v1.1.0: Release notes

OpenCRVS v1.1.0-stable is a minor release marking the commencement of a standardised release process for OpenCRVS. This release will be maintained for 6 months by the core development team.

The v1.1.0 release includes collective hot-fixes to stabilise the previous v1.0.1 minor patch release.

Upgrading from v1.0.1 to v1.1.0 requires the upgrade Migration Notes to be followed precisely.

It is to be used in conjunction with a forked country configuration release v1.1.0

We strongly recommend that all implementers currently running v1.0.1 perform the upgrade to v1.1.0 as soon as possible.

Documentation updates

The following pages in our documentation have been corrected and updated due to the requirements of the new features.

Specified upgraded Ubuntu version and increased diskspace for servers

Supported Node version updated for development environments

Simpler command to start country configuration server

Improved instructions for forking in order to make migration simpler

Information on how to encrypt and safely store application secrets required by Ansible

Missing A record in DNS settings and wildcard option

Requirement to duplicate Github Actions for deployment in a forked repo

Major Features

The following explains in more detail each major feature that has been included in this release.

Migration microservice

In this release a new "migration" microservice has been introduced to core to support a simper upgrade procedure for system administrators. This microservice utilises the package migrate-mongo and performs automatic breaking change core migrations. This means that a system implementer will never need to manually install, store and run database migration files.

UI updates for new users

Previously the create and edit user flow and the onboarding flow were not utilising the new Content UI components from the storybook. These flows have been refactored.

Dependency upgrades

In this release, no major components have been upgraded. In December's release v1.2.0 Create React App has been replaced with Vite, we have introduced an S3 compatible document store Min.io and are upgrading a host of dependencies.

Miscellaneous bugfixes and refactor

A host of bugfixes were discovered and prioritsed by our QA team to stabilise OpenCRVS v1.0.1 .In future, non-breaking change bugfixes will be released as v1.1.<PATCH> hotfix releases.

Breaking changes - core

v1.1.0 includes the following improvements which are breaking changes. Core migrations are performed automatically when you upgrade and run this release as explained in the migration notes.

  • Bugfix OCRVS-3561: When registering a birth, a document "Legal Guardian Proof" was entered into the database mistakenly as "Informant's Birth Certificate". An automatic migration finds any such entries and correctly labels the document.

  • Bugfix related to OCRVS-2641: When improving our demo data generator script to more accurately reflect "real" Field Agent performance, we noticed that the timestamp saved to InfluxDB marking when the Field Agent commenced the application was incorrectly set to the timestamp associated with the last edit on the application. An automatic migration finds any such entries and correctly sets the timestamp.

  • An automatic migration adds a new channel /confirm/registration to OpenHIM so that the payload between country configuration BRN generation and core workflow service can be monitored in OpenHIM. Additionally log retention for all OpenHIM channels is hardocded to 30 days. This saves approximately 20GB of storage space on a production server every year.

Breaking changes - country configuration

v1.1.0 includes the following configuration improvements which are breaking changes. You must merge all changes from the Farajaland master branch into your country configuration fork to retrieve all these updates as explained in the migration notes.

  • The country configuration now loads the JWT public key from core from a new endpoint in the auth microservice "/.well-known". This improves our security processes as we can now rotate the public key without taking the stack down. An additional benefit of this change is this also allows development teams to start the country configuration server with just yarn dev, rather than previously the v1.0.1 requirement to run yarn dev <-- path to the core directory -->.

  • We fixed a bug in our provided Github Action deploy.yml.

  • Docker Compose yml files have all been updated to support bugfixes in core.

  • The core emergency-backup-metadata.sh and emergency-restore-metadata.sh scripts contained bugs which have been resolved and these scripts are now located in the country configuration server.

  • The Ansible playbooks in core, now extend an additional playbook.yml in the country configuration. This allows application secrets that LUKS encrypt the manager node databases' /data folder to be configured as you wish. The prop encrypt_passphrase has been renamed to disk_encryption_key to more accurately reflect the use case of this value. The disk_encryption_key is saved into a file at the location root/disk-encryption-key.txt The script decrypt.sh is run on a system reboot, as we noticed that on reboot the data folder would not mount until it is decrypted. Mongo DB and Elasticsearch passwords are saved into an example text file opencrvs.secrets inside the encrypted data/ folder.

PRODUCTION NOTE: In production, you will need to provision a Hardware Security Module and amend the country configuration playbook.yml, decrypt.sh, emergency-backup-metadata.sh and emergency-restore-metadata.sh scripts at the linked locations in order to change the approach to storing and accessing the disk_encryption_key and MongoDB and Elasticsearch passwords. Our supplied approach is not production ready. Secure secret storage is currently outside the scope of OpenCRVS.

In the December OpenCRVS release v.1.2.0 we intend to show an example of how an HSM could be configured. In the meantime, MOSIP's documentation on the requirements of a Hardware Security Module is useful reading.

  • The following translation keys have been added:

"config.application.updatingeMessage": "Updating..."
"constants.requestReason": "Reason for request"
"form.field.label.updatingUser": "Updating user"
"form.field.label.creatingNewUser": "Creating new user"
"form.section.user.preview.title": "Confirm details"
"record.certificate.collectedInAdvance": "Printed in advance by"

For full details of all product updates, visit https://github.com/opencrvs/opencrvs-core/releases

Known issues

v1.1.0-stable:

  1. Deployment script: This issue is resolved in v1.1.1. We deprecated the --update-metadata parameter which is passed to deploy.sh from the Github Deploy Action. The country configuration Github Action file deploy.yml still attempts to pass this parameter to deploy.sh. This causes the deploy script to fail. To resolve this issue, please edit the Github Action deploy.yml in your country configuration in lines 90, 112 and 134 from:

bash deploy.sh --clear-data=${{ env.FACTORY_RESET }} --restore-metadata=${{ env.FACTORY_RESET }} --update-metadata=no ...

to:

bash deploy.sh --clear-data=${{ env.FACTORY_RESET }} --restore-metadata=${{ env.FACTORY_RESET }} ...

Last updated