CHANGELOG.md 31.1 KB
Newer Older
1 2 3
- git_clone:
  - The working tree is explicitly checked for modified files, to prevent mysterious failures.

4 5
- Installation
  - OPENEDX_RELEASE is now required, to prevent accidental installation of master.
6
  - sandbox.sh has been renamed native.sh to better indicate what it does.
7

8 9 10
- XQueue
  - Expose CLOUDWATCH_QUEUE_COUNT_METRIC which is defined XQueue's settings.py for further dictionary structure

11 12 13
- nginx:
  - remove nginx_cfg - an internal variable that was really only used for the edx-release nginx site, which served version.{html,json} off of a nonstandard port.  The file it served was never populated.

14 15 16
- Role: edxapp
  - Create EDXAPP_CMS_GUNICORN_TIMEOUT and EDXAPP_LMS_STATIC_URL_BASE to allow overriding of the gunicorn timeout

17 18 19
- Structure: edx-east
  - Deprecated the edx-east folder, playbooks now live in the top level directory instead of edx-east/playbooks. A symbolic link was added for now, but should not be relied upon.

20 21 22
- Role: edxapp
  - EDXAPP_NGINX_SKIP_ENABLE_SITES added to allow you to not sync in the lms or cms nginx configuration.  Instead you can enable them during deployment.
  - EDXAPP_NGINX_DEFAULT_SITES added to allow you to mark both lms and cms as defaults, best paired with picking which site to enable during deployment.
23
  - EDXAPP_LMS_STATIC_URL_BASE and EDXAPP_CMS_STATIC_URL_BASE allow a per-application setting of the static URL.  You can stil use EDXAPP_STATIC_URL_BASE for now but we may retire that as we continue to separate LMS and CMS.
24

25 26 27
- Role: XQueue
  - Convert to a yaml config (instead of xqueue.auth.json and xqueue.env.json we get xqueue.yml and it lives by default in /edx/etc/xqueue.yml like standard IDAs)
  - Add XQUEUE_DEFAULT_FILE_STORAGE so that you can specify S3 or Swift in your config
28
  - XQUEUE_SETTINGS now prefers production.py over aws_settings.py
29

30 31 32
- Role: credentials
  - Set `LANGUAGE_COOKIE_NAME` so that Credentials will use the global language cookie.

33 34 35
- Role: edxapp
  - Added `PASSWORD_POLICY_COMPLIANCE_ROLLOUT_CONFIG` to make configurable whether password complexity is checked on login and how such complexity is rolled out to users.

36
- Role: certs
37
  - Added `CERTS_QUEUE_POLL_FREQUENCY` to make configurable the certificate agent's queue polling frequency.
38

39 40 41
- Role: edxapp
  - Added `RETIREMENT_STATES` to generic_env_config to support making the retirement workflow configurable.

42 43
- Removed Vagrantfiles for devstack and fullstack, and supporting files.

44 45
- Role: xqueue
  - Added XQUEUE_SUBMISSION_PROCESSING_DELAY and XQUEUE_CONSUMER_DELAY to xqueue env so they can be passed along to the app.
46

47
- Role: edxapp
48 49 50
  - Moved `PASSWORD_MIN_LENGTH`, `PASSWORD_MAX_LENGTH`, and `PASSWORD_COMPLEXITY` to generic_env_config to allow CMS and LMS to share these configurations

- Role: edxapp
51
  - Added GOOGLE_SITE_VERIFICATION_ID to move a previously hardcoded value into configuration.
52 53
  - Changed `EDXAPP_RETIRED_USERNAME_FMT` to `EDXAPP_RETIRED_USERNAME_PREFIX`. Changed/split `EDXAPP_RETIRED_EMAIL_FMT` to be `EDXAPP_RETIRED_EMAIL_PREFIX` and `EDXAPP_RETIRED_EMAIL_DOMAIN`.

54 55
- Role xqueue
  - Removed RabbitMQ in earlier changes in XQueue itself, we don't need any of the configuration
56
    XQUEUE_RABBITMQ_USER XQUEUE_RABBITMQ_PASS XQUEUE_RABBITMQ_VHOST XQUEUE_RABBITMQ_HOSTNAME
57
    XQUEUE_RABBITMQ_PORT XQUEUE_RABBITMQ_TLS
58 59
  - Added NEWRELIC_APPNAME and NEWRELIC_LICENSE_KEY to the configuration files consumed by XQueue.
    Useful for external utilities that are reporting NR metrics.
60 61
  - Added XQUEUE_CONSUMER_NEWRELIC_APPNAME which is added to the supervisor start of xqueue_consumer
    if you have New Relic enabled.
62
  - Retired XQUEUE_WORKERS_PER_QUEUE
63

64 65 66 67
- Role edx_django_service
  - Added maintenance page under the flag EDX_DJANGO_SERVICE_ENABLE_S3_MAINTENANCE.
  - Added the s3_maintenance.j2 file to point to the s3 maintenance page.

68 69
- Role: xqueue
  - Added XQUEUE_MYSQL_CONN_MAX_AGE so that you can have xqueue use django's persistent DB connections
70

71 72 73
- Role: edxapp
  - Added empty `EDXAPP_PASSWORD_COMPLEXITY` setting to ease overriding complexity.

