Versions Compared

Old Version 47

changes.mady.by.user Ned Batchelder

Saved on

compared with

New Version 48

changes.mady.by.user Robert Raposa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Internally we changed to using AWS's Aurora (mysql) for many reasons (scale up to our larger table sizes, use their Performance Insights tool, be able to migrate against large tables to add columns or indexes).  This introduced 
    Jira Legacy
    serverSystem JIRA
    serverId13fd1930-5608-3aac-a5dd-21b934d3a4b4
    keyEDUCATOR-3406
     and 
    Jira Legacy
    serverSystem JIRA
    serverId13fd1930-5608-3aac-a5dd-21b934d3a4b4
    keyEDUCATOR-3374
     and we eventually fixed it by disabling the portion of Lab Mode that allows Hash Joins (you can read more about the feature in their Lab Mode docs, we turned on Lab Mode for the Fast DDL feature).
    This was fixed adding an init_command to our django DATABASES configuration.  Since we run a mixed Aurora and MySQL set of databases in production, we have to be slightly more complicated and you can see the two Ansible settings used in edx-internal and find a similar PR in edge-internal.
  • As part of the work on 
    Jira Legacy
    serverSystem JIRA
    serverId13fd1930-5608-3aac-a5dd-21b934d3a4b4
    keyLEARNER-4674
    , edX switched from using a custom built password validator to Django's framework of password validation. This involved creating a new Configuration value, AUTH_PASSWORD_VALIDATORS, a list of Django and edX-created validators. To facilitate code cleanliness, we have removed unnecessary Configuration values preferring to specify the values in AUTH_PASSWORD_VALIDATORS. The removed variables are PASSWORD_MIN_LENGTH, PASSWORD_MAX_LENGTH, and PASSWORD_COMPLEXITY. The Pull Request adding the new value can be found in https://github.com/edx/configuration/pull/4810/files and the Pull Request removing the unnecessary values can be found in https://github.com/edx/configuration/pull/4811/files. Edx-internal and edge-internal have similar Pull Requests to utilize the new password validation framework.
  • Starting in Ironwood, the configuration repo will no longer ship with a default django secret key for edx-platform.  This means that if you have been deploying with the default insecure secret key, your builds will break.  The change was made so that deployers are forced to make actual secret keys that are not predictable.
    • TODO: put instructions here for how to continue to use the old value
  • Two new settings files were added to edx-platform with this release.  At lms and cms production.py.  These are new files that are meant to replace the existing aws.py settings files.  The aws.py settings files will remain but will be deprecated as of Ironwood and will be removed in the next release.  If you are using the configuration repo to setup your environment, it will automatically start using the production.py file with this release without you needing to make any changes. production.py will load aws.py in plugins until such time as aws.py is removed.
  • Guruprasad Lakshmi Narayanan: With the changes in Studio to use LMS for login authentication, LMS and Studio have to be served from cookie-compatible domains. If the Studio domain name is a sub-domain of the LMS domain name, then the EDXAPP_SESSION_COOKIE_DOMAIN ansible variable (translates to SESSION_COOKIE_DOMAIN in lms.env.json) has to be set to '.<LMS domain>'. The Studio domain has to be added to the EDXAPP_LOGIN_REDIRECT_WHITELIST ansible variable (`LOGIN_REDIRECT_WHITELIST` variable in lms.env.json) for the redirect from LMS to Studio after login to work. Details in this discussion on the edx-ops group.
  • From crice (Deactivated): e-commerce's dependencies have been updated to django-oscar 1.5.4. The 1.5.3 release of django-oscar contains a security fix. If you use anonymous checkout, please see the django-oscar 1.5.3 release notes as you may need to rotate your keys: https://django-oscar.readthedocs.io/en/latest/releases/v1.5.3.html 
  • An update was made to the oAuth+SSO flow using auth-backends EdXOAuth2 backend that requires access to the 'user_id' scope.  This is not a default scope.  DOT applications like ecommerce-sso will stop working without adding the 'user_id' scope to LMS admin/oauth_dispatch/applicationaccess/.  This will be handled automatically for newly provisioned devstacks in this PR: https://github.com/edx/devstack/pull/394.  This uses an updated management command in LMS, which can also be used to add the Application Access: https://github.com/edx/edx-platform/pull/20076.


Requested to be added to Ironwood

...