6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-05 04:48:00 +00:00
Commit Graph

262 Commits

Author SHA1 Message Date
Régis Behmo
be38f70f5d Apply most recent edx-platform security patches
See this conversation:
https://discuss.openedx.org/t/security-patch-for-edit-chapter-xss-lint-issues/2030
2020-05-05 17:04:34 +02:00
Régis Behmo
c18ab3e7c6 v3.12.2 (2020-04-29)
- [Bugfix] Fix oauth2 authentication with 3rd-party services, such as discovery
- [Bugfix] Upgrade scorm xblock to solve caching issue
2020-04-29 16:15:10 +02:00
Régis Behmo
aef0ede0ec Fix oauth with services such as discovery
See https://discuss.overhang.io/t/problem-occured-during-checkout-please-contact-support/491/31
2020-04-29 15:53:01 +02:00
Régis Behmo
9043450de8 Upgrade scorm xblock to solve caching issue
See https://github.com/overhangio/openedx-scorm-xblock/issues/1
2020-04-29 11:23:27 +02:00
Régis Behmo
be6bc76b2c v3.12.1 (2020-04-27)
- [Improvement] Increase max upload allowed size to 250Mb in CMS
2020-04-27 00:27:17 +02:00
Régis Behmo
1815ab138e Increase allowed upload size for studio content
This is particularly useful for courses with large SCORM content.
2020-04-27 00:26:39 +02:00
Régis Behmo
47aad68a5c v3.12.0 (2020-04-26)
- 💥[Improvement] Do not deploy an ingress or SSL/TLS certificate issuer
ressource by default in Kubernetes
- [Improvement] Fix tls certificate generation in k8s
- 💥[Improvement] Radically change the way jobs are run: we no longer
"exec", but instead run a dedicated container.
- 💥[Improvement] Upgrade k8s certificate issuer to
cert-manager.io/v1alpha2
- [Feature] Add SCORM XBlock to default openedx docker image
2020-04-26 01:05:48 +02:00
Régis Behmo
a52884a311 Remove ingress/issuer from default k8s deployment
There are too many different ways to deploy an Ingress resource and to
generate SSL/TLS certificates: it's too much responsibility to make that
decision for the end user.
2020-04-25 23:12:42 +02:00
Régis Behmo
bce6432d85 Improve job running in local and k8s
Running jobs was previously done with "exec". This was because it
allowed us to avoid copying too much container specification information
from the docker-compose/deployments files to the jobs files. However,
this was limiting:

- In order to run a job, the corresponding container had to be running.
This was particularly painful in Kubernetes, where containers are
crashing as long as migrations are not correctly run.
- Containers in which we need to run jobs needed to be present in the
docker-compose/deployments files. This is unnecessary, for example when
mysql is disabled, or in the case of the certbot container.

Now, we create dedicated jobs files, both for local and k8s deployment.
This introduces a little redundancy, but not too much. Note that
dependent containers are not listed in the docker-compose.jobs.yml file,
so an actual platform is still supposed to be running when we launch the
jobs.

This also introduces a subtle change: now, jobs go through the container
entrypoint prior to running. This is probably a good thing, as it will
avoid forgetting about incorrect environment variables.

