In this guide, you learn how to setup the development environment of
Artemis. Artemis is based on JHipster,
i.e. Spring Boot
development on the application server using Java 17, and TypeScript
development on the application client in the browser using
Angular. To get an overview of the
used technology, have a look at the JHipster Technology stack
and other tutorials on the JHipster homepage.
You can find tutorials how to setup JHipster in an IDE (IntelliJ IDEA
Ultimate is recommended) on
https://jhipster.github.io/configuring-ide. Note that the Community
Edition of IntelliJ IDEA does not provide Spring Boot support (see the
comparison
matrix).
Before you can build Artemis, you must install and configure the
following dependencies/tools on your machine:
Java
JDK:
We use Java (JDK 17) to develop and run the Artemis application
server, which is based on Spring
Boot.
MySQL Database Server 8, or PostgreSQL:
Artemis uses Hibernate to store entities in an SQL database and Liquibase to
automatically apply schema transformations when updating Artemis.
Node.js: We use Node LTS (>=18.14.0 < 19) to compile
and run the client Angular application. Depending on your system, you
can install Node either from source or as a pre-packaged bundle.
Npm: We use Npm (>=9.4.0) to
manage client side dependencies. Npm is typically bundled with Node.js,
but can also be installed separately.
( Graphviz: We use Graphviz to generate graphs within exercise task
descriptions.
It’s not necessary for a successful build,
but it’s necessary for production setups as otherwise errors will show up during runtime. )
( A version control and build system is necessary for the programming exercise feature of Artemis.
There are multiple stacks available for the integration with Artemis:
The required Artemis schema will be created / updated automatically at startup time of the server application.
Artemis supports MySQL and PostgreSQL databases.
Download and install the MySQL Community Server (8.0.x).
You have to run a database on your local machine to be able to start Artemis.
We recommend starting the database in a docker container. You can run the MySQL Database Server
using e.g. dockercompose-fdocker/mysql.ymlup.
If you run your own MySQL server, make sure to specify the default character-set
as utf8mb4 and the default collation as utf8mb4_unicode_ci.
You can achieve this e.g. by using a my.cnf file in the location /etc.
For the development environment, the default MySQL user is ‘root’ with an empty password.
(In case you want to use a different password, make sure to change the value in
application-local.yml(spring > datasource > password) and in liquibase.gradle(within the ‘liquibaseCommand’ as argument password)).
If you have problems connecting to the MySQL 8 database using an empty root password, you can try the following command
to reset the root password to an empty password:
mysql-uroot--execute"ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY ''";
Warning
Empty root passwords should only be used in a development environment.
The root password for a production environment must never be empty.
No special PostgreSQL settings are required.
You can either use your package manager’s version, or set it up using a container.
An example Docker Compose setup based on the official container image
is provided in src/main/docker/postgres.yml.
When setting up the Artemis server, the following values need to be added/updated in the server configuration (see setup steps below) to connect to PostgreSQL instead of MySQL:
This example assumes that the database is called Artemis.
You might have to update this part of spring.datasource.url as well if you chose a different name.
To start the Artemis application server from the development
environment, first import the project into IntelliJ and then make sure
to install the Spring Boot plugins to run the main class
de.tum.in.www1.artemis.ArtemisApp. Before the application runs, you
have to change some configuration options.
You can change the options directly in the file application-artemis.yml in the folder
src/main/resources/config. However, you have to be careful that you do not
accidentally commit your password. Therefore, we strongly recommend, to create a new file
application-local.yml in the folder src/main/resources/config which is ignored by default.
You can override the following configuration options in this file.
artemis:repo-clone-path:./repos/legal-path:./legal/repo-download-clone-path:./repos-download/bcrypt-salt-rounds:11# The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa.# Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmarkuser-management:use-external:truepassword-reset:credential-provider:<provider># The credential provider which users can log in though (e.g. TUMonline)links:# The password reset links for different languagesen:'<link>'de:'<link>'external:url:https://jira.ase.in.tum.deuser:<username># e.g. ga12abcpassword:<password>admin-group-name:tumuserldap:url:<url>user-dn:<user-dn>password:<password>base:<base>version-control:url:https://bitbucket.ase.in.tum.deuser:<username># e.g. ga12abcpassword:<password>token:<token># VCS API token giving Artemis full Admin access. Not needed for Bamboo+Bitbucketcontinuous-integration:url:https://bamboo.ase.in.tum.deuser:<username># e.g. ga12abctoken:<token># Enter a valid token generated by bamboo or leave this empty to use the fallback authentication user + passwordpassword:<password># Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications# from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan# is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then# triggering the plan.# In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in# Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the# hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself!# You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice.secret-push-token:<token hash># Key of the saved credentials for the VCS service# Bamboo: not needed# Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and# password for the VCS are storedvcs-credentials:<credentials key># Key of the credentials for the Artemis notification token# Bamboo: not needed# Jenkins: You have to specify the key from the credentials page in Jenkins under which the notification token is storednotification-token:<credentials key># The actual value of the notification token to check against in Artemis. This is the token that gets send with# every request the CI system makes to Artemis containing a new result after a build.# Bamboo: The token value you use for the Server Notification Plugin# Jenkins: The token value you use for the Server Notification Plugin and is stored under the notification-token credential aboveauthentication-token:<token>git:name:Artemisemail:artemis@in.tum.deathena:url:http://localhost:5000secret:abcdef12345
Change all entries with <...> with proper values, e.g. your TUM
Online account credentials to connect to the given instances of JIRA,
Bitbucket and Bamboo. Alternatively, you can connect to your local JIRA,
Bitbucket and Bamboo instances. It’s not necessary to fill all the
fields, most of them can be left blank. Note that there is additional
information about the setup for programming exercises provided:
Note
Be careful that you do not commit changes to application-artemis.yml.
To avoid this, follow the best practice when configuring your local development environment:
Create a file named application-local.yml under src/main/resources/config.
Copy the contents of application-artemis.yml into the new file.
Update configuration values in application-local.yml.
By default, changes to application-local.yml will be ignored by git so you don’t accidentally
share your credentials or other local configuration options. The run configurations contain a profile
local at the end to make sure the application-local.yml is considered. You can create your own
configuration files application-<name>.yml and then activate the profile <name> in the run
configuration if you need additional customizations.
If you use a password, you need to adapt it in
gradle/liquibase.gradle.
This setup is recommended for production instances as it registers Artemis as a service and e.g. enables auto-restarting
of Artemis after the VM running Artemis has been restarted.
Alternatively, you could look at the section below about
deploying artemis as docker container.
For development setups, see the other guides below.
This is a service file that works on Debian/Ubuntu (using systemd):
The following parts might also be useful for other (production) setups, even if this service file is not used:
-Djava.security.egd=file:/dev/./urandom: This is required if repositories are cloned via SSH from the VCS.
The default (pseudo-)random-generator /dev/random is blocking which results in very bad performance when using
SSH due to lack of entropy.
The file should be placed at /etc/systemd/system/artemis.service and after running sudosystemctldaemon-reload,
you can start the service using sudosystemctlstartartemis.
You can stop the service using sudoserviceartemisstop and restart it using sudoserviceartemisrestart.
Logs can be fetched using sudojournalctl-uartemis-f-n200.
You can find the latest Artemis Dockerfile at docker/artemis/Dockerfile.
The Dockerfile has multiple stages: A builder stage,
building the .war file, an optional external_builder stage to import a pre-built .war file,
a war_file stage to choose between the builder stages via build argument and a runtime stage with minimal
dependencies just for running artemis.
The Dockerfile defines three Docker volumes (at the specified paths inside the container):
/opt/artemis/config:
This can be used to store additional configurations of Artemis in YAML files.
The usage is optional, and we recommend using the environment files for overriding your custom configurations
instead of using src/main/resources/application-local.yml as such an additional configuration file.
The other configurations like src/main/resources/application.yml, … are built into the .war file and
therefore are not needed in this directory.
Tip
Instead of mounting this config directory, you can also use environment variables for the configuration as
defined by the
Spring relaxed binding.
You can either place those environment variables directly in the environment section,
or create an .env-file.
When starting an Artemis container directly with the Docker-CLI, an .env-file can also be given via the
--env-file option.
To ease the transition of an existing set of YAML configuration files into the environment variable style, a
helper script can be used.
/opt/artemis/data:
This directory should be used for any data (e.g., local clone of repositories).
This is preconfigured in the docker Java Spring profile (which sets the following values:
artemis.repo-clone-path, artemis.repo-download-clone-path,
artemis.course-archives-path, artemis.submission-export-pathartemis.legal-path, and artemis.file-upload-path).
/opt/artemis/public/content:
This directory will be used for branding.
You can specify a favicon here.
The Dockerfile assumes that the mounted volumes are located on a file system with the following locale settings
(see #4439 for more details):
LC_ALL en_US.UTF-8
LANG en_US.UTF-8
LANGUAGE en_US.UTF-8
Warning
ARM64 Image builds might run out of memory if not provided with enough memory and/or swap space.
On a Apple M1 we had to set the Docker Desktop memory limit to 12GB or more.
The Docker containers have the possibility to enable Java Remote Debugging via Java environment variables.
Java Remote Debugging lets you use your preferred debugger connected to port 5005.
For IntelliJ, you can use the Remote Java Debugging for Docker profile shipped in the git repository.
With the following Java environment variable, you can configure the Remote Java Debugging inside a container:
This is already pre-set in the Docker Compose Artemis-Dev-MySQL Setup.
For issues at the startup, you might have to suspend the java command until a Debugger is connected.
This is possible by setting suspend=y.
Run the server via a run configuration in IntelliJ
The project comes with some pre-configured run / debug configurations that are stored in the .idea directory.
When you import the project into IntelliJ the run configurations will also be imported.
The recommended way is to run the server and the client separately. This provides fast rebuilds of the server and hot
module replacement in the client.
Artemis (Server): The server will be started separated from the client. The startup time decreases significantly.
Artemis (Client): Will execute npminstall and npmrunserve. The client will be available at
http://localhost:9000/ with hot module replacement enabled (also see
Client Setup).
Artemis (Server & Client): Will start the server and the client. The client will be available at
http://localhost:8080/ with hot module replacement disabled.
Artemis (Server, Jenkins & GitLab): The server will be started separated from the client with the profiles
dev,jenkins,gitlab,artemis instead of dev,bamboo,bitbucket,jira,artemis.
Artemis (Server, LocalVC & LocalCI): The server will be started separated from the client with the profiles dev,localci,localvc,artemis instead of dev,bamboo,bitbucket,jira,artemis. To use this configuration, Docker needs to be running on your system as the local CI system uses it to run build jobs.
Artemis (Server, LocalVC & LocalCI, Athena): The server will be started separated from the client with athena profile and Local VC / CI enabled
(see Athena Service).
Run the server with Spring Boot and Spring profiles
The Artemis server should startup by running the main class
de.tum.in.www1.artemis.ArtemisApp using Spring Boot.
Note
Artemis uses Spring profiles to segregate parts of the
application configuration and make it only available in certain
environments. For development purposes, the following program arguments
can be used to enable the dev profile and the profiles for JIRA,
Bitbucket and Bamboo:
Text Assessment Analytics is an internal analytics service used to gather data regarding the features of the text
assessment process. Certain assessment events are tracked:
Adding new feedback on a manually selected block
Adding new feedback on an automatically selected block
Deleting a feedback
Editing/Discarding an automatically generated feedback
Clicking the Submit button when assessing a text submission
Clicking the Assess Next button when assessing a text submission
These events are tracked by attaching a POST call to the respective DOM elements on the client side.
The POST call accesses the TextAssessmentEventResource which then adds the events in its respective table.
This feature is disabled by default. We can enable it by modifying the configuration in the file:
src/main/resources/config/application-artemis.yml like so:
You should be able to run the following
command to install development tools and dependencies. You will only
need to run this command when dependencies change in package.json.
npminstall
To start the client application in the browser, use the following
command:
npmrunserve
This compiles TypeScript code to JavaScript code, starts the live reloading feature
(i.e. whenever you change a TypeScript file and save, the client is automatically reloaded with the new code)
and will start the client application in your browser on
http://localhost:9000. If you have activated the JIRA profile (see
above in Server Setup) and if you have configured
application-artemis.yml correctly, then you should be able to login
with your TUM Online account.
