From cf5c5272a9335b4c34a79860be42c03b9b42722e Mon Sep 17 00:00:00 2001 From: sean-morris Date: Tue, 17 Oct 2023 17:15:32 -0700 Subject: [PATCH 1/3] [edx] Deployment Configuration - Configured staging and prod - Configured default theme to GitHub Light - Configured Grader DNS - Added jupyter-archive for downloading - notebook version 7.0.6 - jupyterlab version 4.0.9 - popularity-contest switched Shane's version --- deployments/edx/config/common.yaml | 77 ++++++++++++++++ deployments/edx/config/prod.yaml | 20 +++++ deployments/edx/config/staging.yaml | 19 ++++ deployments/edx/hubploy.yaml | 19 ++++ deployments/edx/image/apt.txt | 90 +++++++++++++++++++ deployments/edx/image/environment.yml | 48 ++++++++++ deployments/edx/image/ipython_config.py | 3 + deployments/edx/image/overrides.json | 5 ++ deployments/edx/image/postBuild | 10 +++ .../edx/secrets/gcloud-service-key.json | 30 +++++++ deployments/edx/secrets/prod.yaml | 26 ++++++ deployments/edx/secrets/staging.yaml | 26 ++++++ 12 files changed, 373 insertions(+) create mode 100644 deployments/edx/config/common.yaml create mode 100644 deployments/edx/config/prod.yaml create mode 100644 deployments/edx/config/staging.yaml create mode 100644 deployments/edx/hubploy.yaml create mode 100644 deployments/edx/image/apt.txt create mode 100644 deployments/edx/image/environment.yml create mode 100644 deployments/edx/image/ipython_config.py create mode 100644 deployments/edx/image/overrides.json create mode 100644 deployments/edx/image/postBuild create mode 100644 deployments/edx/secrets/gcloud-service-key.json create mode 100644 deployments/edx/secrets/prod.yaml create mode 100644 deployments/edx/secrets/staging.yaml diff --git a/deployments/edx/config/common.yaml b/deployments/edx/config/common.yaml new file mode 100644 index 000000000..bde82a554 --- /dev/null +++ b/deployments/edx/config/common.yaml @@ -0,0 +1,77 @@ +jupyterhub: + scheduling: + userScheduler: + enabled: true + cull: + # For some reason, hub users don't cull properly + # Empty abandoned sessions stay on for days + # This stops users after they have been running for 12+ hours + # in one go. In several weeks of looking at user pods older + # than this, none have been active. + # See issue #2452 + maxAge: 43200 # 12h + proxy: + service: + type: LoadBalancer + hub: + loadRoles: + read-users: + name: read-user + scopes: + - access:services + - read:users + - list:users + services: + - otter_grade + config: + JupyterHub: + authenticator_class: ltiauthenticator.lti11.auth.LTI11Authenticator + Authenticator: + admin_users: + # 2813 Eric Van Dusen + # sean morris + - bd1e7c64c6f5faddbf6b32af3010cf75 + - 