In k8s, we find ourselves interacting way too much with the kubectl
utility. Parsing output from the CLI is a pain. So we need to switch to
the native kubernetes client library.
2020-04-25 23:12:42 +02:00
Régis Behmo
091e45fe63 Fix tls certificate generation in k8s
The "Certificate" objects are no longer required. As a consequence, the
"k8s-ingress-certificates" has become useless and should be removed from
plugins.
2020-04-25 14:40:48 +02:00
Régis Behmo
e4ca99b237 Upgrade cert-manager installation in k8s
Note that the spec has changed for v1alpha2.
2020-04-25 14:40:48 +02:00
Régis Behmo
49c71f8af2 Add scorm xblock to the openedx docker image 2020-04-25 14:20:13 +02:00
Régis Behmo
0960449405 v3.11.12 (2020-04-16)
- [Feature] Make it easy to add custom translation strings to the
openedx Docker image
- [Improvement] Make it possible to rely on a different npm registry for
faster image building
2020-04-16 19:31:36 +02:00
Régis Behmo
33ab52bfeb Make it easy to add custom translation strings to edx-platform
Users can now add custom translation strings to a locale folder at build
time, very much in the same way as custom themes or requirements. This
is quite convenient, although is does require quite a bit of time to
rebuild the docker images.
2020-04-16 19:30:08 +02:00
Régis Behmo
76d1078382 Make it possible to pull nodejs packages from custom npm registry
During an incident at npmjs.org it was extremely difficult to pull
nodejs packages -- so we made it possible to pull from a custom
registry, deployed for instance with Verdaccio (https://verdaccio.org/).
2020-04-16 19:26:02 +02:00
Régis Behmo
bdc0cb04e2 v3.11.11 (2020-04-15)
- [Bugfix] Make sure all emails (including "password reset") are
properly saved to a local file in development mode (#315)
- [Improvement] Add `openedx-development-settings` patch to patch the
LMS and the CMS simultaneously in development
- [Bugfix] Fix missing celery tasks in the CMS
2020-04-15 23:53:05 +02:00
Régis Behmo
724c2c84da Make sure all emails are stored to a tmp file in development
In development, emails sent from edx-platform were using the
"file_email" channel from edx-ace ("edX's automated communication
engine"). This channel was failing because it tries to write to a file
located in the /edx folder, which does not exist in tutor containers. To
fix this, we configure edx-ace to rely on the django email backend,
which itself is configured to send emails to a file in development. It
turns out that this backend was also configured to store emails in a
file located in the /edx folder, so we had to add the standard
EMAIL_FILE_PATH django setting to our development settings.

It was easier to reconfigure the django file email backend than the
edx-ace file_email channel because the output path of the latter cannot
be modified by a setting.

Note that this causes all emails to be stored in local files instead of
being sent to actual recipients. This is the default behaviour in Open
edX, and indeed in most default django apps (in development). This is a
good thing! If, for some reason, developers would like to try out email
sending during development, they should modify the EMAIL_BACKEND
setting and set it to 'django.core.mail.backends.smtp.EmailBackend'.
This is quite easy to achieve with the help of a plugin:

    name: sendemailsindev
    version: 0.1.0
    patches:
      openedx-development-settings: |
          # actually send emails in dev
          EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

Close #315
2020-04-15 23:52:28 +02:00
Régis Behmo
072c3a1a15 Add openedx-development-settings patch 2020-04-15 23:52:18 +02:00
Régis Behmo
54d9fe20e7 Fix missing celery tasks in the CMS
This should spare us quite a few error messages in the CMS worker.
2020-04-14 19:49:18 +02:00
Régis Behmo
68ff61a421 v3.11.10 (2020-04-14)
- [Bugfix] Fix updates to the course structure in the LMS (#302)
2020-04-14 19:24:27 +02:00
Régis Behmo
48ca6eb4b0 Fix updates to the course structure in the LMS
When we were changing unit titles in the CMS, the changes were taking a
long time to be reflected in the LMS. That's because the cache key that
corresponds to the course structure was not being updated. It was the
responsibility of an asynchronous LMS celery worker to update this cache
entry. However, this was impossible in most cases because tasks
triggered in the CMS were only processed by CMS workers. That is, unless
we are using a custom celery router:
https://celery.readthedocs.io/en/latest/userguide/routing.html#routers

This is what edx-platform does in the devstack: certain CMS tasks are
forwarded both to CMS and to LMS workers. This is achieved by defining
the ALTERNATE_WORKER_QUEUES="lms" django setting in the CMS.

Adding this setting to Tutor solves the problem in production. However,
in development mode Open edX runs without workers
(`CELERY_ALWAYS_EAGER=True`). This means that the course structure will
not be automatically updated when running `tutor dev` commands, which is
a shame. The alternative is to define the
"block_structure.invalidate_cache_on_publish" waffle switch. This can be
done from the UI (in /admin/waffle/switch/add/) or by running:

    tutor dev run lms ./manage.py lms waffle_switch block_structure.invalidate_cache_on_publish on --create

However, this flag seems to slow down access to the LMS for the first
user who tries to access the course after it has been updated.

