Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release/3.15.3 #3422

Merged
merged 72 commits into from
Oct 31, 2023
Merged

Release/3.15.3 #3422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
7c116bb
Add scroll and size settings for xref es scans
stchris May 11, 2023
f83ac8a
Bump version: 3.14.1 → 3.14.2-rc1
stchris May 11, 2023
10c7aa0
Add generic scroll/size parameters to scan calls
stchris May 12, 2023
9506f11
Bump version: 3.14.2-rc1 → 3.14.2-rc2
stchris May 12, 2023
443487d
Fix formatting
stchris May 12, 2023
0ff3114
Bump version: 3.14.2-rc2 → 3.14.2-rc3
stchris May 12, 2023
50b06e8
Add missing import
stchris May 12, 2023
34cc5dd
Bump version: 3.14.2-rc3 → 3.14.2-rc4
stchris May 12, 2023
bef083c
Apply scroll window settings to xref operations only
stchris May 16, 2023
ab8aae2
Revert the decision to apply scroll settings here
stchris May 16, 2023
841c1bd
Bump version: 3.14.2-rc4 → 3.14.2-rc5
stchris May 16, 2023
a6aea1a
Bump version: 3.14.2-rc5 → 3.14.2
stchris Jun 20, 2023
1458e95
UI docker image python package (#3129)
stchris Jun 16, 2023
676bcc8
Add scroll and size settings for xref es scans
stchris May 11, 2023
e53cc01
Bump version: 3.14.1 → 3.14.2-rc1
stchris May 11, 2023
40e803b
Add generic scroll/size parameters to scan calls
stchris May 12, 2023
3659b77
Bump version: 3.14.2-rc1 → 3.14.2-rc2
stchris May 12, 2023
611ce74
Fix formatting
stchris May 12, 2023
db6e584
Bump version: 3.14.2-rc2 → 3.14.2-rc3
stchris May 12, 2023
513704a
Add missing import
stchris May 12, 2023
dd2bb1e
Bump version: 3.14.2-rc3 → 3.14.2-rc4
stchris May 12, 2023
30c3d4c
Apply scroll window settings to xref operations only
stchris May 16, 2023
5c3c2e6
Revert the decision to apply scroll settings here
stchris May 16, 2023
83f6f47
Bump version: 3.14.2-rc4 → 3.14.2-rc5
stchris May 16, 2023
927faac
Bump version: 3.14.2-rc5 → 3.14.2
stchris Jun 20, 2023
45ea9f7
UI docker image python package (#3129)
stchris Jun 16, 2023
57cec2b
Release/3.14.2 to main (#3172)
stchris Jun 23, 2023
3d75344
Fix missing imports
stchris Jun 23, 2023
3b43e47
Update Transifex config to work with the latest version of the tx CLI
tillprochaska Jun 23, 2023
e981374
Update translations
tillprochaska Jun 23, 2023
5d565ec
Bump version: 3.14.2 → 3.14.3-rc1
stchris Jun 26, 2023
99235d5
Bump version: 3.14.3-rc1 → 3.14.3
stchris Jun 26, 2023
a948c83
Merge branch 'develop' into release/3.14.3
stchris Jun 26, 2023
799c23c
Merge branch 'main' into release/3.14.3
stchris Jun 27, 2023
c187444
Merge pull request #3174 from alephdata/release/3.14.3
stchris Jun 27, 2023
d111788
Remove deprecated --eager-loading parameter
stchris Jun 27, 2023
a26ea5c
Update migrations to SQLAlchemy 2.x
stchris Jun 27, 2023
34d16f5
Update translations
tillprochaska Jul 13, 2023
481a51a
Bump version: 3.14.3 → 3.15.1-rc1
tillprochaska Jul 13, 2023
e140997
Implement server-side bookmarks (#2843)
tillprochaska Jun 28, 2023
db619ec
Add SENTRY_DSN secret to ingest-file and worker
stchris Jun 28, 2023
c2dd117
Update CHANGELOG after 3.14.3
stchris Jun 28, 2023
0ec0c28
Bump ingest-file and FTM versions
catileptic Jun 28, 2023
43fec96
Bump ingest-file version in contrib/
catileptic Jun 28, 2023
501b4fe
Bump version: 3.14.3 → 3.15.0-rc1
stchris Jun 28, 2023
5693660
Bump ingest-file to 3.19.1
stchris Jun 28, 2023
8c29b32
Bump version: 3.15.0-rc1 → 3.15.0-rc2
stchris Jun 28, 2023
006216b
Bump version: 3.15.0-rc2 → 3.15.0
stchris Jul 17, 2023
74a94c3
Fix user guide link on about page (#3228)
tillprochaska Jul 25, 2023
d4290fa
Bump version: 3.15.1-rc1 → 3.15.1-rc2
stchris Jul 25, 2023
a2283b0
New user guide (#3223)
tillprochaska Jul 24, 2023
2acae50
Add redirects for old user guide links (#3229)
tillprochaska Jul 26, 2023
92992da
Fix outdated package-lock.json
tillprochaska Jul 26, 2023
10534c7
Bump ingest-file to 3.19.2
stchris Sep 8, 2023
cab5fb7
Bump version: 3.15.1-rc2 → 3.15.1
stchris Sep 8, 2023
03d06de
Merge branch 'develop' into release/3.15.1
stchris Sep 8, 2023
1e93d10
Merge branch 'main' into release/3.15.1
stchris Sep 12, 2023
b523fb5
Merge pull request #3321 from alephdata/release/3.15.1
stchris Sep 12, 2023
20832c0
Bump version: 3.15.1 → 3.15.2-rc1
stchris Sep 13, 2023
cdfd75f
Revert authlib to < 1
stchris Sep 20, 2023
c3e7a6e
Bump version: 3.15.2-rc1 → 3.15.2-rc2
stchris Sep 20, 2023
4bee9db
Enable mtls / client cert configuration for elasticsearch connections…
simonwoerpel Oct 7, 2023
751603b
Enable French docs translations (#3405)
tillprochaska Oct 12, 2023
330d1a9
dev worker should use the latest aleph version
stchris Oct 18, 2023
fbfec60
Bump version: 3.15.2-rc2 → 3.15.2
stchris Oct 18, 2023
9043f7e
Replace werkzeug.urls with urllib functions (#3382)
catileptic Oct 3, 2023
e149a37
Bump version: 3.15.2 → 3.15.3-rc1
stchris Oct 18, 2023
a95f61b
Bump version: 3.15.3-rc1 → 3.15.3
stchris Oct 18, 2023
ab175bc
Merge branch 'main' into release/3.15.2
stchris Oct 18, 2023
72e03f1
Fix double import error from merge
stchris Oct 18, 2023
3d83bf4
Use auth action before Google Cloud SDK setup action (#3415)
stchris Oct 18, 2023
98a378f
Merge branch 'develop' into release/3.15.2
stchris Oct 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions aleph.env.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@ ALEPH_OAUTH_SECRET=

