Current Release: Redwood - Operator/Dev Notes
The 18th Open edX community release will be named Redwood. It will be released Jun 9th, 2024. The open-release/redwood.master branches will be created one month earlier, on May 9th. Code on master/main as of May 9th will be part of Redwood. Code merged after that will need special handling to be part of Redwood.
Put stuff here that we have to remember when we start packaging up Redwood. Especially important is information that system installers or operators will need to know. Please include your name when you add an item, so that we can get back to you with questions.
Operational
The default minimum password length has been updated from 2 characters to 8 characters. (PR)
If you have an existing password, this change along will not force you to update it. However if you reset your password or go to change it, you'll have to conform to the new guidelines. If you would like to force people to update their password, you'll probably want to take a look at the password_policy plugin and its settings.
[@Tim McCormack] Deployers must ensure that their
JWT_AUTH['JWT_PRIVATE_SIGNING_JWK']
Django setting in LMS contains the full complement of private key numbers.Background: In LMS, we are switching from the pyjwkest library to PyJWT for signing JWTs. (pyjwkest is now unmaintained.) However, PyJWT has stricter requirements for the private key in
JWT_PRIVATE_SIGNING_JWK
. Before you upgrade to Redwood, you will need to update this key using a script. Otherwise, JWT signing will fail, and users will be unable to log in.Steps:
Locate
JWT_PRIVATE_SIGNING_JWK
in your deployment configuration.Check if the JSON contains all of the following params:
p
,q
,dp
,dq
, andqi
. If it does, you don’t need to do anything further. Otherwise, continue.In your edx-platform virtualenv, run
python3 scripts/jwk-precompute-params.py
and follow the prompts. (It will ask you to paste in the current JSON.)Update your config’s
JWT_AUTH['JWT_PRIVATE_SIGNING_JWK']
with the output of the script.You may wish to compare the contents of the private key before and after running the script, and verify that the only changes it has made to the contents of the JSON are that the
p
,q
,dp
,dq
, andqi
params have been added. (Some or all may already have been present.)
Notes:
This should be done while you are still running Quince—it is safe to do ahead of the upgrade, and should not have any visible effect at that time.
This key must be handled very carefully. Anyone in possession of the key may impersonate users.
The following requirements update into credentials might have implications for anyone who has a massive
usersocialauth
table. This is because that table grows endlessly, and the migrations on the table caused by updating thesocial-auth-app-django
package can run out of memory. If maintainers have migration failures on this upgrade, they should run the management command truncate_social_auth.This will remove all entries from the
usersocialauth
table that haven't been updated in 90 days, which makes the size of the table tractable for the dependency's migration. This is harmless in theCredentials
IDA.
[Feanil] The scripts related to user retirement across all services have been moved to the
edx-platform
repository. If you’ve been using the `tubular repo to run retirement scripts you should update your code.edx-platform and cs_comment_service Mongo Upgrades
[@Braden MacDonald] The Redwood release includes the Studio Course Search [BETA], which is disabled by default as it depends on a new search engine, Meilisearch. We encourage operators to install Meilisearch, test out this feature, and give us feedback on the viability of using Meilisearch as a replacement for Elasticsearch in future releases of Open edX. Here’s how:
For tutor-based deployments, install the tutor-contrib-meilisearch plugin, and apply the changes to your deployment. See that plugin’s README for details. Note in particular that the hostname configured as
MEILISEARCH_PUBLIC_HOST
must be resolvable on the public internet.If you are not using Tutor, you’ll need to install Meilisearch manually (or use the cloud product), and to explicitly set the related config variables in the CMS as well as set
MEILISEARCH_ENABLED=true
in the Course Authoring MFE settings.To create and populate the search index, you must run a one-time command from the CMS shell:
python manage.py cms reindex_studio --experimental
. This command may take a while if you have a lot of courses and/or libraries in Studio; it will display regular progress indicators while it is running. We are interested in hearing how long it takes for you - please share your experience (see next bullet). This command reads from MySQL/MongoDB but does not write to them; it only writes to Meilisearch. Once the indexing has completed, it should not be necessary to run it again; from that point forward, the indexes will be updated automatically as needed.Please share your feedback about Meilisearch, indexing, and operations in this Discourse thread or the #ops Slack channel. Please share feedback about the new course search feature in general in the discussion forums or in the #wg-product-core Slack channel.
Deprecations and Removals
Based on estimated dates 2024-04-09 to 2024-06-09.
Badges app has been deprecated and removed from
edx-platform
. See [DEPR]: lms/djangoapps/badges · Issue #31541 · openedx/edx-platform.accomplishments_shared
field is removed from payloads and settingsENABLE_OPENBADGES
is no longer available for configuration inFEATURES
BADGING_BACKEND
,BADGR_BASE_URL
,BADGR_ISSUER_SLUG
,BADGR_USERNAME
,BADGR_PASSWORD
,BADGR_TOKENS_CACHE_KEY
,BADGR_TIMEOUT
,BADGR_ENABLE_NOTIFICATIONS
are also not configurable anymore.
[@Tim McCormack] In edxapp, the Waffle switch
ip.legacy
is removed. See [DEPR]: legacy_ip code and Waffle switch · Issue #33733 · openedx/edx-platform.Any deployment that has been relying on this legacy IP address option will need to switch to setting
CLOSEST_CLIENT_IP_FROM_HEADERS
appropriately. See Nutmeg announcement for details.
Asset Processing (webpack, collectstatic, etc.) using Paver Commands in edx-platform is now Deprecated and will not be available in Sumac
[DEPR]: Asset processing in Paver · Issue #31895 · openedx/edx-platform
This should cover everything that a site operator needs to do as a part of deployment.
Non deployment paver commands will be removed by Sumac
The django-splash capability was removed from edx-platform and the relevant code has been archived.