6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-12-13 06:37:46 +00:00
Commit Graph

46 Commits

Author SHA1 Message Date
Régis Behmo
01b58d9d75 feat: run all services as unprivileged containers
With this change, containers are no longer run as "root" but as unprivileged
users. This is necessary in some environments, notably some Kubernetes
clusters.

To make this possible, we need to manually fix bind-mounted volumes in
docker-compose. This is pretty much equivalent to the behaviour in Kubernetes,
where permissions are fixed at runtime if the volume owner is incorrect. Thus,
we have a consistent behaviour between docker-compose and Kubernetes.

We achieve this by bind-mounting some repos inside "*-permissions" services.
These services run as root user on docker-compose and will fix the required
permissions, as per build/permissions/setowner.sh These services simply do not
run on Kubernetes, where we don't rely on bind-mounted volumes. There, we make
use of Kubernete's built-in volume ownership feature.

With this change, we get rid of the "openedx-dev" Docker image, in the sense
that it no longer has its own Dockerfile. Instead, the dev image is now simply
a different target in the multi-layer openedx Docker image. This makes it much
faster to build the openedx-dev image.

Because we declare the APP_USER_ID in the dev/docker-compose.yml file, we need
to pass the user ID from the host there. The only way to achieve that is with a
tutor config variable. The downside of this approach is that the
dev/docker-compose.yml file is no longer portable from one machine to the next.
We consider that this is not such a big issue, as it affects the development
environment only.

We take this opportunity to replace the base image of the "forum" image. There
is now no need to re-install ruby inside the image. The total image size is
only decreased by 10%, but re-building the image is faster.

In order to run the smtp service as non-root, we switch from namshi/smtp to
devture/exim-relay. This change should be backward-compatible.

Note that the nginx container remains privileged. We could switch to
nginxinc/nginx-unprivileged, but it's probably not worth the effort, as we are
considering to get rid of the nginx container altogether.

Close #323.
2021-12-20 21:19:10 +01:00
Sofiane Bebert
852759ae35 fix: remove trailing slashes in volume paths for docker-compose v2 compatibility
close #522
2021-11-22 14:10:28 +01:00
Régis Behmo
e14f660cb1 docs: reorganize local guides in tutorials
There is too much information in each of the local/k8s/dev docs pages. The
"guides" that are listed in each one of those pages are moved either to "common
tasks" or to a dedicated "tutorials" section. This paves the way for more
comprehensive tutorials, where we describe how to run the latest master
branches of Open edX.

I am well aware that, as they stand, the tutorials are of poor quality and
should be rewritten. This is a task for another day/commit. For now, we only
move the contents to a separate part of the docs.

Also, we should add a "reference" section to the docs, where we add the result
of `tutor <subcommand> --help`.
2021-10-14 12:59:57 +02:00
Régis Behmo
010279a0d9 feat: make it easier to run edx-platform unit tests
It should be unnecessary to build a custom openedx-dev Docker image. All tests
can run from within the dev Docker image, with a couple additional environment
variables.
2021-09-17 10:48:00 +02:00
Régis Behmo
41b65b80d5 Upgrade to open-release/lilac.2 2021-08-10 12:26:30 +02:00
Régis Behmo
ceddc11c29 feat: upgrade to open-release/lilac.master
One of the breaking changes of this release is the removal of the webui and
android features; these are moved to dedicated plugins. This causes a breaking
change: the renaming of the DOCKER_IMAGE_ANDROID
config variable to ANDROID_DOCKER_IMAGE.

See this TEP for reference: https://discuss.overhang.io/t/separate-webui-and-android-from-tutor-core-and-move-to-dedicated-plugins/1473
2021-06-08 23:29:12 +02:00
Régis Behmo
4a65f24ae7 feat: upgrade all services to open-release/koa.3
We remove security patches and custom fixes which are now part of koa.3.