74 75 76 77 78 79
- Role: splunkforwarder
  - Updated the role so the splunkforwarder can be installed on Amazon Linux OS environment, which is a RHEL variant

- Role: server_utils
  - Update to only do things for debian varient environment

80 81 82 83
- Role: xqueue
  - Added `XQUEUE_SESSION_ENGINE` to allow a configurable xqueue session engine.
  - Added `XQUEUE_CACHES` to allow a configurable xqueue cache.

84 85 86 87 88 89
- Role: devpi
  - New role added to configure a devpi service as a pass-through cache for PyPI.

- Role: devpi_consumer
  - Added role to configure Python containers to use devpi for Docker Devstack

Kevin Falcone committed
90 91 92
- Role: xqueue
  - Remove S3_BUCKET and S3_PATH_PREFIX - they were deprecated prior to ginkgo
  - Remove SERVICE_VARIANT - it was copied from edxapp but never truly used (except to complicate things)
93 94
  - The manage_users management command is only run when disable_edx_services is false (previously this play would try
    to update databases while building images, where services are generally disabled).
Kevin Falcone committed
95

96
- Role: edxapp
97 98
  - Added `EDXAPP_RETIRED_USERNAME_FMT`, `EDXAPP_RETIRED_EMAIL_FMT`, `EDXAPP_RETIRED_USER_SALTS`, and
  `EDXAPP_RETIREMENT_SERVICE_WORKER_USERNAME` to generic_env_config to allow user retirement to be configurable.
99 100

- Role: edxapp
101 102 103
  - Added `ENTERPRISE_REPORTING_SECRET` to CMS auth settings to allow edx-enterprise migrations to run.

- Role: edxapp
104
  - Added `EDXAPP_FERNET_KEYS` to allow for use of django-fernet-keys in LMS.
105

106
- Role: edxapp
107 108 109 110
  - Added `EDXAPP_DEFAULT_COURSE_VISIBILITY_IN_CATALOG` setting (defaults to `both`).

  - Added `EDXAPP_DEFAULT_MOBILE_AVAILABLE` setting (defaults to `false`).

111 112 113
  - Added `EDX_PLATFORM_REVISION` (set from `edx_platform_version`). This is for
  edx-platform debugging purposes, and replaces calling dealer.git at startup.

muhammad-ammar committed
114 115 116
- Role: veda_pipeline_worker
  - New role to run all (`deliver, ingest, youtubecallback`) [video pipeline workers](https://github.com/edx/edx-video-pipeline/blob/master/bin/)

117 118 119
- Role: veda_ffmpeg
  - New role added to compile ffmpeg for video pipeline. It will be used as a dependency for video pipeline roles.

120 121 122
- Role: edxapp
  - Added `EDXAPP_BRANCH_IO_KEY` to configure branch.io journey app banners.

123 124 125
- Role: ecomworker
  - Added `ECOMMERCE_WORKER_BROKER_TRANSPORT` with a default value of 'ampq' to be backwards compatible with rabbit.  Set to 'redis' if you wish to use redis instead of rabbit as a queue for ecommerce worker.

126
- Role: ecommerce
127
  - Added `ECOMMERCE_BROKER_TRANSPORT` with a default value of 'ampq' to be backwards compatible with rabbit.  Set to 'redis' if you wish to use redis instead of rabbit as a queue for ecommerce.
128

129 130 131
- Role: credentials
  - This role is now dependent on the edx_django_service role. Settings are all the same, but nearly all of the tasks are performed by the edx_django_service role.

132 133 134
- Role: veda_delivery_worker
  - New role added to run [video delivery worker](https://github.com/edx/edx-video-pipeline/blob/master/bin/deliver)

135 136 137
- Role: veda_web_frontend
  - New role added for [edx-video-pipeline](https://github.com/edx/edx-video-pipeline)

138
- Role: edxapp
139 140 141
  - Added `EDXAPP_LMS_INTERNAL_ROOT_URL` setting (defaults to `EDXAPP_LMS_ROOT_URL`).

- Role: edxapp
142 143 144 145 146 147 148
  - Added `EDXAPP_CELERY_BROKER_TRANSPORT` and renamed `EDXAPP_RABBIT_HOSTNAME`
    to `EDXAPP_CELERY_BROKER_HOSTNAME`. This is to support non-amqp brokers,
    specifically redis. If `EDXAPP_CELERY_BROKER_HOSTNAME` is unset it will use
    the value of `EDXAPP_RABBIT_HOSTNAME`, however it is recommended to update
    your configuration to set `EDXAPP_CELERY_BROKER_TRANSPORT` explicitly.

