v4.0 Release Notes

Administrative changes

• Breaking Changes

• Dependency updates

• Upgrade directions

New Features

• Global Batch Connect items

• noVNC quality and compression defaults

• Batch connect sessions poll delay

• System Status application

• data-hide directives now respond to false

• User mapping now accepts UIDs

• Interactive apps can have a text header

• Remove runtime dependency on SCL

• XDMoD efficiency widget update

• Edit and delete interactive application saved settings

• nginx_clean now cleans PUNs of disabled users

Thanks!

We’d like to thank a bunch of folks’ for contributing to this release. As we only know the github username, that’s what’s being referenced here.

Details of administrative changes

Breaking Changes

Autoloading during initialization has been removed.

This comes from the Ruby on Rails framework that Open OnDemand utilizes. It affects initializers you may have written, for example to Add Shortcuts to Files Menu.

To resolve this, wrap your code in a Rails.application.config.after_initialize block.

For example, if you have:

# /etc/ood/config/apps/dashboard/initializers/ood.rb

  OodFilesApp.candidate_favorite_paths.tap do |paths|
    # add User project space directory
    paths << FavoritePath.new("/fs/project/#{User.new.name}")
  end

You will need to modify that file like so:

# /etc/ood/config/apps/dashboard/initializers/ood.rb

  Rails.application.config.after_initialize do
    OodFilesApp.candidate_favorite_paths.tap do |paths|
      # add User project space directory
      paths << FavoritePath.new("/fs/project/#{User.new.name}")
    end
  end

NavConfig has been removed.

The initializers used to modify the navigation bar and the class NavConfig is deprecated in 3.0 and will be removed in 4.0. The 3.x series will continue to support this, but sites should use the nav_categories property instead.

See Limit auto generated menu bars and the nav_categories configuration property for more details.

whitelist & blacklist configs have been removed.

These configurations that have whitelist in the name have been deprecated in 3.0 and replaced with allowlist or blocklist in 4.0.

The configurations maintenance_ip_whitelist for configuring maintenance ips has been replaced by maintenance_ip_allowlist.

The WHITELIST_PATH environment variable for configuring inaccessible paths in the file browser has been replaced by OOD_ALLOWLIST_PATH.

ACL configurations in cluster.d files now use allowlist and blocklist instead of whitelist and blacklist, though sites should just use Linux FACLs to control these files instead of these configurations.

Announcements are dismissable by default.

In 4.0 Announcements now have the ability to be dismissable. Meaning users can press OK on the announment and it will no longer appear on the pages.

In prior versions of Open OnDemand there was no way to dismiss or get rid of announcements. Now in version 4.0, not only is there a way to dismiss announcements, announcements themselves are dismissable by default.

The documentation for Announcements has been updated with this new feature.

Batch connect form ids are now lowercase.

To resolve some bugs with Dynamic Form Widgets, batch connect form items will now force lowercase HTML IDs. This may break some javascript at centers expecting the HTML id of the form item to be a mix of uppercase and lowercase.

This is an example of defining a form item with uppercase keys like My_Cool_Form_Item.

---
form:
  My_Cool_Form_Item

In this example My_Cool_Form_Item has uppercase characters, however the HTML id of the form item will be lowercase as shown below.

id="batch_connect_session_context_my_cool_form_item"

Root owned configuration files

In an effort to increase the security of the Open OnDemand platform, the system will now start to only respond to root owned configuration files.

This will mean that all configfuration files in /etc/ood/config will need to be owned by the root user (uid 0) in order to be used.

While these files need to be root owned, they can continue to have any group ownership.

Deprecations

POLL_DELAY is deprecated

POLL_DELAY is deprecated in 4.0 and being replaced by documented configurations. See Batch connect sessions poll delay for more details.

Dependency updates

This release updates the following dependencies:

• Ruby 3.3 (RHEL 8 & 9 only)

  Warning

  The change in Ruby version means any Ruby based apps that are not provided by the OnDemand RPM must be rebuilt or supply their own bin/ruby to use the older version of ruby.

• NodeJS 20 (All OSes)

  Warning

  The change in Node version means any Node based apps that are not provided by the OnDemand RPM must be rebuilt.

  Warning

  Ubuntu 24.04 and Debian 12 are no longer support on ppc64le due to NodeJS 20 not being available on that architecture.

• Passenger 6.0.23

• NGINX 1.26.1

• ondemand-dex 2.41.1

Warning

OnDemand repos no longer provide mod_auth_openidc or cjose.

