bomonike

odoo.png

Our Bomonike Club

Here we created a way to learn deeply so that we can become professionals quickly yet competently.

How this is different?

Some on YouTube ask you for money to join a learning group. You get links to private videos. But you find them a waste time because the videos are high level or you see others fumble around starting from scatch.

The tragedy is that everyone ends up with incomplete, insecure automation to do work. They are not repeatable by others.

Here we learn to improve DevSecOps and Cloud assets of production-level complexity and security, just like you would on the job.

First, our strategy is to automate where we can, then document the manual steps.

We have a specific way to code the automation (with variables) so they are flexible to accomodate variations.

As each person makes use of the automation and stumbles through the documented steps, a video is made that others can see specifically what happened.

Then code can be changed, missing steps be added, or steps be made clear.

No more stumbling around desperetly trying random changes for hours.

It takes a village and here’s your village.

Odoo

Odoo.com receives 10m visits/month.

“Odoo is the most installed business software in the world. Odoo is used by 2.000.000 users worldwide ranging from very small companies (1 user) to very large ones (300 000 users).” – source

Odoo in 2024 has 12 million users worldwide. Shell, McKinsey are customers https://www.odoo.com/customers

Odoo aims for the “sweet spot” of both high functionality with ease-of-use.

The Company

Odoo began in 2005 by founder VIDEO: Fabien Pinckaers, who is now CEO.

They are in Brussels, Belgium, the software has been internationalized for localization into various dialects of French (BE, CA, CH) and other languages.

Support to partners are from India.

https://www.glassdoor.com/Reviews/Odoo-Reviews-E749314.htm

LinkeIn reports that while there has been a 83% 2-year growth in 22-24, the Median employee tenure is 1.6 years.

Odoo on 2024 was rated the #9 CRM by Digital implementation guru Eric Emberling of 3rd Stage Consulting.

Open Source?

Since Odoo touts itself as “open source”, let’s look at their source.

From inception, Odoo S.A (formerly OpenERP S.A) has released the core software as open source. Since release V9.0, the company has transitioned to an open core model, which provides subscription-based proprietary enterprise software and cloud-hosted software as a service, in addition to the open source version.

In 2013, the not-for-profit Odoo Community Association - odoo-community.org (OCA) - was formed to promote the widespread use of Odoo and to support the collaborative development of Odoo features.

https://www.odoo.com/documentation/17.0

  1. Pay the OCA membership of 50 euros a year. Opt-in to be listed in the Directory of members around the world.

  2. Sign the CLA so you can add the “Contributor” logo to your profile.

    https://github.com/odoo/odoo/blob/master/doc/cla/sign-cla.md

  3. Organize a Sprint where contributors work together.

    https://github.com/OCA/odoo-community.org/blob/master/website/Contribution/CONTRIBUTING.rst

  4. Attend events:

    #odoo17 was announced November 2023 at the Odoo Experience (OXP) conference (#OdooExperience)

    OCA sponsors OCA Days 2024 on 30th September - 1st October 2024 at Val Benoit, Liège, Belgium.

    OSICON 2023

    https://www.linkedin.com/pulse/29-what-odoo-why-its-smart-erp-choice-businesses-william-mcmahon-ozihe

The five types of Project (PSC) Teams:

  1. Functional Teams (accounting, marketing…)

  2. Vertical Interest Teams (hotel, construction, medical…)

  3. Localization Teams (by country)

  4. Connector Teams (integrate Odoo with other software)

  5. Community Tools Teams (providing support to members, e.g. Backport, OpenUpgrade, admin)

Switch from Community to Enterprise begins with a backup, shutdown, install of the web_enterprise module.

Pricing

15 day free trial

“Most ERP vendors estimate software should cost about 3% of annual sales.”

The $3,950 partner fee per year includes $2,600 discounts for internal use by 5 users.

Partnerships

  1. VIDEO: Play a card game about setting up and scaling a business - 7 business cases of 8 to 10 cards each. $24.78 paper or enter data into https://Odoo.com/scaleup. https://www.odoo.com/scaleup-teacher

  2. Build a business management course and get free unlimited access for 24 months.

  3. Ready Partner 10% - 1 cert, 10 users 6mos
  4. Silver 15% - 75 users - 3 certs
  5. Gold 20% - 300 users - 6 certs

sh 50% hosting up to 1728/yr /proj - datacenter in Wyoming

QUESTION: Datacenters for disaster recovery and data soverignty in Singapore, Germany, etc?

