-server -------------------------------------------------------------------------------- /playbooks/roles/mysql/templates/default_character_sets_and_collations.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | # {{ ansible_managed }} 3 | 4 | # This does not change any existing databases or rows, only the defaults for newly created databases 5 | 6 | [client] 7 | default-character-set={{ DEFAULT_MYSQL_CHARACTER_SET }} 8 | 9 | [mysql] 10 | default-character-set={{ DEFAULT_MYSQL_CHARACTER_SET }} 11 | 12 | 13 | [mysqld] 14 | collation-server = {{ DEFAULT_MYSQL_COLLATION }} 15 | init-connect='SET NAMES {{ DEFAULT_MYSQL_CHARACTER_SET }}' 16 | character-set-server = {{ DEFAULT_MYSQL_CHARACTER_SET }} 17 | 18 | -------------------------------------------------------------------------------- /playbooks/roles/neo4j/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - role: oraclejdk 5 | ORACLEJDK_VERSION: "8u131" 6 | oraclejdk_base: "jdk1.8.0_131" 7 | oraclejdk_build: "b11" 8 | oraclejdk_link: "/usr/lib/jvm/java-8-oracle" 9 | -------------------------------------------------------------------------------- /playbooks/roles/newrelic_infrastructure/templates/etc/newrelic-infra.j2: -------------------------------------------------------------------------------- 1 | license_key: {{ NEWRELIC_INFRASTRUCTURE_LICENSE_KEY }} 2 | {{ NEWRELIC_INFRASTRUCTURE_EXTRA_CONFIG }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/newrelic_infrastructure/templates/etc/newrelic-infra/logging.d/logs.yml.j2: -------------------------------------------------------------------------------- 1 | {{ NEWRELIC_LOGS | to_nice_yaml }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/README.rst: -------------------------------------------------------------------------------- 1 | - main.yml: installs nginx and will enable the basic nginx configuration for 2 | version introspection 3 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart nginx 3 | service: 4 | name: nginx 5 | state: restarted 6 | 7 | - name: reload nginx 8 | service: 9 | name: nginx 10 | state: reloaded 11 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/basic-auth.j2: -------------------------------------------------------------------------------- 1 | satisfy any; 2 | 3 | allow 127.0.0.1; 4 | 5 | {% for cidr in COMMON_BASIC_AUTH_EXCEPTIONS %} 6 | allow {{ cidr }}; 7 | {% endfor %} 8 | 9 | deny all; 10 | 11 | auth_basic "Restricted"; 12 | auth_basic_user_file {{ nginx_htpasswd_file }}; 13 | 14 | index index.html 15 | proxy_set_header X-Forwarded-Proto https; 16 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/common-settings.j2: -------------------------------------------------------------------------------- 1 | 2 | # Common settings used across nginx configurations 3 | 4 | # Disables server version feedback on pages and in headers 5 | server_tokens off; 6 | 7 | # Increase accepted header size to account for overenthusiastic usage of cookies 8 | large_client_header_buffers 8 16k; 9 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/credentials.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/credentials.j2 -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/empty_json.j2: -------------------------------------------------------------------------------- 1 | location @empty_json { 2 | # This location will return an empty body with content-type application/json 3 | # If this location is referenced by the error_page directive the 4 | # response code will be the error response code (i.e. 502), not 200 5 | # despite the "return 200" directive 6 | default_type application/json; 7 | return 200; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/extra_locations_lms.j2: -------------------------------------------------------------------------------- 1 | {% if EDXAPP_SCORM_PKG_STORAGE_DIR %} 2 | location ~ ^/{{ EDXAPP_MEDIA_URL }}/{{ EDXAPP_SCORM_PKG_STORAGE_DIR }}/(?P.*) { 3 | add_header 'Access-Control-Allow-Origin' $cors_origin; 4 | add_header 'Access-Control-Allow-Credentials' 'true'; 5 | add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 6 | 7 | root {{ edxapp_media_dir }}/{{ EDXAPP_SCORM_PKG_STORAGE_DIR }}; 8 | try_files /$file =404; 9 | expires 604800s; 10 | } 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/maps.j2: -------------------------------------------------------------------------------- 1 | # nginx maps are defined at the top level and are global 2 | # 3 | # THESE ARE GLOBAL TO ALL IDAs, USE CAUTION WHEN DEFINING HERE 4 | # SEE https://github.com/openedx/configuration/pull/5056 FOR A 5 | # CAUTIONARY TALE 6 | 7 | # cache header for static files 8 | map $status $cache_header_long_lived { 9 | default "max-age=315360000"; 10 | 404 "no-cache"; 11 | } 12 | 13 | map $status $cache_header_short_lived { 14 | default "max-age=300"; 15 | 404 "no-cache"; 16 | } 17 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/python_lib.zip.j2: -------------------------------------------------------------------------------- 1 | 2 | # Blackholes an archive of python library files that instructors 3 | # may provide for sandboxed python problem types, the internal 4 | # directive will result in nginx emitting an nginx 404. Users 5 | # will not be redirected to the application 404 page. 6 | location ~* python_lib.zip { 7 | internal; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/edx/app/nginx/sites-available/robots.j2: -------------------------------------------------------------------------------- 1 | {% if NGINX_ROBOT_RULES|length > 0 %} 2 | location /robots.txt { 3 | root {{ nginx_app_dir }}; 4 | try_files $uri /robots.txt =404; 5 | } 