From f8ef31b64074a87c97632c073fb7b7dff31e7ef3 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Wed, 18 Jan 2023 12:49:46 -0600 Subject: [PATCH 01/15] Changes to support running MITx Online while pointed at a Tutor edX instance. * Adds a host alias for local.overhang.io (remember to set OPENEDX_IP) * Updates configure_instance to take a --tutor option, which will switch URLs to the local.overhang.io hostname. --- docker-compose.yml | 1 + .../management/commands/configure_instance.py | 26 ++++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 46de0e4c43..62bdaf9715 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,6 +22,7 @@ x-extra-hosts: &default-extra-hosts - "edx.odl.local:${OPENEDX_IP:-172.22.0.1}" - "host.docker.internal:host-gateway" + - "local.overhang.io:${OPENEDX_IP:-172.22.0.1}" services: db: diff --git a/main/management/commands/configure_instance.py b/main/management/commands/configure_instance.py index ae95a548dd..fde3ef1a0b 100644 --- a/main/management/commands/configure_instance.py +++ b/main/management/commands/configure_instance.py @@ -31,6 +31,9 @@ The product for the courses will both be $999 so they are under the limit for test CyberSource transactions. +If the --tutor/-T option is passed, the command will use the local.overhang.io +address for links to edX rather than edx.odl.local:18000. + This uses other management commands to complete these tasks. So, if you just want to run part of this, use one of these commands: - createsuperuser to create the super user @@ -106,9 +109,20 @@ def add_arguments(self, parser): nargs="?", ) + parser.add_argument( + "--tutor", + "-T", + help="Configure for Tutor.", + action="store_true", + dest="tutor", + ) + def handle(self, *args, **kwargs): """Coordinates the other commands.""" + edx_host = "local.overhang.io" if kwargs["tutor"] else "edx.odl.local:18000" + edx_gateway_port = "" if kwargs["tutor"] else ":18000" + # Step -1: run createsuperuesr if kwargs["superuser"]: self.stdout.write(self.style.SUCCESS("Creating superuser...")) @@ -122,8 +136,8 @@ def handle(self, *args, **kwargs): if kwargs["platform"] == "macos": redirects = "\n".join( [ - "http://edx.odl.local:18000/auth/complete/mitxpro-oauth2/", - "http://host.docker.internal:18000/auth/complete/mitxpro-oauth2/", + f"http://{edx_host}/auth/complete/mitxpro-oauth2/", + f"http://host.docker.internal{edx_gateway_port}/auth/complete/mitxpro-oauth2/", ] ) else: @@ -137,8 +151,8 @@ def handle(self, *args, **kwargs): redirects = "\n".join( [ - "http://edx.odl.local:18000/auth/complete/mitxpro-oauth2/", - f"http://{kwargs['gateway']}:18000/auth/complete/mitxpro-oauth2/", + f"http://{edx_host}/auth/complete/mitxpro-oauth2/", + f"http://{kwargs['gateway']}{edx_gateway_port}/auth/complete/mitxpro-oauth2/", ] ) @@ -200,7 +214,7 @@ def handle(self, *args, **kwargs): "Demonstration Course", live=True, create_run="Demo_Course", - run_url="http://edx.odl.local:18000/courses/course-v1:edX+DemoX+Demo_Course/", + run_url=f"http://{edx_host}/courses/course-v1:edX+DemoX+Demo_Course/", program="program-v1:MITx+DEDP", ) @@ -211,7 +225,7 @@ def handle(self, *args, **kwargs): "E2E Test Course", live=True, create_run="course", - run_url="http://edx.odl.local:18000/courses/course-v1:edX+E2E-101+course/", + run_url=f"http://{edx_host}/courses/course-v1:edX+E2E-101+course/", ) self.stdout.write(self.style.SUCCESS("Syncing course runs (this may fail)...")) From a0a03992b7b4434a50d3feea2741be5f61824349 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:19:14 -0600 Subject: [PATCH 02/15] Adding Tutor docs. Also removed the Refine setup docs since they're outdated. --- docs/source/configuration/index.rst | 3 +- docs/source/configuration/refine_admin.rst | 80 ----------- docs/source/configuration/tutor.rst | 151 +++++++++++++++++++++ 3 files changed, 153 insertions(+), 81 deletions(-) delete mode 100644 docs/source/configuration/refine_admin.rst create mode 100644 docs/source/configuration/tutor.rst diff --git a/docs/source/configuration/index.rst b/docs/source/configuration/index.rst index c0f6d8df56..65e33201cb 100644 --- a/docs/source/configuration/index.rst +++ b/docs/source/configuration/index.rst @@ -5,6 +5,7 @@ Configuration :maxdepth: 2 open_edx + tutor ecommerce refine_admin - quickstart \ No newline at end of file + quickstart diff --git a/docs/source/configuration/refine_admin.rst b/docs/source/configuration/refine_admin.rst deleted file mode 100644 index e41056c086..0000000000 --- a/docs/source/configuration/refine_admin.rst +++ /dev/null @@ -1,80 +0,0 @@ -Refine Admin -############ - -Some administrative functionality is built out using `Refine `_. The Refine admin is a separate application that uses OAuth2/OIDC for authentication and communicates with MITx Online via the standard REST API. It compliments the Django Admin interface, providing an interface for operations that would otherwise be hard to implement in Django Admin, and for users that don't necessarily need the level of access that Django Admin provides. - -Accessing -********* - -The Docker compose environment builds a ``refine`` container that runs a dev server available at port 8016. - -Set Up -====== - - -Development ------------ - - -You will need to make some adjustments to the MITx Online configuration to allow the Refine admin to work. - - Currently, the application expects to be accessible at ``mitxonline.odl.local``. - -Step 1: Generating the RSA Private Key for OIDC -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The following command will generate the key: - -``openssl genrsa 4096 2>/dev/null | sed -e 'H;${x;s/\n/\\n/g;s/^\\n//;p;};d'`` - -This will generate the key and then output it to the terminal in a format that can go into your ``.env`` file. Copy everything including the ``--BEGIN RSA PRIVATE KEY--`` and matching end part into a variable named ``OIDC_RSA_PRIVATE_KEY``. The key will need to be wrapped in quotes. Then, rebuild and restart your environment to pick up the changes. - -The key generation process is from the `Django OAuth Toolkit `_ docs. - -Step 2: Configuring MITx Online -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -You will need to add a new Application in the Django Oauth Toolkit section in Django Admin (``/admin/oauth2_provider/application/``). Navigate there and create a new Application. Use these values (overwriting the defaults where necessary): - -* **Client Id**: ``refine-local-client-id`` -* **Redirect uris**: ``http://mitxonline.odl.local:8013/staff-dashboard/oauth2/login/`` -* **Client type**: Public -* **Authorization grants**: Authorization Code -* **Skip authorization**: checked -* **Algorithm**: RSA with SHA-2 256 - -It's also a good idea to provide a Name to differentiate it in the list. You don't need to have a Client Secret for this Application. - -Take the Client Id and put it in the environment variable `MITX_ONLINE_REFINE_OIDC_CONFIG_CLIENT_ID`. - -Once this has been saved, you should be able to log into the Refine admin successfully. - -Deployments (RC, Production, etc) ---------------------------------- - - -**Step 1: Generating the RSA Private Key for OIDC** - -The following command will generate the key: - -``openssl genrsa 4096 2>/dev/null | sed -e 'H;${x;s/\n//g;s/^\\n//;p;};d'`` - -This will generate the key and then output it to the terminal. Copy everything including the ``--BEGIN RSA PRIVATE KEY--`` and matching end part into a variable named ``OIDC_RSA_PRIVATE_KEY``. - -The key generation process is from the `Django OAuth Toolkit `_ docs. - -**Step 2: Configuring MITx Online OAuth Provider** - -You will need to add a new Application in the Django OAuth Toolkit section in Django Admin (``/admin/oauth2_provider/application/``). Navigate there and create a new Application. Use these values (overwriting the defaults where necessary): - -* **Redirect uris**: ``http:///staff-dashboard/oauth2/login/`` -* **Client type**: Public -* **Authorization grants**: Authorization Code -* **Skip authorization**: checked -* **Algorithm**: RSA with SHA-2 256 - -Take the Client Id and put it in the environment variable `MITX_ONLINE_REFINE_OIDC_CONFIG_CLIENT_ID`. - -It's also a good idea to provide a Name to differentiate it in the list. You don't need to have a Client Secret for this Application. - -Once this has been saved, you should be able to log into the Refine admin successfully. diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst new file mode 100644 index 0000000000..dbb62ed8d1 --- /dev/null +++ b/docs/source/configuration/tutor.rst @@ -0,0 +1,151 @@ +Local Open edX Tutor and MITx Online Deployment +=============================================== + +These instructions describe setting up MITx Online and Tutor from scratch on Linux. These instructions should largely apply to macOS users, and they should also apply to users converting from a devstack-based deployment to Tutor. + +.. pull-quote:: + These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``, but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. + +At the end of this guide, you should have: +* A fully working MITx Online deployment. +* A working Tutor deployment of edX. +* SSO should work from edX to MITx Online. +* MITx Online should have a service worker set up and should be able to perform tasks using the edX api. +* Tutor's included AuthN MFE should be disabled in favor of the MITx Online authentication system. + +Preliminary Steps +----------------- + +``pyenv`` (and ``pyenv-virtualenv``) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ + +You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) + +Tutor Setup, Part One +--------------------- + +.. pull-quote:: + Note that no hosts file changes are needed if you use the default ``local.overhang.io`` domain - that's a real domain with a wildcard subdomain cname that points to 127.0.0.1. + +To begin, you need to follow the `One-Click Installer `_ instructions provided by Tutor. Do this with your Tutor virtualenv activated. + +Once Tutor has bootstrapped itself and is available, create a superuser account: + +``` +tutor local do createuser --staff --superuser edx edx@example.org +``` + +Supply a password (the one used by devstack is ``edx`` so use that if you want to be consistent with it). Then, create a service worker account for MITx Online: + +``` +tutor local do createuser --staff mitx_online_serviceworker service@mitxonline.odl.local +``` + +Supply a password (this one doesn't matter for a local deployment, you won't ever actually use the account). + +For best results, create two new courses within edX. The MITx Online ``configure_instance`` command expects a couple of courses to exist in edX (because they come with the devstack package): + +=============================== ==================== +Course ID Course Title +=============================== ==================== +course-v1:edX+DemoX+Demo_Course Demonstration Course +course-v1:edX+E2E-101+course E2E Test Course + +If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). + +Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. + +## MITx Online Setup + +To set up MITx Online: + +0. Get the gateway IP for the ``tutor_local_default`` network: ``docker network inspect tutor_local_default | grep Gateway`` +1. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. +2. Clone the repository somewhere. +3. Set up your ``.env`` file. These settings need particular attention: + * ``OPENEDX_IP``: set to the gateway IP from the first step + * ``OPENEDX_API_BASE_URL``: set to http://local.overhang.io + * ``OPENEDX_SERVICE_WORKER_USERNAME``: set to ``mitx_online_serviceworker`` (unless you changed this) + * ``OPENEDX_SERVICE_WORKER_API_TOKEN``: set to the token you generated +4. Build the app: ``docker compose build`` +5. Run migrations and configure Wagtail: + ``` + docker compose run --rm web ./manage.py migrate + docker compose run --rm web ./manage.py configure_wagtail + ``` +6. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. +7. Make some minor changes to the OAuth2 application record that was created. + 1. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. + 2. In ``Redirect uris``, change the ``edx.odl.local:18000`` to read ``local.overhang.io``. + +Tutor Setup, Part Two +--------------------- + +Note that some of these steps require editing the main configuration files for the production instance (which is also used for a local deployment). Most of the settings that need to be adjusted to get integration working are overridden by the default Tutor configuration, so you can't update them by setting ``config.yml``. If you're using the development Tutor build, you'll likely need to edit ``development.py`` rather than ``production.py`` as necessary. + +These steps will also disable the AuthN SSO MFE, so from here on you'll get normal edX authentication screens (if you're not being bounced to MITx Online). + +0. Get the gateway IP of the ``mitxonline_default`` Docker network: ``docker network inspect mitxonline_default | grep Gateway`` +1. Log into to edX using your superuser account, and make sure your session stays open. Sessions are pretty long-lived so this just means not closing the browser that you started the session in. (Part of this process will involve mostly breaking authentication so it's important that you are able to get into the admin.) +2. Stop Tutor: ``tutor local stop`` +3. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` +4. Create a ``env/build/openedx/private.txt`` with the required extensions: +.. code-block:: + social-auth-mitxpro + mitxpro-openedx-extensions + +5. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: +.. code-block:: + FEATURES: + SKIP_EMAIL_VALIDATION: true + +to the ``FEATURES`` block (should be at the top). +6. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. + * Add to the end of the file: + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` + * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` + * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. + * Find and update: + * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) + * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) +7. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) +8. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) +9. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) +10. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: + * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` + * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` + * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff + * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` + * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). +10. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. +11. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``, restart Tutor *using ``tutor local stop`` and ``start``, not using ``reboot``*, then try again. +12. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: + * Enabled is checked. + * Name: ``mitxonline`` + * Slug: ``mitxpro-oauth2`` + * Site: ``local.overhang.io`` + * Skip hinted login dialog is checked. + * Skip registration form is checked. + * Skip email verification is checked. + * Sync learner profile data is checked. + * Enable sso id verification is checked. + * Backend name: ``mitxpro-oauth2`` + * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. + * Other settings: +.. code-block:: + { + "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", + "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", + "API_ROOT": "http://:8013/" + } + +where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. +13. Configure Tutor for OAuth2 authentication from MITx Online. + * `Follow these instructions in the MITx Online documentation. `_ + * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). +14. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: + * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). + * ``repair_missing_courseware_records`` should also work. +15. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. + * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. + * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) +16. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. From 2b7928495d7d0df7397985f749942547d77f02ef Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:20:19 -0600 Subject: [PATCH 03/15] Updated README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8b542f02d5..25a310c32c 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ Run through those steps **including the addition of `/etc/hosts` aliases and the ### Configure mitxonline and Open edX +**Open edX Tutor** can be used with MITx Online instead of the traditional devstack release. See [Local Open edX Tutor and MITx Online Deployment](docs/source/configuration/tutor.rst) for details. + See [MITx Online Quick Start](docs/source/configuration/quickstart.rst) and [Configure Open edX](docs/source/configuration/open_edx.rst) ### Configuring the CMS @@ -23,13 +25,9 @@ to be usable. You can apply all of those changes by running a management command docker-compose run --rm web ./manage.py configure_wagtail ``` -### Configuring Refine Admin - -See [Configure Refine Admin](docs/source/configuration/refine_admin.rst) - # Running, testing, and administering the app -Running, testing, and administering this app follows the same patterns as our other web apps. +Running, testing, and administering this app follows the same patterns as our other web apps. *Note: for js tests, run the commands in `frontend/public`, or run via `yarn workspaces foreach run ` from the root. From 7758c99d66adeaad0d9f010a1988d998324a95b8 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:26:06 -0600 Subject: [PATCH 04/15] maybe one day vscode will learn how to tab --- docs/source/configuration/tutor.rst | 94 ++++++++++++++--------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index dbb62ed8d1..e36dec40a3 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -62,20 +62,20 @@ To set up MITx Online: 1. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. 2. Clone the repository somewhere. 3. Set up your ``.env`` file. These settings need particular attention: - * ``OPENEDX_IP``: set to the gateway IP from the first step - * ``OPENEDX_API_BASE_URL``: set to http://local.overhang.io - * ``OPENEDX_SERVICE_WORKER_USERNAME``: set to ``mitx_online_serviceworker`` (unless you changed this) - * ``OPENEDX_SERVICE_WORKER_API_TOKEN``: set to the token you generated + * ``OPENEDX_IP``: set to the gateway IP from the first step + * ``OPENEDX_API_BASE_URL``: set to http://local.overhang.io + * ``OPENEDX_SERVICE_WORKER_USERNAME``: set to ``mitx_online_serviceworker`` (unless you changed this) + * ``OPENEDX_SERVICE_WORKER_API_TOKEN``: set to the token you generated 4. Build the app: ``docker compose build`` 5. Run migrations and configure Wagtail: - ``` - docker compose run --rm web ./manage.py migrate - docker compose run --rm web ./manage.py configure_wagtail - ``` + ``` + docker compose run --rm web ./manage.py migrate + docker compose run --rm web ./manage.py configure_wagtail + ``` 6. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. 7. Make some minor changes to the OAuth2 application record that was created. - 1. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. - 2. In ``Redirect uris``, change the ``edx.odl.local:18000`` to read ``local.overhang.io``. + 1. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. + 2. In ``Redirect uris``, change the ``edx.odl.local:18000`` to read ``local.overhang.io``. Tutor Setup, Part Two --------------------- @@ -89,49 +89,49 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm 2. Stop Tutor: ``tutor local stop`` 3. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` 4. Create a ``env/build/openedx/private.txt`` with the required extensions: -.. code-block:: - social-auth-mitxpro - mitxpro-openedx-extensions +.. code-block:: text + social-auth-mitxpro + mitxpro-openedx-extensions 5. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: -.. code-block:: - FEATURES: - SKIP_EMAIL_VALIDATION: true +.. code-block:: yaml + FEATURES: + SKIP_EMAIL_VALIDATION: true to the ``FEATURES`` block (should be at the top). 6. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. - * Add to the end of the file: - * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` - * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` - * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. - * Find and update: - * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) - * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) + * Add to the end of the file: + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` + * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` + * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. + * Find and update: + * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) + * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) 7. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) 8. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) 9. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) 10. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: - * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` - * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` - * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff - * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` - * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). + * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` + * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` + * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff + * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` + * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). 10. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. 11. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``, restart Tutor *using ``tutor local stop`` and ``start``, not using ``reboot``*, then try again. 12. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: - * Enabled is checked. - * Name: ``mitxonline`` - * Slug: ``mitxpro-oauth2`` - * Site: ``local.overhang.io`` - * Skip hinted login dialog is checked. - * Skip registration form is checked. - * Skip email verification is checked. - * Sync learner profile data is checked. - * Enable sso id verification is checked. - * Backend name: ``mitxpro-oauth2`` - * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. - * Other settings: -.. code-block:: + * Enabled is checked. + * Name: ``mitxonline`` + * Slug: ``mitxpro-oauth2`` + * Site: ``local.overhang.io`` + * Skip hinted login dialog is checked. + * Skip registration form is checked. + * Skip email verification is checked. + * Sync learner profile data is checked. + * Enable sso id verification is checked. + * Backend name: ``mitxpro-oauth2`` + * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. + * Other settings: +.. code-block:: json { "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", @@ -140,12 +140,12 @@ to the ``FEATURES`` block (should be at the top). where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. 13. Configure Tutor for OAuth2 authentication from MITx Online. - * `Follow these instructions in the MITx Online documentation. `_ - * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). + * `Follow these instructions in the MITx Online documentation. `_ + * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). 14. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: - * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). - * ``repair_missing_courseware_records`` should also work. + * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). + * ``repair_missing_courseware_records`` should also work. 15. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. - * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. - * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) + * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. + * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) 16. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. From 397aec495c8ef8b85dfc0cddbd5cede3fb5961ab Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:28:34 -0600 Subject: [PATCH 05/15] rst nonsense --- docs/source/configuration/tutor.rst | 42 ++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index e36dec40a3..3317995900 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -50,6 +50,15 @@ Course ID Course Title course-v1:edX+DemoX+Demo_Course Demonstration Course course-v1:edX+E2E-101+course E2E Test Course + + + + + + + + + If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. @@ -62,18 +71,23 @@ To set up MITx Online: 1. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. 2. Clone the repository somewhere. 3. Set up your ``.env`` file. These settings need particular attention: + * ``OPENEDX_IP``: set to the gateway IP from the first step * ``OPENEDX_API_BASE_URL``: set to http://local.overhang.io * ``OPENEDX_SERVICE_WORKER_USERNAME``: set to ``mitx_online_serviceworker`` (unless you changed this) * ``OPENEDX_SERVICE_WORKER_API_TOKEN``: set to the token you generated + 4. Build the app: ``docker compose build`` 5. Run migrations and configure Wagtail: - ``` - docker compose run --rm web ./manage.py migrate - docker compose run --rm web ./manage.py configure_wagtail - ``` + +``` +docker compose run --rm web ./manage.py migrate +docker compose run --rm web ./manage.py configure_wagtail +``` + 6. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. 7. Make some minor changes to the OAuth2 application record that was created. + 1. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. 2. In ``Redirect uris``, change the ``edx.odl.local:18000`` to read ``local.overhang.io``. @@ -89,36 +103,48 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm 2. Stop Tutor: ``tutor local stop`` 3. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` 4. Create a ``env/build/openedx/private.txt`` with the required extensions: + .. code-block:: text social-auth-mitxpro mitxpro-openedx-extensions 5. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: + .. code-block:: yaml FEATURES: SKIP_EMAIL_VALIDATION: true + to the ``FEATURES`` block (should be at the top). + 6. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. + * Add to the end of the file: + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. + * Find and update: + * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) + 7. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) 8. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) 9. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) 10. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: + * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). + 10. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. 11. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``, restart Tutor *using ``tutor local stop`` and ``start``, not using ``reboot``*, then try again. 12. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: + * Enabled is checked. * Name: ``mitxonline`` * Slug: ``mitxpro-oauth2`` @@ -131,6 +157,7 @@ to the ``FEATURES`` block (should be at the top). * Backend name: ``mitxpro-oauth2`` * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. * Other settings: + .. code-block:: json { "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", @@ -139,13 +166,20 @@ to the ``FEATURES`` block (should be at the top). } where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. + 13. Configure Tutor for OAuth2 authentication from MITx Online. + * `Follow these instructions in the MITx Online documentation. `_ * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). + 14. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: + * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). * ``repair_missing_courseware_records`` should also work. + 15. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. + * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) + 16. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. From 0e699f621a70bbba967de675f9955efbf32bb86b Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:30:11 -0600 Subject: [PATCH 06/15] more rst nonsense --- docs/source/configuration/tutor.rst | 37 +++++++++++++---------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 3317995900..14a92a2eaf 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -49,14 +49,7 @@ Course ID Course Title =============================== ==================== course-v1:edX+DemoX+Demo_Course Demonstration Course course-v1:edX+E2E-101+course E2E Test Course - - - - - - - - +=============================== ==================== If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). @@ -104,16 +97,17 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm 3. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` 4. Create a ``env/build/openedx/private.txt`` with the required extensions: -.. code-block:: text - social-auth-mitxpro - mitxpro-openedx-extensions +``` +social-auth-mitxpro +mitxpro-openedx-extensions +``` 5. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: -.. code-block:: yaml - FEATURES: - SKIP_EMAIL_VALIDATION: true - +``` +FEATURES: + SKIP_EMAIL_VALIDATION: true +``` to the ``FEATURES`` block (should be at the top). @@ -158,12 +152,13 @@ to the ``FEATURES`` block (should be at the top). * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. * Other settings: -.. code-block:: json - { - "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", - "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", - "API_ROOT": "http://:8013/" - } +``` +{ + "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", + "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", + "API_ROOT": "http://:8013/" +} +``` where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. From c604ea0d43f37e1c62fe778acd79431666bfa643 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:31:46 -0600 Subject: [PATCH 07/15] sjkldfasdjkl;fas --- docs/source/configuration/tutor.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 14a92a2eaf..c58bac0a89 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -106,7 +106,8 @@ mitxpro-openedx-extensions ``` FEATURES: - SKIP_EMAIL_VALIDATION: true +SKIP_EMAIL_VALIDATION: true +^-- there should be 2 spaces here ``` to the ``FEATURES`` block (should be at the top). @@ -154,9 +155,9 @@ to the ``FEATURES`` block (should be at the top). ``` { - "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", - "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", - "API_ROOT": "http://:8013/" +"AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", +"ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", +"API_ROOT": "http://:8013/" } ``` From d8ef67865dbb65d812e373f8a0c5c9164d9b2d4a Mon Sep 17 00:00:00 2001 From: James Kachel Date: Tue, 24 Jan 2023 10:40:57 -0600 Subject: [PATCH 08/15] fixed index problem, did sensible thing finally and used m2r rather than doing it manually --- docs/source/configuration/index.rst | 1 - docs/source/configuration/tutor.rst | 227 ++++++++++++++-------------- 2 files changed, 116 insertions(+), 112 deletions(-) diff --git a/docs/source/configuration/index.rst b/docs/source/configuration/index.rst index 65e33201cb..f5024eaaf2 100644 --- a/docs/source/configuration/index.rst +++ b/docs/source/configuration/index.rst @@ -7,5 +7,4 @@ Configuration open_edx tutor ecommerce - refine_admin quickstart diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index c58bac0a89..7aad7fcb61 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -1,12 +1,17 @@ + Local Open edX Tutor and MITx Online Deployment =============================================== -These instructions describe setting up MITx Online and Tutor from scratch on Linux. These instructions should largely apply to macOS users, and they should also apply to users converting from a devstack-based deployment to Tutor. +These instructions describe setting up MITx Online and Tutor from scratch on Linux. These instructions should largely apply to macOS users, and they should also apply to users converting from a devstack-based deployment to Tutor. + +.. + + These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``\ , but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. -.. pull-quote:: - These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``, but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. At the end of this guide, you should have: + + * A fully working MITx Online deployment. * A working Tutor deployment of edX. * SSO should work from edX to MITx Online. @@ -16,73 +21,79 @@ At the end of this guide, you should have: Preliminary Steps ----------------- -``pyenv`` (and ``pyenv-virtualenv``) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ +``pyenv`` (and ``pyenv-virtualenv``\ ) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ -You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) +You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) Tutor Setup, Part One --------------------- -.. pull-quote:: - Note that no hosts file changes are needed if you use the default ``local.overhang.io`` domain - that's a real domain with a wildcard subdomain cname that points to 127.0.0.1. +.. + + Note that no hosts file changes are needed if you use the default ``local.overhang.io`` domain - that's a real domain with a wildcard subdomain cname that points to 127.0.0.1. + -To begin, you need to follow the `One-Click Installer `_ instructions provided by Tutor. Do this with your Tutor virtualenv activated. +To begin, you need to follow the `One-Click Installer `_ instructions provided by Tutor. Do this with your Tutor virtualenv activated. -Once Tutor has bootstrapped itself and is available, create a superuser account: +Once Tutor has bootstrapped itself and is available, create a superuser account: -``` -tutor local do createuser --staff --superuser edx edx@example.org -``` +.. code-block:: + + tutor local do createuser --staff --superuser edx edx@example.org Supply a password (the one used by devstack is ``edx`` so use that if you want to be consistent with it). Then, create a service worker account for MITx Online: -``` -tutor local do createuser --staff mitx_online_serviceworker service@mitxonline.odl.local -``` +.. code-block:: + + tutor local do createuser --staff mitx_online_serviceworker service@mitxonline.odl.local -Supply a password (this one doesn't matter for a local deployment, you won't ever actually use the account). +Supply a password (this one doesn't matter for a local deployment, you won't ever actually use the account). For best results, create two new courses within edX. The MITx Online ``configure_instance`` command expects a couple of courses to exist in edX (because they come with the devstack package): -=============================== ==================== -Course ID Course Title -=============================== ==================== -course-v1:edX+DemoX+Demo_Course Demonstration Course -course-v1:edX+E2E-101+course E2E Test Course -=============================== ==================== +.. list-table:: + :header-rows: 1 + * - Course ID + - Course Title + * - course-v1:edX+DemoX+Demo_Course + - Demonstration Course + * - course-v1:edX+E2E-101+course + - E2E Test Course -If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). -Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. +If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). -## MITx Online Setup +Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. + +MITx Online Setup +----------------- To set up MITx Online: -0. Get the gateway IP for the ``tutor_local_default`` network: ``docker network inspect tutor_local_default | grep Gateway`` -1. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. -2. Clone the repository somewhere. -3. Set up your ``.env`` file. These settings need particular attention: - * ``OPENEDX_IP``: set to the gateway IP from the first step - * ``OPENEDX_API_BASE_URL``: set to http://local.overhang.io - * ``OPENEDX_SERVICE_WORKER_USERNAME``: set to ``mitx_online_serviceworker`` (unless you changed this) - * ``OPENEDX_SERVICE_WORKER_API_TOKEN``: set to the token you generated +#. Get the gateway IP for the ``tutor_local_default`` network: ``docker network inspect tutor_local_default | grep Gateway`` +#. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. +#. Clone the repository somewhere. +#. Set up your ``.env`` file. These settings need particular attention: -4. Build the app: ``docker compose build`` -5. Run migrations and configure Wagtail: + * ``OPENEDX_IP``\ : set to the gateway IP from the first step + * ``OPENEDX_API_BASE_URL``\ : set to http://local.overhang.io + * ``OPENEDX_SERVICE_WORKER_USERNAME``\ : set to ``mitx_online_serviceworker`` (unless you changed this) + * ``OPENEDX_SERVICE_WORKER_API_TOKEN``\ : set to the token you generated -``` -docker compose run --rm web ./manage.py migrate -docker compose run --rm web ./manage.py configure_wagtail -``` +#. Build the app: ``docker compose build`` +#. Run migrations and configure Wagtail: + .. code-block:: -6. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. -7. Make some minor changes to the OAuth2 application record that was created. + docker compose run --rm web ./manage.py migrate + docker compose run --rm web ./manage.py configure_wagtail - 1. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. - 2. In ``Redirect uris``, change the ``edx.odl.local:18000`` to read ``local.overhang.io``. +#. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. +#. Make some minor changes to the OAuth2 application record that was created. + + #. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. + #. In ``Redirect uris``\ , change the ``edx.odl.local:18000`` to read ``local.overhang.io``. Tutor Setup, Part Two --------------------- @@ -91,91 +102,85 @@ Note that some of these steps require editing the main configuration files for t These steps will also disable the AuthN SSO MFE, so from here on you'll get normal edX authentication screens (if you're not being bounced to MITx Online). -0. Get the gateway IP of the ``mitxonline_default`` Docker network: ``docker network inspect mitxonline_default | grep Gateway`` -1. Log into to edX using your superuser account, and make sure your session stays open. Sessions are pretty long-lived so this just means not closing the browser that you started the session in. (Part of this process will involve mostly breaking authentication so it's important that you are able to get into the admin.) -2. Stop Tutor: ``tutor local stop`` -3. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` -4. Create a ``env/build/openedx/private.txt`` with the required extensions: - -``` -social-auth-mitxpro -mitxpro-openedx-extensions -``` - -5. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: -``` -FEATURES: -SKIP_EMAIL_VALIDATION: true -^-- there should be 2 spaces here -``` +#. Get the gateway IP of the ``mitxonline_default`` Docker network: ``docker network inspect mitxonline_default | grep Gateway`` +#. Log into to edX using your superuser account, and make sure your session stays open. Sessions are pretty long-lived so this just means not closing the browser that you started the session in. (Part of this process will involve mostly breaking authentication so it's important that you are able to get into the admin.) +#. Stop Tutor: ``tutor local stop`` +#. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` +#. Create a ``env/build/openedx/private.txt`` with the required extensions: + .. code-block:: -to the ``FEATURES`` block (should be at the top). + social-auth-mitxpro + mitxpro-openedx-extensions -6. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. +#. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: + .. code-block:: - * Add to the end of the file: + FEATURES: + SKIP_EMAIL_VALIDATION: true + to the ``FEATURES`` block (should be at the top). +#. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. - * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` - * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` - * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. + * Add to the end of the file: - * Find and update: + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` + * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` + * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. - * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) - * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) + * Find and update: -7. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) -8. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) -9. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) -10. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: + * ``FEATURES['ENABLE_AUTHN_MICROFRONTEND'] = False`` (defaults to True) + * ``REGISTRATION_EXTRA_FIELDS["terms_of_service"] = "hidden"`` (defaults to required) - * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` - * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` - * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff - * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` - * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). +#. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) +#. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) +#. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) +#. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: -10. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. -11. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``, restart Tutor *using ``tutor local stop`` and ``start``, not using ``reboot``*, then try again. -12. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: + * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` + * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` + * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff + * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` + * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). - * Enabled is checked. - * Name: ``mitxonline`` - * Slug: ``mitxpro-oauth2`` - * Site: ``local.overhang.io`` - * Skip hinted login dialog is checked. - * Skip registration form is checked. - * Skip email verification is checked. - * Sync learner profile data is checked. - * Enable sso id verification is checked. - * Backend name: ``mitxpro-oauth2`` - * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. - * Other settings: +#. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. +#. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``\ , restart Tutor *using ``tutor local stop`` and ``start``\ , not using ``reboot``\ *\ , then try again. +#. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: -``` -{ -"AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", -"ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", -"API_ROOT": "http://:8013/" -} -``` + * Enabled is checked. + * Name: ``mitxonline`` + * Slug: ``mitxpro-oauth2`` + * Site: ``local.overhang.io`` + * Skip hinted login dialog is checked. + * Skip registration form is checked. + * Skip email verification is checked. + * Sync learner profile data is checked. + * Enable sso id verification is checked. + * Backend name: ``mitxpro-oauth2`` + * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. + * Other settings: + .. code-block:: -where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. + { + "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", + "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", + "API_ROOT": "http://:8013/" + } + where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. -13. Configure Tutor for OAuth2 authentication from MITx Online. +#. Configure Tutor for OAuth2 authentication from MITx Online. - * `Follow these instructions in the MITx Online documentation. `_ - * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). + * `Follow these instructions in the MITx Online documentation. `_ + * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). -14. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: +#. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: - * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). - * ``repair_missing_courseware_records`` should also work. + * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). + * ``repair_missing_courseware_records`` should also work. -15. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. +#. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. - * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. - * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) + * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. + * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) -16. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. +#. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. From 581d2613c2edb267ac55ee23ca69def07e7ec7b0 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Thu, 2 Mar 2023 13:19:46 -0600 Subject: [PATCH 09/15] Some doc updates; added some notes for use on Arm macOS --- docs/source/configuration/tutor.rst | 89 ++++++++++++++++++----------- 1 file changed, 55 insertions(+), 34 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 7aad7fcb61..8e2ae1d64e 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -2,11 +2,11 @@ Local Open edX Tutor and MITx Online Deployment =============================================== -These instructions describe setting up MITx Online and Tutor from scratch on Linux. These instructions should largely apply to macOS users, and they should also apply to users converting from a devstack-based deployment to Tutor. +These instructions describe setting up MITx Online and Tutor from scratch on Linux. These instructions should largely apply to macOS users, and they should also apply to users converting from a devstack-based deployment to Tutor. .. - These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``\ , but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. + These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``\ , but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. At the end of this guide, you should have: @@ -21,21 +21,26 @@ At the end of this guide, you should have: Preliminary Steps ----------------- -``pyenv`` (and ``pyenv-virtualenv``\ ) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ +``pyenv`` (and ``pyenv-virtualenv``\ ) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ -You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) +You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11 - that didn't work). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) Tutor Setup, Part One --------------------- .. - Note that no hosts file changes are needed if you use the default ``local.overhang.io`` domain - that's a real domain with a wildcard subdomain cname that points to 127.0.0.1. + Note that no hosts file changes are needed if you use the default ``local.overhang.io`` domain - that's a real domain with a wildcard subdomain cname that points to 127.0.0.1. -To begin, you need to follow the `One-Click Installer `_ instructions provided by Tutor. Do this with your Tutor virtualenv activated. +To begin, you need to follow the `One-Click Installer `_ instructions provided by Tutor. Do this with your Tutor virtualenv activated. -Once Tutor has bootstrapped itself and is available, create a superuser account: +.. + + Mac/Arm users should instead follow these instructions: `Running Tutor on ARM-based systems `_ It's mostly the same steps that the quickstart does internally, with some changes to rebuild some of the images and flip some dependencies to use compatible images for Arm. + + +Once Tutor has bootstrapped itself and is available, create a superuser account: .. code-block:: @@ -47,7 +52,7 @@ Supply a password (the one used by devstack is ``edx`` so use that if you want t tutor local do createuser --staff mitx_online_serviceworker service@mitxonline.odl.local -Supply a password (this one doesn't matter for a local deployment, you won't ever actually use the account). +Supply a password (this one doesn't matter for a local deployment, you won't ever actually use the account). For best results, create two new courses within edX. The MITx Online ``configure_instance`` command expects a couple of courses to exist in edX (because they come with the devstack package): @@ -62,9 +67,9 @@ For best results, create two new courses within edX. The MITx Online ``configure - E2E Test Course -If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). +If you have a devstack instance handy, you can export these and import them into Tutor. Otherwise, just create them and make sure to set dates for the courses (they default to 2030 otherwise). -Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. +Finally, go here to create an access token for the service worker user: http://local.overhang.io/admin/oauth2_provider/accesstoken/add/ The token can be anything, and the expiration date should just be today plus 10 years. MITx Online Setup ----------------- @@ -73,7 +78,10 @@ To set up MITx Online: #. Get the gateway IP for the ``tutor_local_default`` network: ``docker network inspect tutor_local_default | grep Gateway`` -#. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. + + * Mac users should instead use the host.docker.internal IP. Specify this by using ``host-internal`` in ``OPENEDX_IP``. + +#. Set up your ``/etc/hosts`` file to point ``mitxonline.odl.local`` to localhost. #. Clone the repository somewhere. #. Set up your ``.env`` file. These settings need particular attention: @@ -83,17 +91,20 @@ To set up MITx Online: * ``OPENEDX_SERVICE_WORKER_API_TOKEN``\ : set to the token you generated #. Build the app: ``docker compose build`` -#. Run migrations and configure Wagtail: - .. code-block:: +#. Run migrations and configure Wagtail:: docker compose run --rm web ./manage.py migrate docker compose run --rm web ./manage.py configure_wagtail -#. Run the ``configure_instance`` command: ``docker compose run --rm web ./manage.py configure_instance linux --gateway `` where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. +#. Run the ``configure_instance`` command:: + + docker compose run --rm web ./manage.py configure_instance linux --gateway + + where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. #. Make some minor changes to the OAuth2 application record that was created. #. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. - #. In ``Redirect uris``\ , change the ``edx.odl.local:18000`` to read ``local.overhang.io``. + #. In ``Redirect uris``\ , change the ``edx.odl.local:18000`` to read ``local.overhang.io``. Tutor Setup, Part Two --------------------- @@ -106,25 +117,29 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm #. Get the gateway IP of the ``mitxonline_default`` Docker network: ``docker network inspect mitxonline_default | grep Gateway`` #. Log into to edX using your superuser account, and make sure your session stays open. Sessions are pretty long-lived so this just means not closing the browser that you started the session in. (Part of this process will involve mostly breaking authentication so it's important that you are able to get into the admin.) #. Stop Tutor: ``tutor local stop`` -#. Change into the configuration root for Tutor: ``cd "$(tutor config printroot)"`` -#. Create a ``env/build/openedx/private.txt`` with the required extensions: +#. Change into the configuration root for Tutor: + .. code-block:: + + cd "$(tutor config printroot)" + +#. Create a ``env/build/openedx/requirements/private.txt`` with the required extensions: .. code-block:: social-auth-mitxpro mitxpro-openedx-extensions -#. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: +#. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: .. code-block:: FEATURES: SKIP_EMAIL_VALIDATION: true - to the ``FEATURES`` block (should be at the top). + to the ``FEATURES`` block (should be at the top). #. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. - * Add to the end of the file: + * Add to the end of the file: * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` - * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` + * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. * Find and update: @@ -134,17 +149,17 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm #. Build a new ``openedx`` image: ``tutor images build openedx`` (this will take a long time) #. Run a Docker Compse rebuild: ``tutor local dc build`` (this should be pretty quick - it's likely not required, just doing it here for safety) -#. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) +#. Restart Tutor: ``tutor local start -d`` (omit ``-d`` if you want to watch the logs) #. Check your settings. There's a ``print_setting`` command that you can use to verify everything is set properly: - * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` - * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` + * ``tutor local run lms ./manage.py lms print_setting REGISTRATION_EXTRA_FIELDS`` + * ``tutor local run lms ./manage.py lms print_setting AUTHENTICATION_BACKENDS`` * ``tutor local run lms ./manage.py lms print_setting FEATURES`` - will print a lot of stuff - * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` - * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). + * ``tutor local run lms ./manage.py lms print_setting THIRD_PARTY_AUTH_BACKENDS`` + * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). #. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. -#. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``\ , restart Tutor *using ``tutor local stop`` and ``start``\ , not using ``reboot``\ *\ , then try again. +#. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``\ , restart Tutor *using ``tutor local stop`` and ``start``\ , not using ``reboot``\ *\ , then try again. #. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: * Enabled is checked. @@ -166,21 +181,27 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", "API_ROOT": "http://:8013/" } - where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. -#. Configure Tutor for OAuth2 authentication from MITx Online. + where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. **Mac users**, use ``host.docker.internal`` for MITXONLINE_GATEWAY_IP. + +#. Configure Tutor for OAuth2 authentication from MITx Online. * `Follow these instructions in the MITx Online documentation. `_ * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). #. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: - * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). - * ``repair_missing_courseware_records`` should also work. + * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). + * ``repair_missing_courseware_records`` should also work. -#. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. +#. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. - * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) + * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) + +#. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. + +Other Notes +----------- -#. Optionally, log into the LMS Django Admin and make your MITx Online superuser account a superuser there too. +**Trying to set configuration settings via ``tutor config`` will undo the specialty configuration above.** If you need to make changes to the configuration, either manually edit the ``env/apps/openedx/config/lms.env.yml`` file or the ``env/apps/openedx/settings/lms/production.py`` file and restart your Tutor instance. From f0e94cced79c25d302e3f02de426437baac9f608 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Thu, 2 Mar 2023 14:20:52 -0600 Subject: [PATCH 10/15] Minor changes to remove `code-block` stuff and make commands hopefully easier to cut and paste --- docs/source/configuration/tutor.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 8e2ae1d64e..f4cad649fc 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -100,7 +100,7 @@ To set up MITx Online: docker compose run --rm web ./manage.py configure_instance linux --gateway - where ```` is the IP from the first step. You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. + where ```` is the IP from the first step. (On macOS, specify ``macos`` instead of ``linux``. You can also skip ``--gateway``.) You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. #. Make some minor changes to the OAuth2 application record that was created. #. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. @@ -114,33 +114,34 @@ Note that some of these steps require editing the main configuration files for t These steps will also disable the AuthN SSO MFE, so from here on you'll get normal edX authentication screens (if you're not being bounced to MITx Online). -#. Get the gateway IP of the ``mitxonline_default`` Docker network: ``docker network inspect mitxonline_default | grep Gateway`` +#. Get the gateway IP of the ``mitxonline_default`` Docker network:: + + docker network inspect mitxonline_default | grep Gateway + #. Log into to edX using your superuser account, and make sure your session stays open. Sessions are pretty long-lived so this just means not closing the browser that you started the session in. (Part of this process will involve mostly breaking authentication so it's important that you are able to get into the admin.) #. Stop Tutor: ``tutor local stop`` -#. Change into the configuration root for Tutor: - .. code-block:: +#. Change into the configuration root for Tutor:: cd "$(tutor config printroot)" -#. Create a ``env/build/openedx/requirements/private.txt`` with the required extensions: - .. code-block:: +#. Create a ``env/build/openedx/requirements/private.txt`` with the required extensions:: social-auth-mitxpro mitxpro-openedx-extensions -#. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add: - .. code-block:: +#. Edit the ``env/apps/openedx/config/lms.env.yml`` file and add:: FEATURES: SKIP_EMAIL_VALIDATION: true + to the ``FEATURES`` block (should be at the top). #. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. - * Add to the end of the file: + * Add to the end of the file:: - * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` - * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` - * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in ``production.py`` too. + THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2'] + AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2') + IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/') # there's an existing one of these around like 300 in production.py too. * Find and update: @@ -173,8 +174,7 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * Enable sso id verification is checked. * Backend name: ``mitxpro-oauth2`` * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. - * Other settings: - .. code-block:: + * Other settings:: { "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", From eaade812b339433384e9c7d509422a5fb347d59b Mon Sep 17 00:00:00 2001 From: James Kachel Date: Thu, 2 Mar 2023 14:48:44 -0600 Subject: [PATCH 11/15] minor doc changes --- docs/source/configuration/tutor.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index f4cad649fc..212fe66f47 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -160,7 +160,7 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * If you do have weird errors or settings not showing properly, make sure you edited the right yaml files *and* that they're using the right whitespace (i.e. don't use tabs). #. In a separate browser session of some kind (incognito/private browsing/other browser entirely), try to navigate to http://local.overhang.io . It should load but it should give you an error message. In the LMS logs, you should see an error message for "Can't fetch settings for disabled provider." This is proper operation - the OAuth2 settings aren't in place yet. -#. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``\ , restart Tutor *using ``tutor local stop`` and ``start``\ , not using ``reboot``\ *\ , then try again. +#. In the superuser session you have open, go to http://local.overhang.io/admin . This should work. If you've been logged out, you should still be able to get in. If you can't (for instance, if you're getting 500 errors), you will need to turn off ``ENABLE_THIRD_PARTY_AUTH`` in ``FEATURES``\ , restart Tutor using ``tutor local stop`` and ``start``\ , not using ``reboot``\ , then try again. #. Go to http://local.overhang.io/admin/third_party_auth/oauth2providerconfig/add/ and add a provider configuration: * Enabled is checked. @@ -176,11 +176,11 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. * Other settings:: - { - "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", - "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", - "API_ROOT": "http://:8013/" - } + { + "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", + "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", + "API_ROOT": "http://:8013/" + } where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. **Mac users**, use ``host.docker.internal`` for MITXONLINE_GATEWAY_IP. From bb0a4e98c4c8868e6d2f125cf4d66193a7210ee8 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Fri, 3 Mar 2023 14:26:21 -0600 Subject: [PATCH 12/15] More doc updates - forgot to note that there's a flag for configure_instance for Tutor deployments now --- docs/source/configuration/tutor.rst | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 212fe66f47..481692de47 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -98,13 +98,10 @@ To set up MITx Online: #. Run the ``configure_instance`` command:: - docker compose run --rm web ./manage.py configure_instance linux --gateway + docker compose run --rm web ./manage.py configure_instance linux --gateway --tutor where ```` is the IP from the first step. (On macOS, specify ``macos`` instead of ``linux``. You can also skip ``--gateway``.) You will need to supply passwords for the MITx Online superuser and test learner accounts. Make a note of the client ID and secret that it will print out at the end. -#. Make some minor changes to the OAuth2 application record that was created. - #. Go to https://mitxonline.odl.local:8013/admin/oauth2_provider/application/ and select the ``edx-oauth-app`` entry. - #. In ``Redirect uris``\ , change the ``edx.odl.local:18000`` to read ``local.overhang.io``. Tutor Setup, Part Two --------------------- @@ -186,9 +183,18 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm #. Configure Tutor for OAuth2 authentication from MITx Online. - * `Follow these instructions in the MITx Online documentation. `_ - * You should have already set the ``OPENEDX_API_BASE_URL`` setting in the MITx Online Setup step; don't change it (but do add the API credentials). + * Go to http://local.overhang.io/admin/oauth2_provider/application/ and either add or edit the ``edx-oauth-app`` entry. + * Ensure these settings are set: + * Name: ``edx-oauth-app`` + * Redirect uris: ``http://mitxonline.odl.local:8013/login/_private/complete`` + * Client type: ``Confidential`` + * Authorization grant type: ``Confidental`` + * Skip authorization is checked. + + * Save ``Client id`` and ``Client secret``. + +#. Update your MITx Online ``.env`` file. Set ``OPENEDX_API_CLIENT_ID`` and ``OPENEDX_API_CLIENT_SECRET`` to the values from the record you created or updated in the last step. #. You should now be able to run some MITx Online management commands to ensure the service worker is set up properly: * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). From 7eeca7b909b38223285be38f0891bc8eb7fdae99 Mon Sep 17 00:00:00 2001 From: James Kachel Date: Fri, 3 Mar 2023 14:55:41 -0600 Subject: [PATCH 13/15] more doc cleanup stuff --- docs/source/configuration/tutor.rst | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 481692de47..99984c7357 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -23,7 +23,7 @@ Preliminary Steps ``pyenv`` (and ``pyenv-virtualenv``\ ) are highly recommended for managing local Python versions. `Use the instructions on their GitHub page to install if you haven't already installed it. `_ -You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16 (but *not* 3.11 - that didn't work). You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) +You'll want to create at least a virtualenv for Tutor. As of this writing, Tutor uses Python 3.8.12 (in the LMS container at least); I have also successfully used 3.9.16. 3.11 has *not* worked for me. You can optionally create a virtualenv for MITx Online too but that's not strictly necessary. (I have one so I can run black/isort/etc. without having to jump into a container to do it.) Tutor Setup, Part One --------------------- @@ -134,11 +134,11 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm to the ``FEATURES`` block (should be at the top). #. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. - * Add to the end of the file:: - - THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2'] - AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2') - IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/') # there's an existing one of these around like 300 in production.py too. + * Add to the end of the file: + + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` + * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` + * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in production.py too. * Find and update: @@ -171,13 +171,13 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * Enable sso id verification is checked. * Backend name: ``mitxpro-oauth2`` * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. - * Other settings:: + * Other settings: - { - "AUTHORIZATION_URL": "http://mitxonline.odl.local:8013/oauth2/authorize/", - "ACCESS_TOKEN_URL": "http://:8013/oauth2/token/", - "API_ROOT": "http://:8013/" - } + { + "AUTHORIZATION_URL": "\http://mitxonline.odl.local:8013/oauth2/authorize/", + "ACCESS_TOKEN_URL": "\http://:8013/oauth2/token/", + "API_ROOT": "\http://:8013/" + } where MITXONLINE_GATEWAY_IP is the IP from the ``mitxonline_default`` network from the first step. **Mac users**, use ``host.docker.internal`` for MITXONLINE_GATEWAY_IP. @@ -200,7 +200,7 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * ``sync_courserun --all ALL`` should sync the two test courses (if you made them). * ``repair_missing_courseware_records`` should also work. -#. In the separate browser session from step 11, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. +#. In the separate browser session from step 12, attempt to log in again. This time, you should be able to log in through MITx Online, and you should be able to get to the edX LMS dashboard. If not, then double-check your provider configuration settings and try again. * Unlike devstack, the Tutor instance has an Update button for the provider configuration, so you can just update the record you put in. * If you are still getting "Can't fetch settings" errors, *make sure* your Site is set properly - there are three options by default and only one works. (This was typically the problem I had.) @@ -211,3 +211,5 @@ Other Notes ----------- **Trying to set configuration settings via ``tutor config`` will undo the specialty configuration above.** If you need to make changes to the configuration, either manually edit the ``env/apps/openedx/config/lms.env.yml`` file or the ``env/apps/openedx/settings/lms/production.py`` file and restart your Tutor instance. + +**Make sure your service worker account is active.