Browse Source

openedx: first implementation

Fixes: main/infrastructure#101
keep-around/0f4916edb97d70884672f9086f69ee5e588dfb77
Loïc Dachary 12 months ago
committed by Loic Dachary
parent
commit
0f4916edb9
Signed by: dachary GPG Key ID: 992D23B392F9E4F2
  1. 1
      inventory/all.yml
  2. 2
      inventory/host_vars/openedx-host/provision.yml
  3. 9
      inventory/services.yml
  4. 14
      playbooks/openedx/conftest.py
  5. 8
      playbooks/openedx/inventory/services.yml
  6. 84
      playbooks/openedx/openedx-playbook.yml
  7. 10
      playbooks/openedx/playbook.yml
  8. 6
      playbooks/openedx/roles/openedx/defaults/main.yml
  9. 2
      playbooks/openedx/roles/openedx/tasks/main.yml
  10. 58
      playbooks/openedx/roles/openedx/tasks/openedx.yml
  11. 5
      playbooks/openedx/roles/openedx/templates/crontab
  12. 48
      playbooks/openedx/roles/openedx/templates/docker-compose-infrastructure.yml
  13. 15
      playbooks/openedx/tests/test_icinga.py
  14. 20
      playbooks/openedx/tests/test_openedx.py
  15. 2
      tox.ini

1
inventory/all.yml

@ -9,6 +9,7 @@ all-hosts:
gitlab-host:
icinga-host:
jitsi-host:
openedx-host:
packages-host:
postfix-host:
runner-host:

2
inventory/host_vars/openedx-host/provision.yml

@ -0,0 +1,2 @@
---
openstack_flavor: s1-8

9
inventory/services.yml

@ -138,6 +138,15 @@ wekan-service-hosts:
wekan-service-group:
essential-service-group:
openedx-service-group:
hosts:
openedx-host:
openedx-service-hosts:
children:
openedx-service-group:
essential-service-group:
pad-service-group:
hosts: {}

14
playbooks/openedx/conftest.py

@ -0,0 +1,14 @@
def pytest_addoption(parser):
parser.addoption(
"--enough-hosts",
action="store",
default="bind-host,postfix-host,openedx-host",
help="list of hosts"
)
parser.addoption(
"--enough-service",
action="store",
default="openedx",
help="service"
)

8
playbooks/openedx/inventory/services.yml

@ -0,0 +1,8 @@
---
icinga-service-group:
hosts:
bind-host:
postfix-service-group:
hosts:
postfix-host:

84
playbooks/openedx/openedx-playbook.yml

@ -0,0 +1,84 @@
---
- name: firewall for web
hosts: localhost
gather_facts: false
tasks:
- include_role:
name: firewall
vars:
firewall_server: "{{ item }}"
firewall_clients: [ 0.0.0.0/0 ]
firewall_protocols: [ tcp ]
firewall_ports: [ 80, 443 ]
when: hostvars[item].ansible_host is defined
with_items: "{{ groups['openedx-service-group'] | default([]) }}"
- name: setup openedx DNS
hosts: openedx-service-group
become: true
pre_tasks:
- name: set CNAME
nsupdate:
server: "{{ hostvars['bind-host']['ansible_host'] }}"
zone: "{{ domain }}"
record: "openedx.{{ domain }}."
ttl: 1800
type: CNAME
value: "{{ groups['openedx-service-group'][0] }}.{{ domain }}."
delegate_to: bind-host
- name: set CNAME
nsupdate:
server: "{{ hostvars['bind-host']['ansible_host'] }}"
zone: "{{ domain }}"
record: "studio.openedx.{{ domain }}."
ttl: 1800
type: CNAME
value: "{{ groups['openedx-service-group'][0] }}.{{ domain }}."
delegate_to: bind-host
- name: install openedX
hosts: openedx-service-group
become: true
roles:
- role: ansible-role-docker
docker_install_compose: true
- role: docker
- role: openedx
- role: enough-nginx
vars:
enough_nginx_reverse_proxy: 127.0.0.1:{{ openedx_port }}
enough_nginx_fqdn: "openedx.{{ domain }}"
- role: certificate
vars:
certificate_fqdn: "openedx.{{ domain }}"
certificate_installer: nginx
- role: monitor_http_vhost
http_vhost_https: true
http_vhost_name: openedX
http_vhost_fqdn: "openedx.{{ domain }}"
http_vhost_uri: "/"
http_vhost_string: "openedX"
- name: reverse proxy for openedX studio
hosts: openedx-service-group
become: true
roles:
- role: enough-nginx
vars:
enough_nginx_reverse_proxy: 127.0.0.1:8501
enough_nginx_fqdn: "studio.{{ domain }}"
- role: certificate
vars:
certificate_fqdn: "studio.{{ domain }}"
certificate_installer: nginx