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/etc/logrotate.d/edx_logrotate_nginx_access.j2: -------------------------------------------------------------------------------- 1 | # Put in place by ansible 2 | 3 | {{ nginx_log_dir }}/*access.log { 4 | create 0640 www-data adm 5 | compress 6 | delaycompress 7 | dateext 8 | missingok 9 | notifempty 10 | daily 11 | rotate 90 12 | size 1M 13 | sharedscripts 14 | postrotate 15 | [ ! -f /var/run/nginx.pid ] || kill -HUP `cat /var/run/nginx.pid` 16 | endscript 17 | } 18 | 19 | -------------------------------------------------------------------------------- /playbooks/roles/nginx/templates/etc/logrotate.d/edx_logrotate_nginx_error.j2: -------------------------------------------------------------------------------- 1 | # Put in place by ansible 2 | 3 | {{ nginx_log_dir }}/*error.log { 4 | create 0640 www-data adm 5 | compress 6 | delaycompress 7 | dateext 8 | missingok 9 | notifempty 10 | daily 11 | rotate 90 12 | size 1M 13 | sharedscripts 14 | postrotate 15 | [ ! -f /var/run/nginx.pid ] || kill -HUP `cat /var/run/nginx.pid` 16 | endscript 17 | } 18 | -------------------------------------------------------------------------------- /playbooks/roles/oauth2_proxy/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: common 4 | tags: 5 | - always # We want to make sure the role always runs, otherwise the system isn't in a state to install Python/Supervisord. 6 | - config-encoders 7 | - supervisor 8 | -------------------------------------------------------------------------------- /playbooks/roles/oauth2_proxy/tasks/tag_ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get instance information 3 | action: ec2_metadata_facts 4 | 5 | - name: tag instance 6 | ec2_tag: 7 | resource: "{{ ansible_ec2_instance_id }}" 8 | region: "{{ ansible_ec2_placement_region }}" 9 | tags: 10 | "version:oauth2_proxy" : "{{ OAUTH2_PROXY_VERSION }} {{ oauth2_proxy_release_sha256 }}" 11 | -------------------------------------------------------------------------------- /playbooks/roles/oauth2_proxy/tasks/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: test that the required service are listening 3 | wait_for: 4 | port: "{{ item.port }}" 5 | host: "{{ item.host }}" 6 | timeout: 30 7 | with_items: "{{ oauth2_proxy_services }}" 8 | -------------------------------------------------------------------------------- /playbooks/roles/oauth2_proxy/templates/oauth2_proxy.cfg.j2: -------------------------------------------------------------------------------- 1 | {{ oauth2_proxy_config | encode_toml }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/oauth2_proxy/templates/oauth2_proxy_supervisor.conf.j2: -------------------------------------------------------------------------------- 1 | [program:oauth2_proxy] 2 | command={{ oauth2_proxy_app_dir }}/oauth2_proxy -config {{ oauth2_proxy_conf_dir }}/oauth2_proxy.cfg 3 | priority=999 4 | user={{ oauth2_proxy_user }} 5 | stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log 6 | stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log 7 | stopsignal=QUIT 8 | -------------------------------------------------------------------------------- /playbooks/roles/opensearch/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/openstack/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://github.com/openedx/configuration/wiki 7 | # code style: https://github.com/openedx/configuration/wiki/Ansible-Coding-Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role openstack 12 | # 13 | dependencies: 14 | - role: vhost 15 | VHOST_NAME: "{{ vhost_name }}" 16 | -------------------------------------------------------------------------------- /playbooks/roles/openstack/templates/log-sync-env.sh.j2: -------------------------------------------------------------------------------- 1 | export OS_USERNAME='{{ SWIFT_LOG_SYNC_USERNAME }}' 2 | export OS_PASSWORD='{{ SWIFT_LOG_SYNC_PASSWORD }}' 3 | export OS_TENANT_ID='{{ SWIFT_LOG_SYNC_TENANT_ID }}' 4 | export OS_TENANT_NAME='{{ SWIFT_LOG_SYNC_TENANT_NAME }}' 5 | export OS_AUTH_URL='{{ SWIFT_LOG_SYNC_AUTH_URL }}' 6 | export OS_REGION_NAME='{{ SWIFT_LOG_SYNC_REGION_NAME }}' 7 | -------------------------------------------------------------------------------- /playbooks/roles/oraclejdk/templates/java.sh.j2: -------------------------------------------------------------------------------- 1 | export JAVA_HOME="{{ oraclejdk_link }}" 2 | export PATH=$JAVA_HOME/bin:$PATH 3 | -------------------------------------------------------------------------------- /playbooks/roles/payment/defaults/main.yml: -------------------------------------------------------------------------------- 1 | payment_env_extra: 2 | APPLE_PAY_COUNTRY_CODE: "{{ PAYMENT_APPLE_PAY_COUNTRY_CODE }}" 3 | STRIPE_PUBLISHABLE_KEY: "{{ PAYMENT_STRIPE_PUBLISHABLE_KEY }}" 4 | STRIPE_RESPONSE_URL: "{{ PAYMENT_STRIPE_RESPONSE_URL }}" 5 | WAFFLE_FLAGS: "{{ PAYMENT_WAFFLE_FLAGS|default(omit) }}" 6 | COMMERCE_COORDINATOR_BASE_URL: "{{ PAYMENT_COMMERCE_COORDINATOR_BASE_URL }}" 7 | -------------------------------------------------------------------------------- /playbooks/roles/payment/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/payment/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Build Payment MFE 2 | include_role: 3 | name: mfe 4 | vars: 5 | MFE_ENVIRONMENT_EXTRA: '{{ payment_env_extra | default(MFE_DEPLOY_ENVIRONMENT_EXTRA) }}' 6 | MFE_VERSION: "{{ PAYMENT_MFE_VERSION | default('master') }}" 7 | -------------------------------------------------------------------------------- /playbooks/roles/program_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | - nginx 5 | -------------------------------------------------------------------------------- /playbooks/roles/prospectus/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: common 4 | - role: nginx 5 | when: PROSPECTUS_ENABLE_NGINX|bool 6 | -------------------------------------------------------------------------------- /playbooks/roles/prospectus/templates/prospectus_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | {% for name,value in prospectus_env_vars.items() %} 3 | {%- if value %} 4 | export {{ name }}="{{ value }}" 5 | {%- endif %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /playbooks/roles/python/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Install python2.7 + the /usr/bin/python symlink. 