- Role: edxapp
149
  - Added `EDXAPP_MONGO_REPLICA_SET`, which is required to use
150 151 152 153 154 155 156 157 158 159 160 161 162 163
    pymongo.MongoReplicaSetClient in PyMongo 2.9.1.  This should be set to the
    name of your replica set.
    This setting causes the `EDXAPP_*_READ_PREFERENCE` settings below to be used.
  - Added `EDXAPP_MONGO_CMS_READ_PREFERENCE` with a default value of `PRIMARY`.
  - Added `EDXAPP_MONGO_LMS_READ_PREFERENCE` with a default value of
    `SECONDARY_PREFERED` to distribute the read workload across the replica set
    for replicated docstores and contentstores.
  - Added `EDXAPP_LMS_SPLIT_DOC_STORE_READ_PREFERENCE` with a default value of
    `EDXAPP_MONGO_LMS_READ_PREFERENCE`.
  - Added `EDXAPP_LMS_DRAFT_DOC_STORE_CONFIG` with a default value of
    `EDXAPP_MONGO_CMS_READ_PREFERENCE`, to enforce consistency between
    Studio and the LMS Preview modes.
  - Removed `EDXAPP_CONTENTSTORE_ADDITIONAL_OPTS`, since there is no notion of
    common options to the content store anymore.
164

nadeemshahzad committed
165 166 167
- Role: nginx
  - Modified `lms.j2` , `cms.j2` , `credentials.j2` , `edx_notes_api.j2` and `insights.j2` to enable HTTP Strict Transport Security
  - Added `NGINX_HSTS_MAX_AGE` to make HSTS header `max_age` value configurable and used in templates
168

169 170 171
- Role: server_utils
  - Install "vim", not "vim-tiny".

172 173 174
- Role: edxapp
  - Added GOOGLE_ANALYTICS_TRACKING_ID setting for inserting GA tracking into emails generated via ACE.

175 176 177
- Role: notifier
  - Added notifier back to continuous integration.

178 179 180
- Role: ecommerce
  - This role is now dependent on the edx_django_service role. Settings are all the same, but nearly all of the tasks are performed by the edx_django_service role.

181
- Role: discovery
182 183 184 185 186 187
  - Added `DISCOVERY_REPOS` to allow configuring discovery repository details.

- Role: edx_django_service
  - Made the keys `edx_django_service_git_protocol`, `edx_django_service_git_domain`, and `edx_django_service_git_path` of `edx_django_service_repos` all individually configurable.

- Role: discovery
188 189
  - Updated LANGUAGE_CODE to generic english. Added configuration for multilingual language package django-parler.

190 191 192
- Role: edxapp
  - Added `EDXAPP_EXTRA_MIDDLEWARE_CLASSES` for configuring additional middleware logic.

193 194 195
- Role: discovery
  - Added `OPENEXCHANGERATES_API_KEY` for retrieving currency exchange rates.

196
- Role: edxapp
197 198 199 200
  - Added `EDXAPP_SCORM_PKG_STORAGE_DIR`, with default value as it was in the server template.
  - Added `EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT`, with default value as it was in the server template.

- Role: edxapp
201
  - Added `EDXAPP_ENTERPRISE_TAGLINE` for customized header taglines for different enterprises.
202
  - Added `EDXAPP_PLATFORM_DESCRIPTION` used to describe the specific Open edX platform.
203 204

- Role: edxapp
205 206 207
  - Added `EDXAPP_REINDEX_ALL_COURSES` to rebuild the course index on deploy. Disabled by default.

- Role: edxapp
208 209 210
  - Added `ENTERPRISE_SUPPORT_URL` variable used by the LMS.

- Role: edxapp
211 212
  - Added OAUTH_DELETE_EXPIRED to enable automatic deletion of edx-django-oauth2-provider grants, access tokens, and refresh tokens as they are consumed. This will not do a bulk delete of existing rows.

213 214 215 216
- Role: mongo_3_2
  - Added role for mongo 3.2, not yet in use.
  - Removed MONGO_CLUSTERED variable. In this role mongo replication is always configured, even if there is only one node.

217 218 219
- Role: edxapp
  - Added creation of enterprise_worker user to provisioning. This user is used by the edx-enterprise package when making API requests to Open edX IDAs.

Adam Palay committed
220
- Role: neo4j
221 222 223
  - Increase heap and page caches sizes for neo4j

- Role: neo4j
Adam Palay committed
224
  - Updated neo4j to 3.2.2
225
  - Removed authentication requirement for neo4j
Adam Palay committed
226

227 228 229
- Role: forum
  - Added `FORUM_REBUILD_INDEX` to rebuild the ElasticSearch index from the database, when enabled.  Default: `False`.

230 231 232 233
- Role: nginx
  - Added `NGINX_EDXAPP_CMS_APP_EXTRA`, which makes it possible to add custom settings to the site configuration for Studio.
  - Added `NGINX_EDXAPP_LMS_APP_EXTRA`, which makes it possible to add custom settings to the site configuration for the LMS.

234 235 236 237
- Role: edxapp
  - Let `confirm_email` in `EDXAPP_REGISTRATION_EXTRA_FIELDS` default to `"hidden"`.
  - Let `terms_of_service` in `EDXAPP_REGISTRATION_EXTRA_FIELDS` default to `"hidden"`.

238 239
- Role: ecommerce
  - Added ECOMMERCE_LANGUAGE_COOKIE_NAME which is the name of the cookie the ecommerce django app looks at for determining the language preference.
240

Adam Palay committed
241 242 243 244 245
- Role: neo4j
  - Enabled splunk forwarding for neo4j logs.
  - Increased maximum amount of open files to 40000, as suggested by neo4j.
  - Updated the java build that neo4j uses to run.