Hint
In case you encounter any problems regarding JavaScript heap memory leaks when executing npmrunserve or
any other scripts from package.json, you can adjust a
memory limit parameter
(node-options=--max-old-space-size=6144) which is set by default in the project-wide .npmrc file.
If you still face the issue, you can try to set a lower/higher value than 6144 MB.
Recommended values are 3072 (3GB), 4096 (4GB), 5120 (5GB) , 6144 (6GB), 7168 (7GB), and 8192 (8GB).
The privacy statement and the imprint are stored in the ./legal directory by default. You can override this value by setting the artemis.legal-path value in the application-artemis.yml.
The privacy statement and the imprint are stored as markdown files. Currently, English and German as languages are supported.
The documents have to follow the naming convention <privacy_statement|imprint>_<de|en>.md.
In case you add only a file for one language, this file will always be shown regardless of the user’s language setting.
If you add a file for each language, the file will be shown depending on the user’s language setting.
In the following, the documentation provides a template in English and German for the privacy statement and the imprint with placeholders that have to be replaced with the actual content.
Warning
These are only templates that are used similarly at TUM and need to be adapted to your needs.
Make sure to consult your data protection officer and/or legal department before making the privacy statement/imprint publicly available.
We do not take any responsibility for the content of the privacy statement or the imprint.
# Datenschutz
Die <Universität> nimmt den Schutz von personenbezogenen Daten sehr ernst und nutzt eine sichere und verschlüsselte Kommunikation nach
bewährten Verfahren und modernsten Technologien (z.B. HTTPS mit sicherem Zertifikat der TUM, TLS 1.3, Strict Transport Security, Forward Secrecy, Same Site Cookie Schutz) um die
Privatsphäre der Nutzer von Artemis bestmöglich zu schützen. Artemis verarbeitet personenbezogene Daten im Rahmen der Lehre und im Rahmen von Prüfungen unter Beachtung der
geltenden datenschutzrechtlichen Bestimmungen. Die Rechtsgrundlage für die Verarbeitung der Daten stellt Art. 6 Abs. 1 Lit. c (Rechtliche Verpflichtung)
der [Datenschutz Grundverordnung (DSGVO)](http://data.europa.eu/eli/reg/2016/679/oj) dar. Darüber hinaus gelten <weitere anwendbare landesspezifische Regelungen>.
Nachfolgend informieren wir über Art, Umfang und Zweck der Erhebung und Verwendung personenbezogener Daten. Diese Informationen können jederzeit von unserer Webseite abgerufen
werden.
## Allgemeine Informationen
#### Name und Kontaktdaten des Verantwortlichen
<Universität>
Postanschrift: <Adresse>
Telefon: <Telefonnummer>
E-Mail: <Email>
#### Kontaktdaten des/der Datenschutzbeauftragten
Der/Die Datenschutzbeauftragte der <Universität>
Postanschrift: <Adresse>
Telefon: <Telefonnummer>
E-Mail: <Email>
#### Zwecke und Rechtsgrundlagen für die Verarbeitung personenbezogener Daten
Zweck der Verarbeitung ist die Erfüllung der uns vom Gesetzgeber zugewiesenen öffentlichen Aufgaben, insbesondere der Lehre und der Prüfung im universitären Umfeld. Die Rechtsgrundlage für die Verarbeitung Ihrer Daten ergibt sich, soweit nichts anderes angegeben ist, aus Art. 6 Abs. 1 Lit. c (Rechtliche Verpflichtung) der [Datenschutz Grundverordnung (DSGVO)](http://data.europa.eu/eli/reg/2016/679/oj). Darüber hinaus gelten <weitere anwendbare landesspezifische Regelungen>. Demnach ist es uns erlaubt, die zur Erfüllung einer uns obliegenden Aufgabe erforderlichen Daten zu verarbeiten.
#### Empfänger von personenbezogenen Daten
Der technische Betrieb unserer Datenverarbeitungssysteme erfolgt durch:
<zuständige Stelle für den Betrieb>
<Adresse>
Telefon: <Telefonnummer>
E-Mail: <Email>
<Webseite>
Gegebenenfalls werden Ihre Daten an die zuständigen Aufsichts- und Rechnungsprüfungsbehörden zur Wahrnehmung der jeweiligen Kontrollrechte übermittelt.
<Falls anwendbar, geben Sie hier an, an wen die Daten potentiell weitergeleitet werden um die Informationssicherheit sicherzustellen>
#### Dauer der Speicherung der personenbezogenen Daten
Ihre Daten werden nur so lange gespeichert, wie dies unter Beachtung gesetzlicher Aufbewahrungsfristen zur Aufgabenerfüllung erforderlich ist.
#### Ihre Rechte
Soweit wir von Ihnen personenbezogene Daten verarbeiten, stehen Ihnen als Betroffener nachfolgende Rechte zu:
* Sie haben das Recht auf Auskunft über die zu Ihrer Person gespeicherten Daten (Art. 15 DSGVO).
* Sollten unrichtige personenbezogene Daten verarbeitet werden, steht Ihnen ein Recht auf Berichtigung zu (Art. 16 DSGVO).
* Liegen die gesetzlichen Voraussetzungen vor, so können Sie die Löschung oder Einschränkung der Verarbeitung verlangen (Art. 17 und 18 DSGVO).
* Wenn Sie in die Verarbeitung eingewilligt haben oder ein Vertrag zur Datenverarbeitung besteht und die Datenverarbeitung mithilfe automatisierter Verfahren durchgeführt wird, steht Ihnen gegebenenfalls ein Recht auf Datenübertragbarkeit zu (Art. 20 DSGVO).
* Falls Sie in die Verarbeitung eingewilligt haben und die Verarbeitung auf dieser Einwilligung beruht, können Sie die Einwilligung jederzeit für die Zukunft widerrufen. Die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Datenverarbeitung wird durch diesen nicht berührt.
Sie haben das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Ihrer Daten Widerspruch einzulegen, wenn die Verarbeitung ausschließlich auf Grundlage des Art. 6 Abs. 1 Buchst. e oder f DSGVO erfolgt (Art. 21 Abs. 1 Satz 1 DSGVO).
#### Beschwerderecht bei der Aufsichtsbehörde
Weiterhin besteht ein Beschwerderecht beim <Verantwortliche Person>. Diesen können Sie unter folgenden Kontaktdaten erreichen:
Postanschrift: <Postanschrift>
Adresse: <Adresse>
Telefon: <Telefonnummer>
E-Mail: <Email>
<Webseite>
#### Weitere Informationen
Für nähere Informationen zur Verarbeitung Ihrer Daten und zu Ihren Rechten können Sie uns unter den oben (zu Beginn von A.) genannten Kontaktdaten erreichen.
## Informationen zum Internetauftritt
#### Technische Umsetzung
Die Webserver von Artemis werden durch <Betreiber> betrieben. Die von Ihnen im Rahmen des Besuchs
unseres Webauftritts übermittelten personenbezogenen Daten werden daher in unserem Auftrag durch <Betreiber> verarbeitet:
<Betreiber>
<Straße und Hausnummer>
<Postleitzahl> <Ort>
<Telefonnummer>
E-Mail: <Email>
<Webseite>
#### Protokollierung
Wenn Sie diese oder andere Internetseiten von Artemis aufrufen, übermitteln Sie über Ihren Internetbrowser Daten an unsere Webserver. Die folgenden Daten werden während einer laufenden Verbindung zur Kommunikation zwischen Ihrem Internetbrowser und unseren Webservern temporär in einer Logdatei aufgezeichnet:
* IP-Adresse des anfragenden Rechners
* Datum und Uhrzeit des Zugriffs
* Name, URL und übertragene Datenmenge der abgerufenen Datei
* Zugriffsstatus (angeforderte Datei übertragen, nicht gefunden etc.)
* Erkennungsdaten des verwendeten Browser- und Betriebssystems (sofern vom anfragenden Webbrowser übermittelt)
* Webseite, von der aus der Zugriff erfolgte (sofern vom anfragenden Webbrowser übermittelt)
Die Verarbeitung der Daten in dieser Logdatei kann wie folgt geschehen:
* Die Logeinträge können kontinuierlich und automatisch ausgewertet werden, um Angriffe auf die Webserver erkennen und entsprechend reagieren zu können.
* In Einzelfällen, d.h. bei gemeldeten Störungen, Fehlern und Sicherheitsvorfällen, kann eine manuelle Analyse erfolgen.
#### Cookies
Um den Funktionsumfang unseres Internetangebotes zu erweitern und die Nutzung für Sie komfortabler zu gestalten, verwenden wir zum Teil so genannte "Cookies". Mit Hilfe dieser Cookies können bei dem Aufruf unserer Webseite Daten auf Ihrem Rechner gespeichert werden. Sie können das Speichern von Cookies jedoch deaktivieren oder Ihren Browser so einstellen, dass Cookies nur für die Dauer der jeweiligen Verbindung zum Internet gespeichert werden. Hierdurch könnte allerdings der Funktionsumfang unseres Angebotes eingeschränkt werden.
## Informationen zu einzelnen Verarbeitungen
#### Anmeldung
Bei Ihrer Anmeldung am System werden Ihre personenbezogenen Daten gegenüber dem Verzeichnisdienst der <Universität> verifiziert.
#### Auskunft und Berichtigung
Sie haben das Recht, auf schriftlichen Antrag und unentgeltlich Auskunft über die personenbezogenen Daten zu erhalten, die über Sie gespeichert sind. Zusätzlich haben Sie das Recht auf Berichtigung unrichtiger Daten. Den behördlichen Datenschutzbeauftragten der <Universität> erreichen Sie per E-Mail unter <Email Datenschutzbeauftragter> oder über <Link zum Datenschutzbeauftragten>.
# Privacy
The <University> takes the protection of your personal data very seriously and uses secure and encrypted communication according to best practices and state-of-the-art technologies (e.g. HTTPS with secure certificate of TUM, TLS 1.3, Strict Transport Security, Forward Secrecy, Same Site Cookie protection) to protect the privacy of Artemis users in the best possible way. Artemis processes personal data in the context of teaching and in the context of examinations in compliance with the applicable data protection regulations.
The legal basis for the processing of data is Art. 6(1) lit. c (Legal Obligation) of the General Data Protection Regulation (GDPR).
In addition, <additional federal or country-specific rules> apply.
In the following, we provide information on the type, scope and purpose of the collection and use of personal data. This information can be accessed at any time from our website.
## General Information
### Name and contact details of the person responsible
<University>
Postal address: <Postal address>
Telephone: <Telephone number>
Email: <Email>
### Name and contact details of the data protection officer
The data protection officer of the <University>
Postal address: <Postal address>
Telephone: <Telephone number>
E-mail: <Email>
### Purpose and legal basis for the processing of personal data
The purpose of the processing is to fulfill the public duties assigned to us by the legislator, in particular teaching and examination in the university environment. Unless otherwise stated, the legal basis for processing your data results from Art. 6(1) lit. c (Legal Obligation) of the General Data Protection Regulation (GDPR).
In addition,<additional federal or country-specific rules> apply. Accordingly, we are permitted to process the data required to fulfill a duty incumbent upon us.
### Recipients of personal data
The technical operation of our data processing systems is carried out by:
<Operator>
<Street and house number>
<Zip code> <City>
Telephone: <Telephone number>
E-mail: <Email>
<Website>
If necessary, your data will be transmitted to the responsible supervisory and auditing authorities for the exercise of the respective control rights.
<If applicable add a paragraph to which authority data may be forwarded to ensure information security and the legal basis for this>
### Duration of the storage of personal data
Your data will only be stored for as long as is necessary for the fulfillment of duties, taking into account statutory retention periods.
### Your rights
Insofar as we process personal data from you, you are entitled to the following rights as a data subject:
* You have the right of access (Art. 15 GDPR).
* If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
* If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 GDPR).