We take the opportunity to make it possible to build the openedx Docker image
without relying on a corresponding openedx-i18n repo tag: often, we want to
test whether the image simply builds successfully, and we don't need up-to-date
translations. For those cases, it's now possible to pass the `-a
OPENEDX_I18N_VERSION=oldertag` build argument.
2021-04-09 10:13:34 +02:00
Régis Behmo
02f9d8db44 Upgrade to open-release/koa.2 2021-02-10 00:15:54 +01:00
Adolfo R. Brandes
d4b067483d Fix default settings on development environment
First, allow using custom Django settings on a development
environment (as documented but not implemented), setting it to the
correct value of `tutor.development`.  Prior to this, `tutor dev
runserver lms` would default to `tutor.production` when on a custom edX
branch.

Second, fix the documentation so the correct environment variable is
described, at the same time removing an option that doesn't seem to work.

See discussion: https://discuss.overhang.io/t/koa-dev-lms-doesnt-find-static-content/1250
2021-01-29 08:43:46 +01:00
Régis Behmo
8d803fb08b Get edx-platform unit tests to run
We manage to get unit tests to run in a dedicated openedx-test container. Only
35 tests are failing (out of 17k). I suspect these tests are also failing in
the devstack.
2021-01-20 14:37:10 +01:00
Régis Behmo
75080cc7db Fix dev command to update assets in docs 2021-01-19 11:37:13 +01:00
Régis Behmo
1c927c6e96 Automatically bind-mount volumes from volumes/
This introduces a new dev/local command:

    tutor dev bindmount CONTAINER PATH

And a new volume syntax:

    tutor dev run --volume=PATH CONTAINER

This syntax automatically bind-mounts folders from the tutorroot/volumes
directory, which is pretty nifty.
2021-01-12 22:43:06 +01:00
Régis Behmo
4b3aa15e78 Fix web proxy docs 2020-12-15 10:35:32 +01:00
Régis Behmo
728ef966dc v11.0.0 (2020-12-09)
- 💥[Improvement] Upgrade Open edX to Koa
- 💥 Setting changes:
    - The ``ACTIVATE_HTTPS`` setting was renamed to ``ENABLE_HTTPS``.
    - Other ``ACTIVATE_*`` variables were all renamed to ``RUN_*``.
    - The ``WEB_PROXY`` setting was removed and ``RUN_CADDY`` was added.
    - The ``NGINX_HTTPS_PORT`` setting is deprecated.
- Architectural changes:
    - Use Caddy as a web proxy for automated SSL/TLS certificate generation:
	- Nginx no longer listens to port 443 for https traffic
	- The Caddy configuration file comes with a new ``caddyfile`` patch for much simpler SSL/TLS management.
	- Configuration files for web proxies are no longer provided.
	- Kubernetes deployment no longer requires setting up a custom Ingress resource or custom manager.
    - Gunicorn and Whitenoise are replaced by uwsgi: this increases boostrap performance and makes it no longer necessary to mount media folders in the Nginx container.
    - Replace memcached and rabbitmq by redis.
- Additional features:
    - Make it possible to disable all plugins at once with ``plugins disable all``.
    - Add ``tutor k8s wait`` command to wait for a pod to become ready
    - Faster, more reliable static assets with local memory caching
- Deprecation: proxy files for Apache and Nginx are no longer provided out of the box.
- Removed plugin `{{ patch (...) }}` statements:
    - "https-create", "k8s-ingress-rules", "k8s-ingress-tls-hosts": these are no longer necessary. Instead, declare your app in the "caddyfile" patch.
    - "local-docker-compose-nginx-volumes": this patch was primarily used to serve media assets. The recommended is now to serve assets with uwsgi.
2020-12-10 01:05:02 +01:00
Maarten
2b8ac7102e Advice people to run npm install before running openedx-assets build
When I tried running `openedx-assets build` on my `tutor dev lms` machine, I got an error: 

```
openedx@1dfe0ece7805:~/edx-platform$ openedx-assets build --env=dev

mkdir_p path('common/static/common/js/vendor')
mkdir_p path('common/static/common/css')
mkdir_p path('common/static/common/css/vendor')
Copying vendor files into static directory
Traceback (most recent call last):
  File "/openedx/bin/openedx-assets", line 218, in <module>
    main()
  File "/openedx/bin/openedx-assets", line 89, in main
    args.func(args)
  File "/openedx/bin/openedx-assets", line 94, in run_build
    run_npm(args)
  File "/openedx/bin/openedx-assets", line 117, in run_npm
    assets.process_npm_assets()
  File "/openedx/edx-platform/pavelib/assets.py", line 643, in process_npm_assets
    copy_vendor_library(library)
  File "/openedx/edx-platform/pavelib/assets.py", line 614, in copy_vendor_library
    raise Exception(u'Missing vendor file {library_path}'.format(library_path=library_path))
Exception: Missing vendor file node_modules/backbone.paginator/lib/backbone.paginator.js
```
As suggested in [this topic](https://discuss.overhang.io/t/issue-with-paver-update-assets/641) I had to run `npm install` to get the packages it tries to copy from. That makes sense, so I think it should be part of the instructions here.
2020-12-08 12:26:44 +01:00
Régis Behmo
0b4619ff90 Upgrade to juniper.3
Close #365.
2020-08-27 17:48:07 +02:00
Régis Behmo
70872dfa9b Fix instructions for running "openedx-assets" 2020-08-04 09:24:58 +02:00
Régis Behmo
8e2a06dc6f Apply edx-platform upstream xss security fixes 2020-07-23 16:18:40 +02:00
Régis Behmo
00573d69d6 Fix asset collection docs in dev mode
`paver update_assets` generates errors.

