Automatic updates deployment: Difference between revisions

From MoodleDocs
(Basic info about the feature and some of errors that may raise)
 
m (Moved the SSL info to a separate page as it is related to other pages, too)
Line 40: Line 40:
==== cURL error 60 SSL certificate problem ====
==== cURL error 60 SSL certificate problem ====


This suggests problems with the validation of the SSL certificate of the remote (moodle.org) site when fetching the ZIP package.
This suggests problems with the validation of the SSL certificate of the remote (moodle.org) site when fetching the ZIP package. See [[SSL certificate for moodle.org]] for more info.
 
ZIP packages are downloaded via the secure HTTPS protocol. The mdeploy utility validates the SSL certificate of the remote site (which is the Moodle plugins directory in this case) and verifies its identity. To make this work, there must be a certificate (in the PEM format) of the [http://en.wikipedia.org/wiki/Certificate_authority certificate authority (CA)] that issued the certificate for moodle.org installed at your server.
 
The SSL certificate of the Moodle plugins directory has been issued by the [https://www.digicert.com/digicert-root-certificates.htm DigiCert CA] and signed by their ''DigiCert High Assurance EV Root CA'' certificate. If this CA certificate is missing, the remote site can not be verified and the mdeploy utility refuses to download the ZIP (to protect you from so called man-in-the-middle attack). The exact location of that certificate at your server depends on the OS type and other settings. At Linux servers it may be typically found at /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt for example.
 
The recommended way to fix this problem is to update your server's operating system so that it contains recent SSL certificates of common certificate authorities. At Debian based distributions, these certificates are distributed in the ''ca-certificates'' package. Gentoo servers provide them via the ''app-misc/ca-certificates'' ebuild. It's also a good idea to make sure that the OpenSSL libraries (libssl) and cURL libraries (libcurl) are up-to-date at your server.
 
If updating the operating system is not an option for you and the administrator of the server refuses to update the CA certificates at the server (there's not a good argument for that though), here is a workaround for you. You can download the [https://www.digicert.com/testroot/DigiCertHighAssuranceEVRootCA.crt DigiCert High Assurance EV Root CA] certificate from [https://www.digicert.com/digicert-root-certificates.htm digicert.com] and put it into your ''moodledata/moodleorgca.crt'' file. If the certificate is found there, Moodle will use it instead of relying on the one provided by the operating system.

Revision as of 14:10, 4 December 2012

New feature
in Moodle 4.3!

Plugins overview highlighting available update with install button

In Moodle 2.4 onwards, an administrator can enable updates deployment in Settings > Site Administration > Server > Update notifications. Then when updates are available, 'Install this update' buttons are shown on Plugins overview and Plugins check pages.

This functionality requires that Update notifications is enabled at the site.

How it works

As a part of the information about available updates for the site, URL of the ZIP package with the new version of an installed plugin is returned. When Install this update button is pressed and the the deployment is confirmed at the next page, a standalone utility called mdeploy.php is executed.

  1. The mdeploy utility authorizes the request to make sure you are coming exactly from the confirmation page displayed in the previous step.
  2. The ZIP package with the new version is fetched from the Moodle plugins directory.
  3. A simple integrity check is performed to make sure the ZIP was downloaded correctly.
  4. The current version of the plugin code is archived into a directory at moodledata/mdeploy/archive/ so you have a backup (just in case you had some local tweaks in the code, for example).
  5. The current directory with the plugin is removed and replaced with the content of the downloaded ZIP.
  6. Your browser is redirected to the page where the normal upgrade procedure happens.

At this moment, you can deploy another available update (if there is such) or perform the upgrade procedure as if you uploaded the ZIP contents to your site manually.

Disabling updates deployment

In a few circumstances (such as completely managed servers, which may have a lot of local modifications, or sites that have their own solution for updates deployment - for example via Git checkouts) it is desirable to not to allow automatic updates deployment. The feature may be disabled completely by adding the following code to the config.php file:

$CFG->disableupdateautodeploy = true;

Errors and exceptions

Error screen during the plugin deployment

If anything goes wrong during the deployment, please read the error page carefully and copy the error message together with the debugging information for later reference. Also, check the mdeploy.log file. The mdeploy utility logs all the steps into this file located at moodledata/mdeploy/mdeploy.log. The log file usually contains additional details and debugging information describing the reason of the failure.

When you navigate back from the error screen, always remember to go back up to the screen with the list of available plugins (where you clicked the Install this update button originally). Just going back to the previous confirmation screen or even reloading the current page will not work as the request would not be authorized any more. Doing so leads to the unauthorized_access_exception with the message Unable to read the passphrase file.

The following section describes some errors that may raise and how to deal with them.

Unable to download the package (download_file_exception)

Check the bottom of the mdeploy.log file. It will probably contain a line starting with "cURL error" followed by the error number and the cURL error description.

cURL error 7 couldn't connect to host

Make sure that the site http://moodle.org/plugins is up and running at the moment. If it is down, your site can't fetch the ZIP packages from it. Wait for the moodle.org site is up again and try to repeat the deployment procedure.

cURL error 60 SSL certificate problem

This suggests problems with the validation of the SSL certificate of the remote (moodle.org) site when fetching the ZIP package. See SSL certificate for moodle.org for more info.