* If you have consented to the processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
* If you have consented to the processing and the processing is based on this consent, you can revoke the consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by it.
You have the right to object to the processing of your data at any time on grounds relating to your particular situation, if the processing is carried out exclusively on the basis of Art. 6(1) lit. e or f GDPR (Art. 21(1)(1) GDPR).
### Right to appeal at the supervisory authority
Furthermore, you have the right to appeal at the <supervisory authority>
You can reach them under the following contact details:
Postal address: <Postal address>
Address: <Address>
Telephone: <Telephone number>
Email: <Email>
<Website>
#### Further Information
For more detailed information on the processing of your data and your rights, you can contact us using the contact details provided above (at the beginning of A.).
## Information about the web presence
### Technical implementation
The web servers of Artemis are operated by the <Operator>. The personal data you provide when
visiting our website is therefore processed on our behalf by <Operator>:
<Operator> <Street and house number>
<Zip code> <City>
Telephone: <Telephone number>
Email: <Email>
<Website>
#### Logging
When you access this or other Artemis web pages, you transmit data to our web servers via your Internet browser. The following data is temporarily recorded in a log file during an ongoing connection for communication between your Internet browser and our web servers:
* IP address of the requesting computer
* Date and time of access
* Name, URL and transferred data volume of the retrieved file
* Access status (requested file transferred, not found, etc.)
* Identification data of the browser and operating system used (if transmitted by the requesting web browser)
* Web page from which access was made (if transmitted by the requesting web browser)
The processing of the data in this log file can be done as follows:
The log entries can be continuously and automatically evaluated in order to detect attacks on the web servers and react accordingly.
In individual cases, i.e. in the event of reported malfunctions, errors and security incidents, a manual analysis may be carried out.
#### Cookies
In order to extend the range of functions of our Internet offering and to make its use more comfortable for you, we partly use so-called "cookies". With the help of these cookies, data can be stored on your computer when you call up our website. However, you can deactivate the storage of cookies or set your browser so that cookies are only stored for the duration of the respective connection to the Internet. This could, however, limit the functional scope of our offering.
## Information on individual processing operations
#### Login
When you log in to the system, your personal data will be verified with the directory service of the <University>.
#### Disclosure and rectification
You have the right, upon written request and free of charge, to obtain information about the personal data stored about you. In addition, you have the right to have incorrect data corrected. You can reach the data protection officer of <University by e-mail at <Email> or via <Website>.
# Impressum
#### Herausgeber
<Universität>
Postanschrift: <Postanschrift>
Telefon: <Telefonnummer>
Telefax: <Faxnummer>
E-Mail: <E-Mail-Adresse>
#### Vertretungsberechtigt
Die <Universität> wird gesetzlich vertreten durch den Präsidenten <Präsident>
#### Umsatzsteueridentifikationsnummer
<Umsatzsteueridentifikationsnummer> (gemäß § 27a Umsatzsteuergesetz)
#### Verantwortlich für den Inhalt
<Vor- und Nachname>
<Straße und Hausnummer>
<PLZ> <Ort>
#### Nutzungsbedingungen
Texte, Bilder, Grafiken sowie die Gestaltung dieser Internetseiten können dem Urheberrecht unterliegen. Nicht urheberrechtlich geschützt sind nach § 5 des Urheberrechtsgesetz (UrhG)
* Gesetze, Verordnungen, amtliche Erlasse und Bekanntmachungen sowie Entscheidungen und amtlich verfasste Leitsätze zu Entscheidungen und
* andere amtliche Werke, die im amtlichen Interesse zur allgemeinen Kenntnisnahme veröffentlicht worden sind, mit der Einschränkung, dass die Bestimmungen über Änderungsverbot und Quellenangabe in § 62 Abs. 1 bis 3 und § 63 Abs. 1 und 2 UrhG entsprechend anzuwenden sind.
Als Privatperson dürfen Sie urheberrechtlich geschütztes Material zum privaten und sonstigen eigenen Gebrauch im Rahmen des § 53 UrhG verwenden. Eine Vervielfältigung oder
Verwendung urheberrechtlich geschützten Materials dieser Seiten oder Teilen davon in anderen elektronischen oder gedruckten Publikationen und deren Veröffentlichung ist nur mit
unserer Einwilligung gestattet. Diese Einwilligung erteilen auf Anfrage die für den Inhalt Verantwortlichen. Der Nachdruck und die Auswertung von Pressemitteilungen und Reden sind
mit Quellenangabe allgemein gestattet. Weiterhin können Texte, Bilder, Grafiken und sonstige Dateien ganz oder teilweise dem Urheberrecht Dritter unterliegen. Auch über das
Bestehen möglicher Rechte Dritter geben Ihnen die für den Inhalt Verantwortlichen nähere Auskünfte.
#### Haftungsausschluss
Alle auf dieser Internetseite bereitgestellten Informationen haben wir nach bestem Wissen und Gewissen erarbeitet und geprüft. Eine Gewähr für die jederzeitige Aktualität,
Richtigkeit, Vollständigkeit und Verfügbarkeit der bereit gestellten Informationen können wir allerdings nicht übernehmen. Ein Vertragsverhältnis mit den Nutzern des
Internetangebots kommt nicht zustande.
Wir haften nicht für Schäden, die durch die Nutzung dieses Internetangebots entstehen. Dieser Haftungsausschluss gilt nicht, soweit die Vorschriften des § 839 BGB (Haftung bei
Amtspflichtverletzung) einschlägig sind. Für etwaige Schäden, die beim Aufrufen oder Herunterladen von Daten durch Schadsoftware oder der Installation oder Nutzung von Software
verursacht werden, übernehmen wir keine Haftung.
Falls im Einzelfall erforderlich: Der Haftungsausschluss gilt nicht für Informationen, die in den Anwendungsbereich der Europäischen Dienstleistungsrichtlinie (Richtlinie
2006/123/EG – DLRL) fallen. Für diese Informationen wird die Richtigkeit und Aktualität gewährleistet.
#### Links
Von unseren eigenen Inhalten sind Querverweise („Links“) auf die Webseiten anderer Anbieter zu unterscheiden. Durch diese Links ermöglichen wir lediglich den Zugang zur Nutzung
fremder Inhalte nach § 8 Telemediengesetz. Bei der erstmaligen Verknüpfung mit diesen Internetangeboten haben wir diese fremden Inhalte daraufhin überprüft, ob durch sie eine
mögliche zivilrechtliche oder strafrechtliche Verantwortlichkeit ausgelöst wird. Wir können diese fremden Inhalte aber nicht ständig auf Veränderungen überprüfen und daher auch
keine Verantwortung dafür übernehmen. Für illegale, fehlerhafte oder unvollständige Inhalte und insbesondere für Schäden, die aus der Nutzung oder Nichtnutzung von Informationen
Dritter entstehen, haftet allein der jeweilige Anbieter der Seite.
# Imprint
#### Publisher
<University>
Postal address: <Postal address>
Telephone: <Telephone number>
Fax: <Fax number>
Email: <Email address>
#### Authorized to represent
The <University> is legally represented by the President <President>.
#### VAT identification number
<VAT identification number> (in accordance with § 27a of the German VAT tax act - UStG)
#### Responsible for content
<First name> <Last name>
<Street and house number>
<Zip code> <City>
#### Terms of use
Texts, images, graphics as well as the design of these Internet pages may be subject to copyright.
The following are not protected by copyright according to §5 of copyright law (Urheberrechtsgesetz (UrhG)).
Laws, ordinances, official decrees and announcements as well as decisions and officially written guidelines for
decisions and other official works that have been published in the official interest for general knowledge,
with the restriction that the provisions on prohibition of modification and indication of source in Section 62 (1) to (3) and
Section 63 (1) and (2) UrhG apply accordingly.
As a private individual, you may use copyrighted material for private and other personal use within the scope of Section 53 UrhG.
Any duplication or use of objects such as images, diagrams, sounds or texts in other electronic or printed publications is not permitted without our agreement.
This consent will be granted upon request by the person responsible for the content.
The reprinting and evaluation of press releases and speeches are generally permitted with reference to the source.
Furthermore, texts, images, graphics and other files may be subject in whole or in part to the copyright of third parties.
The persons responsible for the content will also provide more detailed information on the existence of possible third-party rights.
#### Liability disclaimer
The information provided on this website has been collected and verified to the best of our knowledge and belief.
However, there will be no warranty that the information provided is up-to-date, correct, complete, and available.
There is no contractual relationship with users of this website.
We accept no liability for any loss or damage caused by using this website. The exclusion of liability does not apply where the provisions of the German Civil Code (BGB) on
liability in case of breach of official duty are applicable (§ 839 of the BGB). We accept no liability for any loss or damage caused by malware when accessing or downloading data
or the installation or use of software from this website.
Where necessary in individual cases: the exclusion of liability does not apply to information governed by the Directive 2006/123/EC of the European Parliament and of the Council.
This information is guaranteed to be accurate and up to date.
#### Links
Our own content is to be distinguished from cross-references (“links”) to websites of other providers.
These links only provide access for using third-party content in accordance with § 8 of the German telemedia act (TMG).
Prior to providing links to other websites, we review third-party content for potential civil or criminal liability.
However, a continuous review of third-party content for changes is not possible, and therefore we cannot accept any responsibility.
For illegal, incorrect, or incomplete content, including any damage arising from the use or non-use of third-party information,
liability rests solely with the provider of the website.
There are several variables that can be configured when using programming exercises.
They are presented in this separate section to keep the ‘normal’ setup guide shorter.
Repositories that the Artemis server needs are stored in this folder.
This e.g. affects repositories from students which use the online code editor or
the template/solution repositories of new exercises, as they are pushed to the VCS after modification.
Files in this directory are usually not critical, as the latest pushed version of these repositories are
also stored at the VCS.
However, changed that are saved in the online code editor but not yet committed will be lost when
this folder is deleted.
artemis.repo-download-clone-path
Repositories that were downloaded from Artemis are stored in this directory.
Files in this directory can be removed without loss of data, if the downloaded repositories are still present
at the VCS.
No changes to the data in the VCS are stored in this directory (or they can be retrieved by performing
the download-action again).
artemis.template-path
Templates are available within Artemis.
The templates should fit to most environments, but there might be cases where one wants to change the templates.
This value specifies the path to the templates which should overwrite the default ones.
Note that this is the path to the folder where the templates folder is located, not the path to the
templates folder itself.
Templates are shipped with Artemis (they can be found within the src/main/resources/templates folder in GitHub).
These templates should fit well for many deployments, but one might want to change some of them for special deployments.
As of now, you can overwrite the jenkins folders that is present within the src/main/resources/templates folder
by placing a templates/ directory with the same structure next to the Artemis .war archive.
Files that are present in the file system will be used, if a file is not present in the file system,
it is loaded from the classpath (e.g. the .war archive).
We plan to make other folders configurable as well, but this is not supported yet.
The build process in Jenkins is stored in a config.xml-file (in src/main/resources/templates/jenkins/).
It is extended by a Jenkinsfile in the same directory that will be placed inside the config.xml file.
The Jenkinsfile handles the functionality shared by all programming languages like checking out the repositories and
loading the actual exercise-specific pipeline script from the Artemis server.
Note
When overriding the Jenkinsfile with a custom one, note that it must start either
with pipeline (there must not be a comment before pipeline, but there can be one at any other position,
if the Jenkinsfile-syntax allows it)
or the special comment //ARTEMIS:JenkinsPipeline in the first line.
The actual programming language or exercise-type specific pipeline steps are defined in the form of
scripted pipelines.
In principle, this is a Groovy script which allows structuring the pipeline into smaller methods and allows
conditionally executing steps, but inside still allows the core structure blocks from
declarative pipelines.
You can override those pipeline.groovy files with the template mechanism described above.
Inside the pipeline.groovy some placeholders exist that will be filled by Artemis upon exercise creation from the
server or exercise settings:
Additional flags passed to Docker when starting the container.
Server configuration
#isStaticCodeAnalysisEnabled
Defines if static code analysis should be performed.
