6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-12-14 15:08:22 +00:00
Commit Graph

491 Commits

Author SHA1 Message Date
Régis Behmo
8035b7dfc6 Upgrade scorm to 9.2.0
This adds a bugfix (float graded submissions) and a new feature
(assignment rescoring).
2020-05-18 11:33:58 +02:00
Régis Behmo
b30617581d Increase maximum uploaded file size in the CMS
See discussion: https://discuss.overhang.io/t/increase-upload-size/556
2020-05-13 06:54:03 +02:00
Régis Behmo
95271092c5 v3.12.3 (2020-05-05)
- [Security] Apply most recent edx-platform [security
patches](https://discuss.openedx.org/t/security-patch-for-edit-chapter-xss-lint-issues/2030)
2020-05-05 18:58:01 +02:00
Régis Behmo
be38f70f5d Apply most recent edx-platform security patches
See this conversation:
https://discuss.openedx.org/t/security-patch-for-edit-chapter-xss-lint-issues/2030
2020-05-05 17:04:34 +02:00
Régis Behmo
c18ab3e7c6 v3.12.2 (2020-04-29)
- [Bugfix] Fix oauth2 authentication with 3rd-party services, such as discovery
- [Bugfix] Upgrade scorm xblock to solve caching issue
2020-04-29 16:15:10 +02:00
Régis Behmo
aef0ede0ec Fix oauth with services such as discovery
See https://discuss.overhang.io/t/problem-occured-during-checkout-please-contact-support/491/31
2020-04-29 15:53:01 +02:00
Régis Behmo
9043450de8 Upgrade scorm xblock to solve caching issue
See https://github.com/overhangio/openedx-scorm-xblock/issues/1
2020-04-29 11:23:27 +02:00
Régis Behmo
be6bc76b2c v3.12.1 (2020-04-27)
- [Improvement] Increase max upload allowed size to 250Mb in CMS
2020-04-27 00:27:17 +02:00
Régis Behmo
1815ab138e Increase allowed upload size for studio content
This is particularly useful for courses with large SCORM content.
2020-04-27 00:26:39 +02:00
Régis Behmo
47aad68a5c v3.12.0 (2020-04-26)
- 💥[Improvement] Do not deploy an ingress or SSL/TLS certificate issuer
ressource by default in Kubernetes
- [Improvement] Fix tls certificate generation in k8s
- 💥[Improvement] Radically change the way jobs are run: we no longer
"exec", but instead run a dedicated container.
- 💥[Improvement] Upgrade k8s certificate issuer to
cert-manager.io/v1alpha2
- [Feature] Add SCORM XBlock to default openedx docker image
2020-04-26 01:05:48 +02:00
Régis Behmo
b777d458f3 Fix formatting 2020-04-25 23:12:42 +02:00
Régis Behmo
a52884a311 Remove ingress/issuer from default k8s deployment
There are too many different ways to deploy an Ingress resource and to
generate SSL/TLS certificates: it's too much responsibility to make that
decision for the end user.
2020-04-25 23:12:42 +02:00
Régis Behmo
30e816d232 Fix forum init job
Now, when we run init for the forum, we go through the forum container
entrypoint. At this stage, the elasticsearch:9200/content url returns a
404 error, because, well, the init job has not run yet. So instead of
checking for the /content url, we simply check that the elasticsearch
container is up and running. Note that this might cause the initial
forum container to crash right after start.
2020-04-25 23:12:42 +02:00
Régis Behmo
bce6432d85 Improve job running in local and k8s
Running jobs was previously done with "exec". This was because it
allowed us to avoid copying too much container specification information
from the docker-compose/deployments files to the jobs files. However,
this was limiting:

- In order to run a job, the corresponding container had to be running.
This was particularly painful in Kubernetes, where containers are
crashing as long as migrations are not correctly run.
- Containers in which we need to run jobs needed to be present in the
docker-compose/deployments files. This is unnecessary, for example when
mysql is disabled, or in the case of the certbot container.

Now, we create dedicated jobs files, both for local and k8s deployment.
This introduces a little redundancy, but not too much. Note that
dependent containers are not listed in the docker-compose.jobs.yml file,
so an actual platform is still supposed to be running when we launch the
jobs.

This also introduces a subtle change: now, jobs go through the container
entrypoint prior to running. This is probably a good thing, as it will
avoid forgetting about incorrect environment variables.

In k8s, we find ourselves interacting way too much with the kubectl
utility. Parsing output from the CLI is a pain. So we need to switch to
the native kubernetes client library.
2020-04-25 23:12:42 +02:00
Régis Behmo
091e45fe63 Fix tls certificate generation in k8s
The "Certificate" objects are no longer required. As a consequence, the
"k8s-ingress-certificates" has become useless and should be removed from
plugins.
2020-04-25 14:40:48 +02:00
Régis Behmo
e4ca99b237 Upgrade cert-manager installation in k8s
Note that the spec has changed for v1alpha2.
2020-04-25 14:40:48 +02:00
Régis Behmo
49c71f8af2 Add scorm xblock to the openedx docker image 2020-04-25 14:20:13 +02:00
Régis Behmo
0960449405 v3.11.12 (2020-04-16)
- [Feature] Make it easy to add custom translation strings to the
openedx Docker image
- [Improvement] Make it possible to rely on a different npm registry for
faster image building
2020-04-16 19:31:36 +02:00
Régis Behmo
33ab52bfeb Make it easy to add custom translation strings to edx-platform
Users can now add custom translation strings to a locale folder at build
time, very much in the same way as custom themes or requirements. This
is quite convenient, although is does require quite a bit of time to
rebuild the docker images.
2020-04-16 19:30:08 +02:00
Régis Behmo
76d1078382 Make it possible to pull nodejs packages from custom npm registry
During an incident at npmjs.org it was extremely difficult to pull
nodejs packages -- so we made it possible to pull from a custom
registry, deployed for instance with Verdaccio (https://verdaccio.org/).
2020-04-16 19:26:02 +02:00
Régis Behmo
bdc0cb04e2 v3.11.11 (2020-04-15)
- [Bugfix] Make sure all emails (including "password reset") are
properly saved to a local file in development mode (#315)
- [Improvement] Add `openedx-development-settings` patch to patch the
LMS and the CMS simultaneously in development
- [Bugfix] Fix missing celery tasks in the CMS
2020-04-15 23:53:05 +02:00
Régis Behmo
724c2c84da Make sure all emails are stored to a tmp file in development
In development, emails sent from edx-platform were using the
"file_email" channel from edx-ace ("edX's automated communication
engine"). This channel was failing because it tries to write to a file
located in the /edx folder, which does not exist in tutor containers. To
fix this, we configure edx-ace to rely on the django email backend,
which itself is configured to send emails to a file in development. It
turns out that this backend was also configured to store emails in a
file located in the /edx folder, so we had to add the standard
EMAIL_FILE_PATH django setting to our development settings.