See
https://discuss.overhang.io/t/local-edx-platform-paver-and-juniper/773/2
2020-07-21 11:27:50 +02:00
Régis Behmo
ef6b1c3433 Upgrade to open-release/juniper.2 2020-07-16 11:57:35 +02:00
Régis Behmo
4d6de0138a v10.0.0 Upgrade to Juniper (2020-06-15)
Here, we upgrade the Open edX platform from Ironwood to Juniper. This
upgrade does not come with many feature changes, but there are many
technical improvements under the hood:

- Upgrade from Python 2.7 to 3.5
- Upgrade from Mongodb v3.2 to v3.6
- Upgrade Ruby to 2.5.7

We took the opportunity to completely rething the way locally running
platforms should be accessed for testing purposes. It is no longer
possible to access a running platform from http://localhost and
http://studio.localhost. Instead, users should access
http://local.overhang.io and https://studio.local.overhang.io. This
drastically simplifies internal communication between Docker containers.

To upgrade, users should simply run:

    tutor local quickstart

For Kubernetes platform, the upgrade process is outlined when running:

    tutor k8s upgrade --from=ironwood
2020-06-15 10:19:07 +02:00
Régis Behmo
687066e598 Better documentation of simple yaml plugins 2020-05-18 11:31:29 +02:00
Régis Behmo
ae2af6b1f8 Fix minor docs issues 2020-03-16 22:33:56 +01:00
Régis Behmo
6f2589d7fa Clarify custom theme compilation in dev mode
Close #280
2020-03-16 18:26:14 +01:00
Régis Behmo
43e841b1cb Add instructions for xblock development
As per
https://discuss.overhang.io/t/best-practice-xblock-development-in-tutor-dev-mode/345
2020-03-16 17:56:09 +01:00
Régis Behmo
5c43d6ee25 Add "settheme" command
This makes it much easier to switch to a new theme.
2020-03-13 19:27:01 +01:00
Régis Behmo
0325e7ad95 Rename worker containers from x_worker to x-worker
This is more coherent with k8s.
2020-03-10 10:37:14 +01:00
Régis Behmo
872883e36f Switch edx-platform from ironwood.2 to ironwood.master
There are too many patches on top of ironwood.2, and it's not practical
to pull them all one by one. We still want to build on top of a specific
version, and not a branch, so we use a dirty hack to guarantee that the
docker image is properly rebuilt by CI when we change it.
2020-02-27 17:42:43 +01:00
Régis Behmo
8dcb2d50a9 Minor doc improvement in theme installation 2020-01-16 10:44:43 +01:00
Régis Behmo
d17fdaa658 More feature-complete dev/local docker-compose commands
By de-duplicating the code between dev.py and local.py, we are able to
support more docker-compose run/up/stop options passed from tutor. To do
so, we had to disable some features, such as automatically mounting the
edx-platform repo when the TUTOR_EDX_PLATFORM_PATH environment variable
was defined.
2020-01-10 11:10:54 +01:00
Régis Behmo
9b6afa20c2 Improve soft link note in dev docs 2019-11-14 11:36:22 +01:00
teruun
