6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-14 09:14:14 +00:00
Commit Graph

528 Commits

Author SHA1 Message Date
Régis Behmo
2d20a04363 feat: add a convenient tutor k8s apply command
This is convenient to check k8s template validity.
2022-02-25 14:50:36 +01:00
Régis Behmo
b78feec895 v13.1.5 (2022-02-14)
- [Improvement] Upgrade all services to open-release/maple.2.
2022-02-14 16:53:01 +01:00
Régis Behmo
156ef063ce feat: upgrade all services to open-release/maple.2 2022-02-14 14:38:43 +01:00
Régis Behmo
ec2598e114 v13.1.4 (2022-02-08)
- [Security] Fix vulnerability in redirect url during authentication (see
  [commit](06550411e3)).
2022-02-08 10:33:37 +01:00
Régis Behmo
c6cfa24dcc security: fix vulnerability in redirect url during auth 2022-02-08 09:52:28 +01:00
Régis Behmo
68b46aa720 v13.1.3 (2022-02-01)
- [Security] Fix vulnerability in call to invalid enrollment API (see [commit](e9369cffde)).
- [Bugfix] Fix "Internal Server Error / AttributeError / object has no attribute 'get_metadata'" in learning MFE.
- [Improvement] Replace all links to github.com/edx by github.com/openedx, following the migration of all repositories.
- [Bugfix] Fix `k8s start caddy` command.
2022-02-01 17:50:44 +01:00
Régis Behmo
89b4ce1202 security: fix enrollment API vulnerability 2022-02-01 17:40:53 +01:00
Régis Behmo
123786193e fix: object has no attribute 'get_metadata' error in learning MFE
See: https://github.com/openedx/edx-platform/pull/29741
2022-02-01 17:40:53 +01:00
Régis Behmo
9a4ea986e1 feat: migrate from edx to openedx GitHub org
edX has completed the migration of all repos from the "edx" to the "openedx"
organization. As a consequence, we change all the links in the repo.
2022-02-01 17:40:53 +01:00
Régis Behmo
bc87f78866 fix: k8s start caddy command
Caddy was not properly starting because its associated configmap was not
starting.

Close #577.
2022-01-31 08:37:35 +01:00
Régis Behmo
5958af86e3 v13.1.2 (2022-01-30)
- [Bugfix] Fix auto-renewal of certificates revoked by Let's Encrypt (see [discussion](https://community.letsencrypt.org/t/questions-about-renewing-before-tls-alpn-01-revocations/170449/21)).
2022-01-30 21:36:25 +01:00
Régis Behmo
7c3e54335d fix: let's encrypt auto-revoked certificates
Let's Encrypt started mass-revoking certificates. For some reason, we
did not upgrade to the latest version of Caddy in the Maple upgrade, so
we are affected by this issue. Users should upgrade now.

See:
https://discuss.overhang.io/t/lets-encrypt-revoked-certificate-did-anyone-experienced-this/2391
https://discuss.overhang.io/t/ssl-error-in-the-browser/2390
https://community.letsencrypt.org/t/questions-about-renewing-before-tls-alpn-01-revocations/170449/21
2022-01-30 21:33:31 +01:00
Régis Behmo
bbba7b6c4e v13.1.1 (2022-01-25)
- [Bugfix] Fix authentication in development due to missing SameSite policy on session ID cookie.
- [Bugfix] Display properly themed favicon.ico image in LMS, Studio and microfrontends.
- [Bugfix] Fix "LazyStaticAbsoluteUrl is not JSON serializable" error when sending bulk emails.
- [Bugfix] Fix `tutor local importdemocourse` fails when platform is not up.
2022-01-25 08:38:14 +01:00
Régis Behmo
26119983d4 fix: lms authenticaton in development
In development, it was no longer possible to authenticate to the lms. Ater
signing in, the session ID could not be dropped, and thus the user was not
signed in, although no error was logged -- just a warning in the browser
console.
This problem was caused by the fact that the SameSite policy was set to "None"
in development.
2022-01-25 08:36:52 +01:00
Régis Behmo
1172ab6f1f fix: display themed favicon across all apps
Previously, we were redirecting all /*favicon.ico requests to the default
favicon. This meant that the favicon might not necessarily be correctly themed,
most notably in MFEs. Here, we resolve this issue by redirecting to the
theme-agnostic theming/asset/* url. Also, we restrict the overly generic regexp
for favicon url matching. We verified that we did not miss any url by running
the following command on the demo server:

    tutor local logs caddy | grep --only-matching "host.*favicon.ico" | sort | uniq
2022-01-25 08:30:06 +01:00
Régis Behmo
405aaac189 fix: broken bulk emails because of LazyStaticAbsoluteUrl (again)
The LazyStaticAbsoluteUrl object was breaking bulk emails again with the
following stacktrace:

    2022-01-11 13:50:10,591 ERROR 12 [celery.app.trace] [user None] [ip None] trace.py:255 - Task lms.djangoapps.instructor_task.tasks.send_bulk_course_email[26b93357-018a-408f-b3f7-b69722447c5b] raised unexpected: EncodeError(TypeError('Object of type LazyStaticAbsoluteUrl is not JSON serializable'))
    Traceback (most recent call last):
      File "/openedx/venv/lib/python3.8/site-packages/kombu/serialization.py", line 50, in _reraise_errors
	yield
      File "/openedx/venv/lib/python3.8/site-packages/kombu/serialization.py", line 221, in dumps
	payload = encoder(data)
      File "/openedx/venv/lib/python3.8/site-packages/kombu/utils/json.py", line 69, in dumps
	return _dumps(s, cls=cls or _default_encoder,
      File "/openedx/venv/lib/python3.8/site-packages/simplejson/__init__.py", line 398, in dumps
	return cls(
      File "/openedx/venv/lib/python3.8/site-packages/simplejson/encoder.py", line 296, in encode
	chunks = self.iterencode(o, _one_shot=True)
      File "/openedx/venv/lib/python3.8/site-packages/simplejson/encoder.py", line 378, in iterencode
	return _iterencode(o, 0)
      File "/openedx/venv/lib/python3.8/site-packages/kombu/utils/json.py", line 59, in default
	return super(JSONEncoder, self).default(o)
      File "/openedx/venv/lib/python3.8/site-packages/simplejson/encoder.py", line 272, in default
	raise TypeError('Object of type %s is not JSON serializable' %
    TypeError: Object of type LazyStaticAbsoluteUrl is not JSON serializable

The point of that lazy object was to link to the lms logo even when a custom
theme was enabled. Luckily, we no longer need this lazy evaluation because we
now have theme-agnostic urls that point to static asset (see
https://github.com/openedx/edx-platform/pull/29461).

See:
https://discuss.overhang.io/t/error-while-sending-bulk-emails-lazystaticabsoluteurl-is-not-json-serializable/2176/
2022-01-25 08:27:36 +01:00
iamcristye@outlook.com
d953e99ae2 fix: tutor local importdemocourse fails when platform is not up 2022-01-20 11:51:24 +01:00
Régis Behmo
d45b36394a - [Improvement] Provide much more comprehensive instructions when
upgrading.
- [Bugfix] During upgrade, make sure that environment is up-to-date
prior to prompting to rebuild the custom images.
- [Bugfix] Fix ownership of mysql data, in particular when upgrading a
Kubernetes cluster to Maple.
- [Bugfix] Ensure that ``tutor k8s upgrade`` is run during ``tutor k8s
quickstart``, when necessary.
- 💥[Bugfix] By default, detect the current version during ``tutor
k8s/local upgrade``.
- [Bugfix] Fix upgrading from Lilac to Maple on Kubernetes by deleting
deployments and services.
2022-01-08 19:09:18 +01:00
Régis Behmo
4dc772d1e4 fix: attempt to make upgrade much clearer
`upgrade` had several issues, which are summarized here:
https://discuss.overhang.io/t/confusing-instructions-during-upgrade/2281/7

