From d0274ba2e592e3b2ef840ce2a48c1b2c39bf7ff8 Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Thu, 12 Sep 2024 22:05:22 +0000 Subject: [PATCH 1/6] Remove unrequired migration (didn't fix issue). --- conf.d/55canvas-install | 4 ---- 1 file changed, 4 deletions(-) diff --git a/conf.d/55canvas-install b/conf.d/55canvas-install index 20a4276..9866d72 100755 --- a/conf.d/55canvas-install +++ b/conf.d/55canvas-install @@ -69,10 +69,6 @@ bundle exec rake db:initial_setup # mv 20210823222355_change_immersive_reader_allowed_on_to_on.rb db/migrate/ bundle exec rake db:migrate -# resolve (errant) 'failed to allocate memory' issue - closes -# https://github.com/turnkeylinux/tracker/issues/1965 -bundle exec rake switchman_inst_jobs:install:migrations - mkdir -p log tmp/pids public/assets # stop services From b39b86550b66cf4ec7d31dbe5b66df9237692a26 Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Thu, 22 Aug 2024 01:29:54 +0000 Subject: [PATCH 2/6] Bump delayed_jobs worker memory - closes #1979 --- conf.d/52canvas-configs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.d/52canvas-configs b/conf.d/52canvas-configs index 47f7cfb..391f2da 100755 --- a/conf.d/52canvas-configs +++ b/conf.d/52canvas-configs @@ -57,7 +57,7 @@ production: max_run_time: 28800 worker_max_job_count: 20 - worker_max_memory_usage: 536870912 + worker_max_memory_usage: 1073741824 default: workers: From df84788598e63a3f662d106e0a67161eb4e059b1 Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Thu, 22 Aug 2024 03:46:02 +0000 Subject: [PATCH 3/6] canvas.py styling refactor - use fstrings and var/function order/spacing --- overlay/usr/lib/inithooks/bin/canvas.py | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/overlay/usr/lib/inithooks/bin/canvas.py b/overlay/usr/lib/inithooks/bin/canvas.py index 6d08347..8eac1dc 100755 --- a/overlay/usr/lib/inithooks/bin/canvas.py +++ b/overlay/usr/lib/inithooks/bin/canvas.py @@ -19,18 +19,17 @@ from libinithooks import inithooks_cache from libinithooks.dialog_wrapper import Dialog +DEFAULT_DOMAIN = "www.example.com" + def usage(s=None): if s: print("Error:", s, file=sys.stderr, **kwargs) - print("Syntax: %s [options]" % sys.argv[0], file=sys.stderr) + print(f"Syntax: {sys.argv[0]} [options]", file=sys.stderr) print(__doc__, file=sys.stderr) sys.exit(1) -DEFAULT_DOMAIN = "www.example.com" - - def main(): try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", @@ -104,25 +103,20 @@ def main(): config = "/var/www/canvas/config/outgoing_mail.yml" subprocess.run(["sed", "-ri", - 's|domain:.*|domain: "%s"|' % domain, + f's|domain:.*|domain: "{domain}"|', config]) subprocess.run(["sed", "-ri", - 's|outgoing_address:.*|outgoing_address: "%s"|' % email, + f's|outgoing_address:.*|outgoing_address: "{email}"|', config]) config = "/var/www/canvas/config/dynamic_settings.yml" subprocess.run(["sed", "-ri", - 's|app-host:.*|app-host: "%s:3000"|' % domain, + f's|app-host:.*|app-host: "{domain}:3000"|', config]) config = "/var/www/canvas/config/domain.yml" subprocess.run(["sed", "-ri", - 's|domain:.*|domain: "%s"|' % domain, - config]) - - config = "/var/www/canvas/config/initializers/outgoing_mail.rb" - subprocess.run(["sed", "-ri", - 's|:domain => .*|:domain => "%s",|' % domain, + f's|domain:.*|domain: "{domain}"|', config]) print("Restarting services; please wait...") From 30ccafe7804ca3ae224bc08ba1af022fe88d8ffd Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Thu, 22 Aug 2024 11:34:37 +0000 Subject: [PATCH 4/6] Update value of lti_iss in security.yml to match domain --- conf.d/52canvas-configs | 2 +- overlay/usr/lib/inithooks/bin/canvas.py | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/conf.d/52canvas-configs b/conf.d/52canvas-configs index 391f2da..f2d7ea8 100755 --- a/conf.d/52canvas-configs +++ b/conf.d/52canvas-configs @@ -78,7 +78,7 @@ cat >$WEBROOT/config/security.yml<$WEBROOT/config/dynamic_settings.yml< Date: Thu, 12 Sep 2024 22:51:37 +0000 Subject: [PATCH 5/6] Update changelog (for real/patched) v18.1 release --- changelog | 42 ++++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/changelog b/changelog index cf4b471..198e142 