246
- Role: edxapp
247 248 249 250
  - Set the default value for EDXAPP_POLICY_CHANGE_GRADES_ROUTING_KEY to
 'edx.lms.core.default'.

- Role: edxapp
251 252 253
  - Set the default value for EDXAPP_BULK_EMAIL_ROUTING_KEY_SMALL_JOBS to
 'edx.lms.core.low'.

254 255 256
- Role: jenkins_master
  - Update pinned use of JDK7 in Jenkins installs to default JDK version from role `oraclejdk`.

257 258 259 260
- Role: notifier
  - Added `NOTIFIER_DATABASE_ENGINE`, `NOTIFIER_DATABASE_NAME`, `NOTIFIER_DATABASE_USER`, `NOTIFIER_DATABASE_PASSWORD`, `NOTIFIER_DATABASE_HOST`, and `NOTIFIER_DATABASE_PORT` to be able to configure the `notifier` service to use a database engine other than sqlite. Defaults to local sqlite.
  - Deprecated: `NOTIFIER_DB_DIR`: Please use `NOTIFIER_DATABASE_NAME` instead.

261 262 263 264
- Role: elasticsearch
  - Replaced `elasticsearch_apt_key` and `elastic_search_apt_keyserver` with `elasticsearch_apt_key_url`
  - Updated elasticsearch version to 1.5.0

265
- Role: edxapp
266 267 268
  - Install development.txt in Vagrant and Docker devstacks

- Role: edxapp
269 270 271
  - Set the EDXAPP_IMPORT_EXPORT_BUCKET setting to an empty string

- Role: edxapp
272 273
  - Updated default value of the EDXAPP_ENTERPRISE_COURSE_ENROLLMENT_AUDIT_MODES setting to ["audit", "honor"]

274 275 276 277 278
- Role: edx_notes_api
  - Removed EDX_NOTES_API_ELASTICSEARCH_HOST.
  - Removed EDX_NOTES_API_ELASTICSEARCH_PORT.
  - EDX_NOTES_API_ELASTICSEARCH_URL.

279
- Role: edxapp
280
  - Added the EDXAPP_ACTIVATION_EMAIL_SUPPORT_LINK URL with default value `''`.
281
  - Added the EDXAPP_PASSWORD_RESET_SUPPORT_LINK URL with default value `''`.
282

283 284 285 286 287 288 289 290 291 292 293 294 295
- Role: nginx
  - Modified `server-template.j2` to be more accessible and configurable.
  - The template should contain the `lang` attribute in the HTML tag.
  - If the image loaded has some meaning, as a logo, it should have the `alt` attribute.
  - After the header 1 (h1) there is no relevant text content, so next it can not be
    another header (h2). It was changed to be a paragraph with the header 2 CSS style.
  - Added `NGINX_SERVER_ERROR_IMG_ALT` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_LANG` with default value `en`
  - Added `NGINX_SERVER_ERROR_STYLE_H1` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_P_H2` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_P` with default value as it was in the server template
  - Added `NGINX_SERVER_ERROR_STYLE_DIV` with default value as it was in the server template

296
- Role: edxapp
297 298 299 300
  - Added the EDXAPP_SHOW_HEADER_LANGUAGE_SELECTOR feature flag with default value [false]
  - Added the EDXAPP_SHOW_FOOTER_LANGUAGE_SELECTOR feature flag with default value [false]

- Role: edxapp
301 302 303
  - Added the EDXAPP_ENTERPRISE_COURSE_ENROLLMENT_AUDIT_MODES setting with default value ["audit"]

- Role: edxapp
304
  - DOC_LINK_BASE settings have been removed, replaced by HELP_TOKENS_BOOKS
305 306