# To use an external ElasticSearch service:
# ALEPH_ELASTICSEARCH_URI=
# enable mtls for elasticsearch:
# ELASTICSEARCH_TLS_CA_CERTS=/certs/ca.crt
# ELASTICSEARCH_TLS_CLIENT_CERT=/certs/client.crt
# ELASTICSEARCH_TLS_CLIENT_KEY=/certs/client.key
# ELASTICSEARCH_TLS_VERIFY_CERTS=1

# 'scroll' parameter used on ES scan() calls on xref operations
# (how long a consistent view of the index should be maintained for scrolled search)
Expand Down
41 changes: 27 additions & 14 deletions aleph/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,25 @@
import logging
from urllib.parse import urljoin, urlencode
from werkzeug.local import LocalProxy
from werkzeug.middleware.profiler import ProfilerMiddleware
from urllib.parse import urlencode, urljoin

from banal import clean_dict
from elasticsearch import Elasticsearch, TransportError
from flask import Flask, request
from flask import url_for as flask_url_for
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_mail import Mail
from flask_cors import CORS
from flask_babel import Babel
from flask_cors import CORS
from flask_mail import Mail
from flask_migrate import Migrate
from flask_sqlalchemy import SQLAlchemy
from flask_talisman import Talisman
from followthemoney import set_model_locale
from elasticsearch import Elasticsearch, TransportError
from servicelayer.cache import get_redis
from servicelayer import settings as sls
from servicelayer.archive import init_archive
from servicelayer.cache import get_redis
from servicelayer.extensions import get_extensions
from servicelayer.util import service_retries, backoff
from servicelayer.logs import configure_logging, LOG_FORMAT_JSON
from servicelayer import settings as sls
from servicelayer.logs import LOG_FORMAT_JSON, configure_logging
from servicelayer.util import backoff, service_retries
from werkzeug.local import LocalProxy
from werkzeug.middleware.profiler import ProfilerMiddleware