It was easier to reconfigure the django file email backend than the
edx-ace file_email channel because the output path of the latter cannot
be modified by a setting.

Note that this causes all emails to be stored in local files instead of
being sent to actual recipients. This is the default behaviour in Open
edX, and indeed in most default django apps (in development). This is a
good thing! If, for some reason, developers would like to try out email
sending during development, they should modify the EMAIL_BACKEND
setting and set it to 'django.core.mail.backends.smtp.EmailBackend'.
This is quite easy to achieve with the help of a plugin:

    name: sendemailsindev
    version: 0.1.0
    patches:
      openedx-development-settings: |
          # actually send emails in dev
          EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

Close #315
2020-04-15 23:52:28 +02:00
Régis Behmo
072c3a1a15 Add openedx-development-settings patch 2020-04-15 23:52:18 +02:00
Régis Behmo
54d9fe20e7 Fix missing celery tasks in the CMS
This should spare us quite a few error messages in the CMS worker.
2020-04-14 19:49:18 +02:00
Régis Behmo
68ff61a421 v3.11.10 (2020-04-14)
- [Bugfix] Fix updates to the course structure in the LMS (#302)
2020-04-14 19:24:27 +02:00
Régis Behmo
48ca6eb4b0 Fix updates to the course structure in the LMS
When we were changing unit titles in the CMS, the changes were taking a
long time to be reflected in the LMS. That's because the cache key that
corresponds to the course structure was not being updated. It was the
responsibility of an asynchronous LMS celery worker to update this cache
entry. However, this was impossible in most cases because tasks
triggered in the CMS were only processed by CMS workers. That is, unless
we are using a custom celery router:
https://celery.readthedocs.io/en/latest/userguide/routing.html#routers

This is what edx-platform does in the devstack: certain CMS tasks are
forwarded both to CMS and to LMS workers. This is achieved by defining
the ALTERNATE_WORKER_QUEUES="lms" django setting in the CMS.

Adding this setting to Tutor solves the problem in production. However,
in development mode Open edX runs without workers
(`CELERY_ALWAYS_EAGER=True`). This means that the course structure will
not be automatically updated when running `tutor dev` commands, which is
a shame. The alternative is to define the
"block_structure.invalidate_cache_on_publish" waffle switch. This can be
done from the UI (in /admin/waffle/switch/add/) or by running:

    tutor dev run lms ./manage.py lms waffle_switch block_structure.invalidate_cache_on_publish on --create

However, this flag seems to slow down access to the LMS for the first
user who tries to access the course after it has been updated.

Close #302
2020-04-14 19:16:52 +02:00
Régis Behmo
30f39233c4 v3.11.9 (2020-04-07)
- [Bugfix] Fix Android app build for domain names that include a dash
("-")
2020-04-07 15:06:21 +02:00
Régis Behmo
36e2f81845 Fix Android app build for domain names that include a dash
See
https://discuss.overhang.io/t/build-android-app-command-error/405/30

Android package names should be composed of alphanumeric or underscore
characters only
(https://developer.android.com/studio/build/application-id.html)
2020-04-07 15:04:34 +02:00
Régis Behmo
e42c20a133 v3.11.8 (2020-04-06)
- [Feature] Add `encrypt` template filter to conveniently add
htpasswd-based authentication to nginx
- [Bugfix] Fix "missing tty" during init in cron jobs
2020-04-06 10:40:28 +02:00
Régis Behmo
411327662e Add encrypt template filter
This is convenient for htpasswd-based authentication to nginx, for
instance.
2020-04-04 18:22:15 +02:00
Régis Behmo
04f672eed2 Fix "missing tty" during init in cron jobs 2020-04-02 12:36:43 +02:00
Régis Behmo
40d9058f3d v3.11.7 (2020-04-01)
- [Bugfix] Fix missing js translations
- [Bugfix] Fix tls certificate generation in cron jobs
2020-04-01 20:23:16 +02:00
Régis Behmo
1c22ade579 Add missing js translations to openedx
Client-side translations are stored in "djangojs.js" files. Supposedly,
these files were properly compiled prior to the Ironwood release -- but
this is not the case, so we need to re-generate them.

Also, we need to re-generate the djangojs.js files for the custom,
downloaded locales. The assets collection settings are also fixed to
take into account the separate locale folder.

This step needs to happen prior to static assets collection, as the
djangojs files are collected to the staticfiles/ folder.

