search

appsembler / configuration

a simple, but flexible, way for anyone to stand up an instance of the edX platform that is fully configured and ready-to-go
GNU Affero General Public License v3.0
14 stars 13 forks source link

Contribute: remove old edX PPA configuration #388

Closed OmarIthawi closed 2 years ago

OmarIthawi commented 2 years ago

See:

The key for the PPA is now expired, which breaks apt on servers:

$ sudo apt update
...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ppa.edx.org xenial InRelease: The following signatures were invalid: KEYEXPIRED 1638722487  KEYEXPIRED 1638722487  KEYEXPIRED 1638722487
W: http://packages.elastic.co/elasticsearch/1.5/debian/dists/stable/Release.gpg: Signature by key 46095ACC8548582C1A2699A9D27D666CD88E42B4 uses weak digest algorithm (SHA1)
W: Failed to fetch http://ppa.edx.org/dists/xenial/InRelease  The following signatures were invalid: KEYEXPIRED 1638722487  KEYEXPIRED 1638722487  KEYEXPIRED 1638722487
$ sudo apt-key list | grep -A 1 expired
pub   4096R/69464050 2015-12-16 [expired: 2021-12-05]
uid                  edX Inc. (edX PPA) <admin+ppa@edx.org>

As far as I can tell from the playbooks, that PPA is only used to install a python 2.7 package on Ubuntu Trusty. We don't use that, but it's still breaking things for us, so we should probably just remove it.

Additionally, I've confirmed that no packages appear to actually be installed from the openedx PPA:

$ sudo apt-cache policy $(dpkg --get-selections | grep -v deinstall$ | awk '{ print $1 }') | perl -e '@a = <>; $a=join("", @a); $a =~ s/\n(\S)/\n\n$1/g;  @packages = split("\n\n", $a); foreach $p (@packages) {print "$1: $2\n" if $p =~ /^(.*?):.*?500 http:\/\/ppa\.edx\/(.*?)\s/s}'
$

So, folks who know more about Open edX than me, please confirm that we don't actually rely on that PPA for anything.

This PR will stop us from configuring that PPA on new deploys but does not remove it from existing systems. If you run into the error on existing system, just remove the /etc/apt/sources.list.d/ppa_edx_org.list file.

thraxil commented 2 years ago

@OmarIthawi my rough understanding was that with Maple (or possibly earlier), edX has moved to be fully K8s and the upstream configuration repo and all the Ansible stuff is effectively deprecated. It seems like it's probably not worth putting any real time into pushing our stuff upstream on this repo.

OmarIthawi commented 2 years ago

I forgot about the Maple part. Thanks Anders. Closing this issue.