- Role: edxapp
307
  - Add the EDXAPP_LANGUAGE_COOKIE setting
308

Kevin Falcone committed
309 310 311 312 313 314
- Role: rabbitmq
  - Upgraded to 3.6.9
  - Switched to a PPA rather than a .deb hosted in S3
  - Note that you generally cannot upgrade RabbitMQ live in place https://www.rabbitmq.com/clustering.html
    this is particularly true coming from 3.2 to 3.6.  We are using the shovel plugin to move tasks across clusters
    but their documentation covers different scenarios.
315
- Role: edxapp
316 317
  - Added a new EDXAPP_MYSQL_CONN_MAX_AGE, default to 0.  Adjust it to change how long a connection is kept open
  for reuse before it is closed.
318
  - Set preload_app to False in gunicorn config for LMS and Studio.
319 320 321 322
- Role: analytics_api
  - Added `ANALYTICS_API_AGGREGATE_PAGE_SIZE`, default value 10.  Adjust this parameter to increase the number of
    aggregate search results returned by the Analytics API, i.e. in course_metadata: enrollment_modes, cohorts, and
    segments.
323 324
- Role: programs
  - This role has been removed as this service is no longer supported. The role is still available on the [Ficus branch](https://github.com/edx/configuration/releases/tag/open-release%2Fficus.1).
325 326
- Role: xqueue
  - Changed `XQUEUE_RABBITMQ_TLS` default from `true` to `false`.
327 328
- Role: credentials
  - Added `CREDENTIALS_EXTRA_APPS` to enable the inclusion of additional Django apps in the Credentials Service.
Omar Khan committed
329 330 331 332 333
- Role: common
  - Renamed `COMMON_AWS_SYNC` to `COMMON_OBJECT_STORE_LOG_SYNC`
  - Renamed `COMMON_AWS_SYNC_BUCKET` to `COMMON_OBJECT_STORE_LOG_SYNC_BUCKET`
  - Renamed `COMMON_AWS_S3_SYNC_SCRIPT` to `COMMON_OBJECT_STORE_LOG_SYNC_SCRIPT`
  - Added `COMMON_OBJECT_STORE_LOG_SYNC_PREFIX`. Default: `logs/tracking/`
334
  - Added `COMMON_EDXAPP_SETTINGS`. Default: `aws`
Omar Khan committed
335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360
- Role: aws
  - Removed `AWS_S3_LOGS`
  - Added `vhost` role as dependency
- Role: edxapp
  - Added `EDXAPP_SWIFT_USERNAME`
  - Added `EDXAPP_SWIFT_KEY`
  - Added `EDXAPP_SWIFT_TENANT_ID`
  - Added `EDXAPP_SWIFT_TENANT_NAME`
  - Added `EDXAPP_SWIFT_AUTH_URL`
  - Added `EDXAPP_SWIFT_AUTH_VERSION`
  - Added `EDXAPP_SWIFT_REGION_NAME`
  - Added `EDXAPP_SWIFT_USE_TEMP_URLS`
  - Added `EDXAPP_SWIFT_TEMP_URL_KEY`
  - Added `EDXAPP_SWIFT_TEMP_URL_DURATION`
  - Added `EDXAPP_SETTINGS` to allow using a settings file other than `aws.py`. Default: `aws`
  - Renamed `ENABLE_S3_GRADE_DOWNLOADS` to `ENABLE_GRADE_DOWNLOADS`
  - Replaced `EDXAPP_GRADE_STORAGE_TYPE`, `EDXAPP_GRADE_BUCKET` and `EDXAPP_GRADE_ROOT_PATH` with `EDXAPP_GRADE_STORAGE_CLASS` and `EDXAPP_GRADE_STORAGE_KWARGS`
- Role: openstack
  - Added role
- Role: vhost
  - Added as dependency for aws and openstack roles. Handles common functionality for setting up VM hosts
- Role: xqueue
  - Added `XQUEUE_SETTINGS` to specify which settings file to use. Default: `aws_settings`
  - Renamed `XQUEUE_S3_BUCKET` to `XQUEUE_UPLOAD_BUCKET`
  - Renamed `XQUEUE_S3_PATH_PREFIX` to `XQUEUE_UPLOAD_PATH_PREFIX`

Fred Smith committed
361 362 363
- Role: discovery
  - Course Discovery JWT configuration now takes a list of issuers instead of a single issuer.  This change is not backward compatible with older versions of course discovery.

364 365 366
- Role: hadoop_common
  - Enable log retention by default to assist with debugging. Now YARN will retain stdout and stderr logs produced by map reduce tasks for 24 hours. They can be retrieved by running "yarn logs -applicationId YOUR_APPLICATION_ID".

367 368 369 370
- Role: rabbitmq
  - Removed the RABBITMQ_CLUSTERED var and related tooling. The goal of the var was to be able to setup a cluster in the aws environment without having to know all the IPs of the cluster before hand.  It relied on the `hostvars` ansible varible to work correctly which it no longer does in 1.9.  This may get fixed in the future but for now, the "magic" setup doesn't work.
  - Changed `rabbitmq_clustered_hosts` to RABBITMQ_CLUSTERED_HOSTS.

371 372 373
- Role: edxapp
  - Removed SUBDOMAIN_BRANDING and SUBDOMAIN_COURSE_LISTINGS variables

374 375 376
- Role: ora
  - Remove the ora1 role as support for it was deprecated in Cypress.
  - Removed dependencies on ora throughout the playbooks / vagrantfiles.
377 378 379 380
- Role: edxapp
  - Removed XmlModuleStore from the default list of modulestores for the LMS.
  - EDXAPP_XML_MAPPINGS variable no longer exists by default and is not used by the edxapp role.

Clinton Blackburn committed
381 382 383
- Role: ecommerce
  - Removed ECOMMERCE_ORDER_NUMBER_PREFIX variable

384 385 386 387 388 389 390
- Role: edxapp
  - All of the following changes are BACKWARDS-INCOMPATABLE:
    - Renamed two top level variables SEGMENT_IO_LMS_KEY and SEGMENT_IO_KEY to SEGMENT_KEY in {lms|cms].auth.json.
    - Renamed two top level variables in roles/edxapp/defaults/main.yml.  EDXAPP_SEGMENT_IO_LMS_KEY and EDXAPP_SEGMENT_IO_KEY are now EDXAPP_LMS_SEGMENT_KEY and EDXAPP_CMS_SEGMENT_KEY respectively
    - REMOVED two top level variables SEGMENT_IO_LMS and SEGMENT_IO from {lms|cms].auth.json. We will use the existence of the SEGMENT_KEY to to serve the same function that these boolean variables served.
    - REMOVED two top level variables EDXAPP_SEGMENT_IO_LMS and EDXAPP_SEGMENT_IO from roles/edxapp/defaults/main.yml.