See these conversations:
https://discuss.overhang.io/t/localization-not-works-perfect/363
https://discuss.openedx.org/t/localization-not-work-for-js-files/1671
2020-04-01 20:12:25 +02:00
Régis Behmo
b72da818ea Minor formatting 2020-03-27 10:17:36 +01:00
Régis Behmo
e521333b75 Fix tls certificate generation in cron jobs
tls renewal and generation was failing in cron jobs because of "The
input device is not a TTY" errors. This is because the "-it" docker
option does not work when a tty is not available.
2020-03-27 10:05:40 +01:00
Régis Behmo
2d98356629 Clarify certbot image source repository 2020-03-27 09:56:53 +01:00
Régis Behmo
eb7da31577 Fix typo in elasticsearch volume and deployment name 2020-03-25 17:08:23 +01:00
Régis Behmo
ae2af6b1f8 Fix minor docs issues 2020-03-16 22:33:56 +01:00
Régis Behmo
328e70b8b5 Various docs improvements
There is still a lot of work to do. In particular, local.rst and
configuration.rst are a mess. But that's a job for another time.
2020-03-16 22:27:04 +01:00
Régis Behmo
41f14d528b Better explanation of how templates work
Close #273
2020-03-16 21:24:40 +01:00
Régis Behmo
cf041568d0 Add a big fat warning against "sudo"
Also, the permission error that is frequently encountered is added at
the top of the list of frequent issues in the docs.
2020-03-16 17:43:55 +01:00
Régis Behmo
42d698d6e5 v3.11.6 (2020-03-13)
- [Bugfix] Fix "Unable to resolve dependency" error during forum
initialisation
- [Feature] Add `settheme` command to easily assign a theme to a domain
name
- [Improvement] Modify nginx access logs to include request scheme and
server name (plugin developers should use the "tutor" log format)
- [Bugfix] Fix DNS resolution of restarted service
- [Feature] Restart multiple services with `local restart`
- [Feature] Make it possible to easily reload openedx gunicorn process
with `tutor local exec lms reload-gunicorn``
- [Improvement] Rename lms/cms_worker to lms/cms-worker in local
deployment
- [Improvement] Add the management plugin to the rabbitmq container
- [Improvement] Make it possible to run an Elasticsearch service on
https
2020-03-13 19:27:01 +01:00
Régis Behmo
8df63a6165 Pin ruby-build version in forum image
This is to avoid another case where the forum image sudddenly starts
failing.
2020-03-13 19:27:01 +01:00
Régis Behmo
bbabd72d80 Switch forum building ENV to ARG
It makes no sense to have those variables at runtime.
2020-03-13 19:27:01 +01:00
Régis Behmo
1a42e2d338 Fix "Unable to resolve dependency" error during forum init
When running "bundle exec rake search:initialize" in the forum, we were
getting the following error:

        /openedx/ruby/lib/ruby/site_ruby/2.4.0/rubygems/resolver.rb:235:in `search_for': Unable to resolve dependency: user requested 'did_you_mean (= 1.1.0)' (Gem::UnsatisfiableDependencyError)

It happens this error suddently happened because rubygems-update was not
pinned to a specific version. v3.0.4 was working and v3.1.2 was not.

As it happens, we don't need rubygems-update, so we simply get rid of it
entirely.
2020-03-13 19:27:01 +01:00
Régis Behmo
797167d48a Do not include too many themes to avoid long image build time
To minimize image build time and size, we do not build non-default
themes.
2020-03-13 19:27:01 +01:00
Régis Behmo
5c43d6ee25 Add "settheme" command
This makes it much easier to switch to a new theme.
2020-03-13 19:27:01 +01:00
Régis Behmo
08606ca1a6 Add scheme and server name to access logs
To do so, we had to create a new log_format.

Plugin developers are strongly encouraged to start using this log format
by adding the `access_log /var/log/nginx/access.log tutor;` directive to
their extra nginx configurations.

In order to load this log format early, the `tutor.conf` config file had
to be renamed to something early in the alphabet... (hence starting by
an underscore) Older users would face an error on nginx reload, so older
"tutor.conf" files are automatically removed on config save.
2020-03-12 12:01:41 +01:00
Régis Behmo
0cf8958e3a Fix nginx DNS resolution of restarted services
Previously, a common error when restarting e.g: the lms or the cms was
that nginx redirected to the wrong container. For instance:

    access studio.localhost
    tutor local restart lms cms
    access studio.localhost

In the second call to studio.localhost, we were frequently trying to
access the LMS, which resulted in a 400 error.

We solve this issue by setting a TTL of 10s on the nginx proxy name
resolution.

More docs:
http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
2020-03-12 09:53:18 +01:00
Régis Behmo
e2a3a2d912 Allow multiple services in "local restart" command 2020-03-12 09:52:22 +01:00
Régis Behmo
16819bd697 Rename *_PROTOCOL to *_SCHEME 2020-03-12 09:37:22 +01:00
Régis Behmo
00ec6930ae Add simple gunicorn reload script to openedx image 2020-03-10 10:37:14 +01:00
Régis Behmo
0325e7ad95 Rename worker containers from x_worker to x-worker
This is more coherent with k8s.
2020-03-10 10:37:14 +01:00
Régis Behmo
c2628d2b9c Add the management plugin to the rabbitmq container
The management plugin exposes an http API that makes it possible to
monitor rabbitmq. By default, we do not expose the management dashboard.
As a consequence, the API is only usable by other internal containers.
2020-03-10 10:37:14 +01:00
Régis Behmo
702e8cca7d Make it possible to run an Elasticsearch service on https
This is useful when running elasticsearch from 3rd-party vendors.
2020-03-10 10:37:14 +01:00
Claudio Acciaresi
a7eb9be2fe Fixing typo. 2020-02-27 21:49:12 +01:00
Régis Behmo
479e9ca34a v3.11.5 (2020-02-27)
- [Improvement] Switch edx-platform from open-release/ironwood.2 tag to
the open-release/ironwood.master branch
- [Security] Upgrade django to 1.11.28
- [Improvement] Make it possible to configure the elasticsearch heap
size
- [Bugfix] Fix broken elasticsearch environment variables
- [Improvement] Restore more recent Android app version (#289).
2020-02-27 18:08:04 +01:00
Régis Behmo
872883e36f Switch edx-platform from ironwood.2 to ironwood.master
There are too many patches on top of ironwood.2, and it's not practical
to pull them all one by one. We still want to build on top of a specific
version, and not a branch, so we use a dirty hack to guarantee that the
docker image is properly rebuilt by CI when we change it.
2020-02-27 17:42:43 +01:00
Régis Behmo
7eb99a3811 Minor code refactoring, for naming clarity 2020-02-27 17:14:00 +01:00
Régis Behmo
5e626114de Security upgrade django 1.11.27 -> 1.11.28 2020-02-27 17:13:42 +01:00
Régis Behmo
83459d43d5 Fix broken elasticsearch configuration
Because we are running a version of elasticsearch older than Methusalem,
the docker environment variables were not properly taken into account.
For instance, the cluster name and "mlockall" settings were incorrect,
as we could see by running:

    $ tutor local run lms curl elasticsearch:9200 | grep cluster_name
    ...
      "cluster_name" : "elasticsearch",
    $ tutor local run lms curl elasticsearch:9200/_nodes/process?pretty | grep mlock
      ...
     "mlockall" : false

See
https://discuss.overhang.io/t/elastic-container-is-not-being-removed/312/3
for discussion.