2 | 3 | python_packages: 4 | - python-minimal 5 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/templates/edx/app/rabbitmq/log-rabbitmq-memory.sh.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | 4 | log_directory={{ rabbitmq_log_dir }} 5 | 6 | {% raw %} 7 | MemTotal=`grep 'MemTotal' /proc/meminfo | awk '{print $2}'` 8 | memusg=`/usr/sbin/rabbitmqctl status | grep total | awk -F',|}' -v date="$(date)" -v MemTotal="$MemTotal" 'NR==1{printf date"\tRabbitMQ Memory Usage:(%%)\t" ((($2/1024)/MemTotal)*100)}'` 9 | echo $memusg >> "$log_directory/rabbitmq.memory.log" 10 | {% endraw %} 11 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/templates/erlang.cookie.j2: -------------------------------------------------------------------------------- 1 | {{rabbitmq_auth_config.erlang_cookie}} 2 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/templates/etc/logrotate.d/rabbitmq.j2: -------------------------------------------------------------------------------- 1 | # We want to hit the top level queues and any vhost queues 2 | # such as fulfillment 3 | {{ rabbitmq_log_dir }}/*.log {{ rabbitmq_log_dir }}/*/*.log { 4 | compress 5 | dateext 6 | dateformat -%Y%m%d-%s 7 | missingok 8 | daily 9 | rotate 3 10 | nocreate 11 | } 12 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/templates/etc/rabbitmq/rabbitmq.config.j2: -------------------------------------------------------------------------------- 1 | % {{ ansible_managed }} 2 | 3 | [{rabbit, [ 4 | {log_levels, [{connection, info}]}, 5 | {# 6 | Note: That these names should include the node name prefix. eg. 'rabbit@hostname' 7 | #} 8 | {cluster_nodes, {['{{ RABBITMQ_CLUSTERED_HOSTS|join("\',\'") }}'], disc}}, 9 | {vm_memory_high_watermark, {{ RABBITMQ_VM_MEMORY_HIGH_WATERMARK }} } 10 | ]}]. 11 | -------------------------------------------------------------------------------- /playbooks/roles/rabbitmq/templates/rabbitmq-env.conf.j2: -------------------------------------------------------------------------------- 1 | RABBITMQ_NODE_PORT={{ rabbitmq_port }} 2 | RABBITMQ_NODE_IP_ADDRESS={{ rabbitmq_ip }} 3 | -------------------------------------------------------------------------------- /playbooks/roles/rbenv/templates/ruby_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in rbenv_environment.items() %} 4 | {% if value %} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {% endfor %} 8 | eval "$(rbenv init -)" 9 | -------------------------------------------------------------------------------- /playbooks/roles/redis/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | # 11 | # 12 | # Handlers for role redis 13 | # 14 | # Overview: 15 | # 16 | # 17 | - name: reload redis 18 | service: 19 | name: redis-server 20 | state: restarted 21 | -------------------------------------------------------------------------------- /playbooks/roles/security/templates/etc/apt/apt.conf.d/10periodic: -------------------------------------------------------------------------------- 1 | APT::Periodic::Enable "1"; 2 | APT::Periodic::Update-Package-Lists "1"; 3 | APT::Periodic::Download-Upgradeable-Packages "1"; 4 | APT::Periodic::AutocleanInterval "7"; 5 | APT::Periodic::Unattended-Upgrade "1"; 6 | -------------------------------------------------------------------------------- /playbooks/roles/security/templates/etc/apt/apt.conf.d/20unattended-upgrade: -------------------------------------------------------------------------------- 1 | 2 | Unattended-Upgrade::Allowed-Origins { 3 | "${distro_id} ${distro_codename}-security"; 4 | }; 5 | -------------------------------------------------------------------------------- /playbooks/roles/security/templates/etc/apt/apt.conf.d/50unattended-upgrades: -------------------------------------------------------------------------------- 1 | Unattended-Upgrade::Package-Blacklist{ 2 | {% for blacklisted_item in SECURITY_DEBIAN_PKGS_BLACKLIST %} 3 | {{ blacklisted_item }}; 4 | {% endfor %} 5 | } -------------------------------------------------------------------------------- /playbooks/roles/server_utils/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role insights 12 | # 13 | 14 | 15 | -------------------------------------------------------------------------------- /playbooks/roles/shibboleth/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart shibd 3 | service: name=shibd state=restarted 4 | -------------------------------------------------------------------------------- /playbooks/roles/shibboleth/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - apache 4 | -------------------------------------------------------------------------------- /playbooks/roles/shibboleth/templates/sp.key.j2: -------------------------------------------------------------------------------- 1 | {{ shib.sp_key }} -------------------------------------------------------------------------------- /playbooks/roles/shibboleth/templates/sp.pem.j2: -------------------------------------------------------------------------------- 1 | {{ shib.sp_pem }} -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/default_skeleton/lms/static/sass/discussion/lms-discussion-bootstrap.scss: -------------------------------------------------------------------------------- 1 | @import 'lms/static/sass/discussion/lms-discussion-bootstrap'; 2 | @import '../lms-overrides'; 3 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/default_skeleton/lms/static/sass/lms-course.scss: -------------------------------------------------------------------------------- 1 | @import 'lms/static/sass/lms-course'; 2 | @import 'lms-overrides'; 3 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/default_skeleton/lms/static/sass/lms-main-v1.scss: -------------------------------------------------------------------------------- 1 | @import 'lms/static/sass/lms-main-v1'; 2 | 3 | @import 'lms-overrides'; 4 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/default_skeleton/lms/static/sass/partials/lms/theme/_variables-v1.scss: -------------------------------------------------------------------------------- 1 | @import '../common-variables'; 2 | @import 'lms/static/sass/partials/lms/theme/variables-v1'; 3 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/default_skeleton/lms/static/sass/partials/lms/theme/_variables.scss: -------------------------------------------------------------------------------- 1 | @import '../common-variables'; 2 | @import 'lms/static/sass/partials/lms/theme/variables'; 3 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/example_static_dir/cms/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/simple_theme/files/example_static_dir/cms/images/logo.png -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/example_static_dir/lms/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/simple_theme/files/example_static_dir/lms/images/favicon.ico -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/example_static_dir/lms/images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openedx-unsupported/configuration/c8aa592a7e79be203032e7895970d031700ed99c/playbooks/roles/simple_theme/files/example_static_dir/lms/images/logo.png -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/files/example_static_dir/lms/js/myscript.js: -------------------------------------------------------------------------------- 1 | // sample script deployed by simple_theme 2 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | 11 | dependencies: [] 12 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/templates/i18n/domain.po.j2: -------------------------------------------------------------------------------- 1 | msgid "" 2 | msgstr "" 3 | "Content-Type: text/plain; charset=UTF-8\n" 4 | "Content-Transfer-Encoding: 8bit\n" 5 | "Language: {{ item.lang }}\n" 6 | {% if 'headers' in item -%} 7 | {{ item.headers }} 8 | {%- endif %} 9 | 10 | {% if 'messages' in item -%} 11 | {{ item.messages }} 12 | {%- endif %} 13 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/templates/lms/static/sass/_lms-overrides.scss.j2: -------------------------------------------------------------------------------- 1 | @import 'common-variables'; 2 | /* Extra SASS as defined by simple_theme starts here: */ 3 | {{ SIMPLETHEME_EXTRA_SASS }} 4 | /* Extra SASS as defined by simple_theme ends here. */ 5 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/templates/lms/static/sass/common-variables.scss.j2: -------------------------------------------------------------------------------- 1 | /* Variables from simple_theme role start here */ 2 | {% for item in SIMPLETHEME_SASS_OVERRIDES %} 3 | ${{ item.variable }}: {{ item.value }}; 4 | {% endfor %} 5 | /* Variables from simple_theme role end here */ 6 | -------------------------------------------------------------------------------- /playbooks/roles/simple_theme/templates/lms/static/sass/partials/lms/theme/_variables-v1.scss.j2: -------------------------------------------------------------------------------- 1 | @import '../common-variables'; 2 | @import 'lms/static/sass/partials/lms/theme/variables-v1'; 3 | -------------------------------------------------------------------------------- /playbooks/roles/snort/defaults/main.yml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | SNORT_OINKCODE: 'oinkcode' 4 | SNORT_RULES_URL: [ 'http://www.snort.org/pub-bin/oinkmaster.cgi/{{ SNORT_OINKCODE }}/snortrules-snapshot-2931.tar.gz', 5 | 'http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz' ] 6 | -------------------------------------------------------------------------------- /playbooks/roles/snort/templates/etc/cron.daily/oinkmaster.j2: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | oinkmaster -C /etc/oinkmaster.conf -o /etc/snort/rules/ > /dev/null 4 | service snort restart 5 | -------------------------------------------------------------------------------- /playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/alert_actions.conf.j2: -------------------------------------------------------------------------------- 1 | [email] 2 | auth_password = {{ SPLUNK_SMTP_PASSWORD }} 3 | auth_username = {{ SPLUNK_SMTP_USERNAME }} 4 | footer.text = {{ SPLUNK_EMAIL_FOOTER }} 5 | hostname = {{ SPLUNK_SSL_HOSTNAME }} 6 | mailserver = {{ SPLUNK_SMTP_SERVER }} 7 | reportServerURL = 8 | use_tls = 1 9 | pdf.header_left = none 10 | pdf.header_right = none 11 | use_ssl = 0 12 | from = {{ SPLUNK_FROM_ADDRESS }} 13 | -------------------------------------------------------------------------------- /playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/inputs.conf.