Exercise configuration
#isTestWiseCoverageEnabled
Defines if testwise coverage should be collected.
Exercise configuration
The pipeline.groovy file can be customized further by instructors after creating the exercise from within
Artemis via the ‘Edit Build Plan’ button on the details page of the exercise.
The container image used to run the maven-tests already contains a set of commonly used dependencies
(see artemis-maven-docker).
This significantly speeds up builds as the dependencies do not have to be downloaded every time a build is started.
However, the dependencies included in the container image might not match the dependencies required in your tests
(e.g. because you added new dependencies or the container image is outdated).
You can cache the maven-dependencies also on the machine that runs the builds
(that means, outside the container) by editing the pipeline.groovy template.
Note that this might allow students to access shared resources (e.g. jars used by Maven), and they might be able
to overwrite them.
You can use Ares to prevent this by restricting the resources
the student’s code can access.
Alternatively, you can restrict the access to the mounted volume by changing the dockerFlags to
This mounts the cache as writeable only when executing the tests for the solution repository, and as read-only when
running the tests for students’ code.
This section describes how to set up a programming exercise environment
based on Bamboo, Bitbucket and Jira.
Please note that this setup will create a deployment that is very
similar to the one used in production but has one difference:
In production, the builds are performed within Docker containers that
are created by Bamboo (or its build agents). As we run Bamboo in a
Docker container in this setup, creating new Docker containers within
that container is not recommended (e.g. see this
article). There
are some solution where one can pass the Docker socket to the Bamboo
container, but none of these approaches work quite well here as Bamboo
uses mounted directories that cause issues.
Therefore, a check is included within the BambooBuildPlanService that
ensures that builds are not started in Docker agents if the development
setup is present.
Before you start the docker compose, check if the bamboo version in the
build.gradle (search for com.atlassian.bamboo:bamboo-specs) is
equal to the bamboo version number in the docker compose in
docker/atlassian.yml
If the version number is not equal, adjust the version number.
Further details about the docker compose setup can be found in docker
Execute the docker compose file e.g. with
dockercompose-fdocker/atlassian.ymlup-d.
Error Handling: It can happen that there is an overload with other
docker networks
ERROR:Pooloverlapswithotheroneonthisaddressspace. Use the
command dockernetworkprune to resolve this issue.
Make sure that docker has enough memory (~ 6GB). To adapt it, go to Settings→Resources
In case you want to enable Swift or C programming exercises, refer to the readme in
docker
By default, the Jira instance is reachable under localhost:8081, the
Bamboo instance under localhost:8085 and the Bitbucket instance
under localhost:7990.
Get licenses for Bamboo, Bitbucket and Jira Service Management.
Bamboo: Select Bamboo(DataCenter) and notinstalledyet
Bitbucket: Select Bitbucket(DataCenter) and notinstalledyet
Jira: Select JiraServiceManagement(formerlyServiceDesk)(DataCenter) and notinstalledyet
Provide the just created license key during the setup and create an admin user with the same credentials
in all 3 applications.
- Bamboo:
Choose the H2 database
Select the evaluation/internal/test/dev setups if you are asked
Put the admin username and password into application-local.yml at artemis.version-control.user
and artemis.continuous-integration.user.
Jira:
On startup select I'llsetitupmyself
Select Build In Database Connection
Create a sample project
Bitbucket: Do not connect Bitbucket with Jira yet
Make sure that Jira, Bitbucket and Bamboo have finished starting up.
Execute the shell script atlassian-setup.sh in the
docker/atlassian directory (e.g. with
./docker/atlassian/atlassian-setup.sh). This script creates
groups, users and assigns the user to their respective group.
The script (step 3) has already created the required users and assigned them to their respective group in Jira.
Now, make sure that they are assigned correctly according to the following test setup:
users 1-5 are students, 6-10 are tutors, 11-15 are
editors and 16-20 are instructors. The usernames are artemis_test_user_{1-20}
and the password is again the username. When you create a course in artemis
you have to manually choose the created groups (students, tutors, editors,
instructors).
Go to Jira → User management → Jira user server
→ Add application → Create one application for bitbucket and one for bamboo → add the
IP-address 0.0.0.0/0 to IP Addresses
Go to Bitbucket → User Directories
and Bamboo → User Directories
→ Add Directories → Atlassian Crowd → use the URL http://jira:8080 as Server URL →
use the application name and password which you used in the previous
step. Also, you should decrease the synchronisation period (e.g. to 2
minutes).
In Bamboo create a global variable named
SERVER_PLUGIN_SECRET_PASSWORD, the value of this variable will be used
as the secret. The value of this variable should be then stored in
src/main/resources/config/application-local.yml as the value of
artemis-authentication-token-value.
You can create a global variable from settings on Bamboo.
In Bamboo create a shared username and password credential where the username and password should
be the same as the ones you used to create the Bitbucket admin user. The name of the shared credential
must be equal to the value set in artemis.version-control.user.
Insert the generated token into the file application-local.yml in the section version-control:
artemis:version-control:user:<username>password:<password>token:#insert the token here
Add a SSH key for the admin user
Artemis can clone/push the repositories during setup and for the online code editor using SSH.
If the SSH key is not present, the username + token will be used as fallback
(and all git operations will use HTTP(S) instead of SSH).
If the token is also not present, the username + password will be used as fallback (again, using HTTP(S)).
You first have to create a SSH key (locally), e.g. using ssh-keygen
(more information on how to create a SSH key can be found e.g. at ssh.com
or at atlassian.com).
The list of supported ciphers can be found at Apache Mina.
It is recommended to use a password to secure the private key, but it is not mandatory.
Please note that the private key file must be named id_rsa, id_dsa, id_ecdsa or id_ed25519,
depending on the ciphers used.
You now have to extract the public key and add it to Bitbucket.
Open the public key file (usually called id_rsa.pub (when using RSA)) and copy it’s content
(you can also use catid_rsa.pub to show the public key).
Navigate to BITBUCKET-URL/plugins/servlet/ssh/account/keys and add the SSH key by pasting the content of
the public key.
<ssh-private-key-folder-path> is the path to the folder containing the id_rsa file (but without the filename).
It will be used in the configuration of Artemis to specify where Artemis should look for the key and
store the known_hosts file.
<ssh-private-key-password> is the password used to secure the private key.
It is also needed for the configuration of Artemis, but can be omitted if no password was set
(e.g. for development environments).
Modify src/main/resources/config/application-local.yml to include the correct URLs and credentials:
repo-clone-path:./repos/repo-download-clone-path:./repos-download/bcrypt-salt-rounds:11# The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa.# Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmarkuser-management:use-external:trueexternal:url:http://localhost:8081user:<jira-admin-user>password:<jira-admin-password>admin-group-name:instructorsinternal-admin:username:artemis_adminpassword:artemis_adminversion-control:url:http://localhost:7990user:<bitbucket-admin-user>password:<bitbucket-admin-password>token:<bitbucket-admin-token># step 10.2ssh-private-key-folder-path:<ssh-private-key-folder-path>ssh-private-key-password:<ssh-private-key-password>continuous-integration:url:http://localhost:8085user:<bamboo-admin-user>password:<bamboo-admin-password>token:<bamboo-admin-token># step 10.1artemis-authentication-token-value:<artemis-authentication-token-value># step 7
If you run the Atlassian suite in containers and Artemis on your host machine, you may have to set internal urls for bamboo,
so that the CI and VCS servers are reachable from each other. If Artemis is executed in a container in the same network,
you won’t need to specify internal URLs, as Artemis can then communicate with Bamboo and Bitbucket and Bamboo and Bitbucket
can communicate with each other using the same url. If you use the default docker-compose setup, you can use the following
configuration:
Also, set the server URL in src/main/resources/config/application-local.yml:
server:port:8080# The port of artemisurl:http://172.20.0.1:8080# needs to be an ip# url: http://docker.for.mac.host.internal:8080 # If the above one does not work for mac try this one# url: http://host.docker.internal:8080 # If the above one does not work for windows try this one
In addition, you have to start Artemis with the profiles bamboo,
bitbucket and jira so that the correct adapters will be used,
e.g.:
This section describes how to set up a programming exercise environment
based on Jenkins and GitLab. Optional commands are in curly brackets {}.
The following assumes that all instances run on separate servers. If you
have one single server, or your own NGINX instance, just skip all NGINX
related steps and use the configurations provided under Separate NGINX
Configurations
If you want to setup everything on your local development computer,
ignore all NGINX related steps.Just make sure that you use
unique port mappings for your Docker containers (e.g.8081for
GitLab,8082for Jenkins,8080for Artemis)
In order to use Artemis with Jenkins as Continuous Integration
Server and Gitlab as Version Control Server, you have to configure
the file application-prod.yml (Production Server) or
application-artemis.yml (Local Development) accordingly. Please note
that all values in <..> have to be configured properly. These values
will be explained below in the corresponding sections. If you want to set up a local environment, copy the values
below into your application-artemis.yml or application-local.yml file (the latter is recommended), and follow
the Gitlab Server Quickstart guide.
artemis:course-archives-path:./exports/coursesrepo-clone-path:./reposrepo-download-clone-path:./repos-downloadbcrypt-salt-rounds:11# The number of salt rounds for the bcrypt password hashing. Lower numbers make it faster but more unsecure and vice versa.# Please use the bcrypt benchmark tool to determine the best number of rounds for your system. https://github.com/ls1intum/bcrypt-Benchmarkuser-management:use-external:falseinternal-admin:username:artemis_adminpassword:artemis_adminaccept-terms:falselogin:account-name:TUMversion-control:url:http://localhost:8081user:rootpassword:artemis_admin# created in Gitlab Server Quickstart step 2token:artemis-gitlab-token# generated in Gitlab Server Quickstart steps 4 and 5continuous-integration:user:artemis_adminpassword:artemis_adminurl:http://localhost:8082secret-push-token:AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su# pre-generated or replaced in Automated Jenkins Server step 3vcs-credentials:artemis_gitlab_admin_credentialsartemis-authentication-token-key:artemis_notification_plugin_tokenartemis-authentication-token-value:artemis_adminbuild-timeout:30git:name:Artemisemail:artemis.in@tum.dejenkins:internal-urls:ci-url:http://jenkins:8080vcs-url:http://gitlab:80use-crumb:falseserver:port:8080url:http://172.17.0.1:8080# `http://host.docker.internal:8080` for Windows
In addition, you have to start Artemis with the profiles gitlab and
jenkins so that the correct adapters will be used, e.g.:
For a local setup on Windows you can use http://host.docker.internal appended
by the chosen ports as the version-control and continuous-integration url.
Make sure to change the server.url value in application-dev.yml
or application-prod.yml accordingly. This value will be used for the
communication hooks from GitLab to Artemis and from Jenkins to Artemis.
In case you use a different port than 80 (http) or 443 (https) for the
communication, you have to append it to the server.url value,
e.g. 127.0.0.1:8080.
When you start Artemis for the first time, it will automatically create
an admin user.
Note: Sometimes Artemis does not generate the admin user which may lead to a startup
error. You will have to create the user manually in the MySQL database and in GitLab. Make sure
both are set up correctly and follow these steps:
Use the tool mentioned above to generate a password hash.
Connect to the database via a client like MySQL Workbench
and execute the following query to create the user. Replace artemis_admin and HASHED_PASSWORD with your
chosen username and password:
4. Create a user in Gitlab (http://your-gitlab-domain/admin/users/new) and make sure that the username and
email are the same as the user from the database:
5. Edit the new admin user (http://your-gitlab-domain/admin/users/artemis_admin/edit) to set the password to the
same value as in the database:
The following steps describes how to set up the GitLab server in a semi-automated way.
This is ideal as a quickstart for developers. For a more detailed setup, see
Manual Gitlab Server Setup.
In a production setup, you have to at least change the root password (by either specifying it in step 1 or extracting
the random password in step 2) and generate random access tokens (instead of the pre-defined values).
Set the variable GENERATE_ACCESS_TOKENS to true in the gitlab-local-setup.sh script and use the generated
tokens instead of the predefined ones.