This fix also introduces a new tutor configuration setting to adjust the
elasticsearch heap size.
2020-02-26 11:47:43 +01:00
Régis Behmo
ff3fea6930 Restore more recent Android app tagged release
A prior change used the ironwood.1 tag to build the Android app in an
attempt to solve #289. Turns out that this change was unnecessary. So
here we revert to a more recent release of the Android app. Instead of
building from the master branch (which might create suprises) we build
from a fixed release tag.

The source repo and version are customisable via build arguments.
2020-02-25 17:29:53 +01:00
Régis Behmo
e166a749e4 v3.11.4 (2020-02-16)
- [Bugfix] Fix auth problem in Android app (#289)
2020-02-16 16:00:35 +01:00
Régis Behmo
50238129a9 Downgrade android build version to ironwood.1
The android master branch was failing because of authentication errors.

Close #289
2020-02-16 16:00:35 +01:00
Régis Behmo
29ed111c7f v3.11.3 (2020-01-21)
- [Bugfix] Fix incorrectly parsed empty strings for `config save --set
...=...` commands
2020-01-21 18:32:34 +01:00
Régis Behmo
731de6a747 Fix incorrectly parsed empty strings in config save --set ...=...
When running `config save --set KEY=""`, KEY was incorrectly interpreted
as null.
2020-01-21 18:32:34 +01:00
Régis Behmo
eeb5f43239 Replace @ by == in "pluginname==version" 2020-01-17 15:06:07 +01:00
Régis Behmo
6716668ff9 v3.11.2 (2020-01-17)
- [Bugfix] Make sure `docker-compose.override.yml` are loaded in dev and
local contexts
2020-01-17 12:12:47 +01:00
Régis Behmo
cdc221b20e Fix loading of docker-compose.override files
Override files are not automatically loaded when running with `-f`, so
we need to specify them manually.
2020-01-17 09:46:59 +01:00
Régis Behmo
6b083fee4e v3.11.1 (2020-01-16)
- [Feature] Add `config render` command
2020-01-16 23:58:20 +01:00
Régis Behmo
2159226b4b Fix missing partials folder in config render
"partials" folders were not rendered at all when using `config render`.
2020-01-16 23:58:20 +01:00
Régis Behmo
72e23f3f96 Add config render command
This is going to be useful for using custom themes with user-defined
variables.
2020-01-16 17:15:55 +01:00
Régis Behmo
c4c12b0ab8 env.py refactoring
Clarify a few variable names, make code more modular. Also, the Renderer
class now makes more sense as a singleton. We took the opportunity to
delete quite a lot of code.
2020-01-16 15:07:35 +01:00
Régis Behmo
3ca0c6cf46 v3.11.0 (2020-01-14)
- [Feature] Add support for simple, YAML-based plugins
- 💥[Improvement] The output of `plugins list` now includes plugin
version numbers
2020-01-14 17:35:51 +01:00
Régis Behmo
e3444d668c Add support for simple, yaml-based plugins
Those plugins are stored as yaml files in ~/.local/share/tutor-plugins
and follow the same specifications as entrypoint plugins.
2020-01-14 17:35:51 +01:00
Régis Behmo
159e24a95d Refactor plugin internals
This is for supporting json-based plugins. The great thing about this
change is that it allows us to easily print plugin version numbers in
`plugins list`.
2020-01-14 15:41:42 +01:00
Régis Behmo
c1e47cec82 Minor internal function renaming 2020-01-14 12:01:06 +01:00
Régis Behmo
e611b90441 3.10.1 (2020-01-13)
- [Improvement] Explicitely point to docker.io images, when necessary,
for [podman](https://podman.io/) compatibility.
2020-01-13 22:40:10 +01:00
Régis Behmo
e8248b26d6 Tutor docker images should point to docker.io, too 2020-01-10 17:22:01 +01:00
Régis Behmo
c03e86f43b Explicitely point to docker.io images
This is useful for tools like podman which do not take it for granted
that base images come from hub.docker.com.
2020-01-10 17:15:48 +01:00
Régis Behmo
079c5bc778 v3.10.0
- [Bugfix] Fix oauth authentication in dev mode
- [Improvement] Upgrade to the 3.7 docker-compose syntax
- [Improvement] The `dev runserver` command can now be run for just any
service
- 💥[Feature] `dev run/exec` commands now support generic options which
are passed to docker-compose. Consequently, defining the
`TUTOR_EDX_PLATFORM_PATH` environment variable no longer works. Instead,
users are encouraged to explicitely pass the `-v` option, define a
command alias or create a `docker-compose.override.yml` file.
2020-01-10 16:42:27 +01:00
Régis Behmo
c636a39af9 Fix oauth authentication in dev mode
This was causing issues with the discovery service in development mode.
2020-01-10 13:14:55 +01:00
Régis Behmo
899e4dfb9a Upgrade to v3.7 for docker-compose service definition
We were encountering issues when overriding service definitions with
"x-...". These were solved by upgrading docker-compose and switching to
3.7 service definition. As a consequence, the minimum supported docker
version is 18.06.0, as specified by
https://docs.docker.com/compose/compose-file/#compose-and-docker-compatibility-matrix
2020-01-10 11:10:54 +01:00
Régis Behmo
3540627691 Make it possible to run dev runserver for any service 2020-01-10 11:10:54 +01:00
Régis Behmo
d17fdaa658 More feature-complete dev/local docker-compose commands
By de-duplicating the code between dev.py and local.py, we are able to
support more docker-compose run/up/stop options passed from tutor. To do
so, we had to disable some features, such as automatically mounting the
edx-platform repo when the TUTOR_EDX_PLATFORM_PATH environment variable
was defined.
2020-01-10 11:10:54 +01:00
Régis Behmo
fcf2dd0d6f v3.9.1
- [Improvement] Make it possible to override the project name in development mode
- [Bugfix] Fix user switching in development mode
- [Bugfix] Fix "k8s quickstart" crash
2020-01-08 20:09:33 +01:00
Régis Behmo
f82cbd84f1 Fix crash on "k8s quickstart"
This was due to the recent context refactoring.