10
playbooks/openedx/playbook.yml

@ -0,0 +1,10 @@
---
# - import_playbook: ../infrastructure/buster-playbook.yml
# - import_playbook: ../infrastructure/network-playbook.yml
# - import_playbook: ../firewall/firewall-playbook.yml
# - import_playbook: ../icinga/test-icinga-playbook.yml
# - import_playbook: ../bind/bind-playbook.yml
# - import_playbook: ../bind/bind-client-playbook.yml
# - import_playbook: ../icinga/icinga-playbook.yml
# - import_playbook: ../postfix/postfix-playbook.yml
- import_playbook: openedx-playbook.yml

6
playbooks/openedx/roles/openedx/defaults/main.yml

@ -0,0 +1,6 @@
---
openedx_port: 8500
openedx_root: /srv/openedx
openedx_contact: admin@{{ domain }}
openedx_language: en
openedx_platform_name: Enough

2
playbooks/openedx/roles/openedx/tasks/main.yml

@ -0,0 +1,2 @@
---
- import_tasks: openedx.yml

58
playbooks/openedx/roles/openedx/tasks/openedx.yml

@ -0,0 +1,58 @@
---
- name: apt-get install python3 python3-pip libyaml-dev
apt:
name: [ python3, python3-pip, libyaml-dev ]
state: present
- name: pip install tutor-openedx
pip:
executable: pip3
name: tutor-openedx
- name: "mkdir -p {{ openedx_root }}"
file:
path: "{{ openedx_root }}"
state: directory
owner: debian
group: debian
- name: (re)create openedX
shell: |
tutor local quickstart
- name: configure openedX
shell: |
tutor config save --set ACTIVATE_HTTPS=false \
--set CMS_HOST=studio.{{ domain }} \
--set CONTACT_EMAIL='{{ openedx_contact }}' \
--set LANGUAGE_CODE={{ openedx_language }} \
--set LMS_HOST=openedx.{{ domain }} \
--set PLATFORM_NAME='{{ openedx_platform_name }}' \
--set NGINX_HTTP_PORT={{ openedx_port }} \
--set NGINX_HTTPS_PORT=8543 \
--set SMTP_HOST=openedx-host.{{ domain }} \
--set SMTP_PORt=25
- name: git clone https://github.com/overhangio/indigo
git:
repo: https://github.com/overhangio/indigo
force: yes
dest: "{{ openedx_root }}/indigo"
become: False
- name: install indigo theme
shell: |
set -ex
tutor config render --extra-config ./indigo/config.yml ./indigo/theme "$(tutor config printroot)/env/build/openedx/themes/indigo"
tutor images build openedx
args:
chdir: "{{ openedx_root }}"
- name: (re)create openedX
shell: |
tutor local start -d
- name: activate indigo theme
shell: |
tutor local settheme indigo localhost studio.localhost \
$(tutor config printvalue LMS_HOST) $(tutor config printvalue CMS_HOST)