Start the GitLab container defined in docker/gitlab-jenkins-mysql.yml by running
If you want to generate a random password for the root user, remove the part before dockercompose from
the command. GitLab passwords must not contain commonly used combinations of words and letters.
The file uses the GITLAB_OMNIBUS_CONFIG environment variable to configure the Gitlab instance after the container
is started.
It disables prometheus monitoring, sets the ssh port to 2222, and adjusts the monitoring endpoint whitelist
by default.
Wait a couple of minutes since GitLab can take some time to set up. Open the instance in your browser
(usually http://localhost:8081).
You can then login using the username root and your password (which defaults to artemis_admin,
if you used the command from above).
If you did not specify the password, you can get the initial one using:
Insert the GitLab root user password in the file application-local.yml (in src/main/resources) and insert
the GitLab admin account.
If you copied the template from above and used the default password, this is already done for you.
You can also manually create in by navigating to http://localhost:8081/-/profile/personal_access_tokens?name=Artemis+Admin+token&scopes=api,read_api,read_user,read_repository,write_repository,sudo and
generate a token with all scopes.
Copy this token into the ADMIN_PERSONAL_ACCESS_TOKEN field in the
docker/gitlab/gitlab-local-setup.sh file.
If you used the command to generate the token, you don’t have to change the gitlab-local-setup.sh file.
Adjust the GitLab setup by running, this will configure GitLab’s network setting to allow local requests:
This script can also generate random access tokens, which should be used in a production setup. Change the
variable $GENERATE_ACCESS_TOKENS to true to generate the random tokens and insert them into the Artemis
configuration file.
GitLab provides no possibility to set a users password via API without forcing the user to change it afterwards
(see Issue 19141).
Therefore, you may want to patch the official gitlab docker image.
Thus, you can use the following Dockerfile:
FROMgitlab/gitlab-ce:latestRUNsed-i'/^.*user_params\[:password_expires_at\] = Time.current if admin_making_changes_for_another_user.*$/s/^/#/'/opt/gitlab/embedded/service/gitlab-rails/lib/api/users.rb
This Dockerfile disables the mechanism that sets the password to expired state after changed via API.
If you want to use this custom image, you have to build the image and replace all occurrences of
gitlab/gitlab-ce:latest in the following instructions by your chosen image name.
Pull the latest GitLab Docker image (only if you don’t use your custom gitlab image)
Run the image (and change the values for hostname and ports). Add
-p2222:22 if cloning/pushing via ssh should be possible. As
GitLab runs in a docker container and the default port for SSH (22)
is typically used by the host running Docker, we change the port
GitLab uses for SSH to 2222. This can be adjusted if needed.
Make sure to remove the comments from the command before running it.
dockerrun-itd--namegitlab \
--hostnameyour.gitlab.domain.com \ # Specify the hostname--restartalways \
-m3000m \ # Optional argument to limit the memory usage of Gitlab-p8081:80-p443:443 \ # Alternative 1: If you are NOT running your own NGINX instance-p<someportofyourchoosing>:80 \ # Alternative 2: If you ARE running your own NGINX instance-p2222:22 \ # Remove this if cloning via SSH should not be supported-vgitlab_data:/var/opt/gitlab \
-vgitlab_logs:/var/log/gitlab \
-vgitlab_config:/etc/gitlab \
gitlab/gitlab-ce:latest
Wait a couple of minutes until the container is deployed and GitLab
is set up, then open the instance in you browser.
You can get the initial password for the root user using
dockerexecgitlabcat/etc/gitlab/initial_root_password.
We recommend to rename the root admin user to artemis. To rename
the user, click on the image on the top right and select Settings.
Now select Account on the left and change the username. Use the
same password in the Artemis configuration file
application-artemis.yml
letsencrypt['enable']=true# GitLab 10.5 and 10.6 require this optionexternal_url"https://your.gitlab.domain.com"# Must use https protocolletsencrypt['contact_emails']=['gitlab@your.gitlab.domain.com']# Optionalnginx['redirect_http_to_https']=truenginx['redirect_http_to_https_port']=80
Reconfigure GitLab to generate the certificate.
# Save your changes and finally rungitlab-ctlreconfigure
If this command fails, try using
gitlab-ctlrenew-le-certs
Login to GitLab using the Artemis admin account and go to the profile
settings (upper right corner → Preferences)
(Optional, only necessary for local setup) Allow outbound requests to local network
There is a known limitation for the local setup: webhook URLs for the
communication between GitLab and Artemis and between GitLab and Jenkins
cannot include local IP addresses. This option can be deactivated in
GitLab on <https://gitlab-url>/admin/application_settings/network →
Outbound requests. Another possible solution is to register a local URL,
e.g. using ngrok, to be available over a domain
the Internet.
Adjust the monitoring-endpoint whitelist. Run the following command
This will disable the firewall for all IP addresses. If you only want to
allow the server that runs Artemis to query the information, replace
0.0.0.0/0 with ARTEMIS.SERVER.IP.ADDRESS/32
If you use SSH and use a different port than 2222, you have to
adjust the port above.
Disable prometheus.
As we encountered issues with the Prometheus log files not being deleted and therefore filling up the disk space,
we decided to disable Prometheus within GitLab.
If you also want to disable prometheus, edit the configuration again using
Artemis can clone/push the repositories during setup and for the online code editor using SSH.
If the SSH key is not present, the username + token will be used as fallback (and all git operations will use
HTTP(S) instead of SSH).
You first have to create a SSH key (locally), e.g. using ssh-keygen (more information on how to create a SSH
key can be found e.g. at ssh.com or
at gitlab.com).
The list of supported ciphers can be found at Apache Mina.
It is recommended to use a password to secure the private key, but it is not mandatory.
Please note that the private key file must be named ìd_rsa, id_dsa, id_ecdsa or id_ed25519,
depending on the ciphers used.
You now have to extract the public key and add it to GitLab.
Open the public key file (usually called id_rsa.pub (when using RSA)) and copy it’s content (you can also
use catid_rsa.pub to show the public key).
Navigate to GITLAB-URL/-/profile/keys and add the SSH key by pasting the content of the public key.
<ssh-key-path> is the path to the folder containing the id_rsa file (but without the filename). It will
be used in the configuration of Artemis to specify where Artemis should look for the key and store
the known_hosts file.
<ssh-private-key-password> is the password used to secure the private key. It is also needed for the
configuration of Artemis, but can be omitted if no password was set (e.g. for development environments).
Note that upgrading to a major version may require following an upgrade path. You can view supported paths
here.
Start a GitLab container just as described in Start-Gitlab and wait for a couple of minutes. GitLab
should configure itself automatically. If there are no issues, you can
delete the old container using dockerrmgitlab_old and the olf
image (see dockerimages) using dockerrmi<old-image-id>.
You can also remove all old images using dockerimageprune-a
The following steps describe how to deploy a pre-configured version of the Jenkins server.
This is ideal as a quickstart for developers. For a more detailed setup, see
Manual Jenkins Server Setup.
In a production setup, you have to at least change the user credentials (in the file jenkins-casc-config.yml) and
generate random access tokens and push tokens.
1. Create a new access token in GitLab named Jenkins and give it api and read_repository rights. You can
do either do it manually or using the following command:
Jenkins is then reachable under http://localhost:8082/ and you can login using the credentials specified
in jenkins-casc-config.yml (defaults to artemis_admin as both username and password).
The application-local.yml must be adapted with the values configured in jenkins-casc-config.yml:
artemis:user-management:use-external:falseinternal-admin:username:artemis_adminpassword:artemis_adminversion-control:url:http://localhost:8081user:artemis_adminpassword:artemis_admincontinuous-integration:user:artemis_adminpassword:artemis_adminurl:http://localhost:8082secret-push-token:# pre-generated or replaced in Automated Jenkins Server step 3vcs-credentials:artemis_gitlab_admin_credentialsartemis-authentication-token-key:artemis_notification_plugin_tokenartemis-authentication-token-value:artemis_admin
Open the src/main/resources/config/application-jenkins.yml and change the following:
Again, if you are using a development setup, the template in the beginning of this page already contains the
correct values.
Run the following command to get the latest jenkins LTS docker image.
dockerpulljenkins/jenkins:lts
Create a custom docker image
In order to install and use Maven with Java in the Jenkins container,
you have to first install maven, then download Java and finally
configure Maven to use Java instead of the default version.
You also need to install Swift and SwiftLint if you want to be able to
create Swift programming exercises.
To perform all these steps automatically, you can prepare a Docker
image:
Create a Dockerfile with the content found here <docker/jenkins/Dockerfile>.
Copy it in a file named Dockerfile, e.g. in
the folder /opt/jenkins/ using vimDockerfile.
Now run the command dockerbuild--no-cache-tjenkins-artemis.
This might take a while because Docker will download Java, but this
is only required once.
If you run your own NGINX or if you install Jenkins on a local development computer, then skip the next steps (4-7)
Create a file increasing the maximum file size for the nginx proxy.
The nginx-proxy uses a default file limit that is too small for the
plugin that will be uploaded later. Skip this step if you have your
own NGINX instance.
The NGINX default timeout is pretty low. For plagiarism check and unlocking student repos for the exam a higher
timeout is advisable. Therefore we write our own nginx.conf and load it in the container.
Run the NGINX proxy docker container, this will automatically setup
all reverse proxies and force https on all connections. (This image
would also setup proxies for all other running containers that have
the VIRTUAL_HOST and VIRTUAL_PORT environment variables). Skip this
step if you have your own NGINX instance.
The nginx proxy needs another docker-container to generate
letsencrypt certificates. Run the following command to start it (make
sure to change the email-address). Skip this step if you have your
own NGINX instance.
Run Jenkins by executing the following command (change the hostname
and choose which port alternative you need)
dockerrun-itd--namejenkins \
--restartalways \
-vjenkins_data:/var/jenkins_home \
-v/var/run/docker.sock:/var/run/docker.sock \
-v/usr/bin/docker:/usr/bin/docker:ro \
-eVIRTUAL_HOST=your.jenkins.domain-eVIRTUAL_PORT=8080 \ # Alternative 1: If you are NOT using a separate NGINX instance-eLETSENCRYPT_HOST=your.jenkins.domain \ # Only needed if Alternative 1 is used-p8082:8080 \ # Alternative 2: If you ARE using a separate NGINX instance OR you ARE installing Jenkins on a local development computer-uroot \
jenkins/jenkins:lts
If you still need the old setup with Python & Maven installed locally, use jenkins-artemis instead of
jenkins/jenkins:lts.
Also note that you can omit the -uroot, -v/var/run/docker.sock:/var/run/docker.sock and
-v/usr/bin/docker:/usr/bin/docker:ro parameters, if you do not want to run Docker builds on the Jenkins controller
(but e.g. use remote agents).
Open Jenkins in your browser (e.g. localhost:8082) and setup the
admin user account (install all suggested plugins). You can get the
initial admin password using the following command.
# Jenkins highlights the password in the logs, you can't miss itdockerlogs-fjenkinsoralternativelydockerexecjenkinscat/var/jenkins_home/secrets/initialAdminPassword
Set the chosen credentials in the Artemis configuration
application-artemis.yml
Note: The custom Jenkins Dockerfile takes advantage of the
Plugin Installation Manager Tool for Jenkins
to automatically install the plugins listed below. If you used the Dockerfile, you can skip these steps and
Server Notification Plugin.
The list of plugins is maintained in docker/jenkins/plugins.yml.
You will need to install the following plugins (apart from the
recommended ones that got installed during the setup process):
Timestamper for adding the
time to every line of the build output (Timestamper might already be installed)
Pipeline for defining the
build description using declarative files (Pipeline might already be installed)
Note: This is a suite of plugins that will install multiple plugins
Pipeline Maven to use maven within the pipelines. If you want to
use Docker for your build agents you may also need to install
Docker Pipeline .
Matrix Authorization Strategy Plugin for configuring permissions
for users on a project and build plan level (Matrix Authorization Strategy might already be installed).
The plugins above (and the pipeline-setup associated with it) got introduced in Artemis 4.7.3.