177 partners in the US vs 3000 worldwide

Certification

There is a certification for each major release. https://www.odoo.com/slides/odoo-17-certification-331 The $250 Odoo 17 Certification online, answer 70% of 120-questions in 1.5 hours about 16 modules (in English or Spanish):

General Settings

https://www.odoo.com/documentation/master/applications/general/apps_modules.html

HTML fragments and pages in Odoo are generated using Odoo’s xQWeb Templates XML templating engine. It’s simliar to Jinja (Python), ERB (Ruby) or Twig (PHP).

Official Modules

Links to the public demo instance, listed like at https://www.odoo.com/page/editions

  1. Apps to select what appears in the main screen:

odoo-modules-demo5-800x788.png
Click for full screen.

More apps appear on the localhost created using Docker:

Categories:

  1. Settings
  2. Dashboards
  3. Contacts

  4. Gamification

  5. Kitchen Display (new app?)

    Accounting (and Finance) apps

    https://www.odoo.com/documentation/master/applications/finance/accounting.html

  6. Accounting Demo

  7. Invoicing [Ent] Payments
    [Ent]: AI

    LOCAL:

  8. Payroll [Ent] Expense Digitization (OCR), Reimbursement in Payslip
  9. Documents [Ent]
    [Ent]: Spreadsheet (BI)

  10. Sign Demo [Ent]

    Sales apps

    https://www.odoo.com/documentation/master/applications/sales/crm.html

  11. Sales demo

  12. CRM (Customer Relationship Management) demo

  13. POS (Point of Sale Shop Registers) demo
    [Ent]: Loyalty Programs and Gift Cards

  14. POS (Point of Sale Restaurant)

  15. Subscriptions [Ent] demo

  16. VoIP
  17. Rental [Ent] demo
  18. Amazon Connector [Ent]

  19. eBay Connector [Ent]

    Website apps

    https://www.odoo.com/documentation/master/applications/websites/website.html

  20. Website Builder
  21. eCommerce (shopping, payments, Stripe, PayPal)
  22. Blog
  23. Forum
  24. Live Chat

  25. eLearning

    Inventory (& MRP) apps

    https://www.odoo.com/documentation/master/applications/inventory_and_mrp/inventory.html

  26. Inventory demo
    [Ent]: Barcode

  27. Purchase demo

    LOCAL:

  28. LOCAL: Barcode [Ent]

  29. LOCAL: Repairs [Ent]

    Manufacturing apps

  30. Manufacturing Track equipment and manage maintenance requests
  31. MRP II Work Orders, Planning, Routing demo
    [Ent]: Workcenter, Control Panel, Scheduling
  32. PLM (Product Lifecycle Management) PLM, ECOs, Versions [Ent] VIDEO
  33. Maintenance

  34. Quality [Ent]

    LOCAL:

  35. Shop Floor demo

    Human Resources

    Human Resources

    https://www.odoo.com/documentation/master/applications/hr/attendances.html

  36. Expenses Submit, validate and reinvoice employee expenses demo
  37. Employees Centralize employee information demo
    [Ent]: Departmental Dashboards
  38. Recruitment Track your recruitment pipeline demo
  39. Time Off Allocate PTOs and follow leaves requests demo
  40. Referrals [Ent]
  41. Appraisals [Ent]

  42. Fleet (https://github.com/odoo/odoo/tree/master/addons/fleet)

    LOCAL:

  43. LOCAL: Skills Management - Manage skills, knowledge and resume of your employees
  44. LOCAL: Lunch - Handle lunch orders of your employees
  45. LOCAL: Employee Contracts

  46. LOCAL: Attendances

    Marketing apps

    https://www.odoo.com/documentation/master/applications/marketing/email_marketing.html

  47. Social Marketing [Ent]
  48. Email Marketing demo
    [Ent]: Mailing Templates
  49. SMS Marketing
  50. Events demo
  51. Marketing Automation [Ent]

  52. Surveys

    Services apps

    https://www.odoo.com/documentation/master/applications/services/project.html

  53. Projects demo
  54. Timesheets demo
  55. Field Service demo [Ent]

  56. Planning demo [Ent] (Schedules)

    LOCAL:

  57. Helpdesk Helpdesk [Ent] Tickets

  58. Appointments demo [Ent]

    Productivity apps

    https://www.odoo.com/documentation/master/applications/productivity/documents.html