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | host = {{ SPLUNK_HOSTNAME }} 3 | 4 | {% if SPLUNK_SSL_CERT %} 5 | [splunktcp-ssl:{{ splunk_ssl_port }}] 6 | compressed = true 7 | 8 | [SSL] 9 | password = {{ SPLUNK_SSL_PASSWORD }} 10 | requireClientCert = false 11 | rootCA = $SPLUNK_HOME/{{ splunk_cert_path }}/cacert.pem 12 | serverCert = $SPLUNK_HOME/{{ splunk_cert_path }}/forwarder.pem 13 | {% endif %} 14 | -------------------------------------------------------------------------------- /playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/transforms.conf.j2: -------------------------------------------------------------------------------- 1 | [ansible-output] 2 | REGEX = ansible-(.*) 3 | # We want to anonymize Ansible command output in log events as it is 4 | # logging passwords in Splunk index (See https://openedx.atlassian.net/browse/OPS-3241). 5 | FORMAT = ansible-output: Anonymized for security.######################### 6 | DEST_KEY = _raw 7 | -------------------------------------------------------------------------------- /playbooks/roles/splunkforwarder/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/splunkforwarder/templates/opt/splunkforwarder/etc/system/local/server.conf.j2: -------------------------------------------------------------------------------- 1 | [httpServer] 2 | disableDefaultPort = true 3 | -------------------------------------------------------------------------------- /playbooks/roles/sqoop/templates/sqoop-env.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export SQOOP_HOME={{ SQOOP_HOME }} 4 | export SQOOP_LIB=$SQOOP_HOME/lib 5 | export PATH=$PATH:$SQOOP_HOME/bin 6 | -------------------------------------------------------------------------------- /playbooks/roles/supervisor/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/supervisor/templates/edx/bin/supervisorctl.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo -u {{ supervisor_service_user }} {{ supervisor_ctl }} -c {{ supervisor_cfg }} $* 3 | -------------------------------------------------------------------------------- /playbooks/roles/supervisor/templates/etc/init/supervisor-upstart.conf.j2: -------------------------------------------------------------------------------- 1 | description "supervisord" 2 | 3 | {% if disable_edx_services and not devstack -%} 4 | start on stopped pre_supervisor 5 | {% else %} 6 | start on runlevel [2345] 7 | {% endif %} 8 | stop on runlevel [!2345] 9 | 10 | kill timeout 432000 11 | 12 | setuid {{ supervisor_service_user }} 13 | exec {{ supervisor_venv_dir }}/bin/supervisord -n --configuration {{ supervisor_cfg }} 14 | -------------------------------------------------------------------------------- /playbooks/roles/swapfile/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload sysctl 3 | command: sysctl -p 4 | -------------------------------------------------------------------------------- /playbooks/roles/swapfile/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: "Kamal Nasser" 4 | description: swapfile 5 | license: MIT 6 | min_ansible_version: 1.4 7 | version: 0.4 8 | categories: 9 | - system 10 | dependencies: [] 11 | -------------------------------------------------------------------------------- /playbooks/roles/tableau/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common 4 | -------------------------------------------------------------------------------- /playbooks/roles/tableau/templates/registration.json.j2: -------------------------------------------------------------------------------- 1 | {{ tableau_registration_config | to_nice_json }} 2 | -------------------------------------------------------------------------------- /playbooks/roles/tableau_de/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - aws_cloudwatch_agent -------------------------------------------------------------------------------- /playbooks/roles/testcourses/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Defaults for role testcourses 12 | # for sandbox, TESTCOURSES_EXPORTS is coming from sandbox-internal repo. 13 | TESTCOURSES_EXPORTS: [] 14 | -------------------------------------------------------------------------------- /playbooks/roles/testcourses/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - demo 4 | -------------------------------------------------------------------------------- /playbooks/roles/tinymce_plugins/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | tinymce_plugin_temp_dir: "{{ edxapp_code_dir }}/.temp_tinymce_plugin" 4 | 5 | tinymce_dir: "{{ edxapp_code_dir }}/common/static/js/vendor/tinymce" 6 | tinymce_plugins_dir: "{{ tinymce_dir }}/js/tinymce/plugins" 7 | 8 | edx_jake_package: "{{ edxapp_code_dir }}/vendor_extra/tinymce/JakePackage.zip" 9 | 10 | TINYMCE_ADDITIONAL_PLUGINS_LIST: [] 11 | -------------------------------------------------------------------------------- /playbooks/roles/tinymce_plugins/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Import additional tinymce plugins 4 | include_tasks: import_tinymce_plugin.yml 5 | loop: "{{ TINYMCE_ADDITIONAL_PLUGINS_LIST }}" 6 | loop_control: 7 | loop_var: plugin 8 | when: 9 | - TINYMCE_ADDITIONAL_PLUGINS_LIST|length > 0 10 | 11 | - name: Rebuild tinymce files 12 | include_tasks: rebuild_tinymce_files.yml 13 | when: 14 | - TINYMCE_ADDITIONAL_PLUGINS_LIST|length > 0 15 | -------------------------------------------------------------------------------- /playbooks/roles/user/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - common_vars -------------------------------------------------------------------------------- /playbooks/roles/user/templates/authorized_keys.