ODK Central v0.1 Alpha

odk-central

(Yaw Anokwa) #1

@clint (of ODK Build fame), @matthew_white (of odk-meta fame), @ln (of XForms tricks fame) and I have been building a new ODK 1 server that, with the ODK 1 @TSC’s approval, is now ready to share with the community! We call it ODK Central.

Central does not yet have all the functionality of ODK 1 servers (e.g., Aggregate, Ona, Kobo, ELMO), but it does the basics of hosting forms and submissions very well! It also has some nice features like:

  • Simplified user interface with checklists to reduce training
  • OData feed for live-updating reports in Excel, Power BI, or Tableau
  • Automated and encrypted off-site backups for safety
  • Extensible through a RESTful API to users, forms, and submissions
  • Great performance on low-cost local or cloud machines
  • Detailed docs at https://docs.opendatakit.org/central-intro

We think it’s important to get early feedback from the community about what features you'd like to see in Central, so I’m thrilled to announce that we are opening up Central for an alpha!

An alpha release is a chance for early adopters to try the software. Alphas may be unstable and unreliable, so please do not use Central on real deployments with real data yet.

Alphas are also not feature-complete. In the case of Central, the important limitations are:

  • Form submission data cannot yet be viewed or filtered directly on the server
  • Form definitions cannot yet have media attachments or be encrypted
  • No support yet for ODK Briefcase

If you’d like to try out the alpha and offer your feedback, you have two options.

  • Option 1: We’ve set up a sandbox server running Central at https://sandbox.central.opendatakit.org. To get an invite, send me a private message! Please note that everyone on the server will be able to see your email address, forms, and data.

  • Option 2: Central makes it easy to self-host on a local machine (free) or in the cloud (~$5/month). Go to http://github.com/opendatakit/central to get started. Please note that you will need a little bit of technical know-how.

Once you have a chance to try Central, we’d love your feedback as a comment below :point_down: . We are particularly interested in answers to the following questions.

  • What, if anything, was confusing?
  • What missing feature is preventing you from using this for your next project?

One question you might have is “what about Aggregate?”. The ODK 1 ecosystem has always had a variety of servers and we believe that having so many choices is a strength!

@ggalmazor continues to lead community members in improving Aggregate (in fact, we have a release coming soon). That said, Aggregate is built on technology that makes it hard to evolve quickly and we believe that over time, Central may grow into a better platform for addressing some of the larger backend features that the community has requested.

We continue to need your help making Aggregate better. If you depend on it, please head to https://github.com/opendatakit/aggregate and help. It’s never been easier to contribute.


REST API for ODK Aggregate
ODK Central - Can't reinstate an app user whose permissions have been revoked
Data Visualization with ODK Server
Change form version in ODK Build
Community Update - 2018-07-17
Where is it stored Media file?
(Yaw Anokwa) #2

I'm a little biased, but I'm loving the OData feed for visualizing data. I was able to throw together this demo live updating map really quickly with Tableau. Have others been able to try the feed in Excel?


(Sounay Phothisane) #3

I use Ubuntu 14 to install ODK central. However, I am stuck on step 13 "systemctl start docker-compose@central"

Do you have any installation guide on Ubuntu server?

Regards,
Sounay


(Matthew MacGregor) #4

Just have Central set up, running on Ubuntu Xenial. Two snags...

  1. I have my own SSL cert (not LetsEncrypt) that I want to use, but am having trouble figuring out how to get central_nginx to use it inside Docker. What should I set SSL_TYPE to in .env? Should I modify the odk-setup script, or can I just feed the cert locations to a load parameter?

  2. Can I just specify a SMTP server anywhere (for password reset emails, etc) rather than rely on exim?

Matthew


(Yaw Anokwa) #5

systemd which is controlled by systemctl was added in Ubuntu 15. Is there a reason you need to use Ubuntu 14? Can you upgrade to say Ubuntu 16 (the newest LTS)?


(Sounay Phothisane) #6

Thanks, successfully installed. Yeah, it really lacks many features like in Ona and Aggregate, but I really love it. Very simple and easy to use.

It would be great to integrate Enketo instance with Central :slight_smile:


(Yaw Anokwa) #7

Glad you got it installed! It sounds like Enketo integration is your top feature request? Anything else from Ona or Aggregate that is preventing from using it in your work?