  59. Knowlege demo

  60. Discuss Discuss

    Not in LOCAL:

  61. Approvals
  62. VoIP (Voice over Internet Protocol) [Ent]
  63. IoT (Internet of Things) [Ent]

  64. WhatsApp

  65. LOCAL: Data Recycle - Find old records and archive/delete them
  66. LOCAL: To-do demo

  67. LOCAL: Calendar demo VIDEO

    Administration

  68. Studio Create and Customize Applications [Ent]
  69. Android & iPhone - Support for Google Play & iOS Apps [Ent]

No warehousing

Contrast Odoo’s modules against the definition of Enterprise Resource Planning in this CC BY-SA 3.0 diagram by Shing Hin Yeung:

Addon Modules

https://github.com/odoo/odoo/tree/master/addons/hr

Among https://apps.odoo.com/apps are 40,000 community-developed apps stored with
https://github.com/odoo/odoo/tree/master/addons

Industries (Verticals)

odoo-docker-indus-240522.png The most comprehensive menu is from the official Docker image, under each CATEGORIES, alphabetically:

https://apps.odoo.com/apps/modules/17.0/software_reseller/

Audit Trails

Observability: logs, traces

estate_property in the models API should be created.

Repositories

  1. See odoo’s repositories:

    https://github.com/odoo

    https://www.odoo.com/documentation/17.0/ https://github.com/odoo/technical-training-solutions

  2. One comment about Odoo is that it doesn’t have major industry-specific packs like NetSuite. However, oDoo has small industry demos at:

    https://github.com/odoo/industry

  3. Design themes

    https://github.com/odoo/design-themes

    https://github.com/odoo/odoodays-2014/blob/master/create_themes/index.rst

  4. See odoo’s odoo repository

    https://github.com/odoo/master/odoo

  5. Notice in the right column of odoo’s repositories

    https://github.com/odoo/odoo/wiki

  6. Link to “Qualified Wishlist” items open:

    https://github.com/odoo/odoo/issues?q=is%3Aopen+is%3Aissue+label%3Awishlist

  7. Count number of corporate agreements within the doc/cla/corporate folder:

    https://github.com/odoo/odoo/tree/17.0/doc/cla/corporate

  8. Contributor analysis

    PROTIP: On the right column of the page, GitHub reports (as of May 17, 2024) 1,943 contributors over the life of the repository.

    QUESTION: If we look up the maintainers’ email addresses from the git log and politely inquire about the project’s status, what are their backgrounds? Are they paid or volunteers?

  9. Code composition analysis

    PROTIP: GitHub reports that half of Odoo’s code is in Python language. There is also JavaScript, SCSS (Sassy CSS preprocessor), CSS, HTML, Shell script. SCSS in .scss files extends the functionality of regular CSS with features like variables, nested rules, mixins, functions, and more. It introduces programming constructs that allow developers to write more modular, reusable, and maintainable CSS code.

  10. Select Odoo’s Server Framework tutorial version at the upper-right:

    https://www.odoo.com/documentation/master/developer/tutorials/server_framework_101.html

    Odoo’s presentation tier is being transitioned from (modern) HTML5, JavaScript and CSS to OWL XML framework to generate user interfaces in the browser.

    https://odoo.github.io/owl/playground/

    https://medium.com/cybrosys/introduction-to-odoo-owl-framework-29cbe9111919

    The logic tier is exclusively written in Python objects.
    An ORM (Object Relational Mapping) layer is used to access data stored in a PostgreSQL RDBMS.

    Only the Enterprise version supports mobile.

  11. Analyze Issues metrics (Time to First Response, Time to Close, Time in Label): https://github.com/github/issue-metrics https://www.reddit.com/r/devops/comments/ys5ivs/github_actions_metrics/ https://github.com/Spendesk/github-actions-exporter

  12. Determine the rate of Issue closure ???

  13. Trend of issues

    #165024 transitioning all frontend code from jQuery to Vanilla JavaScript.

  14. Use the “lovely-forks” browser extension to see if the project has any notable forks where development may be continuing.

  15. Pull requests: Are they being fixed promptly (being maintained)?

  16. Click Insights to view statistics about it

    Excluding merges, 155 authors have pushed 159 commits to 17.0 and 832 commits to all branches. On 17.0, 866 files have changed and there have been 23,203 additions and 5,528 deletions.