- The docs say that you should run quickstart, but what most people will see is
the big command tutor local upgrade --from=lilac verbatim paragraph.
- The local upgrade command should be very explicit about the fact that users
need to run quickstart.
- Maybe the name of the local upgrade command should be improved.
- When upgrading tutor from one major release to the next, there should be a
more explicit warning to inform users of what they are doing (see this other
conversation 1)
- We should tell people that they almost certainly need to enable the tutor and
the mfe plugins, if they are not enabled during upgrade.
- A link to all of the breaking changes from the changelog should be
prominently displayed during upgrade.
- The docs should emphasize that upgrading from one major release to the next
is potentially a risky endeavor and that downgrading is not possible. The docs
should also link to the changelog.

This commit has grown slightly beyond the intended scope, but the changes should be mostly positive.
2022-01-08 19:07:26 +01:00
Régis Behmo
9fc928a711 fix: update env prior to rebuilding images during upgrade
The fact that the environment was not up-to-date was causing errors and
confusion:
https://discuss.overhang.io/t/install-maple-importerror-cannot-import-name-removedindjango40warning/2255/6
2022-01-08 19:07:26 +01:00
Régis Behmo
59291eed52 fix: ownership of mysql data
In theory, we can assign ownership of mysql data to just any user. But in
Lilac, mysql was running with user 999. When upgrading to Maple, on Kubernetes,
the fsGroupChangePolicy was causing a change of the data *group* (to 1000) but
not of the user. This was causing a crash with the following error:

    [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
2022-01-08 19:07:26 +01:00
Régis Behmo
70dbfcb6fb fix: upgrade from Lilac on k8s
When upgrading from Lilac, all services break with the following error:

    Service "***" is invalid: spec.ports[0].nodePort: Forbidden: may not be used when `type` is 'ClusterIP'

Upgrading deployments fails as well:

    Deployment.apps "***" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/instance":"openedx-********", "app.kubernetes.io/managed-by":"tutor", "app.kubernetes.io/name":"***", "app.kubernetes.io/part-of":"openedx"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable

That's because deployments and services need to be deleted as part of the Maple
upgrade. So that's what we do as part of `tutor k8s upgrade --from=lilac`. And
we take the opportunity to:

1. Run upgrade as part of quickstart, when necessary.
2. Default to lilac during `tutor k8s upgrade`.

Close #551.
2022-01-08 19:07:26 +01:00
Régis Behmo
f4d866db81 v13.0.3 (2022-01-04)
- [Security] Upgrade Django to 3.2.11 in edx-platform.
- [Security] Prevent non-staff users from searching usernames by email by
  abusing the logout url.
2022-01-04 17:33:37 +01:00
Régis Behmo
699ef4c6d5 security: upgrade django to 3.2.11 in edx-platform
See release notes: https://docs.djangoproject.com/en/3.2/releases/3.2.11/
2022-01-04 16:38:23 +01:00
Régis Behmo
622e7cc097 security: prevent searching user emails by name (again)
This time, the security fix addresses an issue in the logout url.
2022-01-04 15:43:30 +01:00
Régis Behmo
94941d0387 v13.0.2
- [Security] Prevent non-staff users from searching usernames by email.
2021-12-22 00:46:13 +01:00
Régis Behmo
553000e5f5 security: fix search username by email
Without this patch, it is possible to search for account info including
username by using the email of a learner. This fix disallows searching using
email by regular users and restricts this feature to only staff and superusers.
2021-12-22 00:45:26 +01:00
Régis Behmo
4bfaa80bd3 v13.0.1
- [Fix] Missing requirements file in `pip install tutor[full]`.
2021-12-20 23:00:12 +01:00
Régis Behmo
14c40376ec fix: missing file in pip install tutor[full]
The missing requirement file is causing the install from pypi to fail.
2021-12-20 22:59:21 +01:00
Régis Behmo
7c157eccd5 feat: upgrade to Maple
- A shared cookie domain between lms and cms is no longer recommended:
https://github.com/edx/edx-platform/blob/master/docs/guides/studio_oauth.rst
- refactor: clean mounted data folder in lms/cms. In Lilac, the
bind-mounted lms/data and cms/data folders are a mess because new
folders are created there for every new course organisation.  These
folders are empty. As far as we know they are useless... With this
change we move these folders to a dedicated "modulestore" subdirectory;
which corresponds better to the initial intent of the fs_root setting.
- fix: frontend failure during login to the lms. See:
https://github.com/openedx/build-test-release-wg/issues/104
- feat: move all forum-related code to a dedicated plugin. Forum is an
optional feature, and as such it deserves its own plugin. Starting from
Maple, users will be able to install the forum from
https://github.com/overhangio/tutor-forum/
- migrate from DCS_* session cookie settings to SESSION_*. That's
because edx-platform no longer depends on django-cookies-samesite. Close
https://github.com/openedx/build-test-release-wg/issues/110
- get rid of tons of deprecation warnings in the lms/cms
- feat: make it possible to point to themed assets. Cherry-picking this
change makes it possible to point to themed assets with a theme-agnostic
url, notably from MFEs.
- Install all official plugins as part of the `tutor[full]` package.
- Don't print error messages about loading plugins during autocompletion.
- Prompt for image building when upgrading from one release to the next.
- Add `tutor local start --skip-build` option to skip building Docker images.