If you are using exercises that were created before 4.7.3, you also have to install these plugins:
Please note that this setup is deprecated and will be removed in the future.
Please migrate to the new pipeline-setup if possible.
Multiple SCMs for combining the
exercise test and assignment repositories in one build
Post Build Task for preparing build
results to be exported to Artemis
Xvfb for exercises based on GUI
libraries, for which tests have to have some virtual display
Choose “Download now and install after restart” and checking the
“Restart Jenkins when installation is complete and no jobs are running” box
Artemis needs to receive a notification after every build, which
contains the test results and additional commit information. For that
purpose, we developed a Jenkins plugin, that can aggregate and POST
JUnit formatted results to any URL.
You can download the current release of the plugin
here
(Download the .hpi file). Go to the Jenkins plugin page (Manage
Jenkins → System Configuration → Plugins) and install the downloaded file under the
Advanced settings tab under Deploy Plugin
Create a new access token in GitLab named Jenkins and give it
api rights and read_repository rights. For detailed
instructions on how to create such a token follow Gitlab Access
Token.
Copy the generated token and create new Jenkins credentials:
Kind: GitLab API token
Scope: Global
API token: your.copied.token
Leave the ID field blank
The description is up to you
Go to the Jenkins settings Manage Jenkins → System. There
you will find the GitLab settings. Fill in the URL of your GitLab
instance and select the just created API token in the credentials
dropdown. After you click on “Test Connection”, everything should
work fine. If you have problems finding the right URL for your local docker setup,
you can try http://host.docker.internal:8081 for Windows or http://docker.for.mac.host.internal:8081 for Mac
if GitLab is reachable over port 8081.
Copy the generated ID (e.g. ea0e3c08-4110-4g2f-9c83-fb2cdf6345fa)
of the new credentials and put it into the Artemis configuration file
application-artemis.yml
GitLab has to notify Jenkins build plans if there are any new commits to
the repository. The push notification that gets sent here is secured by
a token generated by Jenkins. In order to get this token, you have to do
the following steps:
Create a new item in Jenkins (use the Freestyle project type) and
name it TestProject
In the project configuration, go to Build Triggers → Build when a
change is pushed to GitLab and activate this option
Click on Advanced.
You will now have a couple of new options here, one of them being a
“Secret token”.
Click on the “Generate” button right below the text box for that
token.
Copy the generated value, let’s call it $gitlab-push-token
Apply these change to the plan (i.e. click on Apply)
Perform a GET request to the following URL (e.g. with Postman)
using Basic Authentication and the username and password you chose
for the Jenkins admin account:
If you have xmllint installed, you can use this command, which will output the secret-push-token from
steps 9 and 10 (you may have to adjust the username and password):
Copy the secret-push-tokenvalue in the line
<secretToken>{secret-push-token}</secretToken>. This is the encrypted value of the gitlab-push-token
you generated in step 5.
Now, you can delete this test project and input the following values
into your Artemis configuration application-artemis.yml (replace
the placeholders with the actual values you wrote down)
In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden.
This is done be executing the following command:
dockercompose-fdocker/<Jenkinssetuptobelaunched>.ymlexec-Tjenkinsddof=/var/jenkins_home/init.groovy<docker/jenkins/jenkins-disable-csrf.groovy
The last step is to disable the use-crumb option in application-local.yml:
In order to upgrade Jenkins to a newer version, you need to rebuild the Docker image targeting the new version.
The stable LTS versions can be viewed through the changelog
and the corresponding Docker image can be found on
dockerhub.
Open the Jenkins Dockerfile and replace the value of FROM with jenkins/jenkins:lts.
After running the command dockerpulljenkins/jenkins:lts, this will use the latest LTS version
in the following steps.
You can also use a specific LTS version.
For example, if you want to upgrade Jenkins to version 2.289.2, you will need to use the
jenkins/jenkins:2.289.2-lts image.
If you’re using dockercompose, you can simply use the following command and skip the next steps.
You can remove the backup container if it’s no longer needed:
dockerrmjenkins_old
You should also update the Jenkins plugins regularly due to security
reasons. You can update them directly in the Web User Interface in the
Plugin Manager.
An alternative way of adding a build agent that will use docker (similar to the remote agents below) but running
locally, can be done using the jenkins/ssh-agent docker image docker image.
You might want to run the builds on additional Jenkins agents, especially if a large amount of students should use
the system at the same time.
Jenkins supports remote build agents: The actual compilation of the students submissions happens on these
other machines but the whole process is transparent to Artemis.
This guide explains setting up a remote agent on an Ubuntu virtual machine that supports docker builds.
Add a new user to the remote machine that Jenkins will use: sudoadduser--disabled-password--gecos""jenkins
Add the jenkins user to the docker group (This allows the jenkins user to interact with docker):
sudousermod-a-Gdockerjenkins
Generate a new SSH key locally (e.g. using ssh-keygen) and add the public key to the .ssh/authorized_keys
file of the jenkins user on the agent VM.
Validate that you can connect to the build agent machine using SSH and the generated private key and validate that
you can use docker (docker ps should not show an error)
Log in with your normal account on the build agent machine and install Java: sudoaptinstalldefault-jre
Add a new secret in Jenkins, enter private key you just generated and add the passphrase, if set:
Add a new node (select a name and select Permanent Agent):
Set the number of executors so that it matches your machine’s specs: This is the number of concurrent builds
this agent can handle. It is recommended to match the number of cores of the machine,
but you might want to adjust this later if needed.
Set the remote root directory to /home/jenkins/remote_agent.
Set the usage to Only build jobs with label expressions matching this node.
This ensures that only docker-jobs will be built on this agent, and not other jobs.
Add a label docker to the agent.
Set the launch method to Launch via SSH and add the host of the machine.
Select the credentials you just created and select Manually trusted key Verification Strategy
as Host key verification Strategy.
Save it.
Wait for some moments while jenkins installs it’s remote agent on the agent’s machine.
You can track the progress using the Log page when selecting the agent. System information should also be available.
Change the settings of the master node to be used only for specific jobs.
This ensures that the docker tasks are not executed on the master agent but on the remote agent.
Artemis supports user management in Jenkins as of version 4.11.0. Creating an account in Artemis will also create an
account on Jenkins using the same password. This enables users to login and access Jenkins. Updating and/or deleting
users from Artemis will also lead to updating and/or deleting from Jenkins.
Unfortunately, Jenkins does not provide a Rest API for user management which present the following caveats:
The username of a user is treated as a unique identifier in Jenkins.
It’s not possible to update an existing user with a single request.
We update by deleting the user from Jenkins and recreating it with the updated data.
In Jenkins, users are created in an on-demand basis.
For example, when a build is performed, its change log is computed and as a result commits from users
who Jenkins has never seen may be discovered and created.
Since Jenkins users may be re-created automatically, issues may occur such as 1) creating a user, deleting it,
and then re-creating it and 2) changing the username of the user and reverting back to the previous one.
Updating a user will re-create it in Jenkins and therefore remove any additionally saved Jenkins-specific
user data such as API access tokens.
Artemis takes advantage of the Project-based Matrix Authorization Strategy plugin to support build plan
access control in Jenkins.
This enables specific Artemis users to access build plans and execute actions such as triggering a build.
This section explains the changes required in Jenkins in order to set up build plan access control:
Navigate to Manage Jenkins → Plugins → Installed plugins and make sure that you have the
Matrix Authorization Strategy plugin installed
Navigate to Manage Jenkins → Security and navigate to the “Authorization” section
Select the “Project-based Matrix Authorization Strategy” option
In the table make sure that the “Read” permission under the “Overall” section is assigned to
the “Authenticated Users” user group.
In the table make sure that all “Administer” permission is assigned to all administrators.
You are finished. If you want to fine-tune permissions assigned to teaching assistants and/or instructors,
you can change them within the JenkinsJobPermission.java file.
This section describes how to set up a programming exercise environment
based on GitLab CI and GitLab.
Note
Depending on your operating system, it might not work with the predefined values (host.docker.internal).
Therefore, it might be necessary to adapt these with e.g. your local IP address.
This section describes how to set up a development environment for Artemis with GitLab and GitLab CI.
The same basic steps as for a GitLab and Jenkins setup apply, but the steps that describe generating tokens for Jenkins can be skipped.
For a production setup of GitLab, also see the documentation of the GitLab and Jenkins setup.
Go to http://host.docker.internal/-/profile/personal_access_tokens and generate an access token with all scopes.
This token is used in the Artemis configuration as artemis.version-control.token.
Allow outbound requests to local network
For setting up the webhook between Artemis and GitLab, it is necessary to allow requests to the local network.
Go to http://host.docker.internal/admin/application_settings/network and allow the outbound requests.
More information about this aspect can be found in the GitLab setup instructions (step 12).
You should now find the runner in the list of runners (http://host.docker.internal/admin/runners)
Note
Adding a runner in a production setup works the same way.
The GitLab administration page also contains alternative ways of setting up GitLab runners.
All variants should allow the passing of the configuration options tag-list, run-untagged, locked, and access-level similarly as in the Docker command above.
If forgotten, Artemis might not use this runner to run the tests for exercise submissions.
Make sure that the database is empty and contains no data from previous Artemis runs.
Generate authentication token
The notification plugin has to authenticate to upload the test results.
Therefore, a random string has to be generated, e.g., via a password generator.
This should be used in place of notification-plugin-token value in the example config below.
Configure Artemis
For local development, copy the following configuration into the application-local.yml file and adapt it with the values from the previous steps.
artemis:user-management:use-external:falseinternal-admin:username:artemis_adminpassword:gHn7JlggD9YPiarOEJSx19EFp2BDkkq9login:account-name:TUMversion-control:url:http://host.docker.internal:80user:rootpassword:password# change this valuetoken:gitlab-personal-access-token# change this valuecontinuous-integration:build-timeout:30artemis-authentication-token-value:notification-plugin-token# change this valuegit:name:Artemisemail:artemis.in@tum.deserver:url:http://host.docker.internal:8080
Note
In GitLab, the password of a user must not be the same as the username and must fulfill specific requirements.
Therefore, there is a random password in the example above.
Start Artemis
Start Artemis with the gitlab and gitlabci profile.
This section describes how to set up a programming exercise environment based on the local CI and local VC systems.
These two systems are integrated into the Artemis server application and thus the setup is greatly simplified compared to the external options.
This also reduces system requirements as you do not have to run any systems in addition to the Artemis server.
For now, this setup is only recommended for development and testing purposes.
If you are setting Artemis up for the first time, these are the steps you should follow:
Create a file src/main/resources/config/application-local.yml with the following content:
artemis:user-management:use-external:false# if you do not wish to use Jira for user managementversion-control:url:http://localhost:8080
The values configured here are sufficient for a basic Artemis setup that allows for running programming exercises with the local VC and local CI systems.
Hint
If you are running Artemis in Windows, you also need to add a property artemis.continuous-integration.docker-connection-uri with the value tcp://localhost:2375.
The default value for this property is unix:///var/run/docker.sock which is defined in src/main/resources/config/application-localci.yml. The application-local.yml file overrides the values set there. When using Windows, you will also need make sure to enable the Docker setting “Expose daemon on tcp://localhost:2375 without TLS”. You can do this in Docker Desktop under Settings > General.
When you start Artemis for the first time, it will automatically create an admin user called “artemis_admin”. If this does not work, refer to the guide for the Jenkins and GitLab Setup to manually create an admin user in the database.
You can then use that admin user to create further users in Artemis’ internal user management system.
The local CI and local VC systems work fine without external user management configured so this step is optional.
Setting up Jira allows you to run a script that sets up a number of users and groups for you.
If you have already set up your system with Bamboo, Bitbucket, and Jira, you can keep using Jira for user management. Just stop the Bamboo and Bitbucket containers.
If you want to use Jira for user management, but have not configured it yet, refer to the guide for the Bamboo, Bitbucket and Jira Setup.
You can follow all steps to set up the entire Atlassian stack, or just get the license for Jira and only follow steps 1-3 leaving out the setup of the Bamboo and Bitbucket containers.
You can stop and remove the Bamboo and Bitbucket containers or just stop them in case you want to set them up later on.