from aleph import __version__ as aleph_version
from aleph.settings import SETTINGS
Expand Down Expand Up @@ -137,17 +139,28 @@ def configure_alembic(config):
def get_es():
url = SETTINGS.ELASTICSEARCH_URL
timeout = SETTINGS.ELASTICSEARCH_TIMEOUT
con_opts = clean_dict(
{
"ca_certs": SETTINGS.ELASTICSEARCH_TLS_CA_CERTS,
"verify_certs": SETTINGS.ELASTICSEARCH_TLS_VERIFY_CERTS,
"client_cert": SETTINGS.ELASTICSEARCH_TLS_CLIENT_CERT,
"client_key": SETTINGS.ELASTICSEARCH_TLS_CLIENT_KEY,
}
)
for attempt in service_retries():
try:
if not hasattr(SETTINGS, "_es_instance"):
# When logging structured logs, use a custom transport to log
# all es queries and their response time
if sls.LOG_FORMAT == LOG_FORMAT_JSON:
es = Elasticsearch(
url, transport_class=LoggingTransport, timeout=timeout
url,
transport_class=LoggingTransport,
timeout=timeout,
**con_opts,
)
else:
es = Elasticsearch(url, timeout=timeout)
es = Elasticsearch(url, timeout=timeout, **con_opts)
es.info()
SETTINGS._es_instance = es
return SETTINGS._es_instance
Expand Down
6 changes: 6 additions & 0 deletions aleph/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,12 @@ def __init__(self) -> None:
self.ELASTICSEARCH_URL = env.get(
"ALEPH_ELASTICSEARCH_URI", "http://localhost:9200"
)
self.ELASTICSEARCH_TLS_CA_CERTS = env.get("ELASTICSEARCH_TLS_CA_CERTS")
self.ELASTICSEARCH_TLS_VERIFY_CERTS = env.to_bool(
"ELASTICSEARCH_TLS_VERIFY_CERTS"
)
self.ELASTICSEARCH_TLS_CLIENT_CERT = env.get("ELASTICSEARCH_TLS_CLIENT_CERT")
self.ELASTICSEARCH_TLS_CLIENT_KEY = env.get("ELASTICSEARCH_TLS_CLIENT_KEY")
self.ELASTICSEARCH_TIMEOUT = env.to_int("ELASTICSEARCH_TIMEOUT", 60)
self.XREF_SCROLL = env.get("ALEPH_XREF_SCROLL", "5m")
self.XREF_SCROLL_SIZE = env.get("ALEPH_XREF_SCROLL_SIZE", "1000")
Expand Down
3 changes: 2 additions & 1 deletion docs/src/options.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
"defaultLanguageName": "English",
"languages": {
"es": "Español",
"pt": "Português"
"pt": "Português",
"fr": "Français"
}
},
"header": {
Expand Down
21 changes: 21 additions & 0 deletions docs/src/pages/developers/installation.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -381,6 +381,27 @@ Aleph is able to report issues to a [Sentry](https://www.sentry.io) instance. To

You can set the [environment](https://docs.sentry.io/platforms/python/configuration/environments/) via the `SENTRY_ENVIRONMENT` setting.

### Mutual TLS

To provide an extra layer of security, it is possible to configure the services (postgres, redis and elasticsearch) to speak mutual TLS (mTLS) with each other. Managing client certificates for this matter requires some encryption knowledge and experience and is a seperate topic that can not be covered within this documentation.

Once you have configured and deployed the services with TLS, the connection settings in the environment vars need to be adjusted:

```
# redis
REDIS_URL="rediss://:<password>@redis:6379/0?ssl_certfile=/certs/redis.crt&ssl_keyfile=/certs/redis.key&ssl_ca_certs=/certs/ca.crt"

# postgres
ALEPH_DATABASE_URI="postgresql://<user>:<password>@postgres/aleph?sslmode=verify-full&sslrootcert=/certs/ca.crt&sslcert=/certs/postgres.crt&sslkey=/certs/postgres.key"

# elasticsearch
ALEPH_ELASTICSEARCH_URI=https://<user>:<password>@elasticsearch:9200
ELASTICSEARCH_TLS_CA_CERTS=/certs/ca.crt
ELASTICSEARCH_TLS_CLIENT_CERT=/certs/elastic.crt
ELASTICSEARCH_TLS_CLIENT_KEY=/certs/elastic.key
ELASTICSEARCH_TLS_VERIFY_CERTS=1
```

## Troubleshooting

Troubleshooting help can be found in the [Technical FAQ](/developers/technical-faq).
1 change: 0 additions & 1 deletion helm/charts/aleph/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ description: Helm chart for Aleph
type: application
version: 3.15.3
appVersion: 3.15.3

Loading