** It's an easy checkbox to miss. From 249244c5e2b44cf659117a93a57e732844affc3c Mon Sep 17 00:00:00 2001 From: James Kachel Date: Fri, 17 Mar 2023 10:06:08 -0500 Subject: [PATCH 14/15] Updating the configure_instance command to have a specific tutor dev/nightly flag; updating docs for same; updating overall Tutor docs with a few more things after testing with nightly/dev --- docs/source/commands/configure_instance.rst | 12 ++++++---- docs/source/configuration/tutor.rst | 14 +++++++----- .../management/commands/configure_instance.py | 22 ++++++++++++++++--- 3 files changed, 36 insertions(+), 12 deletions(-) diff --git a/docs/source/commands/configure_instance.rst b/docs/source/commands/configure_instance.rst index 407b35c137..4acc79cfac 100644 --- a/docs/source/commands/configure_instance.rst +++ b/docs/source/commands/configure_instance.rst @@ -1,12 +1,14 @@ ``configure_instance`` ====================== -Configures a fresh MITx Online instance. For more information, see :doc:`MITx Online Quick Start<../configuration/quickstart>`. +Configures a fresh MITx Online instance. For more information, see :doc:`MITx Online Quick Start<../configuration/quickstart>` and :doc:`Local Open edX Tutor and MITx Online Deployment<../configuration/tutor>`. + +For Tutor deployments, this will use ``local.overhang.io`` for URLs for the edX platform. If you're running a dev deployment, or are using Tutor Nightly, ``--tutor-dev`` will additionally add the proper ports (as Caddy is disabled in these cases). In either case, the two demo courses will still be created but only the Demonstration Course (``course-v1:edX+DemoX+Demo_Course``) will exist in edX, and then only if you import the demo course using the relevant Tutor command. Syntax ------ -``configure_instance [--dont-enroll|-D] [--dont-create-superuser|-S] [--edx-oauth-client ] [--edx-oauth-secret ] [--gateway ]`` +``configure_instance [--dont-enroll|-D] [--dont-create-superuser|-S] [--edx-oauth-client ] [--edx-oauth-secret ] [--gateway ] [--tutor|-T] [--tutor-dev]`` Options ------- @@ -15,5 +17,7 @@ Options * ``--dont-enroll|-D`` - Don't enroll the test learner account in any courses. (Defaults to enrolling the account in ``course-v1:edX+DemoX+Demo_Course``.) * ``--dont-create-superuser|-S`` - Don't create a superuser account. * ``--gateway `` - The Docker gateway IP. Required on Linux. See :doc:`Configure Open edX<../configuration/open_edx>` for more info. -* ``--edx-oauth-client `` - Use the specified client ID for the edX OAuth2 client. (Useful if you're redoing your MITx Online instance and you've already created the corresponding record in edX, since you're not allowed to edit it there.) -* ``--edx-oauth-secret `` - Use the specified client secret for the edX OAuth2 client. (Useful if you're redoing your MITx Online instance and you've already created the corresponding record in edX, since you're not allowed to edit it there.) \ No newline at end of file +* ``--edx-oauth-client `` - Use the specified client ID for the edX OAuth2 client. (Useful if you're redoing your MITx Online instance and you've already created the corresponding record in edX, since you're not allowed to edit it there.) +* ``--edx-oauth-secret `` - Use the specified client secret for the edX OAuth2 client. (Useful if you're redoing your MITx Online instance and you've already created the corresponding record in edX, since you're not allowed to edit it there.) +* ``--tutor|-T`` - Configure the instance for use with a Tutor edX deployment. +* ``--tutor-dev`` - Configure the instnace for use with Tutor dev or nightly. diff --git a/docs/source/configuration/tutor.rst b/docs/source/configuration/tutor.rst index 99984c7357..14483f31b3 100644 --- a/docs/source/configuration/tutor.rst +++ b/docs/source/configuration/tutor.rst @@ -6,7 +6,7 @@ These instructions describe setting up MITx Online and Tutor from scratch on Lin .. - These instructions may work for you if you need to do Open edX development too. However, these instructions *are not* geared towards that end. You may be able to replace calls to ``tutor local`` with calls to ``tutor dev``\ , but I had a number of problems with CORS headers when trying to log in. Your mileage may vary. + These instructions should work for a Tutor Dev or Tutor Nightly deployment as well. Specify ``--tutor-dev`` instead of ``--tutor`` when running ``configure_instance`` so the URLs have a port on them. At the end of this guide, you should have: @@ -132,10 +132,10 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm SKIP_EMAIL_VALIDATION: true to the ``FEATURES`` block (should be at the top). -#. Edit the ``env/apps/openedx/settings/lms/production.py`` settings file. +#. Edit the ``env/apps/openedx/settings/lms/production.py`` and/or ``env/apps/openedx/settings/lms/development.py`` settings file. (The former is used by a local instance, where the latter is used by both dev and nightly instances.) * Add to the end of the file: - + * ``THIRD_PARTY_AUTH_BACKENDS = ['social_auth_mitxpro.backends.MITxProOAuth2']`` * ``AUTHENTICATION_BACKENDS.append('social_auth_mitxpro.backends.MITxProOAuth2')`` * ``IDA_LOGOUT_URI_LIST.append('http://mitxonline.odl.local:8013/logout/')`` - there's an existing one of these around like 300 in production.py too. @@ -171,7 +171,7 @@ These steps will also disable the AuthN SSO MFE, so from here on you'll get norm * Enable sso id verification is checked. * Backend name: ``mitxpro-oauth2`` * Client ID and Client Secret: from record created by ``configure_instance`` when you set up MITx Online. - * Other settings: + * Other settings: { "AUTHORIZATION_URL": "\http://mitxonline.odl.local:8013/oauth2/authorize/", @@ -212,4 +212,8 @@ Other Notes **Trying to set configuration settings via ``tutor config`` will undo the specialty configuration above.** If you need to make changes to the configuration, either manually edit the ``env/apps/openedx/config/lms.env.yml`` file or the ``env/apps/openedx/settings/lms/production.py`` file and restart your Tutor instance. -**Make sure your service worker account is active.** It's an easy checkbox to miss. +**Make sure your service worker account is active.** It's an easy checkbox to miss. + +**Restarting** If you want to rebuild from scratch, make sure you ``docker image prune``. It's also recommended to remove the Tutor project root folder - ``tutor config printroot`` will tell you where that is. + +**Running Multiple Tutor Instances** If you want to run more than one Tutor instance, it's pretty important to specify the project root explicitly or you may end up with one instance trying to use config files from another and things getting confused from there. `See the Tutor documentation for this. `_ (A suggestion: configure aliases to the ``tutor`` command that run ``tutor --root=`` so you don't have to rely on environment variables, especially if you keep multiple terminal sessions going.) diff --git a/main/management/commands/configure_instance.py b/main/management/commands/configure_instance.py index fde3ef1a0b..d5b4dbc1a1 100644 --- a/main/management/commands/configure_instance.py +++ b/main/management/commands/configure_instance.py @@ -32,7 +32,7 @@ for test CyberSource transactions. If the --tutor/-T option is passed, the command will use the local.overhang.io -address for links to edX rather than edx.odl.local:18000. +address for links to edX rather than edx.odl.local:18000. This uses other management commands to complete these tasks. So, if you just want to run part of this, use one of these commands: @@ -117,11 +117,27 @@ def add_arguments(self, parser): dest="tutor", ) + parser.add_argument( + "--tutor-dev", + help="Configure for Tutor Dev/Nightly.", + action="store_true", + dest="tutordev", + ) + + def determine_edx_hostport(self, *args, **kwargs): + """Returns a tuple of the edX host and port depending on what the user's passed in""" + + if kwargs["tutor"]: + return ("local.overhang.io", "") + elif kwargs["tutordev"]: + return ("local.overhang.io", ":8000") + else: + return ("edx.odl.local:18000", ":18000") + def handle(self, *args, **kwargs): """Coordinates the other commands.""" - edx_host = "local.overhang.io" if kwargs["tutor"] else "edx.odl.local:18000" - edx_gateway_port = "" if kwargs["tutor"] else ":18000" + (edx_host, edx_gateway_port) = self.determine_edx_hostport(**kwargs) # Step -1: run createsuperuesr if kwargs["superuser"]: From d48a24fad3351b5b86092f5ff7bf9a968a5f1c2c Mon Sep 17 00:00:00 2001 From: James Kachel Date: Fri, 26 May 2023 13:24:58 -0500 Subject: [PATCH 15/15] Updating the host def for local.overhang.io --- docker-compose.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 62bdaf9715..d13fffb521 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,7 +22,7 @@ x-extra-hosts: &default-extra-hosts - "edx.odl.local:${OPENEDX_IP:-172.22.0.1}" - "host.docker.internal:host-gateway" - - "local.overhang.io:${OPENEDX_IP:-172.22.0.1}" + - "local.overhang.io:host-gateway" services: db: @@ -69,7 +69,7 @@ services: links: - db - redis - # these are links instead of `depends_on` + # these are links instead of `depends_on` # because if we just want a shell for `web` we don't want to run these - watch - refine @@ -80,7 +80,7 @@ services: watch: image: node:17.8 - working_dir: /app + working_dir: /app command: ./scripts/run-watch-dev.sh ports: - "8012:8012" @@ -164,9 +164,9 @@ services: varnish: image: varnish:fresh - links: + links: - nginx - ports: + ports: - "8013:80" volumes: - ./config/default.vcl:/etc/varnish/default.vcl:ro @@ -176,4 +176,4 @@ services: volumes: npm-cache: {} django_media: {} - yarn-cache: {} \ No newline at end of file + yarn-cache: {}