100644 --- a/changelog +++ b/changelog @@ -1,20 +1,14 @@ turnkey-canvas-18.1 (1) turnkey; urgency=low - * Install latest Canvas LTS stable (prod branch), Canvas RCE API and required - dependencies. Canvas installed from upstream git repo. + * Update to Canvas security.yml config: + - delayed_jobs.yml - bump worker_max_memory_usage memory allowance + - closes #1979. + - security.yml - set domain for lti_iss - untracked bug. - * Update Ruby (3.1.6). + * Disable Apache mod_evasive for Canvas - part of #1965. - * Update bundler to 2.5.10 - as per "Production Start" doc. - - * Disable Apache mod_evasie for Canvas - part of #1965. - - * Run switchman_inst_jobs:install:migrations - closes #1965. - - * Update GEM_PATH in Apache conf - didn't seem to be causing issues, but - better for it to be correct path. - - * Apply fix so passenger-status works - useful for debugging. + * Disable Apache PrivateTmp so passenger error files can be found where + passenger reports they can be found (i.e. /tmp) - untracked bug. * Configuration console (confconsole) - v2.1.6: - Let's Encrypt/Dehydrated - bugfix cron failure - closes #1962. @@ -26,7 +20,7 @@ turnkey-canvas-18.1 (1) turnkey; urgency=low * Reduce log noise by creating ntpsec log dir - closes #1952. - -- Jeremy Davis Sat, 06 Jul 2024 11:31:36 +0000 + -- Jeremy Davis Thu, 12 Sep 2024 07:35:16 +0000 turnkey-canvas-18.0 (1) turnkey; urgency=low @@ -204,7 +198,7 @@ turnkey-canvas-16.0 (1) turnkey; urgency=low * Repaired Canvas RCE API service for running with a domain. * Update included NodeJS to 10.x (10.20.1). - + * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. @@ -217,7 +211,7 @@ turnkey-canvas-15.3 (1) turnkey; urgency=low * Include Canvas RCE API service run with Passenger - closes #1319. * Update included NodeJS to 10.x (10.15.3). - + * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. @@ -231,7 +225,7 @@ turnkey-canvas-15.2 (1) turnkey; urgency=low * Include Canvas logrotate.d script - closes #1279. [ Zhenya Hvorostian ] - + * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. @@ -240,27 +234,27 @@ turnkey-canvas-15.2 (1) turnkey; urgency=low turnkey-canvas-15.1 (1) turnkey; urgency=low * Install latest Canvas LTS stable from upstream git repo. - + * Update yarn version to 1.10.1. * Secure yarn apt repo. - + * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. - + -- Zhenya Hvorostian Fri, 23 Nov 2018 11:48:21 +0300 turnkey-canvas-15.0 (1) turnkey; urgency=low * Install latest Canvas LTS stable from upstream git repo. - + * Update yarn version to latest. - + * Change Node.js version to 8.12.0. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. - + -- Zhenya Hvorostian Sun, 24 Sep 2018 21:33:10 +0300 turnkey-canvas-14.2 (1) turnkey; urgency=low @@ -343,7 +337,7 @@ turnkey-canvas-12.1 (1) turnkey; urgency=low * Canvas: - - Upgraded to latest version of Canvas - cloned from upstream git repo + - Upgraded to latest version of Canvas - cloned from upstream git repo as recommended providing an easy upgrade path. - Fixed automated jobs daemon configuration and enabled (bugfix). - Set outgoing mail defaults to tls, disable for local postfix (bugfix). From 588a8c95e313953d6a89f378d7b30198e5be6aea Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Fri, 13 Sep 2024 00:14:30 +0000 Subject: [PATCH 6/6] Add apache2 override to disable private tmp --- overlay/etc/systemd/system/apache2.service.d/override.conf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 overlay/etc/systemd/system/apache2.service.d/override.conf diff --git a/overlay/etc/systemd/system/apache2.service.d/override.conf b/overlay/etc/systemd/system/apache2.service.d/override.conf new file mode 100644 index 0000000..bd88c98 --- /dev/null +++ b/overlay/etc/systemd/system/apache2.service.d/override.conf @@ -0,0 +1,6 @@ +[Service] +# Disable Apache private temp so the detailed passenger error html files are +# saved directly to the root of /tmp - otherwise they are saved to +# /tmp/systemd-private-xxx.xxx-apache2.service-XXXXXX/tmp/passenger-error-xxxxx.html +# making them hard to find for the uninitiated +PrivateTmp=false