Close #302
2020-04-14 19:16:52 +02:00
Régis Behmo
30f39233c4 v3.11.9 (2020-04-07)
- [Bugfix] Fix Android app build for domain names that include a dash
("-")
2020-04-07 15:06:21 +02:00
Régis Behmo
36e2f81845 Fix Android app build for domain names that include a dash
See
https://discuss.overhang.io/t/build-android-app-command-error/405/30

Android package names should be composed of alphanumeric or underscore
characters only
(https://developer.android.com/studio/build/application-id.html)
2020-04-07 15:04:34 +02:00
Régis Behmo
e42c20a133 v3.11.8 (2020-04-06)
- [Feature] Add `encrypt` template filter to conveniently add
htpasswd-based authentication to nginx
- [Bugfix] Fix "missing tty" during init in cron jobs
2020-04-06 10:40:28 +02:00
Régis Behmo
411327662e Add encrypt template filter
This is convenient for htpasswd-based authentication to nginx, for
instance.
2020-04-04 18:22:15 +02:00
Régis Behmo
04f672eed2 Fix "missing tty" during init in cron jobs 2020-04-02 12:36:43 +02:00
Régis Behmo
40d9058f3d v3.11.7 (2020-04-01)
- [Bugfix] Fix missing js translations
- [Bugfix] Fix tls certificate generation in cron jobs
2020-04-01 20:23:16 +02:00
Régis Behmo
1c22ade579 Add missing js translations to openedx
Client-side translations are stored in "djangojs.js" files. Supposedly,
these files were properly compiled prior to the Ironwood release -- but
this is not the case, so we need to re-generate them.

Also, we need to re-generate the djangojs.js files for the custom,
downloaded locales. The assets collection settings are also fixed to
take into account the separate locale folder.

This step needs to happen prior to static assets collection, as the
djangojs files are collected to the staticfiles/ folder.

See these conversations:
https://discuss.overhang.io/t/localization-not-works-perfect/363
https://discuss.openedx.org/t/localization-not-work-for-js-files/1671
2020-04-01 20:12:25 +02:00
Régis Behmo
e521333b75 Fix tls certificate generation in cron jobs
tls renewal and generation was failing in cron jobs because of "The
input device is not a TTY" errors. This is because the "-it" docker
option does not work when a tty is not available.
2020-03-27 10:05:40 +01:00
Régis Behmo
8a8f5abab8 Changelog typo 2020-03-25 17:10:07 +01:00
Régis Behmo
42d698d6e5 v3.11.6 (2020-03-13)
- [Bugfix] Fix "Unable to resolve dependency" error during forum
initialisation
- [Feature] Add `settheme` command to easily assign a theme to a domain
name
- [Improvement] Modify nginx access logs to include request scheme and
server name (plugin developers should use the "tutor" log format)
- [Bugfix] Fix DNS resolution of restarted service
- [Feature] Restart multiple services with `local restart`
- [Feature] Make it possible to easily reload openedx gunicorn process
with `tutor local exec lms reload-gunicorn``
- [Improvement] Rename lms/cms_worker to lms/cms-worker in local
deployment
- [Improvement] Add the management plugin to the rabbitmq container
- [Improvement] Make it possible to run an Elasticsearch service on
https
2020-03-13 19:27:01 +01:00
Régis Behmo
1a42e2d338 Fix "Unable to resolve dependency" error during forum init
When running "bundle exec rake search:initialize" in the forum, we were
getting the following error:

        /openedx/ruby/lib/ruby/site_ruby/2.4.0/rubygems/resolver.rb:235:in `search_for': Unable to resolve dependency: user requested 'did_you_mean (= 1.1.0)' (Gem::UnsatisfiableDependencyError)

It happens this error suddently happened because rubygems-update was not
pinned to a specific version. v3.0.4 was working and v3.1.2 was not.

As it happens, we don't need rubygems-update, so we simply get rid of it
entirely.
2020-03-13 19:27:01 +01:00
Régis Behmo
5c43d6ee25 Add "settheme" command
This makes it much easier to switch to a new theme.
2020-03-13 19:27:01 +01:00
Régis Behmo
08606ca1a6 Add scheme and server name to access logs
To do so, we had to create a new log_format.

Plugin developers are strongly encouraged to start using this log format
by adding the `access_log /var/log/nginx/access.log tutor;` directive to
their extra nginx configurations.

In order to load this log format early, the `tutor.conf` config file had
to be renamed to something early in the alphabet... (hence starting by
an underscore) Older users would face an error on nginx reload, so older
"tutor.conf" files are automatically removed on config save.
2020-03-12 12:01:41 +01:00
Régis Behmo
0cf8958e3a Fix nginx DNS resolution of restarted services
Previously, a common error when restarting e.g: the lms or the cms was
that nginx redirected to the wrong container. For instance:

    access studio.localhost
    tutor local restart lms cms
    access studio.localhost

In the second call to studio.localhost, we were frequently trying to
access the LMS, which resulted in a 400 error.