261821b22ba97d73f571bf396c2ecb0a + - 594aed203b01b16a7a025c2f3e037933 + - ded2ce24b58e67d269563072d3481d14 + singleuser: + networkPolicy: + # We only allow outbound HTTP, HTTPS and DNS access + enabled: true + egress: + - ports: + - port: 80 + protocol: TCP + - ports: + - port: 443 + protocol: TCP + - ports: + # statsd ports + - port: 9125 + protocol: TCP + - port: 9125 + protocol: UDP + initContainers: + - name: volume-mount-hack + image: busybox + command: ["sh", "-c", "id && chown 1000:1000 /home/jovyan && ls -lhd /home/jovyan"] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "home/{username}" + storage: + type: static + static: + pvcName: home-nfs + subPath: "home/{username}" + memory: + guarantee: 256M + limit: 1G + image: {} + extraEnv: + # Unset NotebookApp from hub/values. Necessary for recent lab versions. + JUPYTERHUB_SINGLEUSER_APP: "jupyter_server.serverapp.ServerApp" + + diff --git a/deployments/edx/config/prod.yaml b/deployments/edx/config/prod.yaml new file mode 100644 index 000000000..2f0743903 --- /dev/null +++ b/deployments/edx/config/prod.yaml @@ -0,0 +1,20 @@ +nfsPVC: + enabled: true + nfs: + serverIP: 10.128.0.62 + shareName: export/edxhomes-2023-08-28 +jupyterhub: + proxy: + service: + loadBalancerIP: 35.224.143.90 + https: + hosts: + - edx.datahub.berkeley.edu + hub: + db: + pvc: + # This also holds logs + storage: 40Gi + services: + otter_grade: + url: http://grader-srv.datahub.berkeley.edu:10101 diff --git a/deployments/edx/config/staging.yaml b/deployments/edx/config/staging.yaml new file mode 100644 index 000000000..bff7c7bee --- /dev/null +++ b/deployments/edx/config/staging.yaml @@ -0,0 +1,19 @@ +nfsPVC: + enabled: true + nfs: + serverIP: 10.128.0.62 + shareName: export/edxhomes-staging-2023-10-17 +jupyterhub: + prePuller: + continuous: + enabled: false + proxy: + service: + loadBalancerIP: 34.72.254.237 + https: + hosts: + - edx-staging.datahub.berkeley.edu + hub: + services: + otter_grade: + url: http://grader-srv-staging.datahub.berkeley.edu:10101 diff --git a/deployments/edx/hubploy.yaml b/deployments/edx/hubploy.yaml new file mode 100644 index 000000000..3692cd14e --- /dev/null +++ b/deployments/edx/hubploy.yaml @@ -0,0 +1,19 @@ +images: + images: + - name: gcr.io/data8x-scratch/edx-user-image + path: image/ + registry: + provider: gcloud + gcloud: + project: data8x-scratch + service_key: gcloud-service-key.json + +cluster: + provider: gcloud + gcloud: + project: data8x-scratch + service_key: gcloud-service-key.json + cluster: edx + zone: us-central1 + + diff --git a/deployments/edx/image/apt.txt b/deployments/edx/image/apt.txt new file mode 100644 index 000000000..bfc2a1031 --- /dev/null +++ b/deployments/edx/image/apt.txt @@ -0,0 +1,90 @@ +# Some linux packages for basic terminal work, particularly +# oriented at users new to Unix/cmd line environments. + +# Basic unix tools +man +man-db +manpages-posix +manpages-dev +manpages-posix-dev + +# Download tools +curl +wget + +# Core text editors on a *nix box: vim +vim + +# A couple of CLI editors that are easier than vim +# micro # currently not working on 18.04 +nano +jed +jed-extra + +# powerful terminal-based file manager, better than the one in JLab +mc + +# for easily managing multiple repositories with one command (perl-doc +# is needed for its help pages to work) +mr +perl-doc + +# Regular build tools for compiling common stuff +build-essential +gfortran + +# Dependencies for nbconvert +texlive-xetex +texlive-fonts-recommended +texlive-plain-generic +# https://github.com/berkeley-dsep-infra/datahub/issues/3719 +texlive-lang-chinese +lmodern + +# Other useful document-related tools +pandoc +latexdiff + +# Some useful git utilities use basic Ruby +ruby + +# Other niceties for command-line work and life +ack # powerful grep-like tool +pydf # colorized disk usage +tmux +screen +htop +nnn # cmd line file manager +zsh +rsync +tig # console UI for git +multitail + +# For later, these are not available in 18.04 +#browsh # text-based web browser, occasionally handy +#dasel # json/yml/csv/etc data wrangling at the terminal +#fzf # fuzzy file finder + +## This section adds tools for desktop environment usage +dbus-x11 +xorg +xubuntu-icon-theme +xfce4 +xfce4-goodies +xclip +xsel +firefox +chromium-browser + +# GUI text editors +vim-gtk3 +gedit + +# Git clients and tools +git-gui +gitg +qgit +meld + +# For jupyter-tree-download. Ref: https://github.com/berkeley-dsep-infra/datahub/issues/3979 +zip diff --git a/deployments/edx/image/environment.yml b/deployments/edx/image/environment.yml new file mode 100644 index 000000000..2b573aba7 --- /dev/null +++ b/deployments/edx/image/environment.yml @@ -0,0 +1,48 @@ +name: edx + +channels: +- conda-forge + +dependencies: +- python==3.11.0 +- git==2.39.1 +- jupyter-resource-usage==1.0.0 +- jupyterlab==4.0.9 +- jupyterlab-favorites==3.0.0 +- jupyterlab_server==2.23.0 +- jupyterlab_widgets==3.0.8 +- jupyter_server==2.7.0 +- nbgitpuller==1.1.1 +- notebook==7.0.6 +- folium==0.14.0 +- h5netcdf==1.0.2 +- ipywidgets==8.0.7 +- jupysql==0.8.0 +- matplotlib==3.7.1 +- mdit-py-plugins==0.4.0 +- numpy==1.24.2 +- pandas==2.0.2 +- plotly==5.13.1 +- requests==2.28.2 +- scikit-image==0.19.3 +- scikit-learn==1.2.2 +- scipy==1.10.1 +- seaborn==0.12.2 +- statsmodels==0.14.0 +- tensorflow-cpu==2.12.1 +- sqlalchemy==2.0.16 +- pip +- pip: + # - -r infra-requirements.txt + - ipywidgets==8.0.7 + # disable until fixed (probably this: https://github.com/jupyterlab/jupyter-collaboration/issues/162) + # - jupyter_collaboration==1.0.1 + - jupyterhub==4.0.2 + - jupyterlab-accessible-themes==0.2.0 + - jupyter-archive==3.4.0 + - nbconvert==7.6.0 + - pytest-notebook==0.8.1 + - gh-scoped-creds==4.1 + - git+https://github.com/shaneknapp/python-popularity-contest.git@add-error-handling + - otter-grader==4.4.1 + - otter-submit==0.1.1 diff --git a/deployments/edx/image/ipython_config.py b/deployments/edx/image/ipython_config.py new file mode 100644 index 000000000..ab5c5b8b6 --- /dev/null +++ b/deployments/edx/image/ipython_config.py @@ -0,0 +1,3 @@ +# Disable history manager, we don't really use it +# and by default it puts an sqlite file on NFS, which is not something we wanna do +c.HistoryManager.enabled = False diff --git a/deployments/edx/image/overrides.json b/deployments/edx/image/overrides.json new file mode 100644 index 000000000..52ea5d9ab --- /dev/null +++ b/deployments/edx/image/overrides.json @@ -0,0 +1,5 @@ +{ + "@jupyterlab/apputils-extension:themes": { + "theme": "GitHub Light" + } +} diff --git a/deployments/edx/image/postBuild b/deployments/edx/image/postBuild new file mode 100644 index 000000000..803dbb6a2 --- /dev/null +++ b/deployments/edx/image/postBuild @@ -0,0 +1,10 @@ +#!/bin/bash -l +set -euo pipefail + +# Create ipython config directory if it doesn't exist +mkdir -p ${CONDA_DIR}/etc/ipython +cp ipython_config.py ${CONDA_DIR}/etc/ipython/ipython_config.py + +# set default theme +mkdir -p ${NB_PYTHON_PREFIX}/share/jupyter/lab/settings +cp -p overrides.json ${NB_PYTHON_PREFIX}/share/jupyter/lab/settings diff --git a/deployments/edx/secrets/gcloud-service-key.json b/deployments/edx/secrets/gcloud-service-key.json new file mode 100644 index 000000000..3b1f43fe6 --- /dev/null +++ b/deployments/edx/secrets/gcloud-service-key.json @@ -0,0 +1,30 @@ +{ + "type": "ENC[AES256_GCM,data:+NsYEYc9UrEb43sv8TLQ,iv:eVQVkGML4W072fMyGvLEcfmJmnxreR1LDiT+DqBFqUw=,tag:A26noFi7vqjQBo8i3ITe+w==,type:str]", + "project_id": "ENC[AES256_GCM,data:hthaRQyAY/NnbM3hn2g=,iv:DOi7/Z6FyhBxOUUWbGd7AkuCm/HjNJXjxvzKnSLfJGw=,tag:F5J92FJYwFiVrgy8Su4Z7Q==,type:str]", + "private_key_id": "ENC[AES256_GCM,data:EaRttUn55X493ipExvA3Z8F9aI7V0W+gIfuMfI1vqY49qiO/Firong==,iv:Eog3muUYhT71p79LdK9Q+zK0NDedaYRuBvex6ks7VRs=,tag:p8MHxTB4aBqwjigm1balmQ==,type:str]", + "private_key": "ENC[AES256_GCM,data:rS/xNV0wU+HtaUn/qoH5QkwlBDl7Ci9tNlp9PhomTVW696XCRkFqTp7ylY5r4KLEmx830uNqJoN2MKYXo3iI8q8c7PRuUEuvdGK5cRivUstZ87Q2SrFdS9tqACR8Hd0jcjYHUMY06aWAUhAiBGobxDjt3o