See https://discuss.overhang.io/t/error-with-kubernetes-deployment/240
2020-01-08 20:07:25 +01:00
Régis Behmo
f5c087cada Fix user switching in development mode
This incorrect user switching was (probably) causing permission issues,
as well as incorrect settings.
2020-01-08 19:35:57 +01:00
Régis Behmo
cc649e7378 Make it possible to override dev project name 2020-01-08 14:36:51 +01:00
Régis Behmo
49a7946d67 Simplify patch internals 2020-01-08 12:20:24 +01:00
Régis Behmo
b5ef89abed Fix --edx-platform-settings cli doc 2020-01-08 12:07:47 +01:00
Régis Behmo
5179931c0e Fix autocompletion of "dev exec" command 2020-01-07 14:33:55 +01:00
Régis Behmo
41c9bfc337 v3.9.0
- [Security] Apply django 1.11.21 -> 1.11.27 security patches
- [Bugfix] Fix running dev image with `sudo`
- [Improvement] Add `cms/lms-env-features` patches (#276)
- [Feature] Add plugin subcommands
- 💥[Improvement] Move ``-r/--root`` option to parent command level
- [Bugfix] Fix course about page visibility
- [Improvement] Print gunicorn access logs in the console
- 💥[Improvement] Get rid of the `indexcourses` and `portainer` command
(#269)
2019-12-21 16:54:57 +01:00
Régis Behmo
2ba57fb8ba Apply django 1.11.21 -> 1.11.27 security patches 2019-12-21 15:18:29 +01:00
Régis Behmo
25f98250cb Fix running dev openedx image with sudo
When running with `sudo`, the USERID image ARG is 0. The docker
entrypoint needed to take this case into account.

See:
https://discuss.overhang.io/t/openedx-is-not-the-name-of-a-known-user/224/5
2019-12-16 09:33:43 +01:00
Régis Behmo
0b1cac5134 Make it possible to run plugin subcommands 2019-12-15 18:52:58 +01:00
Régis Behmo
13de3c8adc Move "-r/--root" option to parent command level 2019-12-15 18:52:58 +01:00
Claudio Acciaresi
399114ad5b Adding the ability to specify CMS or LMS specific features. 2019-12-13 10:00:59 +01:00
Régis Behmo
494838956a Fix course about page visibility
"Course visibility In Catalog" advanced CMS setting was being ignored
because the default the COURSE_CATALOG_VISIBILITY_PERMISSION and
COURSE_ABOUT_VISIBILITY_PERMISSION settings were incorrectly set to the
legacy default, which "see_exists".

See
https://discuss.overhang.io/t/catalog-visibility-in-tutor-deployed-open-edx/214
2019-12-09 10:18:54 +01:00
Régis Behmo
2e9967879d Fix minor scripts.py formatting 2019-12-05 12:42:41 +01:00
Régis Behmo
a028bad636 Print gunicorn access logs in the console
See docs: https://docs.gunicorn.org/en/stable/settings.html#accesslog
2019-12-05 12:41:00 +01:00
Régis Behmo
afab59e17d Fix non-ascii platform names
There was an issue with non ascii platform names, such as "Курсы". This
is fixed by switching to utf8-encode settings file. That is, until we
switch to python3.

Close #270
2019-12-05 12:04:27 +01:00
Régis Behmo
302e1fc986 Get rid of the local portainer command
It makes more sense to document this command instead of adding it to the
`local` commands. If need be, in the future we should be able to re-add
it as a plugin.
2019-12-05 11:54:44 +01:00
Régis Behmo
0fb9bfe008 Get rid of the indexcourses command
This command adds a burden on the `local` and `k8s` command. It does not
make sense to provide this command out of the box, and not other
administration commands. Instead, we should better document how to run
regular `manage.py` commands from tutor.

Close #269.
2019-12-05 11:49:53 +01:00
Régis Behmo
74b3baab47 v3.8.0
- [Improvement] Add `k8s-deployments-nginx-volume-mounts` patch
- [Bugfix] Fix running forum locally when both elasticsearch and mongodb
are not activated (#266)
- [Bugfix] Fix MongoDb url in forum when running separate service (#267)
- 💥[Improvement] Better `dev` commands, with dedicated development
docker image. One of the consequences is that the `dev watchthemes`
command is replaced by `dev run lms watchthemes`.
- [Improvement] `images` commands now accept multiple `image` arguments
2019-11-22 13:01:42 +01:00
Régis Behmo
07aa0e47f2 Add k8s-deployments-nginx-volume-mounts plugin patch
This is for mounting discovery/ecommerce static asset folders in nginx.
2019-11-22 11:54:49 +01:00
Régis Behmo
fbafd1c301 Fix incorrect django settings during CMS init 2019-11-22 09:32:50 +01:00
Régis Behmo
c89a5d3c3a Minor black formatting issue 2019-11-22 09:23:59 +01:00
Régis Behmo
993694909a Fix forum depends_on when data services are disabled
When both mongodb and elasticsearch were not activated, there was a
syntax error in the local docker-compose.yml file.

Close #266
2019-11-22 09:21:59 +01:00
Régis Behmo
475df37729 Fix Mongodb url in forum when running separate service
MONGOHQ_URL was not properly set when MONGODB_HOST/PORT was customised.
That's because the environment variable was being defined in the
Dockerfile, and not at runtime.

Close #267
2019-11-22 08:56:30 +01:00
Régis Behmo
d19bd53b2b Fix missing bundle static assets in dev mode
The static assets need to be properly collected in the development image
in order to have a working webpack-stats.json file.

The /openedx/staticfiles folder is still bind-mounted in the docker
image in order to have a working `watchthemes` command.

This is for issue #235, again.
2019-11-14 12:06:17 +01:00
Régis Behmo
1f08006e90 Dynamic openedx settings configuration
`tutor.production` should not be hardcoded in the init scripts. Instead,
we load the `$SERVICE_VARIANT.envs.$SETTINGS` settings.