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for line in item.authorized_keys -%} 4 | {{ line }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /playbooks/roles/user/templates/default.profile.j2: -------------------------------------------------------------------------------- 1 | umask 022 2 | # if running bash 3 | if [ -n "$BASH_VERSION" ]; then 4 | # include .bashrc if it exists 5 | if [ -f "$HOME/.bashrc" ]; then 6 | . "$HOME/.bashrc" 7 | fi 8 | fi 9 | -------------------------------------------------------------------------------- /playbooks/roles/user/templates/restricted.bashrc.j2: -------------------------------------------------------------------------------- 1 | PATH=${HOME}/bin 2 | -------------------------------------------------------------------------------- /playbooks/roles/user/templates/restricted.sudoers.conf.j2: -------------------------------------------------------------------------------- 1 | {% for user in user_info -%} 2 | {% if 'sudo_cmds' in user -%} 3 | {% for cmd in user['sudo_cmds'] -%} 4 | {{ user['name'] }} {{ cmd }} 5 | {% endfor %} 6 | {% endif %} 7 | {% endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/user_retirement_pipeline/meta/main.yml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - common 3 | - role: add_user 4 | user_name: "{{ retirement_service_user }}" 5 | user_home: "{{ retirement_service_home }}" 6 | group_name: "{{ common_web_group }}" 7 | - role: git_clone 8 | repo_owner: "{{ retirement_service_user }}" 9 | repo_group: "{{ retirement_service_user }}" 10 | GIT_REPOS: "{{ RETIREMENT_SERVICE_GIT_REPOS }}" 11 | git_home: "{{ retirement_service_home }}" 12 | -------------------------------------------------------------------------------- /playbooks/roles/user_retirement_pipeline/templates/config.yml.j2: -------------------------------------------------------------------------------- 1 | client_id: {{ RETIREMENT_SERVICE_EDX_OAUTH2_KEY }} 2 | client_secret: {{ RETIREMENT_SERVICE_EDX_OAUTH2_SECRET }} 3 | 4 | base_urls: 5 | lms: {{ RETIREMENT_LMS_BASE_URL }} 6 | ecommerce: {{ RETIREMENT_ECOMMERCE_BASE_BASE_URL }} 7 | credentials: {{ RETIREMENT_CREDENTIALS_BASE_URL }} 8 | 9 | retirement_pipeline: 10 | {% for item in RETIREMENT_SERVICE_PIPELINE_CONFIGURATION %} 11 | - ['{{ item.NAME }}', '{{ item.NAME_COMPLETE }}', '{{ item.SERVICE }}', '{{ item.FUNCTION }}'] 12 | {% endfor %} 13 | -------------------------------------------------------------------------------- /playbooks/roles/vhost/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # edX Configuration 4 | # 5 | # github: https://github.com/openedx/configuration 6 | # wiki: https://openedx.atlassian.net/wiki/display/OpenOPS 7 | # code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions 8 | # license: https://github.com/openedx/configuration/blob/master/LICENSE.TXT 9 | # 10 | ## 11 | # Role includes for role vhost 12 | # 13 | dependencies: 14 | - common 15 | -------------------------------------------------------------------------------- /playbooks/roles/vhost/templates/etc/init/sync-on-stop.conf.j2: -------------------------------------------------------------------------------- 1 | start on stopped supervisor 2 | description "sync tracking logs on supervisor shutdown" 3 | script 4 | "{{ COMMON_OBJECT_STORE_LOG_SYNC_ON_EXIT }}" 5 | end script 6 | -------------------------------------------------------------------------------- /playbooks/roles/vhost/templates/etc/systemd/system/sync-logs-on-exit.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Synchronizes logs on exit 3 | After=rsyslog.service 4 | 5 | [Service] 6 | Type=oneshot 7 | RemainAfterExit=true 8 | ExecStop=/edx/bin/sync-logs-on-exit 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | -------------------------------------------------------------------------------- /playbooks/roles/vhost/templates/sync-logs-on-exit.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | /usr/sbin/logrotate -f /etc/logrotate.d/hourly/tracking.log 4 | /usr/sbin/logrotate -f /etc/logrotate.d/hourly/edx-services 5 | -------------------------------------------------------------------------------- /playbooks/roles/xqueue/templates/xqueue_env.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for name,value in xqueue_environment.items() -%} 4 | {%- if value -%} 5 | export {{ name }}="{{ value }}" 6 | {% endif %} 7 | {%- endfor %} 8 | -------------------------------------------------------------------------------- /playbooks/roles/xqwatcher/templates/edx/app/xqwatcher/conf.d/course.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "{{ item.QUEUE_NAME }}": 3 | {{ item.QUEUE_CONFIG | to_nice_json }} 4 | } -------------------------------------------------------------------------------- /playbooks/roles/xqwatcher/templates/edx/app/xqwatcher/data/requirements.txt.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for requirement in item.PYTHON_REQUIREMENTS %} 4 | {{ requirement.name }}=={{ requirement.version }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /playbooks/roles/xqwatcher/templates/edx/app/xqwatcher/xqwatcher.json.j2: -------------------------------------------------------------------------------- 1 | {{ XQWATCHER_CONFIG | to_nice_json }} -------------------------------------------------------------------------------- /playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-course-sandbox.j2: -------------------------------------------------------------------------------- 1 | {{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=({{ item.QUEUE.HANDLERS[0].CODEJAIL.user }}) SETENV:NOPASSWD:{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE.HANDLERS[0].CODEJAIL.name }}/bin/python 2 | {{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=(ALL) NOPASSWD:/bin/kill 3 | {{ item.QUEUE.HANDLERS[0].CODEJAIL.user }} ALL=(ALL) NOPASSWD:/usr/bin/pkill 4 | -------------------------------------------------------------------------------- /playbooks/roles/xqwatcher/templates/etc/sudoers.d/95-xqwatcher.j2: -------------------------------------------------------------------------------- 1 | {{ common_web_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}) SETENV:NOPASSWD:{{ xqwatcher_app_dir }}/venvs/{{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.name }}/bin/python 2 | {{ common_web_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}) NOPASSWD:/bin/kill 3 | {{ common_web_user }} ALL=({{ item.QUEUE_CONFIG.HANDLERS[0].CODEJAIL.user }}) NOPASSWD:/usr/bin/pkill 4 | -------------------------------------------------------------------------------- /playbooks/run_role.