Close #450.
Close #545.
2021-12-20 21:21:36 +01:00
Braden MacDonald
1f46ed39c5 fix: openedx image wasn't building on ARM64 due to missing libgeos-dev 2021-12-14 12:10:49 +01:00
Régis Behmo
e89ff49223 v12.2.0
- 💥[Improvement] Fail on incorrect image name argument in `images
build/pull/push/printtag` commands.
- [Bugfix] Remove trailing slashes in docker-compose files for
[compatibility with docker-compose v2 in
WSL](https://github.com/docker/compose/issues/8558).
- [Improvement] `settheme` now works with preview domain.
- [Feature] Allow specifying extra pip packages through config.yml.
2021-12-08 11:29:52 +01:00
Régis Behmo
79c6d122e2 fix: incorrect "from" address in course bulk emails
Upstream PR: https://github.com/edx/edx-platform/pull/29001
See discussion:
https://discuss.overhang.io/t/sending-bulk-email-triggers-smtprecipientsrefused-error/1923
Related issue:
https://github.com/openedx/build-test-release-wg/issues/102
2021-12-08 11:29:52 +01:00
Régis Behmo
c3e6f57b08 feat: fail images ... [image] commands on incorrect image arg
Previously, `tutor images build doesnotexist` was a no-op. This was
counter-intuitive -- in particular, when users have a typo in their command.

Now, the `images build/pull/push/printtag` commands fail if the corresponding
image was not found.

See discussion: https://discuss.overhang.io/t/return-something-when-tutor-images-build-contains-a-typo/2174
2021-12-02 09:34:16 +01:00
Maxim Beder
19157d94bc feat: allow to specify extra pip packages in config
Added OPENEDX_EXTRA_PIP_REQUIREMENTS setting, which allows to specify
extra pip packages that should be installed.

Moved "openedx-scorm-xblock" package from Dockerfile to the new setting
in the config.yml.
2021-11-30 11:32:40 +01:00
iamcristye@outlook.com
5604cd4bf8 Improvement: settheme now works with preview domain 2021-11-29 18:21:16 +01:00
Sofiane Bebert
852759ae35 fix: remove trailing slashes in volume paths for docker-compose v2 compatibility
close #522
2021-11-22 14:10:28 +01:00
Régis Behmo
a4dcb9eaf2 v12.1.7 (2021-11-18)
- [Security] Timed exam security fix [29347](https://github.com/edx/edx-platform/pull/29347).
- [Feature] Add [tutor-richie](https://github.com/overhangio/tutor-richie) to the plugins that are bundled with the tutor binary.
- [Improvement] Make `tutor plugins list` print plugins sorted by name.
- [Improvement] Ignore Python plugins which cannot be loaded.
- [Bugfix] When configured with `RUN_FORUM: false`, omit forum-related [Jobs](https://kubernetes.io/docs/concepts/workloads/controllers/job/) from the manifests that `tutor k8s` generates. (#525)
2021-11-18 11:04:15 +01:00
Régis Behmo
aa931b33f4 security: applied timed exam fix 2021-11-18 10:55:50 +01:00
Florian Haas
0c3a160fce fix: Include the forum job only if RUN_FORUM is set
When running "tutor k8s" we can disable the forum deployment and
service by setting RUN_FORUM to false, but the corresponding job is
added to jobs.yml unconditionally.