Feanil Patel committed
391 392 393
- Updated ansible fork to be based on ansible 1.9.3rc1 instead of 1.9.1
  - Ansible Changelog: https://github.com/ansible/ansible/blob/stable-1.9/CHANGELOG.md

Will Daly committed
394 395 396 397
- Role: edxapp
  - Removed deprecated variables EDXAPP_PLATFORM_TWITTER_URL, EDXAPP_PLATFORM_MEETUP_URL, EDXAPP_PLATFORM_LINKEDIN_URL, and EDXAPP_PLATFORM_GOOGLE_PLUS_URL in favor of EDXAPP_SOCIAL_MEDIA_FOOTER_URLS.  These variables haven't been used in edx-platform since March 17, 2015 (when https://github.com/edx/edx-platform/pull/7383 was merged).  This change is backwards incompatible with versions of edx-platform from before March 17, 2015.
  - Added EDXAPP_MOBILE_STORE_URLS and EDXAPP_FOOTER_ORGANIZATION_IMAGE variables, used in https://github.com/edx/edx-platform/pull/8175 (v3 version of the edx.org footer).

398 399 400
- Updated ansible fork with small bug fix.
  - https://github.com/ansible/ansible/pull/10957

401
- Role: edxapp
402 403 404
  - Removed post.txt from the list of files that will have its github urls replaced with git mirror urls.

- Role: edxapp
405 406 407 408
  - The edxapp role no longer uses checksums to bypass pip installs.
    - pip install will always run for all known requirements files.

- Role: edx-ansible
409 410
  - `/edx/bin/update` no longer runs the ansible command with `--tags deploy`

Max Rothman committed
411
- Role: edxapp
412 413 414
  - Added newrelic monitoring capabilities to edxapp workers. Note that this is a BACKWARDS-INCOMPATABLE CHANGE, as it introduces a new key, `monitor`, to each item in `EDXAPP_CELERY_WORKERS` in `defaults/main.yml`, and plays including this role will fail if that key is not set.

- Role: edxapp
Max Rothman committed
415 416
  - Enabled combined login registration feature by default

417 418 419 420 421 422 423
- Role: analytics_api, xqwatcher, insights, minos, edx_notes_api
  - Expanded `edx_service` role to do git checkout and ec2 tagging
  - Refactored roles that depend on `edx_service` to use the new interface: `minos`, `analytics_api`, `insights`, and `xqwatcher`
  - Refactored name from `analytics-api` to `analytics_api`
  - Changed location of minos' config file from `/edx/etc/minos/minos.yml` to `/edx/etc/minos.yml`
  - Added new `edx_notes_api` role for forthcoming notes api
  - This is a __BACKWARDS INCOMPATABLE__ change and will require additional migrations when upgrading an existing server. While we recommend building from scratch, running the following command _might_ work:
Will Daly committed
424

425 426
      ```
      rm -rf /edx/app/analytics-api /edx/app/ /edx/app/nginx/sites-available/analytics-api.j2 /edx/app/supervisor/conf.d.available/analytics_api.conf
427
      rm -rf /edx/etc/minos
428 429
      ```

430
- Role: notifier
431
  - Refactored `NOTIFIER_HOME` and `NOTIFIER_USER` to `notifier_app_dir` and `notifier_user` to match other roles. This shouldn't change anything since users should've only been overriding COMMON_HOME.
432

433 434 435 436 437 438 439
- Role: gitreload
  - New role added for running
    [gitreload](https://github.com/mitodl/gitreload) that can be used
    for importing courses via github/gitlab Web hooks, or more
    generally updating any git repository that is already checked out
    on disk via a hook.

440 441 442 443 444 445
- Role: analytics-api, edxapp, ora, xqueue, xserver
  - Switched gunicorn from using an entirely command argument based
    configuration to usign python configuration files. Variables for
    extra configuration in the configuration file template, and
    command line argument overrides are available.

446 447 448
- Role: analytics-api, insights
  - Using Django 1.7 migrate command.

449 450 451 452 453 454 455
- Role: edxapp
  - A new var was added to make it easy ot invalidate the default
    memcache store to make it easier to invalidate sessions. Updating
    the edxapp env.json files will result in all users getting logged
    out.  This is a one time penalty as long as the value of `EDXAPP_DEFAULT_CACHE_VERSION`
    is not explicitly changed.

456 457 458 459 460 461
- Role: nginx
  - New html templates for server errors added.
    Defaults for a ratelimiting static page and server error static page.
    CMS/LMS are set to use them by default, wording can be changed in the
    Nginx default vars.

John Jarvis committed
462 463
- Role: edxapp
  - We now have an all caps variable override for celery workers
Feanil Patel committed
464
- Role: common
Will Daly committed
465
  - We now remove the default syslog.d conf file (50-default.conf) this will
Feanil Patel committed
466 467
  break people who have hand edited that file.