  17. Click on the branch list to scroll to identify the default branch (17.0).

    See “This branch is 6612 commits ahead of, 4391 commits behind 17.0.”

    CAUTION: The master branch is not production? We should not use it.

  18. Click “branches” to view branch metadata at:

    https://github.com/odoo/odoo/branches/active

    View odoo locally

    If you would like to view files locally:

  19. Instead of getting all branches (which consumed 9.2G on May 8, 2024)
    PROTIP: download only the branch for the latest named version, not the master (which consumed 1.1G):

    git clone --branch "17.0" git@github.com:odoo/odoo.git
cd odoo
du -sh
git branch

    NOTE: On-prem. servers load Odoo within install script.

Hosting Options

References: Comparing Odoo SaaS, Odoo On-Premise, and SH:

There are different ways to create an instance of odoo:

A. In Odoo’s cloud running SaaS (Software as a Service). The easiest with a subscription.

B. On-premises on machines you build and maintain. For experimentation with add-ons.

References: We use Debian (instead of Ubuntu, Red Hat, Centos, etc.):

https://www.linkedin.com/pulse/odoo-deployment-when-opt-container-based-solutions-docker-kubernetes-hbmrf

C. odoo.sh aka “hybrid” Odoo-managed PaaS (Platform as a Service) where you create your own cloud platform by clicking on odoo’s UI. It also encompasses an email server. Tools provided include:

D. On-premises within a private cloud instance you build and maintain. The most difficult.

Assets

References:

Assets referenced by this article are at a private repo:

   <a target="_blank" href="https://github.com/bomonike/odoo-setup/"><strong>https://github.com/bomonike/odoo-setup</strong></a>

  1. Request to join via Patreon.

  2. If you have not been made a contributor, generate a GitHub Personal Access Token for read access:

    1. You need a GitHub account with SSH certificates.
    2. At your GitHub’s Account settings > Developer settings > Fine-grained Personal access tokens:

      https://github.com/settings/tokens
    3. Click “Generate new token”. Confirm access. Select Expiration “7 days”. Give token a descriptive name (with a date).
    4. Under “Select scopes”, check the “read:packages” scope to grant read access to private repositories.
    5. Click green “Generate token”. Click the icon to copy the generated token to paste.

  3. Open a Terminal and navigate to a folder where Git will create a folder.

  4. Load the assets associated with our project

    git clone git@github.com:bomonike/odoo-setup.git
cd odoo-setup
du -sh
git branch

    du -sh reported 196K for all branches/history.

    The repo contains shell scripts to load Odoo onto on-prem. machines and in each private cloud.

Install local Linux Debian machine running odoo installed directly

References:

  1. Obtain and connect a blank USB hard drive for your rig.

  2. Format it as “Ext”.

    NOTE: On a Zimaboard, the 31.3 GB MMC/SD card onboard (mmcblk0) BJTD4R should not be used to run apps.

  3. Verify that the blank drive is formatted correctly (among all the drives and partitions connected to your system)

    fdisk -l

    The reponse should say ???

  4. Obtain the latest stable Debian (Linux) image for running on AMD64:

    1. At https://www.debian.org/releases/bookworm/debian-installer/
      under “full DVD sets” select “amd64” for Zimaboard. Scroll to bottom to click
      “debian-12.5.0-amd64-DVD-1.iso” to start downloading from:
      https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.5.0-amd64-DVD-1.iso for 3.99 GB.

    Alternately, the “netinst CD image” for “amd64” for 659.6 MB.

    1. In Finder, wait until file “Unconfirmed … -crdownload” disappears and “debian-12.5.0-amd64-DVD-1.iso” appears with MB.
    2. Eject the USB drive.
    3. Optionally, also download file SHA521SUMS

  5. Use the balenEtcher.app to create a bootable USB from the .iso file.

    Alternately, use Rufus.

    Prepare the preseed file

    VIDEO PROTIP: Running “autoinstall” using a preconfiguration (preseed) file instead of manually clicking every time makes for less mistakes, less tedius debugging, and better repeatability.

    • https://wiki.debian.org/DebianInstaller/Preseed
    • https://www.debian.org/releases/stable/amd64/apb.en.html references sample file
    • https://www.debian.org/releases/bookworm/example-preseed.txt

    Customization to the file can be made. Saving the file in GitHub provides an audit trail of who made what changes when.