c7fba15e00 note softlink not work in theme 2019-11-14 11:32:18 +01:00
Régis Behmo
b01f4d9c0e Better dev environment
The `dev` commands now rely on a different openedx-dev docker image.
This gives us multiple improvements:

- no more chown in base image
- faster chown in development
- mounted requirements volume in development
- fix static assets issues
- bundled ipdb/vim/... packages, which are convenient for development

Close #235
2019-10-24 20:03:36 +02:00
Régis Behmo
ea6c276b69 Add missing quotes in documentation 2019-05-22 20:03:46 +02:00
Régis Behmo
b4e3c43902 Better documentation
- More concise table of contents
- New intro
- Simpler make commands
- Fix a couple typos here and there
- Get rid of the default github issue template, and start using the
template created online.
2019-05-13 16:34:17 +02:00
Régis Behmo
6c44406ba4 use update_assets instead of the custom openedx-assets script
Now that the correct webpack settings are loaded by the `update_assets`
command in Ironwood, we can stop relying on the `openedx-assets` script.
Actually, we could probably remove it.
2019-03-25 07:41:17 -07:00
Régis Behmo
7462f208de Upgrade to Ironwood
Here, we upgrade all images from Ironwood to Hawthorn, except for the
locales, which we did not generate yet.
2019-03-22 23:37:59 +01:00
Régis Behmo
3e5e494bd8 Install python requirements in venv in docker image
Installing the requirements in a virtualenv is necessary to run "pip
install ..." commands in development mode, when the USERID is != 0.
2019-03-09 17:51:25 +01:00
Régis Behmo
9d6874fc0e Fix USERID setting in development mode
USERID environment variable was no longer passed to docker image in
development mode.

We take the opportunity to improve the documentation regarding the dev
environment.

Close #177.
2019-03-09 11:16:12 +01:00
Régis Behmo
b643a87190 Improve documentation on running a local edx-platform
Close #173.
2019-02-17 14:01:43 +01:00
Régis Behmo
2e2dfc73a6 Clarify dev docs on theming
Close #140
2019-02-13 08:54:10 +01:00
Régis Behmo
4331bc5712 Tutor v3 complete rewrite
Replace all make commands by a single "tutor" binary. Environment and
data are all moved to ~/.tutor/local/share/tutor. We take the
opportunity to add a web UI and revamp the documentation.

This is a complete rewrite.

Close #121.
Close #147.
2019-02-09 20:30:01 +01:00
Régis Behmo
61e3064c12 Improve theme development docs
This addresses part of issue #121.
2019-01-19 15:17:55 +01:00
Régis Behmo
f2c476f954 Improve documentation 2018-12-26 19:27:08 +01:00
Régis Behmo
87980f484b Rename custom settings from "universal" to "tutor" 2018-12-26 19:27:08 +01:00
Régis Behmo
c903ab2b12 Migrate openedx-docker project to Tutor 👩‍🏫
The project gets a new name and some proper documentation. Build/Deploy
are now properly separated.
2018-12-26 19:27:08 +01:00