This was inspired by a conversation on slack:
https://openedx.slack.com/archives/CGE253B7V/p1573561290003700?thread_ts=1573478499.002800&cid=CGE253B7V

Thanks @cacciaresi!
2019-11-14 09:27:28 +01:00
Régis Behmo
df46f8579b Clarify dev setting variable name 2019-11-07 09:29:37 +01:00
Régis Behmo
a2cb012e65 Fix dev user creation when running root on host 2019-10-25 10:38:15 +02:00
Régis Behmo
5e9d405a91 Fix dev/images formatting 2019-10-24 21:34:14 +02:00
Régis Behmo
b01f4d9c0e Better dev environment
The `dev` commands now rely on a different openedx-dev docker image.
This gives us multiple improvements:

- no more chown in base image
- faster chown in development
- mounted requirements volume in development
- fix static assets issues
- bundled ipdb/vim/... packages, which are convenient for development

Close #235
2019-10-24 20:03:36 +02:00
Régis Behmo
6a6750d04b Beautify openedx-assets script 2019-10-22 19:39:23 +02:00
Régis Behmo
a3f39b3526 v3.7.4 (2019-10-19)
- [Bugfix] Fix missing requirements file in pypi package (#261)
- [Improvement] Add missing cms/lms production/development setting
patches
- [Improvement] Allow SigV4 authentication for video upload to S3
- [Bugfix] Fix cms development settings
2019-10-19 19:13:57 +02:00
Régis Behmo
ed0cf8d99f Fix incorrect lms settings patch 2019-10-18 18:19:38 +02:00
Régis Behmo
38ed7d4985 Add missing cms/lms production/development setting patches 2019-10-18 18:19:38 +02:00
Régis Behmo
9cc4074f53 Support SigV4 authentication for video upload 2019-10-18 18:19:38 +02:00
Régis Behmo
16e2e8fcb9 Do not render partials/common directory
Subdirectories of partials/ folder are rendered, so we need to move the
common settings files to the partials/ folder.
2019-10-18 14:55:36 +02:00
Régis Behmo
11f7385276 Fix cms development settings
LMS settings were being incorrectly included in the cms dev settings.
2019-10-18 11:36:07 +02:00
Régis Behmo
1c9111198f 3.7.3 (2019-10-09)
- [Improvement] Upgrade openedx locales to Ironwood
2019-10-17 17:23:16 +02:00
Régis Behmo
e539f31504 Simplify common openedx settings management
Use "{% include %}" jinja directive instead of python "exec", which was
a bit weird.

Also, this sets the technical email for the studio, which was previous
set at "technical@example.com".
2019-10-17 10:22:04 +02:00
Régis Behmo
eec60dd248 Upgrade openedx locales to Ironwood 2019-10-09 15:50:32 +02:00
Régis Behmo
8918724021 v3.7.2 (2019-10-09)
- [Improvement] Properly set studio title (#246)
- [Improvement] Enable Mysql strict mode
2019-10-09 13:40:18 +02:00
Régis Behmo
73277059bc Properly set studio title
This title is visible in the browser title bar and the main page of the
CMS.

Close #246.
2019-10-09 12:04:15 +02:00
Régis Behmo
81dafa44ea k8s support has long been out of beta 2019-10-08 22:25:31 +02:00
Régis Behmo
cb0e2c509d De-duplicate asset settings 2019-10-07 16:39:24 +02:00
Régis Behmo
56850683b3 Get rid of mysql strict trans mode warnings
Here, we adopt the same behaviour as edX.org.

See the following links for documentation:
https://docs.djangoproject.com/en/1.11/ref/databases/#mysql-sql-mode
https://dev.mysql.com/doc/refman/en/sql-mode.html#sql-mode-strict
2019-10-07 16:39:24 +02:00
Régis Behmo
1d4826dc3d v3.7.1
- [Feature] Introduce tutor docker image
- [Feature] Introduce `local hook` command for plugin development.
- [Bugfix] Persist `private.txt` file between two runs of `config save`.
(#247)
- [Improvement] Added configuration values to limit the number of
gunicorn workers for the LMS and CMS.
2019-10-07 14:40:49 +02:00
Régis Behmo
762e7984c2 Introduce local hook command 2019-10-04 11:44:24 +02:00
Régis Behmo
74d50e52c3 Persist private.txt between two runs of "config save"
Close #247.
2019-09-23 11:32:10 +02:00
Régis Behmo
8659b6e7ac Added config values for #gunicorn workers 2019-09-19 15:39:18 +02:00
Régis Behmo
a2f072faa9 v3.7.0 (2019-09-03)
- 💥[Improvement] Get rid of mysql-client container
- [Improvement] Add "local-docker-compose-lms/cms-dependencies" plugin
patches
- [Improvement] Use "exec" instead of "run" to initialise local platform
2019-09-03 11:12:10 +02:00
Régis Behmo
0c0db78310 Get rid of mysql-client container
This has an impact on plugin hooks. Plugin hooks that needed to run
inside mysql-client now need to run inside mysql container. This
simplifies the deployment, as we no longer have an empty mysql-client
container sitting around.

When mysql is not enabled (ACTIVATE_MYSQL=False) the mysql container is
simply a mysql client.
2019-09-03 10:36:10 +02:00
Régis Behmo
14dd9e54a9 Add lms/cms dependency patches
This makes it possible to declare that the lms/cms depend on minio.
2019-09-03 09:35:55 +02:00
Régis Behmo
f5c16f81b0 Nicer sleep commands for mysql-client container 2019-09-03 09:34:44 +02:00
Régis Behmo
8548e9e347 Simpler forum init script 2019-09-03 09:34:13 +02:00
Régis Behmo
5a24056b8e Switch from "run" to "exec" for local initialisation
We ran into an issue when trying to run migrations when the MinIO plugin
is activated. As seen in issues #243 and #244, the
certificates.0003_data__default_modes migration requires access to
MinIO. To do so, the MinIO host must be reached. That means that SSL
certificates must be in place (if https is enabled) and that the nginx
server must be booted. However, it does not make sense to require that
the minio container depends on the nginx container. So, in effect, we
need a fully working platform to run migrations.

In a sense, this is better as it harmonises the init task with k8s: in
k8s, init was already run with exec.