    PROTIP: Many prefer to use the replace command which ships with the “mysql-server” package such that:

    # replace string abc to XYZ in files:
replace "abc" "XYZ" -- file.txt file2.txt file3.txt
# or pipe an echo to replace:
echo "abcdef" | replace "abc" "XYZ"

  6. Retrieve the bookworm_preseed.txt preconfiguration (preseed) file in:

    https://github.com/bomonike/odoo-setup/blob/main/debian/bookworm_preseed.txt

    “bookwarm” in the name of the file specifies the version of Debian because each release has slightly different values.

  7. Generate strong root and user passwords, then store them in a 3rd-party central secrets vault.

    PROTIP: Provide a salt value to an algorithm defined in the /etc/shadow file. ??? Example:

    mkpasswd -m sha-512 -S $(pwgen -ns 16 1) mypassword
ROOT_PASSWORD="$mypassword"

    Replace the “[crypt(3) hash]” handle within the file:

    sed -i -e 's/[crypt(3) hash]/$ROOT_PASSWORD/g' /tmp/bookworm_preseed.txt

    PROTIP: On macOS and other BSD-based platforms, you need an explicit option argument -i ‘’

    A sample result within the file: d-i passwd/root-password-crypted password $1$CHp7HkQW$Z2ZTY5cZMurbwbqU1zaS.1

    Optionally, setup a password checker app to verify whether a password is among common ones.

  8. Replace the “bomonike.com” handle within the file with the value of MY_DOMAIN_NAME obtained from a common .env file referenced by other processes:

    sed -i -e 's/my_domain_name/$MY_DOMAIN_NAME/g' /tmp/bookworm_preseed.txt

    A sample result within the file: d-i netcfg/get_domain string bomonike.com

  9. Replace the “Debian User” handle within the file with the value of MY_ADMIN_FULL_NAME obtained from a common .env file referenced by other processes:

    sed -i -e 's/Debian User/$MY_ADMIN_FULL_NAME/g' /tmp/bookworm_preseed.txt

    A sample result within the file: d-i passwd/user-fullname string Debian User

  10. Replace the “debian1234” handle within the file with the value of MY_ADMIN_USER_NAME obtained from a common .env file referenced by other processes:

    sed -i -e 's/debian1234/$MY_ADMIN_USER_NAME/g' /tmp/bookworm_preseed.txt

    A sample result within the file: d-i passwd/username string debian1234

  11. Replace the “Mountain” handle within the file with the value of MY_TIMEZONE obtained from a common .env file referenced by other processes:

    sed -i -e 's/Eastern/$MY_TIMEZONE/g' /tmp/bookworm_preseed.txt

    A sample result within the file: d-i time/zone string US/Mountain

  12. TODO: Make the preconfiguration file available to the Debian installer. This can be a URL to a server in the local network such as: TODO:

    http://198.168.1.33/files/projectx/debian_preseed.txt

    Power-up to run install

  13. Ensure that the HDMI cable from your machine is connected to the powered-up monitor.
  14. Insert the USB and hold the F11 key during power-up.

  15. Select the device preference to boot up from USB.

  16. When the “UEFI Installer menu” appears, select “Accessible dark contrast installer menu”.
  17. Select “Autoinstall” to use the preseed file.

  18. Select the Installer

    Entries without “#” comment in this file are in the sequence of manual steps for regular install:

    1. Language and Localization Locale: d-i debian-installer/locale string en_US
    2. Keyboard Keymap: American English = d-i keyboard-configuration/xkb-keymap select us
    3. Network: enp2s0 = d-i netcfg/choose_interface select auto
    4. Hostname: debian = d-i netcfg/get_hostname string debian
    5. Domain name: d-i netcfg/get_domain string mydomain_name

    6. Root password: Encrypted d-i passwd/root-password-crypted password [crypt(3) hash]

      PROTIP: Normally, administrators use sudo instead of root. However, odoo’s debinstall.sh insists on use of root.

    7. Full name of user: d-i passwd/user-fullname string Debian User
    8. User name: d-i passwd/username string debian1234
    9. Password: d-i passwd/user-password-crypted password [crypt(3) hash]

    10. Set Time to UTC: d-i clock-setup/utc boolean true
      PROTIP: It is the standard for many enterprises to have all servers be set to the same time zone - UTC - which has no time change jumps twice a year.