(Yaw Anokwa) #8
  1. As to the SSL cert, @clint will know best, but maybe we can add a new SSL_TYPE. Until then, I'd recommend you do whatever is easiest for you to maintain :smile:

  2. I'm not a docker expert, but we are using docker-smtp as the mail container and I believe if you can configure it as a generic SMTP relay if you set the SMARTHOST parameters at https://github.com/namshi/docker-smtp#as-generic-smtp-relay in the central's docker-compose.yml file.

For both of these, it'd be good know why you need that flexibility so we can think of a solution that'd work best for everyone.


(Clint Tseng) #9

I think we need to make a new SSL_TYPE for you to make your custom cert work. I have filed a ticket here to track that request: https://github.com/opendatakit/central/issues/11

As for a custom SMTP destination, yes.. mostly. If you edit files/service/config.json.template in your central repository you'll find some configuration lines that reference the mail transport. If you edit the host and port in transportOpts it'll attempt to use whatever server you specify—assuming you don't run into DNS/networking/etc snags. You shouldn't, but of course these things have a way of failing in strange ways.


(Shannon Avison) #10

Hi Yanokwa- could I get an invite please to the ODK Central sandbox? I'm curious to try it out :slight_smile:
Thanks in advance!


(Yaw Anokwa) #11

The invite is in your inbox (or maybe your spam). If you don't see it in a few minutes, send me a personal message.


(Matthew MacGregor) #12

Thanks for the reply. Not having played with Docker before, this is something of a learning curve, and I've always find SSL configs a challenge! I was hoping the SSL was just a matter of swapping out the .pem files, but clearly not. Still I now have Central talking to my SMTP server, so that much is good.

I guess for us our deployment scenario would be to host ODK in house on a VM and hook into our existing infrastructure. Like SMTP, which was thankfully easy to do.

Again, maybe this is my lack of Docker experience, but would it be possible to run ODK-Central in non-SSL mode? This would allow us

  • for testing, to connect tablet devices where you can't simply tell the Collect app to ignore SSL problems, and
  • put the whole thing behind a load balancer, which could terminate the SSL connection. Which is exactly what we do with Aggregate.

Thanks again


(Clint Tseng) #13

We're staying on the cautious side about SSL in general, since neither our OAuth2-style bearer token auth nor our Basic auth support provide any semblance of security without some sort of encryption. That said, obviously both scenarios you've presented ("these transmissions don't matter" and "I've already solved that problem elsewhere") are very valid reasons to want SSL off at that layer.

Until there is a more official answer, I'm guessing if you take a look at files/nginx/odk.conf.template you'll have a good sense of how to modify it to suit your purposes. If you run into snags with that, please feel free to drop me a PM.


(Michael Marks) #14

What is the problem? Please be detailed.
ODK Central Beta Testing
Can't re-instate App User Access if revoked

What ODK tool and version are you using? And on what device and operating system version?
ODK Central Beta Testing

What steps can we take to reproduce the problem?
Setup the ODK Central Server Beta
Setup an App User account
Revoke the access of that account - can't reinstate it

What you have you tried to fix the problem?
Tried refreshing etc .... no joy


(Yaw Anokwa) #15

@dr_michaelmarks Thanks for the bug report. Since this is an alpha, I'm moving the support question to the specific thread and paging @clint for help :slight_smile:


(Matthew MacGregor) #16

Many thanks @clint for your help. I now have the SSL working. A bit of a hack - configured the environment for selfsign and just swapped out the default fullchain and privkey .pem files.with my own.


(Clint Tseng) #17

hi! this is presently by design. if you wish to allow access again, create a new app user. we'll think about a feature to reinstate access for the future. thanks for the feedback!


(Michael Marks) #18

Yes it's fine from a beta testing perspective but just flagging this as something that will long term need fixing


(Clint Tseng) #19

i'm actually not as sure. it depends on how you view the App User: is it representative of a person, or is it representative of a point of access? when you reinstate access, are you re-enabling the old code or are you generating a new one?

right now, our viewpoint is that the most straightforward model to understand is that a revoked App User is done, and that's it. that way there is no confusion at all about what reinstatement would mean from a security and workflow standpoint. this is why the revoke screen says that the action cannot be undone—because if we start undoing that action there isn't a single obvious answer for what should happen, so everybody's expectations will be different. perhaps eventually we will figure out some clear answer or some way to clearly communicate one of the options.


(Michael Marks) #20

Agree it's not 100% clear but certainly during development I sometimes intermittently grant them reovke access to users whilst I play around with stuff.

Perhaps an option to "suspend" access as well as revoke might cover bases whilst being less ambiguous.