0+IL4QGnXh0dPPSHGutVxZ3MyswQK3l6Uz0GW1thJmqbbbpEgKH+AVXZa6nBdPkhbHfDC+BZcxzxVmjpCRbyus5mwe57btYcwxUEaGJkHSg8M/MxUgtFRORbc5yoWi84qZ5YJkcAMHFhbv0V0K6+6VwsXHPWGPwcVAapxhx91yTPcXn81UEhkQeVBYjcISXZFd8S69+pBcvYq0NZdJ22w+85laU7dBJw31WHKm74UTrLuWAa0014T6jyoZ5p3cxevysufi93pM3FnCTdPYgre7fvafHMh0sPvin4B7wXtrTSa/jtKK4lAMmdLRNn4pT8BC/LRGiEDxEh7CRPl6oF3f/eqeOcN+8jx6yHYADDKXDvMZYAkQXOvYZINvJN3TkwOXtO+wAseNF04uW/lIv4O4hlpf/BQmD9d4DYTuXDHcXyTy77tjZirFX9j8WjSj3qXUies43VLVC7YwAjIK7MXSY9RuAvY1atCNw7qSywuZUM1OopcLbvwfpKL33SUkuH/HBIHo5dqO6mAjNYtV4gcmMnyfD8HP1zm6AM3jmoDzIf2Rx9ZLq9N2HMifuV0vXzfVCWIgRJCL8IFt7QMcraPHBykFSRfIeWL2+uAsURWLn2LdnFGVi56tLX0QpO/yww4iPtNHtR6v7ZO8v92Y2TbMBWk9jgi9YQ7BsE2Tad5bp1LnFkABoROmAgr8RNwQLamTwuJNlstj+yYFmv9LBHbBhB38D3900K11x7Fi91jaqROHavj6rMs5/V7u8elu5XDwgy+iUytwKFwQXpXSPTCIuDkbN5AqgPXd2WihIcfRAgfLHfocqS43QqyW/39ayXvQgadLL859+u6Kh3PRTO2LMeaDFet312lKIYrup5CCSRXfQCcSf+Srzd/+zPidShZ/NFnlq1sLrMuKwYfEQkmuvHLONOP1yqKIUx0WyvlMRrssyI4RtLLE5N3diojkwa+SxS4q2WPeiLQ0sZmvWEXFLtV8twMpCTuAJrft6re6HPCcpw5RTUWaVnTq00o7F2Vngs6k2NZ02HW43TPSB9tvRIS3KsGHwe8Lu938caGS7sb5ceBeK/w4oxiqf5ni48GWWKfEMto+YCoV5HNvWfjx2bZrONihY2nKOGy/oDyy5ZpXTVWBJiTaIoLAOPc/itTGpKwHdZn1YfERMauqkHpLPAQ3E662oDnrlLQ0UG4Yh3kwCkl739ZKDAYosM30xVpjKMvaCDLoWzDnfIbBU0IdCzj5yvHc9LPSklp0gMomW0WtuUzY+h0QmNQ5awlFJJT+JQGXw7ylIY4Srh9e3O8H5tbJlMWG1ZSVzZMaQd9qL/ftln2tz9CX3fzow/JecI5Qt383p9yI0C0NoTnVv0MPWFXm1Yt1ukESnV2lO0NsP5lyqoyLcaheYOho8EOuNCZAfRTCtdtrTKOSTLOudwDUsaVvaa4ElMOsfSmM43Ij0+zKsAl+IzSkXzTeCl1m130yrw6rmD5te2/f0gHLEgUlzl3tQQLK4h3LbE/A57Jf84Hn2kEwk1T4kksaczhNad0t0pxknLAjWobxSeX3vly4dduGsXmPgdkmq46Ks5YmsmMhoCrFbk6543KjayPPFSsKuC6Hy1jP12d6YuUggUro9T9dsVP1Fnrq2Zl/CykODPMdIQK4DScttkd6Vt8m00GmfAG52/McFmcg1lpqjugSbK6YJvyaHGSkVDGrjVB+kgXsQimUzIitHH2iwImXFQJNTykY/CqMSiKfwZSw/LwtCCxnhsrL/yUuMbzEmbE12rYNE3LKy453ar0zDUzy4/BksIHzDDeA0DDM/7zRclwAVIY02BRRvX3Q10qBuuTlm4l4044jQC0hsbIHzndccsvF5lPl+DhxJNgOtY2thFs1IgVUCmqjMBWZyoALBsyy65MqEgHp6xbp4mmvzzoY9GozvbB2+KB2Kb0UQjZk6XJ/sRaaAVPu8UldftGnp/5FvAwuGmoMQhDcJS7I1+VyzFty3CZwHTiUWRYX7qM2XHmpdeIH7QWb8q5fsEm4axd5LKml/vlTM/C7G78ycnCya+/xDleoO4AGBM2vBNRUtUp/wWzAFhipZxYlbMGmqqHTLl5AW28NCMt+oCg28Zrv/0JzCNpd,iv:JxVHbFTfPH5/9qFlmqSITfXYP+SM5tPgIrxCJPBOZIA=,tag:oNFu2ORtIhUs+Zy+GctUeg==,type:str]", + "client_email": "ENC[AES256_GCM,data:BZRpxwtQdC6lToFYeJC5/ZHyQWe5/Fk+26xqsmLjcQNoSp640KLYT7xgjAjHYRAWFeFnKMjnfg==,iv:axKxX/MAsHHl+5bFBGHJuvAqcQwIiOvbb+oJmYPEC8c=,tag:NbLVm2r3UkLKCJvSp6umaQ==,type:str]", + "client_id": "ENC[AES256_GCM,data:PLMmSyWmm53RiHnMkfpz0bP5Mw7q,iv:PztO+Lr8noXeEmq0e/UWViMunVpTMLbw55UMYAZT5Gg=,tag:5qEtlsxEspAoMDYzl6+ang==,type:str]", + "auth_uri": "ENC[AES256_GCM,data:WUAGts5o7c/oEUCWDeg1WH1Lapw/w0r9mGCr5zljIkQ+wlvqGgWuq/U=,iv:2C6fFrZV85TxtsVTSpIVFD6XguS1TkIJiGUPawTUDq0=,tag:1iN7Fb64eIgsEkHcxrxlFA==,type:str]", + "token_uri": "ENC[AES256_GCM,data:HGL53CHQnEjZKaXhVcJNBuJvlwl20FPu4+pSsIL/9Ejf6+Q=,iv:vFCsbeEDbA6CfC/yYGD9Ym7z65J2jph0t/pRP9W1n0Y=,tag:TABXp9YDR0ThHnxDCX7/ZA==,type:str]", + "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:mNotICv4wjh8MjGfTDaqztVhRD+1f9posJyzOxq6JXmomdEyPcFTRAPb,iv:Ez6w5tlwT/1Ovx/goK0aDxLD+Mij5SAVQxv5TtUbfWk=,tag:b+sm87U588G894ZjcQ+rqw==,type:str]", + "client_x509_cert_url": "ENC[AES256_GCM,data:GZ49nmSbiNbyf2tosKJNIQXLay5GeqDHdAblk2kmYlK+jYF935XsuP2HBjkiGZl1fIEwu+406tJxOTyQ2fy0FoUfP4rNZYOD2OrXKSQdcnNUw2guYn9ru6B7kP++Z33g6m93qoTVPlS9GnA=,iv:froqQdSLEDaqlmiQ3/QM6q3H2H2D5Y7zcz8Zcx4hXDk=,tag:Uuk3eZxW/2vqEqgfpYh8aQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops", + "created_at": "2021-04-09T22:02:14Z", + "enc": "CiQA67O9AIkMQlX6RNNL7vjtmXHGwJ1umHOXMBhe7M/D+qziEIcSSADmhpq8o7nZ2bstEi2h5H/0NTGkl+Fr5b5nm75hhrAH8P3FOVkB82oN8nsLv9WZ2HHg5hYyijKmFJ/c4MqMqeHSZxNhTsBKnQ==" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-04-09T22:02:14Z", + "mac": "ENC[AES256_GCM,data:sSOsNG/IBMryrXysypaKMeA8v6uVQtAUBknnoPsNJjHWSGudz2HDUr70Fs7948vs37ulxUhnq/3avWQAFB88GmUyczLctvW5FdUOLbGsOyLA065webcf/+2FSm9m1Pa+9eToMWKrSdJ+NtmG5UGFJulscLMQzPokTo3o/3euytQ=,iv:qCRXm67i6okgMKIIqOy7f+G9HbMsOhI6ca4tXdOSPfQ=,tag:ASwiTK5KRo+Gee0oK4rFlA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.0" + } +} \ No newline at end of file diff --git a/deployments/edx/secrets/prod.yaml b/deployments/edx/secrets/prod.yaml new file mode 100644 index 000000000..77d813b87 --- /dev/null +++ b/deployments/edx/secrets/prod.yaml @@ -0,0 +1,26 @@ +jupyterhub: + hub: + services: + otter_grade: + environment: + LTI_CONSUMER_KEY: ENC[AES256_GCM,data:L+brOLL1mi6aA0esTzdk04PZ7TeBW6d/M0j3DA1BDvP327fUbgqL1nINu9CHQm7cuXJOTxIfHNJlSG1Uu5Bi1A==,iv:Ng2OX4xHRoQLDL+JS+165zgM8dYRR63QFghuUta/hF4=,tag:46kYnfssjiNtIyHLatWwkQ==,type:str] + LTI_CONSUMER_SECRET: ENC[AES256_GCM,data:GvY/23VtDdBuck6UG00WQhO/+bOnN6UXVtdlVXnvJEmGpNRMLwCygEOb510kdxmWJIuQTj2uHaLDtzdTg3v88w==,iv:k4Q5nOQ/FQOnSpNv+J+iqA9aruYjbgx2jeMKTH9VzQY=,tag:1KeAGeZXz7gExYHWzSVe1g==,type:str] + apiToken: ENC[AES256_GCM,data:M/tcDGlQ4Jl49mfHkZOkjmjBnaptJpgBGoecI1qrkDO37f/lU7Apm25ZMoORaV57IsG0hg4SKdXHtDkhHBqXig==,iv:Coerx4fiwtVwD37lzVOgb/4U/1J84t8q911IkF78JvE=,tag:iNzUleTSUX0kNqTrA8RSRA==,type:str] + config: + LTI11Authenticator: + consumers: + b34eeb75dca9b467b1e074fb3eaeed4717a6aefd28d5e7e2c8c633fb016b2f39: ENC[AES256_GCM,data:7Ar8pXjjp/nWvCOH7KMuvzSwL/aGr9LNfSc/wPcEGcLadBnNmYBtqV2vlvVODxkIVPyBJupklbmSVW90BZdtTA==,iv:QlsR3G2r2tyLTFguBuX3BBp/kVKK6OZax8owlPJaeto=,tag:PUYrhUUQIpIT1iS1vk1ztQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops + created_at: "2023-07-20T00:20:12Z" + enc: CiUA67O9AOODQr+j9f7kfPhTwD5COEw6aSUcif6GII2wkhivmanSEkkAV2r3eZ3zdwwGrV8RRZ3iN3Z/rO65fmsfrMZOF/WJSs49Pq1hUiuVduGd36/Raa4H7Duyx7+5naZtmtE920Rexrk/NaHIkDt9 + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-07-20T00:20:13Z" + mac: ENC[AES256_GCM,data:bc7N3cizvcjPVhUHzO5fPj0MwG0hXlp79/thQoWxVeup9PQ99iGdvMhVxCJC1QCfUFKq1dm2fZfDLLC85+UU3mzvhO1VF4kvZWFICaUdLQr4fuGp7bajwmF20SjXmLHbECbyddReXY88Q05jB9CvSgM8a0wr3UZ5te62aJ+NJHM=,iv:zRDljmyZOc0NMkq+R/1+MHmA4PNq2HnvmRQbSN0DGK0=,tag:t1d/gXx09iMP8mz6ofGwMw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/deployments/edx/secrets/staging.yaml b/deployments/edx/secrets/staging.yaml new file mode 100644 index 000000000..307c22414 --- /dev/null +++ b/deployments/edx/secrets/staging.yaml @@ -0,0 +1,26 @@ +jupyterhub: + hub: + services: + otter_grade: + environment: + LTI_CONSUMER_KEY: ENC[AES256_GCM,data:PcGMe9d/nuv2uF/GzeSEACHy4JU65XbooawdC21Vwa20ch8pJTFPpvzKt0yn9DQtwBaQ9n4/MhVAbnmvSBVZ+A==,iv:zoSJQnaIAwfHVe6WmWnrAVBywn/FO2fB6zkETB9X+t4=,tag:q9H5QkR4bwWKMnMTl+vb/g==,type:str] + LTI_CONSUMER_SECRET: ENC[AES256_GCM,data:GZWC6vhGiO1taYloVcZ2Q3cuugd6U5lz6ZoQEp1GV8x8H5yF2KB9IB22M9KwGABjLFc6qvFdfci0oqJILmroFw==,iv:c/O8H3c4ujkrXHTdU+DGm6U4EC6UyWUsc5i4RnJIgcQ=,tag:5lrSnyfLq5j3k2JqmVQLZQ==,type:str] + apiToken: ENC[AES256_GCM,data:MXGt1/TgrFzRmLE6d8nS205xl3ZPt5OvUNFRvB3oZkM=,iv:eJRB3RYjrPKUB9f8MbhtaPH/FSAh8RRWLiojT1u5qVc=,tag:CIr9239NvyhGdlTPM1UbMg==,type:str] + config: + LTI11Authenticator: + consumers: + b34eeb75dca9b467b1e074fb3eaeed4717a6aefd28d5e7e2c8c633fb016b2f39: ENC[AES256_GCM,data:8LnXy557TJzrxGTSKnvRF9OoVXQm8XltulbbnT0yKV+0/PyFwfk2ItsJB0vxCPbNTGVV2A+pXRkw5V3rjI9M7w==,iv:Ujpi5fEYRKMgh5sU5+XxOBoAPjjkxAlOYrUSQE7I59g=,tag:wrzsEEbhIMm2EcTNYg5xbA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/ucb-datahub-2018/locations/global/keyRings/datahub/cryptoKeys/sops + created_at: "2023-07-20T00:17:51Z" + enc: CiUA67O9AO1WgVkhn8kG3etbaA1jTolfY7ekX2JXgr1oPoF6ptCWEkkAV2r3eYqKvLuua8XWEwVNX96gA+4hbfONDjZPEP2XqBtELWHGeQPRcy3m3iXciz9ayViOBMwCuMffPdiWjpOdFdqhz9koGV0M + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-07-20T00:17:51Z" + mac: ENC[AES256_GCM,data:DTrwf8A7paWfkM7Obq6C6qV5zyREjVhLiJkVQg6huBEwDsHii+4/4Fg22ZtRyCCSKT0qBLY2623dY1I6glxEr0JfUlKV7MhFL9NvkjwIu8V6oJZw78XrQ1mSKgHajH1uQPa5jIBA33vGJDo/95Yzb1XJ18VZFU7qx9ngcbjvjhE=,iv:6l+afZNvt7/eBHHMRVTy4+XLLUUg81y68jiEulLa9vE=,tag:QGvaUGp4gEzfOtR7mS0QsA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 From 687c9e03650d0e64c9b3f2aebe2de4dca61de8a2 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Tue, 28 Nov 2023 17:25:31 -0800 