v1.4 Release Notes

Highlights in 1.4:

Upgrading from v1.3

  1. Enable EPEL and update OnDemand release RPM

    CentOS/RHEL 6

    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    sudo yum install -y https://yum.osc.edu/ondemand/1.4/ondemand-release-web-1.4-1.el6.noarch.rpm
    

    CentOS/RHEL 7

    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    sudo yum install -y https://yum.osc.edu/ondemand/1.4/ondemand-release-web-1.4-1.el7.noarch.rpm
    
  2. Update OnDemand

    sudo yum clean all
    sudo yum update ondemand
    

Warning

The nginx RPM used by ondemand will upgrade the nginx RPMs provided by EPEL, if they are installed.

  1. Rebuild any custom Node.js or Ruby apps

    Since we upgraded to Ruby 2.4 from 2.2 and NodeJS 0.10 to NodeJS 6 any custom Passenger apps in Ruby or NodeJS that have their dependencies installed in vendor/bundle or node_modules will need to be reinstalled. Some code may have to be updated or dependency versions changed to work with the latest Ruby version.

    For NodeJS apps:

    For Ruby apps:

    If you need a way to continue to still use Ruby 2.2 or a different version of NodeJS please post a question on our Discourse instance.

  2. Verify Navbar contains all the apps you want.

    The behavior changed from 1.3 to 1.4 so by default all categories of any sys app found appear as dropdown menus without the need for configuration changes.

    As a result menus may appear that you do not expect, if previously you were relying on the “whitelist” functionality of the NavConfig.categories.

    See Control Which Apps Appear in the Dashboard Navbar for details.

  3. Verify Developer mode is configured how you want it

    See Enabling App Development for an explanation of how developer mode has changed between 1.3 and 1.4 and how to configure things properly. For sites that have active developers, this will either be adding configuration to revert to 1.3’s functionality, or creating some directories and symlinks to enable specific app developers.

  4. Optionally remove dependencies from prior versions of OOD

    sudo yum remove nodejs010\* rh-passenger40\* rh-ruby22\* nginx16\* git19\* v8314\*
    

Warning

As always please update the development or test instances of OnDemand installed at your center first before you modify the production instance. Remember, Ruby and Node have been upgraded, so existing custom apps may need to be re-built.

Infrastructure Version Changes

OnDemand’s infrastructure components have been merged into a monolithic repository. Component changelogs have been frozen and the parent repository will now track all infrastructure changes: OnDemand 1.4.9. Diff with 1.3.7

Application Version Changes

Table 16 Application Versions
App Version
Dashboard App 1.26.2 → 1.30.2 (diff)
Shell App 1.3.1 → 1.4.2 (diff)
Files App 1.4.1 → 1.5.0 (diff)
File Editor App 1.3.3 → 1.4.0 (diff)
Active Jobs App 1.6.2 → 1.6.8 (diff)
Job Composer App 2.8.3 → 2.10.1 (diff)
Desktops App Unchanged

Table 16 lists the versions as well as the previous version it was updated from for each of the system web applications in this release.

Details

Upgrade to Ruby 2.4, NodeJS 6, Passenger 5

This upgrade updates our dependencies to Software Collections Ruby 2.4 and NodeJS 6. Passenger is also seeing an upgrade to version 5, but until Passenger 5 is supported by SCL OSC will host the Passenger 5 and NGINX 1.14 RPMs which are built based on the Passenger RPM automation repo. A side effect of these dependency changes is that custom applications may need to be rebuilt before they will work.

Warning

The Per User NGINX temporary directory has been moved from /var/lib/nginx to /var/tmp/nginx due to an issue with more restrictive permissions with NGINX 1.14.

A consequence of this NGINX 1.14 upgrade is that NGINX directories like /var/log/nginx have become more restrictive - owned by the nginx user and set by default to 700.

Security Enhancement - PUN autogenerates secret key base if none is set

The PUN will autogenerate its own unique per-user secret key base string which is generated at first launch if it doesn’t exist. This is used by Rails apps to encrypt cookies and overrides the default one set in env.production.

Security Enhancement: App development mode is disabled by default

Development mode disabled by default: application development gives increased access to a system (e.g. allowing the user to open an interactive shell on the web node), and should only be enabled for trusted users. For details, see Enabling App Development.

Security Enhancement: Enable whitelisting of directories in several core apps

The file editor, file browser and job composer now support an optional whitelist of browseable/editable directories. Directories and files not in the whitelist will never be forbidden to users. The whitelist is controlled by the environment variable WHITELIST_PATH, which is best be defined by editing /etc/ood/config/nginx_stage.yml under the pun_custom_env map.

Security Enhancement: Require SSH for all hosts in Shell app

Prior to this release it was possible for OOD users to change the URL in the shell application and connect directly to the web node by starting a Bash shell on localhost. Given that this ability for arbitrary user access is counter intuitive to how web servers are typically managed, the exemption for localhost has been removed; users will always use SSH to connect to any host, allowing SSH access controls to work.

Add ability to include Javascript in Batch Connect apps

Batch Connect applications may now define a Javascript file to add interactive frontend functionality. Github OSC/ood-dashboard#426. The contents of this JavaScript file will be embedded in <script> tags at the bottom of the form below the Launch button.

  • For apps like the example Jupyter app whose form is defined in the form.yml, you can add a form.js file alongside the form.yml.
  • For “subapps” like bc_desktop where you have overrides defined in a custom_name.yml you can add a custom_name.js for that JavaScript file to be loaded by that app.

So for example, OSC has a Pitzer interactive desktop defined in this directory as pitzer.yml so we could add a pitzer.js file.

Better environment setting

The file /etc/ood/config/nginx_stage.yml now includes two methods to set the PUN environment. Populating the mapping pun_custom_env allows sites to define OOD specific environment variables that will be added to the PUN environment. Defining the sequence pun_custom_env_declarations confers the ability to define an arbitrary list of env vars to declare in the PUN config (so they are retained from whatever is set in /etc/ood/profile).

For example: nginx_stage_example.yml.

Customizable error pages for missing home dirs

Customizable error pages for missing home directory during the first login flow for sites using pam_mkhomedir.so. OOD Discourse: launching ondemand when home directory does not exist.

Experimental SGE/UGE support

A job adapter has been written that supports Sun Grid Engine derivatives. The adapter is known to be compatible with SGE 6.2u5 and Univa GE 8.0.1. Thanks to UCLA for donating access to Hoffman2 to aid in development of the adapter.

Fixed copy and paste issues in the Shell app for Firefox

Resolved a pair of issues (#48, #55) that caused problems with copy and paste in the Shell application.

Improve default discoverability of apps in the Dashboard’s navbar

Introduction of a whitelist mode for the Dashboard navbar which is disabled by default. This change means that by default, when deploying a new app, if properly configured it will appear in the Dashboard’s navigation menu without the need for changing configuration. OSC/ood-dashboard#295

For details please see Control Which Apps Appear in the Dashboard Navbar.

Optional Quota warnings on dashboard

The Dashboard can now display a configurable disk usage warning to the user if they approach a certain usage threshold. This feature is enabled by defining the environment variable OOD_QUOTA_PATH which can take a colon delimited path, and may be defined in /etc/ood/config/nginx_stage.yml under the custom_env map. The version 1 format for quota files is defined in the Dashboard README.

Slurm 18 Support

Slurm 18.x introduced a bug with the fields gres or tres in squeue output which broke prior versions of the Slurm adapter. The OOD team has both updated the OOD Slurm adapter to function normally despite the bug, and submitted a fix which Slurm will be releasing in a future version.