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Runs an ansible role 3 | # Usage: 4 | # ansible-playbook ./run_role.yml -i "hostname," -e role=my_awesome_role 5 | # 6 | - hosts: all 7 | become: True 8 | gather_facts: True 9 | roles: 10 | - "{{role}}" 11 | -------------------------------------------------------------------------------- /playbooks/security.yml: -------------------------------------------------------------------------------- 1 | - name: Apply security role 2 | hosts: all 3 | become: True 4 | roles: 5 | - security 6 | -------------------------------------------------------------------------------- /playbooks/snort.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy snort IDS 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - role: aws 10 | when: COMMON_ENABLE_AWS_ROLE 11 | - snort 12 | - role: datadog 13 | when: COMMON_ENABLE_DATADOG 14 | - role: splunkforwarder 15 | when: COMMON_ENABLE_SPLUNKFORWARDER 16 | - role: datadog-uninstall 17 | when: not COMMON_ENABLE_DATADOG 18 | 19 | -------------------------------------------------------------------------------- /playbooks/splunk.yml: -------------------------------------------------------------------------------- 1 | # This is commented out since it should not be run normally. 2 | # # Usage: ansible-playbook splunk.yml -e@/path/to/environment-deployment.yml 3 | 4 | # - name: Deploy Splunk 5 | # hosts: all 6 | # become: True 7 | # gather_facts: True 8 | # roles: 9 | # - splunk-server 10 | -------------------------------------------------------------------------------- /playbooks/splunkforwarder.yml: -------------------------------------------------------------------------------- 1 | - name: Install Splunk Forwarder 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - splunkforwarder 7 | -------------------------------------------------------------------------------- /playbooks/stop_all_edx_services.yml: -------------------------------------------------------------------------------- 1 | - name: Stop all services 2 | hosts: all 3 | become: True 4 | gather_facts: False 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - stop_all_edx_services 10 | -------------------------------------------------------------------------------- /playbooks/tableau.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy tableau 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | CLUSTER_NAME: 'tableau' 8 | serial: "{{ serial_count }}" 9 | roles: 10 | - tableau 11 | -------------------------------------------------------------------------------- /playbooks/tableau_de.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy tableau 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | CLUSTER_NAME: 'tableau' 8 | serial: "{{ serial_count }}" 9 | roles: 10 | - tableau 11 | - tableau_de 12 | -------------------------------------------------------------------------------- /playbooks/tanaguru.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy Tanaguru 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | roles: 6 | - role: aws 7 | when: COMMON_ENABLE_AWS_ROLE 8 | - mysql 9 | - tanaguru 10 | -------------------------------------------------------------------------------- /playbooks/testcourses.yml: -------------------------------------------------------------------------------- 1 | - name: Create courses for testing 2 | hosts: all 3 | become: True 4 | gather_facts: True 5 | vars: 6 | serial_count: 1 7 | serial: "{{ serial_count }}" 8 | roles: 9 | - testcourses 10 | - role: datadog 11 | when: COMMON_ENABLE_DATADOG 12 | - role: splunkforwarder 13 | when: COMMON_ENABLE_SPLUNKFORWARDER 14 | - role: datadog-uninstall 15 | when: not COMMON_ENABLE_DATADOG 16 | 17 | -------------------------------------------------------------------------------- /playbooks/users.yml: -------------------------------------------------------------------------------- 1 | # Simple playbook for creating/updating/removing users on a box 2 | # If you run it against a box with automated users and don't pass them in it will break them 3 | # ansible-playbook -i 'host.example.com,' ./tools-gp.yml -e@/var/path/users.yml -e@/vars/path/environnment-deployment.yml 4 | - name: Update users 5 | hosts: all 6 | become: True 7 | gather_facts: True 8 | roles: 9 | - role: user 10 | user_info: "{{ COMMON_USER_INFO }}" 11 | tags: 12 | - users 13 | -------------------------------------------------------------------------------- /requirements/asym-crypto-yaml.txt: -------------------------------------------------------------------------------- 1 | asym-crypto-yaml 2 | -------------------------------------------------------------------------------- /requirements/aws.in: -------------------------------------------------------------------------------- 1 | # Python dependencies for the aws role 2 | 3 | awscli 4 | boto 5 | boto3 6 | futures ; python_version == "2.7" # via s3transfer 7 | s3cmd 8 | pyyaml==5.3.1 9 | -------------------------------------------------------------------------------- /requirements/cloudflare.in: -------------------------------------------------------------------------------- 1 | # Needed for CloudFlare cache hit rate job in util/jenkins 2 | 3 | requests 4 | click 5 | -------------------------------------------------------------------------------- /requirements/constraints.txt: -------------------------------------------------------------------------------- 1 | -c common_constraints.txt 2 | 3 | bcrypt<3.2.0 # 3.2.0 dropped support for python 2.7 4 | -------------------------------------------------------------------------------- /requirements/elasticsearch.in: -------------------------------------------------------------------------------- 1 | # Requirements for util/elasticsearch/verify-index-copy.py 2 | 3 | deepdiff==3.1.0 4 | elasticsearch==0.4.5 5 | -------------------------------------------------------------------------------- /requirements/jenkins.in: -------------------------------------------------------------------------------- 1 | # Python dependencies for the util/jenkins/requirements.txt 2 | 3 | awscli 4 | boto 5 | boto3 6 | futures ; python_version == "2.7" # via s3transfer 7 | s3cmd 8 | pyyaml 9 | backoff==1.4.3 10 | celery 11 | click 12 | opsgenie-sdk==0.3.1 13 | PyMySQL==0.9.3 14 | python-gnupg 15 | redis==2.10.6 16 | splunk-sdk==1.6.16 # older versions have been yanked 17 | yq 18 | jq 19 | -------------------------------------------------------------------------------- /requirements/pingdom.in: -------------------------------------------------------------------------------- 1 | # Requirements for util/pingdom/create_pingdom_alerts.py 2 | 3 | click==6.7 4 | PyYAML 5 | requests 6 | six==1.14.0 7 | -------------------------------------------------------------------------------- /requirements/pip-tools.in: -------------------------------------------------------------------------------- 1 | # Just the dependencies to run pip-tools, mainly for the "upgrade" make target 2 | -c constraints.txt 3 | 4 | pip-tools # Contains pip-compile, used to generate pip requirements files 5 | -------------------------------------------------------------------------------- /requirements/pip.in: -------------------------------------------------------------------------------- 1 | -c constraints.txt 2 | # Core dependencies for installing other packages 3 | 4 | pip 5 | setuptools 6 | wheel 7 | 8 | -------------------------------------------------------------------------------- /requirements/pip.txt: -------------------------------------------------------------------------------- 1 | # 2 | # This file is autogenerated by pip-compile with Python 3.8 3 | # by the following command: 4 | # 5 | # make upgrade 6 | # 7 | wheel==0.42.0 8 | # via -r requirements/pip.in 9 | 10 | # The following packages are considered to be unsafe in a requirements file: 11 | pip==23.3.2 12 | # via -r requirements/pip.in 13 | setuptools==69.0.2 14 | # via -r requirements/pip.in 15 | -------------------------------------------------------------------------------- /requirements/vpc-tools.in: -------------------------------------------------------------------------------- 1 | # Requirements for the scripts in util/vpc-tools 2 | 3 | boto 4 | docopt 5 | requests 6 | -------------------------------------------------------------------------------- /requirements3.txt: -------------------------------------------------------------------------------- 1 | # File not removed in order to be backwards compatibility 2 | # Use requirements.txt instead 3 | -r requirements.txt 4 | -------------------------------------------------------------------------------- /util/aws_ip_locator/requirements.txt: -------------------------------------------------------------------------------- 1 | boto3==1.9.0 2 | botocore==1.12.0 3 | click==6.7 4 | docutils==0.14 5 | futures==3.2.0 6 | jmespath==0.9.3 7 | netaddr==0.7.19 8 | python-dateutil==2.7.3 9 | s3transfer==0.1.13 10 | six==1.11.0 11 | urllib3==1.24.2 12 | -------------------------------------------------------------------------------- /util/check_for_key_collisions/README.md: -------------------------------------------------------------------------------- 1 | Finds if there are colliding keys in a set of yaml/json files that might collide when ansible merges happen 2 | 3 | USAGE: 4 | python check_for_yaml_key_collisions/check_for_yaml_key_collisions.py --files file1.yml --files file2.json -------------------------------------------------------------------------------- /util/check_for_key_collisions/requirements.txt: -------------------------------------------------------------------------------- 1 | Click==7.0 2 | PyYAML==5.4.1 3 | -------------------------------------------------------------------------------- /util/check_rds_configs/requirements.txt: -------------------------------------------------------------------------------- 1 | ../jenkins/requirements.txt -------------------------------------------------------------------------------- /util/cloudflare/by_origin_purger/requirements.txt: -------------------------------------------------------------------------------- 1 | ../../jenkins/requirements-cloudflare.txt -------------------------------------------------------------------------------- /util/csmh-extended/slow-delete.sh: -------------------------------------------------------------------------------- 1 | MINID=0 2 | MAXID=1003426362 3 | STEP=20000 4 | MIGRATE_USER=migrate 5 | PASSWORD='secret' 6 | HOST='host' 7 | 8 | 9 | for ((i=$MINID-1; i<=$MAXID; i+=$STEP)); do 10 | echo -n "$i"; 11 | time mysql -u $MIGRATE_USER -p$PASSWORD -h $HOST wwc <