You also need to configure further settings in the src/main/resources/config/application-local.yml properties:
artemis:user-management:use-external:trueexternal:url:http://localhost:8081user:<jira-admin-user># insert the admin user you created in Jirapassword:<jira-admin-password># insert the admin user's passwordadmin-group-name:instructors
All of these profiles are enabled by default when using the Artemis(Server,LocalVC&LocalCI) run configuration in IntelliJ.
Add jira to the list of profiles if you want to use Jira for user management: dev,localci,localvc,artemis,scheduling,local,jira
Please read Server Setup for more details.
Log in as a student registered for that course and participate in the programming exercise, either from the online editor or by cloning the repository and pushing from your local environment.
Make sure that the result of your submission is displayed in the Artemis UI.
Hint
At the moment, the local VC system only supports accessing repositories via HTTP(S) and Basic Auth. We plan to add SSH support in the future. For now, you need to enter your Artemis credentials (username and password) when accessing template, solution, test, and assignment repositories.
For unauthorized access, your Git client will display the respective error message:
You can also use Docker Compose to set up the local CI and local VC systems. Using the following command, you can start the Artemis and MySQL containers:
Unix systems: When running the Artemis container on a Unix system, you will have to give the user running the container permission to access the Docker socket by adding them to the docker group. You can do this by changing the value of services.artemis-app.group_add in the docker/artemis-dev-local-vc-local-ci-mysql.yml file to the group ID of the docker group on your system. You can find the group ID by running getentgroupdocker|cut-d:-f3. The default value is 999.
Windows: If you want to run the Docker containers locally on Windows, you will have to change the value for the Docker connection URI. You can add ARTEMIS_CONTINUOUSINTEGRATION_DOCKERCONNECTIONURI="tcp://host.docker.internal:2375" to the environment file, found in docker/artemis/config/dev-local-vc-local-ci.env. This overwrites the default value unix:///var/run/docker.sock for this property defined in src/main/resources/config/application-docker.yml.
Push notifications for the mobile Android and iOS clients rely on the Hermes service.
To enable push notifications the Hermes service needs to be started separately and the configuration of the Artemis instance must be extended.
The Hermes service is running on a dedicated machine and is addressed via
HTTPS. We need to extend the Artemis configuration in the file
src/main/resources/config/application-artemis.yml like:
The Athena service is running on a dedicated machine and is addressed via
HTTP. We need to extend the configuration in the file
src/main/resources/config/application-artemis.yml like so:
The Apollon conversion service is running on a dedicated machine and is addressed via
HTTP. We need to extend the configuration in the file
src/main/resources/config/application-artemis.yml like so:
Iris is an intelligent virtual tutor integrated into the Artemis platform.
It is designed to provide one-on-one programming assistance without human tutors.
The core technology of Iris is based on Generative AI and Large Language Models, like OpenAI’s GPT.
Iris also powers other smart features in Artemis, like the automatic generation of descriptions for hints.
This section outlines how to set up IRIS in your own Artemis instance.
The Pyris service is running on a dedicated machine and is addressed via
HTTP(s). We need to extend the configuration in the file
src/main/resources/config/application-artemis.yml like so:
On the first startup, there might be issues with the text_block table.
You can resolve the issue by executing ALTERTABLEtext_blockCONVERTTOCHARACTERSETutf8mb4COLLATEutf8mb4_unicode_ci;
in your database.
One typical problem in the development setup is that an exception occurs during the database initialization.
Artemis uses Liquibase to automatically upgrade the database scheme
after the data model has changed.
This ensures that the changes can also be applied to the production server.
In case you encounter errors with Liquibase checksum values:
Run the following command in your terminal / command line: ./gradlewliquibaseClearChecksums
You can manually adjust the checksum for a breaking changelog: UPDATE`DATABASECHANGELOG`SET`MD5SUM`=NULLWHERE`ID`='<changelogId>'
If you are using a machine with limited RAM (e.g. ~8 GB RAM) you might have issues starting the Artemis Client.
You can resolve this by following the description in Using the command line
When setting up the Bamboo, Bitbucket, and Jira, at the same time within the same browser,
you might receive the message that the Jira token expired.
You can resolve the issue by using another browser for configuring Jira,
as there seems to be a synchronization problem within the browser.
When you create a new programming exercise and receive the error message
Theproject<ProgrammingExerciseName>alreadyexistsintheCIServer.Pleasechooseadifferentshortname! and you have double checked that this project does not exist within
the CI Server Bamboo, you might have to renew the trial licenses for the Atlassian products.
Update Atlassian Licenses
You need to create new Atlassian Licenses, which requires you to retrieve the server id and navigate to the license editing page after
creating new trial licenses.
Bamboo: Retrieve the Server ID and edit the license in License key details(Administration > Licensing)
Bitbucket: Retrieve the Server ID and edit the license in License Settings(Administration > Licensing)
Jira: Retrieve the Server ID(System > System info) and edit the JIRA Service DeskLicense key
in Versions & licenses
When you push new code to Bitbucket (from your local machine or from the online code editor), for a Java or a Kotlin exercise and no result is being displayed in Artemis,
check the corresponding Bamboo build plan. If the plan failed and it says “No failed test found. A possible compilation error occurred.”, then check the logs.
If it says ./gradlew:Permissiondenied, then go to the build plan configuration (Actions -> Configure plan -> Default Job) and add chmod+xgradlew to the “Tests” Script before the ./gradlewcleantest line.
If it says Executionfailedfortask':compileJava'.>invalidsourcerelease:17, then change the ./gradlewcleantest command in the build configuration to ./gradlewcleantest-Dorg.gradle.java.home=/usr/lib/jvm/java-17-oracle (pointing to the Java installation that you added as a server capability).
There are certain scenarios, where a setup with multiple instances of the application server is required.
This can e.g. be due to special requirements regarding fault tolerance or performance.
Artemis also supports this setup (which is also used at the Chair for Applied Software Engineering at TUM).
Multiple instances of the application server are used to distribute the load:
A load balancer (typically a reverse proxy such as nginx) is added, that distributes the requests
to the different instances.
Note: This documentation focuses on the practical setup of this distributed setup.
More details regarding the theoretical aspects can be found in the Bachelor’s Thesis
Securing and Scaling Artemis WebSocket Architecture, which can be found here:
pdf.
Artemis uses a cache provider that supports distributed caching: Hazelcast.
All instances of Artemis form a so-called cluster that allows them to synchronize their cache.
You can use the configuration argument spring.hazelcast.interface to configure the interface on which Hazelcast
will listen.
One problem that arises with a distributed setup is that all instances have to know each other in order
to create this cluster.
This is problematic if the instances change dynamically.
Artemis uses a discovery service to solve the issue (named JHipster Registry).
{{artemis_eureka_urls}} must be the URL where Eureka is reachable,
{{artemis_ip_address}} must be the IP under which this instance is reachable and
{{artemis_eureka_instance_id}} must be a unique identifier for this instance.
You also have to setup the value jhipster.registry.password to the password of the registry
(which you will set later).
Note that Hazelcast (which requires Eureka) is by default binding to 127.0.0.1 to prevent other instances
to form a cluster without manual intervention.
If you set up the cluster on multiple machines (which you should do for a production setup),
you have to set the value spring.hazelcast.interface to the ip-address of the machine.
Hazelcast will then bind on this interface rather than 127.0.0.1,
which allows other instances to establish connections to the instance.
This setting must be set for every instance, but you have to make sure to adjust the ip-address correspondingly.
# Common configuration shared between all applicationsconfigserver:name:Artemis JHipster Registrystatus:Connected to the Artemis JHipster Registryjhipster:security:authentication:jwt:secret:''base64-secret:THE-SAME-TOKEN-THAT-IS-USED-ON-THE-ARTEMIS-INSTANCESeureka:client:service-url:defaultZone:http://admin:${jhipster.registry.password}@localhost:8761/eureka/
WebSockets should also be synchronized (so that a user connected to one instance can perform an action
which causes an update to users on different instances, without having to reload the page - such as quiz starts).
We use a so-called broker for this (named Apache ActiveMQ Artemis).
Adjust the configuration of the broker: sudovim/opt/broker/broker1/etc/broker.xml
<?xml version='1.0'?><configurationxmlns="urn:activemq"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xi="http://www.w3.org/2001/XInclude"xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd"><corexmlns="urn:activemq:core"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="urn:activemq:core "><name>0.0.0.0</name><journal-pool-files>10</journal-pool-files><acceptors><!-- STOMP Acceptor. --><acceptorname="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true;heartBeatToConnectionTtlModifier=6</acceptor></acceptors><connectors><connectorname="netty-connector">tcp://localhost:61616</connector></connectors><security-settings><security-settingmatch="#"><permissiontype="createNonDurableQueue"roles="amq"/><permissiontype="deleteNonDurableQueue"roles="amq"/><permissiontype="createDurableQueue"roles="amq"/><permissiontype="deleteDurableQueue"roles="amq"/><permissiontype="createAddress"roles="amq"/><permissiontype="deleteAddress"roles="amq"/><permissiontype="consume"roles="amq"/><permissiontype="browse"roles="amq"/><permissiontype="send"roles="amq"/><!-- we need this otherwise ./artemis data imp wouldn't work --><permissiontype="manage"roles="amq"/></security-setting></security-settings><address-settings><!--default for catch all--><address-settingmatch="#"><dead-letter-address>DLQ</dead-letter-address><expiry-address>ExpiryQueue</expiry-address><redelivery-delay>0</redelivery-delay><!-- with -1 only the global-max-size is in use for limiting --><max-size-bytes>-1</max-size-bytes><message-counter-history-day-limit>10</message-counter-history-day-limit><address-full-policy>PAGE</address-full-policy><auto-create-queues>true</auto-create-queues><auto-create-addresses>true</auto-create-addresses><auto-create-jms-queues>true</auto-create-jms-queues><auto-create-jms-topics>true</auto-create-jms-topics></address-setting></address-settings></core></configuration>
Service configuration: sudovim/etc/systemd/system/broker1.service
The last (and also easiest) part to configure is the file system:
You have to provide a folder that is shared between all instances of the application server (e.g. by using NFS).
You then have to set the following values in the application config:
Where {{artemis_repo_basepath}} is the path to the shared folder
The file system stores (as its names suggests) files, these are e.g. submissions to file upload exercises,
repositories that are checked out for the online editor, course icons, etc.
Artemis uses scheduled tasks in various scenarios: e.g. to lock repositories on due date, clean up unused resources, etc.
As we now run multiple instances of Artemis, we have to ensure that the scheduled tasks are not executed multiple times.
Artemis uses to approaches for this:
Tasks for quizzes (e.g. evaluation once the quiz is due) are automatically distributed (using Hazelcast)
Tasks for other exercises are only scheduled on one instance:
You must add the Scheduling profile to exactly one instance of your cluster.
This instance will then perform scheduled tasks whereas the other instances will not.
You have to change the nginx configuration (of Artemis) to ensure that the load is distributed between all instances.
This can be done by defining an upstream (containing all instances) and forwarding all requests to this upstream.
We DON’T support the usage of the Compose standalone binary (docker-compose command) as its installation
method is no longer supported by Docker.
We recommend the latest version of Docker Desktop or Docker Engine and Docker CLI with Docker Compose Plugin.
The minimum version for Docker Compose is 1.27.0+ as of this version the
latest Compose file format is supported.
Hint
Make sure that Docker Desktop has enough memory (~ 6GB). To adapt it, go to Settings->Resources.
Check that all local network ports used by Docker Compose are free (e.g. you haven’t started a local MySQL server
when you would like to start a Docker Compose instance of mysql)
Run dockercomposepull&&dockercomposeup in the directory docker/
Run dockercomposedown in the directory docker/ to stop and remove the docker containers
Tip
The first dockercomposepull command is just necessary the first time as an extra step;
otherwise, Artemis will be built from source as you don’t already have an Artemis Image locally.
For Arm-based Macs, Dev boards, etc., you will have to build the Artemis Docker Image first, as we currently do not
distribute Docker Images for these architectures.