    11. Time Zone: d-i time/zone string US/Eastern
    12. Partioning: d-i partman-auto/method string lvm

    An sample disk selection: SCSI4 (0,0,0) (sdb) - 2.0 TB Samsung PSSD T7 where ext4 file system is installed.

    NOTE: LVM (Logical Volume Management) is used on servers and in enterprise environments where storage needs are dynamic and require frequent resizing or reorganization of disk space. It simplifies storage administration by abstracting the physical disk layout. LVM is a disk partitioning technique that provides a layer of abstraction over physical storage devices, allowing for more flexible and dynamic allocation of disk space. LVM partitioning works by initializing physical disks Physical Volumes (PVs). PVs are combined into Volume Groups (VGs), which act as storage pools. Within a VG, Logical Volumes (LVs) are created from the available space. PVs can be added or removed from a VG while the system is running, providing more flexibility for storage expansion. LVs function similar to traditional disk partitions but with more flexibility because LVs can be resized (grown or shrunk) while online by adding or removing space from the underlying VG, without disrupting applications using the LV. LVs can span across multiple PVs in the same VG, allowing for volumes larger than a single disk.

  19. If the disk cannot be read, format the disk to “Ext” on another machine.

  20. Select an archive location. In the United States, deb.debian.org
  21. Press Enter if you don’t need a proxy.
  22. Wait for “Retrieving” messages, then “Select and install software”.
  23. Reply “No” to the survey question.

  24. Software selection is the “Debian desktop environment”, MATE, and “Standard system utilities”.

  25. Reply “Yes” to install GRUB boot loader.

  26. Select the device for boot loader installation. Example for using the Samsung T7 USB drive:

    /dev/sda (usb-Samsung-PSSD_T7_S5TCNS0RB12345K-0:0)

  27. Click “Continue” to “Installation complete” to cause a reboot.
  28. Power down. Remove the USB stick.

  29. Power up.

    Debian login

  30. Login using your user name and password.

    PROTIP: The preferred security practice is to store a salted one-way hash of the password in the database instead of the password itself. When a user enters a password, it is hashed for comparison with the hash in the database. That way, if a hacker or rogue admin manages to steal the user database, they cannot (even using quantum computers) extract passwords. To thwart the use of “rainbow tables” based on already compromised passwords, a “salt” value added to each password to make each hash unique (using a program such as bcrypt)

    Configure Debian to Use UTC

  31. In the Terminal, edit the file:

    sudo nano /etc/adjtime

  32. Change the last field from LOCAL to UTC and save the file.

  33. Reconfigure the tzdata package:

    sudo dpkg-reconfigure tzdata

  34. Select None of the above when asked to select your geographic area.

    Obtain memtest88 to test memory

  35. Install:

    sudo apt install memtest86+

    This should add to the GRUB boot menu a “Memory Test” option.

    That’s because although the memtester utility can be run from Terminal:

    sudo apt install memtester
memtester 512M 1

    But due to kernel limitations, that command can only test a portion of memory.

  36. So reboot your system to select the “Memory Test” option now in the GRUB menu.

    If the GRUB menu doesn’t show up, press and hold the Shift key during boot.

    The test can run indefinitely until stopped manually.

  37. The output a list of bad RAM regions usable by the Linux kernel’s BadRAM patch.

    You can still utilize memory with a few bad bits. But systems in productive use should have a clean report.

    Harden Debian

  38. Open the Terminal.

    Within the new Debian instance:

  39. Run Odoo’s script: ???

    https://github.com/odoo/odoo/blob/17.0/setup/debinstall.sh

  40. Retrieve the harden-debian.sh shell file at:

    https://github.com/bomonike/odoo-setup/blob/main/debian/harden-debian.sh

    This script “hardens” your Debian instance in several phases.

    Alternately, use Ansible per Gatsby.

    Phases in the script:

    1. Obtain memtest88 and verify memory
    2. Install OSSec integrity
    3. Install utility to Backup data.
    4. Disable DisplayLink driver to docking stations

    harden-debian.sh

  41. View the harden-debian.sh file using the default text editor.

    sudo vim /etc/apt/apt.conf.d/50unattended-upgrades

  42. Flatpak from flathub

    PROTIP: The thoroughness of Debian’s testing means that older versions of apps are installed with Debian core. So some install from Flathub to download replacements of apps.