SELinux changes

Upgrade directions

Warning

Update the development or test instances of OnDemand installed at your center first before you modify the production instance.

Warning

The OnDemand upgrade has only been tested going from 3.1.x to 4.0.x.

1. Update OnDemand repository

   RedHat/Rocky Linux/AlmaLinux 8RedHat/Rocky Linux/AlmaLinux 9Ubuntu 20.04Ubuntu 22.04Ubuntu 24.04Debian 12Amazon Linux 2023

   sudo yum install -y https://yum.osc.edu/ondemand/4.0/ondemand-release-web-4.0-1.el8.noarch.rpm
   

2. Enable dependency repos

   RHEL/Rocky/AlmaLinux 8 & 9 only

   sudo dnf module reset nodejs
   sudo dnf module enable nodejs:20
   sudo dnf module reset ruby
   sudo dnf module enable ruby:3.3
   

3. Update OnDemand

   yum/dnfapt

   sudo yum clean all
   sudo yum update ondemand
   

4. (Optional) If using Dex based authentiction, update the ondemand-dex package.

   yum/dnfapt

   sudo yum update ondemand-dex
   

5. Update Apache configuration and restart Apache.

   sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
   

   RedHat/Rocky Linux/AlmaLinux 8 & 9Ubuntu 20.04 & 22.04 & Debian 12Amazon 2023

   sudo systemctl try-restart httpd
   

6. (Optional) If ondemand-dex was installed, restart the ondemand-dex service.

   sudo systemctl try-restart ondemand-dex.service
   

7. (Optional) If ondemand-selinux was installed, see SELinux after Updates

8. Force all PUNs to restart

   sudo /opt/ood/nginx_stage/sbin/nginx_stage nginx_clean -f
   

9. (Optional) Remove old dependencies from prior versions of OOD if they are not used by other applications.

   RHEL/Rocky/AlmaLinux 8 & 9 only

   sudo dnf remove environment-modules scl-utils
   

10. Set mod_auth_openidc and cjose to the OS packaged version

RHEL/Rocky/AlmaLinux 8 only

sudo dnf downgrade mod_auth_openidc

Details of new features

Global Batch Connect items

In 4.0 you can now define batch connect form items in ondemand.d files to be used in any batch connect application.

See Global Batch Connect Form Items for more details.

noVNC quality and compression defaults

Sites can now set the default compression and quality values for noVNC batch connect applications through the two ondemand.d properties novnc_default_compression and novnc_default_quality.

Batch connect sessions poll delay

When a user lands on My Interactive Sessions page, the client browswer will request updates by default every 10 seconds.

Sites wanting to change this had do use the hidden environment variable POLL_DELAY.

In 4.0 this is a documented configuration with POLL_DELAY being deprecated. See the bc_sessions_poll_delay documentation for more details.

System Status application

Your center may have deployed OSC’s system status application: https://github.com/osc/osc-systemstatus.

4.0 now ships with this application natively, though it only supports Slurm clusters in this release.

Here’s an example image from OSC detailing the system status of our clusters.

This application will poll for updates at regular intervals to automatically update the page. The default is 10 seconds. See the documentation on status_poll_dela for more details.

Visit Disabling applications to disable this application.

data-hide directives now respond to false

data-hide directives now respond to both true to hide the form item or false to show the form item.

Responding to false is new in 4.0.

User mapping now accepts UIDs

User mapping scripts can now return a UID instead of a username. This can be helpful for centers that have multiple domains and possible username collisions.

Interactive apps can have a text header

The item form_header can be added to intereactive applications to display additional text in the form. Note this is different from the manifest.yml’s description field becuase it will not be displayed on hoverover.

See the form documentation for form_header for more details.

Remove runtime dependency on SCL

OnDemand no longer requires SCL on RHEL based systems. OnDemand also no longer has an indirect dependency on the TCL environment module packages. This removal of the SCL dependency should make it possible to install OnDemand on hosts such as a head node where the Lmod environment modules are setup.

XDMoD efficiency widget update

XDMoD job efficiency panels now show efficiency calculations for CPU usage, memory and time.

Edit and delete interactive application saved settings

Since launching saved settings for interactive applications in version 3.1, 4.0 now offers the ability to edit and delete these saved settings.

See Editing and deleting settings for more details.

nginx_clean now cleans PUNs of disabled users

The helper method nginx_clean in the nginx_stage library will now remove PUNs and related files for users that have been disabled.

Disabled users have been deleted from LDAP and are no longer valid users on that system.

This means that centers that delete users (remove them from LDAP) will also now start to clean those processes on the OnDemand machine.