Add a conditional to tutor/templates/k8s/jobs.yml so that the forum
job definition is only included when RUN_FORUM is true.

Fixes #525.
2021-11-18 10:22:54 +01:00
Régis Behmo
0a4a2bbac2 feat: add richie to bundled plugins
For more information, checkout the plugin docs:
https://github.com/overhangio/tutor-richie
2021-11-09 11:48:32 +01:00
Régis Behmo
485f47f6d0 fix: always print plugins sorted by name
`tutor plugins list` used to print plugins in random oredr. To be honest
this has always bothered me.
2021-11-08 10:40:37 +01:00
Régis Behmo
d9d08ad0f7 improvement: don't crash on unloadable plugins
In some cases, plugins declare an entry point but cannot be loaded.
This is the case when they depend on a version of tutor that is not the
one that is currently installed. This use case is very frequent when
working on multiple versions at the same time (i.e: right now, while we
are working on the Maple release). In such cases, it's best just to
ignore the plugin entirely rather than having to re-install all plugins
in the virtualenv.
2021-11-08 10:40:37 +01:00
Régis Behmo
0a2abe32dc v12.1.6 (2021-11-02)
- [Improvement] Upgrade all services to open-release/lilac.3.
- [Feature] Make it possible to override job configuration in
development: if they exist, `dev/docker-compose.jobs.yml` and
`dev/docker-compose.jobs.override.yml` will be loaded when running jobs.
- [Improvement] Faster `tutor local start` by building only necessary
images.
2021-11-02 15:55:10 +01:00
Régis Behmo
c9a08a5e18 chore: upgrade to open-release/lilac.3 2021-11-02 11:56:24 +01:00
Régis Behmo
d73d6732d5 feat: make it possible to override jobs in dev
Previously, job declarations were always loaded from local/docker-compose.yml
and local/docker-compose.jobs.yml. This meant that it was not possible to
override job declarations in dev mode. It is now the case, with
dev/docker-compose.jobs.yml and dev/docker-compose.jobs.override.yml. Neither
of these files exist yet... But who knows? we might need this feature one day.
In any case the code is much cleaner now.
2021-11-01 17:21:43 +01:00
Régis Behmo
079fb1c9ec fix: bypass build to accelerate "local start"
Previously, we were building all images every time we ran a "local start"
command. This was causing unnecessary rebuild. Here, instead, we make use of
the `docker-compose up --build`. This means that only the required images will
be rebuilt.
2021-11-01 17:00:11 +01:00
Peter Parkkali
2549aef4dc fix: require at least 4 GB RAM on macOS for 'local quickstart' only
Limits the memory chek to the 'local quickstart' command, makes error
handling more accurate and adds warning messages for some conditions.
Also adds a mention of this in troubleshooting.rst.
2021-10-25 20:17:38 +02:00
Peter Parkkali
fb2aeefd91 fix: require at least 4 GB RAM on macOS for local commands
Adds a check in the 'local' command group that requires at least
4 GB of RAM to be allocated to Docker when running any of the
local subcommands on macOS. This addresses a common issue where
Docker's default setting (2 GB) causes startup to crash with
misleading error messages.
2021-10-25 20:17:38 +02:00
Régis Behmo
01d374d2b1 v12.1.5 (2021-10-25)
- 💥[Improvement] Change the `settheme` command such that, by default, a custom theme is assigned to the LMS and the CMS, both in production and development mode.
2021-10-25 17:54:40 +02:00