468 469 470
- Role: edxapp
  - Updated the module store settings to match the new settings format.

e0d committed
471 472 473 474
- Update, possible breaking change: the edxapp role vars edxapp_lms_env and edxapp_cms_env have
  been changed to EDXAPP_LMS_ENV and EDXAPP_CMS_ENV to indicate, via our convention,
  that overridding them is expected.  The default values remain the same.

John Jarvis committed
475 476 477
- Role: analytics-api
  - Added a new role for the analytics-api Django app.  Currently a private repo

Feanil Patel committed
478 479
- Logrotation now happens hourly by default for all logs.

John Jarvis committed
480 481
- Role: xqwatcher, xqueue, nginx, edxapp, common
  - Moving nginx basic authorization flag and credentials to the common role
John Jarvis committed
482
  - Basic auth will be turned on by default
John Jarvis committed
483

484
- Role: Edxapp
Feanil Patel committed
485 486 487 488
  - Turn on code sandboxing by default and allow the jailed code to be able to write
    files to the tmp directory created for it by codejail.

- Role: Edxapp
489 490 491
  - The repo.txt requirements file is no longer being processed in anyway.  This file was removed from edxplatform
    via pull #3487(https://github.com/edx/edx-platform/pull/3487)

John Jarvis committed
492
- Update `CMS_HOSTNAME` default to allow any hostname that starts with `studio` along with `prod-studio` or `stage-studio`.
493 494

- Start a change log to keep track of backwards incompatible changes and deprecations.
Rohit Karajgi committed
495 496 497 498

- Role: Mongo
  - Fixed case of variable used in if block that breaks cluster configuration
    by changing mongo_clustered to MONGO_CLUSTERED.
499 500

- Role: Edxapp
Will Daly committed
501
  - Added EDXAPP_LMS_AUTH_EXTRA and EDXAPP_CMS_AUTH_EXTRA for passing unique AUTH_EXTRA configurations to the LMS and CMS.
502
    Both variables default to EDXAPP_AUTH_EXTRA for backward compatibility
503 504 505 506 507 508

- Role: ecommerce
  - Renamed `ECOMMERCE_COMPREHENSIVE_THEME_DIR` to `ECOMMERCE_COMPREHENSIVE_THEME_DIRS`, `ECOMMERCE_COMPREHENSIVE_THEME_DIRS`
    is now a list of directories. Change is backward incompatible.
  - Renamed `COMPREHENSIVE_THEME_DIR` to `COMPREHENSIVE_THEME_DIRS`, `COMPREHENSIVE_THEME_DIRS` is now a list of directories.
    Change is backward incompatible.
509 510 511 512 513 514

- Role: Edxapp
  - `EDXAPP_COMPREHENSIVE_THEME_DIR` is deprecated and is maintained for backward compatibility, `EDXAPP_COMPREHENSIVE_THEME_DIRS`
    should be used instead which is a list of directories. `EDXAPP_COMPREHENSIVE_THEME_DIR` if present will have priority over `EDXAPP_COMPREHENSIVE_THEME_DIRS`
  - `COMPREHENSIVE_THEME_DIR` is deprecated and is maintained for backward compatibility, `COMPREHENSIVE_THEME_DIRS` should be used
    instead which is a list of directories. `COMPREHENSIVE_THEME_DIR` if present will have priority over `COMPREHENSIVE_THEME_DIRS`
515 516 517

- Role: edxapp
  - Added COMPREHENSIVE_THEME_LOCALE_PATHS to support internationalization of strings originating from custom themes.
tasawernawaz committed
518 519 520

- Role: edxapp
  - Added `EXPIRING_SOON_WINDOW` to show message to learners if their verification is expiring soon.
521 522 523

- Role: discovery
  - Added `PUBLISHER_FROM_EMAIL` for sending emails to publisher app users.
524 525 526 527

- Role: security
  - Changed SECURITY_UPGRADE_ON_ANSIBLE to only apply security updates.  If you want to retain the behavior of running safe-upgrade,
    you should switch to using SAFE_UPGRADE_ON_ANSIBLE.
Kevin Falcone committed
528

529 530 531
- Role: mongo_2_6
  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.

Kevin Falcone committed
532 533 534
- Role: mongo_3_0
  - Changed MONGO_STORAGE_ENGINE to default to wiredTiger which is the default in 3.2 and 3.4 and what edX suggests be used even on 3.0.
    If you have a mmapv1 3.0 install, override MONGO_STORAGE_ENGINE to be mmapv1 which was the old default.
535
  - Support parsing the replset JSON in 3.2 and 3.0
536
  - Added `MONGO_AUTH` to turn authentication on/off. Auth is now enabled by default, and was previously disabled by default.
537 538

- Role: xqueue
539 540 541
  - Added `XQUEUE_RABBITMQ_TLS` to allow configuring xqueue to use TLS when connecting to the AMQP broker.
  - Added `XQUEUE_RABBITMQ_VHOST` to allow configuring the xqueue RabbitMQ host.
  - Added `XQUEUE_RABBITMQ_PORT` to allow configuring the RabbitMQ port.
542 543

- Role: edxapp
544
  - Added `EDXAPP_CELERY_BROKER_USE_SSL` to allow configuring celery to use TLS.
545 546 547