Next step is to get rid of these ugly mysql-client/minio-client
containers that must be up at all times. It would be much simpler to
just exec the commands inside the mysql/minio containers.
2019-09-03 09:29:38 +02:00
Régis Behmo
88d94bcc24 v3.6.3 (2019-08-31)
- [Security] Fix CustomTagModule mako template injection
- [Improvement] Move all plugins outside of the tutor repo
- [Bugfix/Improvement] Add all plugins (with data) into binary bundle
(#242)
2019-08-31 13:41:11 +02:00
Régis Behmo
bcf1ffe556 Fix CustomTagModule mako template injection
See announcement: https://groups.google.com/forum/#!topic/openedx-ops/aVHomKimstU
2019-08-31 12:13:19 +02:00
Régis Behmo
c9adf68ba3 Avoid reliance on __file__
"__file__" does not work with some bundle compilers, such as pyoxidizer.
Also, it's not the recommended way to proceed. See
https://pyoxidizer.readthedocs.io/en/latest/packaging_pitfalls.html#reliance-on-file
2019-08-20 17:04:18 +02:00
Régis Behmo
4d7ec486f3 v3.6.2 (2019-08-07)
- [Bugfix] Fix missing templates in bundled plugins
- [Bugfix] Enable html certificate view
2019-08-07 14:27:31 +02:00
Régis Behmo
91e357b460 Enable HTML certificates by default
See this discussion
https://discuss.overhang.io/t/how-to-generate-a-certificate-for-students/100/3
2019-07-31 13:11:22 +02:00
Régis Behmo
2a883603c8 v3.6.1
- [Bugfix] Fix missing patches from minio plugin (thanks @Wejie!)
2019-07-26 23:22:46 +02:00
Régis Behmo
f93f62a3a9 v3.6.0 (2019-07-11)
- [Feature] Modify ``createuser`` commands to define a password from the
command line
- [Improvement] Better yaml value parsing from command line
- [Feature] Add `dev exec` command
- [Bugfix] Fix incorrect notes settings definition
- [Improvement] Make it possible to start/stop/reboot a selection of
services
- [Improvement] Add `local/k8s reboot` commands
- [Improvement] Add `-U/--unset` option to `config save`
- [Bugfix] Fix insecure static asset loading when web proxy is enabled
- [Improvement] Rename `SECRET_KEY` configuration parameter to
`OPENEDX_SECRET_KEY`
- [Improvement] Add support for SSL and TLS in external SMTP server
(#231)
- [Bugfix] Fix missing video transcripts in LMS (#229)
- [Improvement] Make it possible to enable/disable multiple plugins at
once
- [Improvement] Add a few local and k8s patches for plugins
2019-07-11 14:26:51 +08:00
Régis Behmo
d9a18790d3 Define a password from the CLI on user creation
Add a `-p/--password` option to `createuser` commands.
2019-07-11 11:56:18 +08:00
Régis Behmo
b01e66f6df Add a few kustomization patches 2019-07-11 10:32:40 +08:00
Régis Behmo
d4a429bcc5 Fix parsing of weird characters in configuration parameters 2019-07-11 10:31:23 +08:00
Régis Behmo
c9a3ea875a Add nginx volumes patch for k8s 2019-07-10 16:39:58 +08:00
Régis Behmo
1e995aaf1a More robust plugin/env config checking 2019-07-10 16:20:43 +08:00
Régis Behmo
7fbba104a1 Update env renderer on config change
We have a side effect whenever we add a plugin manually to the tutor
configuration: the renderer does not update itself. We fix this by
checking the config at load time.
2019-07-10 15:22:37 +08:00
Régis Behmo
50f5af989c Add patch for nginx init containers in k8s 2019-07-10 15:22:32 +08:00
Régis Behmo
e33b61fd04 Improve command line yaml value deserialization 2019-07-10 15:22:12 +08:00
Régis Behmo
52f04d909e Add dev exec command for debugging apps in dev mode 2019-07-09 17:59:11 +08:00
Régis Behmo
afc4b15253 Get rid of ugly "notes.openedx" network alias
We achieve this thanks to a patch to edx-oauth2-provider:
https://github.com/edx/edx-oauth2-provider/pull/59

The network alias was required to circumvent url validation by the
oauth2 client creation tool. But the network alias was not compatible
with k8s deployment.
2019-07-09 17:59:11 +08:00
Régis Behmo
b75d92f88a Make it possible to start/stop/reboot a selection of services 2019-07-09 17:59:11 +08:00
Régis Behmo
eb7037a70f More explicit JWT configuration values 2019-07-09 17:59:11 +08:00
Régis Behmo
c31c9bdc89 Add local/k8s reboot commands
This is to replace `tutor local stop && tutor local start`, which I type
way too frequently.
2019-07-08 13:59:14 +08:00
Régis Behmo
ce8a0315cb Add `-U/--unset option to config save` 2019-07-08 06:29:24 +08:00
Régis Behmo
d7477ba348 Add support for SMTP SSL, in addition to TLS
Note that SSL and TLS are incompatible.

Close #231.
2019-07-08 06:24:35 +08:00
Régis Behmo
c431fb81ff Fix insecure asset loading with web proxy enabled
This issue is well described in this post:
https://discuss.overhang.io/t/reverse-proxy-and-mixed-content-issue/86

When WEB_PROXY=True and ACTIVATE_HTTPS=True the containerized nginx sets
an incorrect value for X-Forwarded-Proto.
2019-07-07 17:14:31 +08:00
Régis Behmo
eb91030403 Add JWT credentials
JWT (JSON Web Tokens) is used to authenticate with the discovery
service, among other things.
2019-07-07 13:49:58 +08:00
Régis Behmo
45a573d8e5 Remove useless ALLOWED_HOSTS values
The port number is not included in the hostname when checking the list
of allowed values.
We also add the "lms"/"cms" values for interaction with the API from
within the internal docker network.
2019-07-07 13:48:22 +08:00
Régis Behmo
90650b691a Rename SECRET_KEY to OPENEDX_SECRET_KEY 2019-07-07 10:17:49 +08:00
Régis Behmo
a68dc4f68f Add support for external SMTP server with TLS
Note that this setting will not work with the default namshi smtp server
shipped with tutor.

Close #231.
2019-07-07 10:17:49 +08:00
Régis Behmo
69d3ba72a7 Fix missing video transcripts in LMS
Video transcripts uploaded in the CMS were not visible in the LMS. This
was a symptom caused by the fact that the LMS and the CMS do not share
the same MEDIA_ROOT. We initially thought that data uploaded in the CMS
(such as transcripts) was stored in a shared data service, such as
mongodb. It is, in fact, not. This makes it even more important to run
an object storage service like minio for distributed services.