Subject: [PATCH 2/3] [edx] Re-configured NFS folders --- deployments/edx/config/common.yaml | 4 ++++ deployments/edx/config/prod.yaml | 4 +--- deployments/edx/config/staging.yaml | 4 +--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deployments/edx/config/common.yaml b/deployments/edx/config/common.yaml index bde82a554..15d59f6a9 100644 --- a/deployments/edx/config/common.yaml +++ b/deployments/edx/config/common.yaml @@ -1,3 +1,7 @@ +nfsPVC: + enabled: true + nfs: + serverIP: 10.128.0.62 jupyterhub: scheduling: userScheduler: diff --git a/deployments/edx/config/prod.yaml b/deployments/edx/config/prod.yaml index 2f0743903..315859251 100644 --- a/deployments/edx/config/prod.yaml +++ b/deployments/edx/config/prod.yaml @@ -1,8 +1,6 @@ nfsPVC: - enabled: true nfs: - serverIP: 10.128.0.62 - shareName: export/edxhomes-2023-08-28 + shareName: export/edxhomes-2023-08-28/prod jupyterhub: proxy: service: diff --git a/deployments/edx/config/staging.yaml b/deployments/edx/config/staging.yaml index bff7c7bee..68d9b8a99 100644 --- a/deployments/edx/config/staging.yaml +++ b/deployments/edx/config/staging.yaml @@ -1,8 +1,6 @@ nfsPVC: - enabled: true nfs: - serverIP: 10.128.0.62 - shareName: export/edxhomes-staging-2023-10-17 + shareName: export/edxhomes-2023-08-28/staging jupyterhub: prePuller: continuous: From 1f889abd241f08b4c9f7bf2a8f213f9d84677539 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Sun, 3 Dec 2023 16:39:59 -0800 Subject: [PATCH 3/3] [edx] Configured CircleCi --- .circleci/config.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index a3f168729..bd69512e8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -239,6 +239,12 @@ jobs: hubploy deploy --timeout 30m dlab hub ${CIRCLE_BRANCH} no_output_timeout: 30m + - run: + name: Deploy edx + command: | + hubploy deploy --timeout 30m edx hub ${CIRCLE_BRANCH} + no_output_timeout: 30m + - run: name: Deploy eecs command: | @@ -522,6 +528,15 @@ workflows: ignore: - staging - prod + - hubploy/build-image: + deployment: edx + name: edx image build + # Filters can only be per-job? wtf + filters: + branches: + ignore: + - staging + - prod - hubploy/build-image: deployment: eecs name: eecs image build @@ -677,6 +692,15 @@ workflows: branches: only: - staging + - hubploy/build-image: + deployment: edx + name: edx image build + push: true + # Filters can only be per-job? wtf + filters: + branches: + only: + - staging - hubploy/build-image: deployment: eecs name: eecs image build @@ -765,6 +789,7 @@ workflows: - data102 image build - datahub image build - dev-r image build + - edx image build - eecs image build - ischool image build - julia hub image build