We solve this issue by setting a TTL of 10s on the nginx proxy name
resolution.

More docs:
http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
2020-03-12 09:53:18 +01:00
Régis Behmo
e2a3a2d912 Allow multiple services in "local restart" command 2020-03-12 09:52:22 +01:00
Régis Behmo
00ec6930ae Add simple gunicorn reload script to openedx image 2020-03-10 10:37:14 +01:00
Régis Behmo
0325e7ad95 Rename worker containers from x_worker to x-worker
This is more coherent with k8s.
2020-03-10 10:37:14 +01:00
Régis Behmo
c2628d2b9c Add the management plugin to the rabbitmq container
The management plugin exposes an http API that makes it possible to
monitor rabbitmq. By default, we do not expose the management dashboard.
As a consequence, the API is only usable by other internal containers.
2020-03-10 10:37:14 +01:00
Régis Behmo
702e8cca7d Make it possible to run an Elasticsearch service on https
This is useful when running elasticsearch from 3rd-party vendors.
2020-03-10 10:37:14 +01:00
Régis Behmo
479e9ca34a v3.11.5 (2020-02-27)
- [Improvement] Switch edx-platform from open-release/ironwood.2 tag to
the open-release/ironwood.master branch
- [Security] Upgrade django to 1.11.28
- [Improvement] Make it possible to configure the elasticsearch heap
size
- [Bugfix] Fix broken elasticsearch environment variables
- [Improvement] Restore more recent Android app version (#289).
2020-02-27 18:08:04 +01:00
Régis Behmo
872883e36f Switch edx-platform from ironwood.2 to ironwood.master
There are too many patches on top of ironwood.2, and it's not practical
to pull them all one by one. We still want to build on top of a specific
version, and not a branch, so we use a dirty hack to guarantee that the
docker image is properly rebuilt by CI when we change it.
2020-02-27 17:42:43 +01:00
Régis Behmo
5e626114de Security upgrade django 1.11.27 -> 1.11.28 2020-02-27 17:13:42 +01:00
Régis Behmo
83459d43d5 Fix broken elasticsearch configuration
Because we are running a version of elasticsearch older than Methusalem,
the docker environment variables were not properly taken into account.
For instance, the cluster name and "mlockall" settings were incorrect,
as we could see by running:

    $ tutor local run lms curl elasticsearch:9200 | grep cluster_name
    ...
      "cluster_name" : "elasticsearch",
    $ tutor local run lms curl elasticsearch:9200/_nodes/process?pretty | grep mlock
      ...
     "mlockall" : false

See
https://discuss.overhang.io/t/elastic-container-is-not-being-removed/312/3
for discussion.

This fix also introduces a new tutor configuration setting to adjust the
elasticsearch heap size.
2020-02-26 11:47:43 +01:00
Régis Behmo
ff3fea6930 Restore more recent Android app tagged release
A prior change used the ironwood.1 tag to build the Android app in an
attempt to solve #289. Turns out that this change was unnecessary. So
here we revert to a more recent release of the Android app. Instead of
building from the master branch (which might create suprises) we build
from a fixed release tag.

The source repo and version are customisable via build arguments.
2020-02-25 17:29:53 +01:00
Régis Behmo
e166a749e4 v3.11.4 (2020-02-16)
- [Bugfix] Fix auth problem in Android app (#289)
2020-02-16 16:00:35 +01:00
Régis Behmo
50238129a9 Downgrade android build version to ironwood.1
The android master branch was failing because of authentication errors.

Close #289
2020-02-16 16:00:35 +01:00
Régis Behmo
29ed111c7f v3.11.3 (2020-01-21)
- [Bugfix] Fix incorrectly parsed empty strings for `config save --set
...=...` commands
2020-01-21 18:32:34 +01:00
Régis Behmo
731de6a747 Fix incorrectly parsed empty strings in config save --set ...=...
When running `config save --set KEY=""`, KEY was incorrectly interpreted
as null.
2020-01-21 18:32:34 +01:00
Régis Behmo
6716668ff9 v3.11.2 (2020-01-17)
- [Bugfix] Make sure `docker-compose.override.yml` are loaded in dev and
local contexts
2020-01-17 12:12:47 +01:00