Close #229
2019-07-07 09:12:41 +08:00
Régis Behmo
92fabd14b1 Enable/Disable multiple plugins in one command 2019-07-07 09:12:41 +08:00
Régis Behmo
e30bfec81c Add 'local-docker-compose-nginx-volumes' patch 2019-07-07 06:30:00 +08:00
Régis Behmo
8fc96a9ef2 v3.5.3 (2019-07-05)
- [Bugfix] Add pre-init hook for correct initialisation of minio
2019-07-05 14:36:10 +08:00
Régis Behmo
fa637ed93c Minor scripts formatting fix 2019-07-05 14:36:10 +08:00
Régis Behmo
931dac2e68 Add pre-init hook
The 0003 migration from the certificates app of the LMS requires that
the S3-like platform is correctly setup during initialisation. To solve
this issue, we introduce a pre-init hook that is run prior to the LMS
migrations.
2019-07-05 14:19:23 +08:00
Régis Behmo
7c13be4eec v3.5.2 (2019-07-05)
- [Security] Apply certificate XSS security patch
2019-07-05 06:29:28 +08:00
Régis Behmo
c02fabb493 Apply XSS certificate vulnerability patch
https://github.com/edx/edx-platform/pull/20904
https://groups.google.com/forum/#!msg/openedx-ops/fi2WVlD0iNo/hFZrAnLpCAAJ
2019-07-05 06:29:20 +08:00
Régis Behmo
1ed0185dfd v3.5.1 (2019-07-04)
- [Feature] Make it possible for plugins to patch the build templates
- [Improvement] Move Xqueue and Student notes to a dedicated plugin
2019-07-04 22:56:38 +08:00
Régis Behmo
0559f6acc9 Fix forum entrypoint rights 2019-07-04 18:33:16 +08:00
Régis Behmo
bf046957de Fix assets collection in docker image
"openedx-assets" script was not copied with the right permissions in the
docker image.
2019-07-04 17:36:22 +08:00
Régis Behmo
32ac977dda v3.5.0 (2019-07-04)
- [Feature] Make it possible for plugins to patch the build templates
- [Improvement] Move Xqueue and Student notes to a dedicated plugin
2019-07-04 17:22:09 +08:00
Régis Behmo
cb49bfd814 Make it possible to patch build templates
Thus, build templates are no longer copied, but rendered.
2019-07-04 17:14:30 +08:00
Régis Behmo
ff36ddb2d7 Fix xqueue auth settings
XQUEUE_INTERFACE needs to be defined even if XQUEUE is not enabled.
2019-07-04 10:23:44 +08:00
Régis Behmo
b6b1e4e0d5 Fix lms.env.json syntax error 2019-07-04 10:16:09 +08:00
Régis Behmo
11e735f4e5 Migrate notes to a dedicated plugin 2019-07-04 09:31:12 +08:00
Régis Behmo
07a0323d8e Move Xqueue to a dedicated plugin
This gives us the opportunity to develop new hooks: build-image and
remote-image.
2019-07-04 09:31:12 +08:00
Régis Behmo
f4796fce4b Remove information that makes web server identifiable
P3P is obsolete https://en.wikipedia.org/wiki/P3P
Also, these P3P headers leak information about the application that is
running, making it sensitive to attacks.
2019-06-25 14:00:31 +02:00
Régis Behmo
9dbe4b4cb5 v3.4.3 (2019-06-24)
- [Bugfix] Fix missing password values from generated configuration
2019-06-24 12:37:19 +02:00
Régis Behmo
1f69e67b9f Fix missing password values from generated configuration
Passwords were not being stored to config.yml during the first
quickstart.
2019-06-24 12:36:19 +02:00
Régis Behmo
866aae5cfe Remove references to Regis' dockerhub account 2019-06-23 23:11:07 +02:00
Régis Behmo
de5b82fd63 Migrate github repo to overhangio organization 2019-06-23 23:11:07 +02:00
Régis Behmo
205cd9bf1c v3.4.2 (2019-06-23)
- [Bugfix] Fix incorrect settings during lms/cms init (#224)
2019-06-23 15:50:00 +02:00
Régis Behmo
dda3614af5 Fix incorrect settings during lms/cms init
During init, the DJANGO_SETTINGS_MODULE environment variable was
undefined, as the entrypoint is overridden.

Close #224.
2019-06-23 15:49:28 +02:00
Régis Behmo
8b6271a5cc v3.4.1 (2019-06-23)
- [Bugfix] Fix install from pypi
- [Improvement] Get rid of kubernetes python package dependency
2019-06-23 13:26:13 +02:00
Régis Behmo
536932cf20 v3.4.0 (2019-06-17)
- [Feature] Creation of a plugin system
- [Feature] Kubernetes support out of beta
- [Improvement] Switch to pinned image tags for easier upgrades
- 💥[Improvement] Remove the `-y/--yes` option: `tutor config save` is
now non-interactive by default. Use `-i/--interactive` to force
interactive mode.
- 💥[Improvement] Replace the `databases` command by `init`.
- [Improvement] Upgrade to ironwood.2
- [Improvement] Add `-y/--yes` option to `local quickstart` for
non-interactive quickstart
- [Improvement] Persist LMS/CMS logs to disk by default (with
collaboration from @silviot 💪)
- [Bugfix] Fix installing a locally cloned requirement repository
- [Improvement] Add `--no-cache` option to `images build`
- [Improvement] Make it possible to configure the notes service hostname
- [Improvement] Better, more robust MySQL initialisation
2019-06-17 22:38:55 +02:00
Régis Behmo
84f2060d33 Working Kubernetes quickstart
The k8s quickstart command is now functional, with suppport for https,
xqueue, notes and minio. There are still a few bugs to get rid of,
though.
2019-06-17 22:38:55 +02:00
Régis Behmo
d9b6895629 Pin docker image tags to tutor versions
Having an identical "ironwood" tag for all releases is not practical, in
particular for breaking changes. Thus, docker images are now pinned to
the tutor version that they were build with.
2019-06-17 20:40:46 +02:00
Régis Behmo
7380fe821a Wait for a k8s resource to be ready before running scripts 2019-06-07 22:49:45 +02:00
Régis Behmo
9bd6197cd1 Fix a few minor plugin-related TODOs 2019-06-07 22:49:45 +02:00
Régis Behmo
a0146de611 Minor formatting and fix tests 2019-06-07 22:49:45 +02:00
Régis Behmo
bc21102cf4 Make configuration silent (non-interactive) by default
Thus, we remove the -y/--yes options, which were kind of unintuitive,
and we add instead `-i/--interactive`. The quickstart commands remain
interactive by default, but can be silenced with `-I/--non-interactive`.
2019-06-07 22:49:45 +02:00