Overview of the Artemis Docker / Docker Compose structure
The easiest way to configure a local deployment via Docker is a deployment with a docker compose file.
In the directory docker/ you can find the following docker compose files for different setups:
artemis-dev-mysql.yml: Artemis-Dev-MySQL Setup containing the development build of Artemis and a MySQL DB
artemis-dev-postgres.yml: Artemis-Dev-Postgres Setup containing the development build of Artemis and
a PostgreSQL DB
artemis-prod-mysql.yml: Artemis-Prod-MySQL Setup containing the production build of Artemis and a MySQL DB
artemis-prod-postgres.yml: Artemis-Prod-Postgres Setup containing the production build of Artemis and
a PostgreSQL DB
atlassian.yml: Atlassian Setup containing a Jira, Bitbucket and Bamboo instance
(see Bamboo, Bitbucket and Jira Setup Guide
for the configuration of this setup)
gitlab-gitlabci.yml: GitLab-GitLabCI Setup containing a GitLab and GitLabCI instance
gitlab-jenkins.yml: GitLab-Jenkins Setup containing a GitLab and Jenkins instance
(see Gitlab Server Quickstart Guide for the configuration of this setup)
monitoring.yml: Prometheus-Grafana Setup containing a Prometheus and Grafana instance
mysql.yml: MySQL Setup containing a MySQL DB instance
nginx.yml: Nginx Setup containing a preconfigured Nginx instance
postgres.yml: Postgres Setup containing a PostgreSQL DB instance
There is also a single docker-compose.yml in the directory docker/ which mirrors the setup of artemis-prod-mysql.yml.
This should provide a quick way, without manual changes necessary, for new contributors to startup an Artemis instance.
If the documentation just mentions to run dockercompose without a -f<file.yml> argument, it’s
assumed you are running the command from the docker/ directory.
For each service being used in these docker compose files, a base service (containing similar settings)
is defined in the following files:
artemis.yml: Artemis Service
mysql.yml: MySQL DB Service
nginx.yml: Nginx Service
postgres.yml: PostgreSQL DB Service
gitlab.yml: GitLab Service
jenkins.yml: Jenkins Service
For testing mails or SAML logins, you can append the following services to any setup with an artemis container:
mailhog.yml: Mailhog Service (email testing tool)
saml-test.yml: Saml-Test Service (SAML Test Identity Provider for testing SAML features)
Base services (compose file with just one service) and setups (compose files with multiple services)
should be located directly in docker/.
Additional files like configuration files, Dockerfile, …
should be in a subdirectory with the base service or setup name (docker/<baseserviceorsetupname>/).
Everything related to the Docker Image of Artemis (built by the Dockerfile) can be found
in the Server Setup section.
All Artemis-related settings changed in Docker Compose files are described here.
The artemis.ymlbase service (e.g. in the artemis-prod-mysql.yml setup) defaults to the latest
Artemis Docker Image tag in your local docker registry.
If you want to build the checked-out version run dockercomposebuildartemis-app before starting Artemis.
If you want a specific version from the GitHub container registry change the image: value to the desired image
for the artemis-app service and run dockercomposepullartemis-app.
See the Debugging with Docker section for detailed information.
In all development docker compose setups like artemis-dev-mysql.yml Java Remote Debugging is enabled by default.
To keep the documentation short, we will use the standard form of dockercomposeCOMMAND from this point on.
You can use the following commands also with the -fdocker/<setuptobelaunched>.yml argument pointing
to a specific setup.
app container:
dockercomposeexecartemis-appbash or if the container is not yet running:
dockercomposerun--rmartemis-appbash
mysql container:
dockercomposeexecmysqlbash or directly into mysql dockercomposeexecmysqlmysql
Docker is a platform for developing, shipping and running applications.
In our case, we will use it to build the images which we will deploy.
It is also needed from k3d to create a cluster. The cluster nodes are deployed on Docker containers.
Docker Hub is a service provided by Docker for finding and sharing container images.
Account in DockerHub is needed to push the Artemis image which will be used by the Kubernetes deployment.
k3d is a lightweight wrapper to run k3s which is a lightweight Kubernetes distribution in Docker.
k3d makes it very easy to create k3s clusters especially for local deployment on Kubernetes.
Windows users can use choco to install it. More details can be found in the link under OtherInstallationMethods
kubectl is the Kubernetes command-line tool, which allows you to run commands against Kubernetes clusters.
It can be used to deploy applications, inspect and manage cluster resources, and view logs.
To be able to deploy Artemis on Kubernetes, you need to set up a cluster.
A cluster is a set of nodes that run containerized applications.
Kubernetes clusters allow for applications to be more easily developed, moved and managed.
With the following commands, you will set up one cluster with three agents as well as Rancher
which is a platform for cluster management with an easy to use user interface.
IMPORTANT: Before you continue make sure Docker has been started.
Set environment variables
The CLUSTER_NAME, RANCHER_SERVER_HOSTNAME and KUBECONFIG_FILE environment variables need to be set
so that they can be used in the next commands.
If you don’t want to set environment variables you can replace their values in the commands.
What you need to do is replace $CLUSTER_NAME with “k3d-rancher”, $RANCHER_SERVER_HOSTNAME with “rancher.localhost”
and $KUBECONFIG_FILE with “k3d-rancher.yml”.
With the help of the commands block below you can create a cluster with one server and three agents
at a total of four nodes.
Your deployments will be distributed almost equally among the 4 nodes.
Using k3dclusterlist you can see whether your cluster is created and how many of its nodes are running.
Using kubectlgetnodes you can see the status of each node of the newly created cluster.
You should also write the cluster configuration into the KUBECONFIG_FILE.
This configuration will be later needed when you are creating deployments.
You can either set the path to the file as an environment variable or replace it with “<path-to-kubeconfig-file>”
when needed.
For macOS/Linux:
k3d cluster create $CLUSTER_NAME --api-port 6550 --servers 1 --agents 3 --port 443:443@loadbalancer --wait
k3d cluster list
kubectl get nodes
k3d kubeconfig get $CLUSTER_NAME > $KUBECONFIG_FILE
export KUBECONFIG=$KUBECONFIG_FILE
For Windows:
k3d cluster create $env:CLUSTER_NAME --api-port 6550 --servers 1 --agents 3 --port 443:443@loadbalancer --wait
k3d cluster list
kubectl get nodes
k3d kubeconfig get ${env:CLUSTER_NAME} > $env:KUBECONFIG_FILE
$env:KUBECONFIG=($env:KUBECONFIG_FILE)
Install cert-manager
cert-manager is used to add certificates and certificate issuers as resource types in Kubernetes clusters.
It simplifies the process of obtaining, renewing and using those certificates.
It can issue certificates from a variety of supported sources, e.g. Let’s Encrypt, HashiCorp Vault, Venafi.
In our case, it will issue self-signed certificates to our Kubernetes deployments to secure the communication
between the different deployments.
Before the installation, you need to add the Jetstack repository and update the local Helm chart repository cache.
cert-manager has to be installed in a separate namespace called cert-manager so one should be created as well.
After the installation, you can check the status of the installation.
Rancher is a Kubernetes management tool that allows you to create and manage Kubernetes deployments
more easily than with the CLI tools.
You can install Rancher using Helm - the package manager for Kubernetes.
It has to be installed in a namespace called cattle-system and
we should create such a namespace before the installation itself.
During the installation, we set the namespace and the hostname on which Rancher will be accessible.
Then we can check the installation status.
You will be notified that the connection is not private.
The reason for that is that the Rancher deployment uses a self-signed certificate by an unknown authority ‘dynamiclistener-ca’.
It is used for secure communication between internal components.
Since it’s your local environment this is not an issue and you can proceed to the website.
If you can’t continue using the Chrome browser, you can try with another browser, e.g. Firefox.
You will be prompted to set a password which later will be used to log in to Rancher.
The password will often be used, so you shouldn’t forget it.
Then you should save the Rancher Server URL, please use the predefined name.
After saving, you will be redirected to the main page of Rancher, where you see your clusters.
There will be one local cluster.
You can open the workloads using the menu, there will be no workloads deployed at the moment.
Create a new namespace in Rancher
Namespaces are virtual clusters backed by the same physical cluster. Namespaces provide a scope for names.
Names of resources need to be unique within a namespace, but not across namespaces.
Usually, different namespaces are created to separate environments deployments e.g. development, staging, production.
For our development purposes, we will create a namespace called artemis.
It can be done easily using Rancher.
Navigate to Namespaces using the top menu of Rancher
Select AddNamespace to open the form for namespace creation
Put artemis as namespace’s name and select the Create button
The Artemis image will be stored and managed in DockerHub. Kubernetes will pull it from there and deploy it afterwards.
After you log in to your DockerHub account you can create as many public repositories
as you want.
To create a repository you need to select the Createrepository button.
DockerHub:
Then fill in the repository name with artemis. Then use the Create button to create your repository.
The username in DockerHub is called Docker ID.
You need to set your Docker ID in the artemis-deployment.yml resource so that Kubernetes knows
where to pull the image from.
Open the src/main/kubernetes/artemis/deployment/artemis-deployment.yml file and edit
template:spec:containers:image:<DockerId>/artemis
and replace <DockerId> with your docker ID in DockerHub
To run Artemis, you need to configure the Artemis’ User Management, Version Control and Continuous Integration.
You can either run it with Jira, Bitbucket, Bamboo or Jenkins, GitLab.
Make sure to configure the src/main/resources/config/application-artemis.yml file with the proper configuration
for User Management, Version Control and Continuous Integration.
You should skip setting the passwords and token since the Docker image that we are going to build is going to include
those secrets.
You can refer to chapter Add/EditSecrets for setting those values.
If you want to configure Artemis with Bitbucket,Jira,Bamboo you can set a connection to existing staging or
production deployments.
If you want to configure Artemis with local user management and no programming exercises continue with
ConfigureLocalUserManagement.
If you want to run with local user management and no programming exercises setup follow the steps:
1. Go to the src/main/resources/config/application-artemis.yml file, and set use-external in
the user-management section to false.
If you have created an additional application-local.yml file as it is described in the
Setup documentation, make sure to edit this one.
Another possibility is to add the variable directly in src/main/kubernetes/artemis/configmap/artemis-configmap.yml.
data:artemis.user-management.use-external:"false"
2. Remove the jira profile from the SPRING_PROFILES_ACTIVE field in the ConfigMap found at
src/main/kubernetes/artemis/configmap/artemis-configmap.yml
Now you can continue with the next step BuildArtemis
ConfigMaps are used to store configuration data in key-value pairs.
You can change the current Spring profiles used for running Artemis in the
src/main/kubernetes/artemis/configmap/artemis-configmap.yml file by changing SPRING_PROFILES_ACTIVE.
The current ones are set to use Bitbucket, Jira and Bamboo.
If you want to use Jenkins and GitLab please replace bamboo,bitbucket,jira with jenkins,gitlab.
You can also change prod to dev if you want to run in development profile.
Kustomization files declare the resources that will be deployed in one place and with their help we can do
the deployment with only one command.
Once you have your Artemis image pushed to Docker you can use the kustomization.yml file in src/main/kubernetes
to deploy all the Kubernetes resources.
You can do it by executing the following command:
It may take some time but in the end, you should see that all the workloads have Active status.
In case there is a problem with some workloads you can check the logs to see what the issue is.
You will get the same “Connection is not private” issue as you did when opening https://rancher.localhost/.
As said before this is because a self-signed certificate is used and it is safe to proceed.
It takes several minutes for the application to start.
If you get a “Bad Gateway” error it may happen that the application has not been started yet.
Wait several minutes and if you still have this issue or another one you can check out the pod logs
(described in the next chapter).
Open the workload which logs you need to check.
There is a list of pods. Open the menu for one of the pods and select ViewLogs.
A pop-up with the logs will be opened.
If the Artemis application is successfully deployed but there is an error while trying to run the application,
the reason is most likely related to the Artemis yml configuration files.
One of the common errors is related to missing server.url variable.
You can fix it by adding it as an environment variable to the Artemis deployment.