- Role: ecommerce
  - Added `ECOMMERCE_ENTERPRISE_URL` for the `enterprise` API endpoint exposed by a new service `edx-enterprise` (currently hosted by `LMS`), which defaults to the existing setting `ECOMMERCE_LMS_URL_ROOT`.
548 549 550

- Role: ecommerce
  - Removed `SEGMENT_KEY` which is no longer used.  Segment key is now defined in DB configuration. (https://github.com/edx/ecommerce/pull/1121)
551 552 553

- Role: edxapp
  - Added `EDXAPP_BLOCK_STRUCTURES_SETTINGS` to configure S3-backed Course Block Structures.
554 555 556

- Role: insights
  - Removed `INSIGHTS_FEEDBACK_EMAIL` which is no longer used, as it was deemed redundant with `INSIGHTS_SUPPORT_EMAIL`.
557 558 559

- Role: insights
  - Removed `SUPPORT_EMAIL` setting from `INSIGHTS_CONFIG`, as it is was replaced by `SUPPORT_URL`.
560 561 562 563 564

- Role: insights
  - Added `INSIGHTS_DOMAIN` to configure the domain Insights is deployed on
  - Added `INSIGHTS_CLOUDFRONT_DOMAIN` to configure the domain static files can be served from
  - Added `INSIGHTS_CORS_ORIGIN_WHITELIST_EXTRA` to configure allowing CORS on domains other than the `INSIGHTS_DOMAIN`
565 566 567

- Role: edxapp
  - Added `EDXAPP_VIDEO_IMAGE_SETTINGS` to configure S3-backed video images.
568 569 570

- Role: edxapp
  - Added `EDXAPP_BASE_COOKIE_DOMAIN` for sharing cookies across edx domains.
571 572 573 574

- Role: insights
  - Removed `bower install` task
  - Replaced r.js build task with webpack build task
Kevin Falcone committed
575
  - Removed `./manage.py compress` task
576 577 578

- Role: insights
  - Moved `THEME_SCSS` from `INSIGHTS_CONFIG` to `insights_environment`
Kevin Falcone committed
579 580 581 582

- Role: analytics_api
  - Added a number of `ANALYTICS_API_DEFAULT_*` and `ANALYTICS_API_REPORTS_*` variables to allow more selective specification of database parameters (rather than
      overriding the whole structure).
583 584 585 586 587

- Role: edxapp
  - Remove EDXAPP_ANALYTICS_API_KEY, EDXAPP_ANALYTICS_SERVER_URL, EDXAPP_ANALYTICS_DATA_TOKEN, EDXAPP_ANALYTICS_DATA_URL since they are old and
  no longer consumed.

588 589 590
- Role: edxapp
  - Added `PASSWORD_MIN_LENGTH` for password minimum length validation on reset page.
  - Added `PASSWORD_MAX_LENGTH` for password maximum length validation on reset page.
Ahsan Ulhaq committed
591 592 593 594 595 596 597 598 599 600 601 602 603 604

- Role: credentials
  - Replaced `CREDENTIALS_OAUTH_URL_ROOT` with `COMMON_OAUTH_URL_ROOT` from `common_vars`
  - Replaced `CREDENTIALS_OIDC_LOGOUT_URL` with `COMMON_OAUTH_LOGOUT_URL` from `common_vars`
  - Replaced `CREDENTIALS_JWT_AUDIENCE` with `COMMON_JWT_AUDIENCE` from `common_vars`
  - Replaced `CREDENTIALS_JWT_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`
  - Replaced `CREDENTIALS_JWT_SECRET_KEY` with `COMMON_JWT_SECRET_KEY` from `common_vars`
  - Replaced `CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`

- Role: ecommerce
  - Replaced `ECOMMERCE_OAUTH_URL_ROOT` with `COMMON_OAUTH_URL_ROOT` from `common_vars`
  - Replaced `ECOMMERCE_OIDC_LOGOUT_URL` with `COMMON_OAUTH_LOGOUT_URL` from `common_vars`
  - Replaced `ECOMMERCE_JWT_SECRET_KEY` with `COMMON_JWT_SECRET_KEY` from `common_vars`
  - Replaced `ECOMMERCE_SOCIAL_AUTH_EDX_OIDC_ISSUER` with `COMMON_JWT_ISSUER` from `common_vars`
605 606 607

- Role: edxapp
  - Added `EDXAPP_VIDEO_TRANSCRIPTS_SETTINGS` to configure S3-backed video transcripts.
608
  - Removed unused `EDXAPP_BOOK_URL` setting
609 610 611

- Role: edxapp
  - Added `EDXAPP_ZENDESK_OAUTH_ACCESS_TOKEN` for making requests to Zendesk through front-end.
Ibrahim committed
612 613 614 615 616 617

- Role: whitelabel
  - Added `WHITELABEL_THEME_DIR` to point to the location of whitelabel themes.
  - Added `WHITELABEL_ADMIN_USER` to specify an admin user.
  - Added `WHITELABEL_DNS` for DNS settings of themes.
  - Added `WHITELABEL_ORG` for whitelabel organization settings.