5
playbooks/openedx/roles/openedx/templates/crontab

@ -0,0 +1,5 @@
MAILTO=""
*/5 * * * * cd {{ weblate_root }}/weblate; flock --timeout 600 /tmp/weblate sudo docker-compose -f docker-compose-infrastructure.yml run --rm weblate update_index
@daily cd {{ weblate_root }}/weblate; flock --timeout 600 /tmp/weblate sudo docker-compose -f docker-compose-infrastructure.yml run --rm weblate cleanuptrans
@hourly cd {{ weblate_root }}/weblate; flock --timeout 600 /tmp/weblate sudo docker-compose -f docker-compose-infrastructure.yml run --rm weblate commit_pending --all --age=1

48
playbooks/openedx/roles/openedx/templates/docker-compose-infrastructure.yml

@ -0,0 +1,48 @@
version: '2'
services:
weblate:
image: weblate/weblate:{{ weblate_version }}
links:
- database
- cache
volumes:
- weblate-data:/app/data
ports:
- '8000:8080'
env_file:
- ./environment
restart: always
depends_on:
- database
- cache
environment:
- WEBLATE_EMAIL_HOST={{ hostvars["postfix-host"]["ansible_host"] }}
- WEBLATE_EMAIL_PORT=465
- WEBLATE_EMAIL_USE_TLS=0
- WEBLATE_EMAIL_USE_SSL=1
- WEBLATE_SERVER_EMAIL={{ weblate_server_email }}
- WEBLATE_DEFAULT_FROM_EMAIL={{ weblate_default_from_email }}
- WEBLATE_ADMIN_NAME=admin
- WEBLATE_ADMIN_EMAIL={{ weblate_admin_email }}
- WEBLATE_ADMIN_PASSWORD={{ weblate_admin_password }}
- WEBLATE_DEBUG=0
- WEBLATE_ENABLE_HTTPS=1
- WEBLATE_ALLOWED_HOSTS=weblate.{{ domain }},{{ hostvars[groups["weblate-service-group"][0]]["ansible_host"] }}
- WEBLATE_REGISTRATION_OPEN=1
database:
image: postgres:9.6-alpine
env_file:
- ./environment
volumes:
- postgres-data:/var/lib/postgresql/data
restart: always
cache:
image: redis:5-alpine
restart: always
command: [ "redis-server", "--appendonly", "yes" ]
volumes:
- redis-data:/data
volumes:
weblate-data: { }
postgres-data: { }
redis-data: { }

15
playbooks/openedx/tests/test_icinga.py

@ -0,0 +1,15 @@
from tests.icinga_helper import IcingaHelper
testinfra_hosts = ['ansible://bind-host']
IcingaHelper.icinga_host = 'bind-host'
class TestChecks(IcingaHelper):
def test_host(self):
r = self.get_client().objects.get('Host', 'openedx-host')
assert r['attrs']['name'] == 'openedx-host'
def test_service(self, host):
assert self.is_service_ok('openedx-host!openedX')

20
playbooks/openedx/tests/test_openedx.py

@ -0,0 +1,20 @@
import time
import requests
import yaml
def get_address(inventory):
vars_dir = f'{inventory}/group_vars/all'
return 'https://openedx.' + yaml.load(
open(vars_dir + '/domain.yml'))['domain']
def test_openedx(pytestconfig):
# openedx freshly recreated may take few mins to be operationnal
url = get_address(pytestconfig.getoption("--ansible-inventory"))
for i in range(60, 0, -1):
r = requests.get(url, timeout=5, verify='certs')
if r.status_code == requests.codes.ok:
break
time.sleep(5)
assert 'openedX' in r.text

2
tox.ini

@ -23,7 +23,7 @@ commands = flake8 {posargs}
#
# Integration tests
#
[testenv:{infrastructure,bind,authorized_keys,backup,certificate,postfix,icinga,openvpn,wekan,misc,pad,firewall,gitlab,api,wazuh,weblate,website,chat,cloud,enough,forum,packages,securedrop,jitsi}]
[testenv:{infrastructure,bind,authorized_keys,backup,certificate,postfix,icinga,openvpn,wekan,misc,pad,firewall,gitlab,api,wazuh,weblate,website,chat,cloud,enough,forum,packages,securedrop,jitsi,openedx}]
passenv =
ENOUGH_API_TOKEN
PYTEST_ADDOPTS

Loading…
Cancel
Save