    VIDEO DEFINITION: There are several distribution formats:

    • AptImage;
    • Snap and snapd from Canonical (who distributes Ubuntu)
    • Flatpak

      Flatpak uses a “Universal Package” format without dependency resoltuion so it can be used across different Linux distributions. That can (or not) be more secure.

    PROTIP: Add-on packages from Debian tend to be dated (and thus potentially less secure). Install utilities later using flatpack to obtain the latest version.

  43. Visual

    GNOME is the default desktop.

    Debian does not come with a package manager that reaches out externally to the internet.

  44. Scheduled actions

    Backups

    https://www.odoo.com/documentation/master/administration/odoo_sh/getting_started/branches.html#odoo-sh-branches-backups

    Logs generated by Odoo include:

    • Console logs viewed
    • install.log of the database installation. In a development branch, the logs of the tests are included.
    • pip.log of Python dependencies installation.
    • odoo.log of the running server.
    • update.log of database updates.
    • pg_long_queries.log from psql queries that take an unusual amount of time.

Odoo Manifest

  1. Obtain odoo:

    https://github.com/odoo/odoo/blob/17.0/setup/debinstall.sh contains apt-get update

    When utility sdist processes the MANIFEST.in file, graft odoo specifies inclusion of non-Python files like data files, documentation, or other resources that are part of your Python package. By using graft, you don’t have to list each individual file to be included in the MANIFEST.in file.

    CAUTION: The order of commands is crucial.

    The recursive-exclude * *.py[co] command in a MANIFEST.in file is used to exclude all bytecode files (files with .pyc or .pyo extensions) from being included in the source distribution created by the sdist command.

    https://marketplace.visualstudio.com/items?itemName=benspaulding.python-manifest-template “They can be tough because first you have to get the right configuration between all of the involved bits, such as setup.py, setup.cfg, and MANIFEST.in. Then you then need to play whack-a-mole testing your distribution or — actually probably and — take a very deep dive into distutils and setuptools code to figure out the nuance of the six template commands for including and excluding files.”

    Managing Logs, Events, Traces

  2. Install Prometheus to extract metrics.
  3. Install Grafana to display metrics on dashboards.
  4. Alerts

Install local Linux Debian machine running Odoo in a Docker image

VIDEO: This is the simplest and quickest approach, but only on x86 machines (not ARM).

  1. Copy the odoo.conf file to your local folder /etc/odoo/odoo.conf

    https://github.com/bomonike/odoo-setup/blob/main/odoo.conf

  2. Start the Docker Desktop daemon.

  3. View the vulnerabilities:

    docker login
docker scout quickview odoo

  4. On a Terminal, obtain the latest version of the official DockerHub image maintained by Odoo for amd64, arm64v8, ppc64le at https://hub.docker.com/_/odoo, using:

    docker pull odoo

  5. How big is it?

    docker system df -v

    Images space usage:
&nbsp;
REPOSITORY                   TAG       IMAGE ID       CREATED        SIZE      SHARED SIZE   UNIQUE SIZE   CONTAINERS
odoo                         latest    d3418aa89ab7   19 hours ago   1.82GB    0B            1.819GB       1
postgres                     15        08df065641e2   13 days ago    447MB     0B            447.3MB       1
grafana/grafana-enterprise   latest    ab01b5ecb880   6 weeks ago    439MB     0B            439.1MB       1
&nbsp;
Containers space usage:
&nbsp;
CONTAINER ID   IMAGE                        COMMAND                  LOCAL VOLUMES   SIZE      CREATED          STATUS                     NAMES
31e0127a5e57   odoo                         "/entrypoint.sh odoo"    2               215B      43 minutes ago   Up 43 minutes              odoo
4c2d596c3300   postgres:15                  "docker-entrypoint.s…"   1               63B       43 minutes ago   Up 43 minutes              db
d3196718d679   grafana/grafana-enterprise   "/run.sh"                0               1.21MB    5 weeks ago      Exited (137) 5 weeks ago   grafana
&nbsp;
Local Volumes space usage:
&nbsp;
VOLUME NAME                                                        LINKS     SIZE
fb957d8867fa931e223318b96f9adb13e7fa4d0542b3b5748b242d11d978ac3e   1         6.465MB
af5606f2b38f5ab0cd6957d58adfe71fd24d2e8d545270a63c985df63518b37d   1         78.17MB
d27c074b07a7a29cbfb3c28fe3427221605252e3876749c7302e75c95856635a   1         0B

    The columns show:

    • REPOSITORY: The image repository name
    • TAG: The image tag
    • IMAGE ID: The unique ID of the image
    • CREATED: How long ago the image was created
    • SIZE: The total size of the image
    • SHARED SIZE: The amount of space shared with other images
    • UNIQUE SIZE: The amount of space unique to this image
    • CONTAINERS: The number of containers created from this image

  6. Start a PostreSQL server:

    docker run -d -e POSTGRES_USER=odoo -e POSTGRES_PASSWORD=odoo -e POSTGRES_DB=postgres --name db postgres:15

  7. Start an Odoo instance

    docker run -p 8069:8069 --name odoo --link db:db -t odoo

    WARNING: Clocing the Terminal tab would stop the instance.

  8. In an internet browser:

    http://localhost:8069

    You should see “Warning, your Odoo database manager is not protected. To secure it, we have generated the following master password for it:”

    odoo-docker-start-1310x972.png

  9. Type the Database Name (odoodb), Email, Password,
  10. Select your Country.
  11. check “Demo data”.
  12. Click “Create Database” and wait for the user login.
  13. Type in the user name and password you just input.
  14. Shown by default are Official Apps

  15. Click Industries

    Demo Tour

    http://localhost:8069/web#action=38&model=ir.module.module&view_type=kanban&cids=1&menu_id=15

  16. Click one among CATEGORIES.

  17. Click “Industries” at the left. Activate one.

  18. Back at the Terminal, notice the log output has:

    Using configuration file at

    /etc/odoo/odoo.conf

    CAUTION: When the Odoo container is created like described above, the odoo filestore is created inside the container. If the container is removed, the filestore is lost.

    wkhtmltopdf

    The log output includes:

    odoo.addons.base.models.ir_actions_report: Will use the Wkhtmltopdf binary at /usr/local/bin/wkhtmltopdf

    wkhtmltopdf is a utility executable that converts HTML-formatted files to PDF-format files.

    VIDEO: https://wkhtmltopdf.org shows that the program is available for many operating systems (Windows, etc.).

    pdfkit is a Python library that uses webkit rendering with qt to enable conversion of HTML to PDF within Python programming code. To install it:

    pip install pdfkit

    Sample Python code:

    import pdfkit
// Convert a local file:
pdfkit.from_file('sample.html','sample.pdf',options={'enable-local-file-access" : ""})
// Convert a file from URL:
pdfkit.from_url('https://wkhtmltopd.org/downloads.html','output.pdf')

    VIDEO: Convert HTML to PDF in python with playwright

    werkzeug

    The log contains:

    odoo.service.server: HTTP service (werkzeug) running on 31e0127a5e57:8069

Custom Docker image

This packages up the instance created into a Docker image based on a Dockerfile.

DEFINITION: Docker Engine was introduced in 2013 as an industry-standard tool to provide a universal packaging method. Today, developers adopt this tool to create applications and improve the cloud. The docker containers have their own system and a lock function that cannot interfere with the operation of the main server.

Docker Engine comes bundled with Docker Desktop for Linux. While this is the “easiest and quickest way” to get started, it’s not the most secure because we want unattended upgrades automatically to obtain the latest to stay ahead of security patches.

References about installing Docker on Debian:

  1. Within DockerHub, official images are at:

    https://hub.docker.com/_/debian

    The Dockerfile constains:

    FROM scratch
ADD rootfs.tar.xz /
CMD ["bash"]

    Alternatives:

    • https://www.server-world.info/en/note?os=Debian_12&p=docker&f=4
    • https://github.com/tsaarni/docker-deb-builder/blob/master/Dockerfile-Debian-bookworm-12
    • https://github.com/odoo/odoo/blob/17.0/setup/package.dfdebian

    Configure

    VIDEO: Watchtower to automate Docker container base images.

    VIDEO: How to Install Docker on Debian 12 Bookworm

    Flatcar Container Linux is a minimal, open source Linux distribution designed specifically for running container workloads at scale

  2. Checksums

    https://docker.debian.net/

  3. Verify version of Docker installed:

    docker --version

  4. Run Docker Engine:

    sudo ndocker run -it debian

    Push to Dockerhub for use in clouds

  5. Type docker-compose up to run Odoo container, or docker-compose up -d to run with detach (background mode).

  6. On your browser run:

    http://localhost:9069

  7. To Stop Odoo started as detached:

    docker-compose stop

Install local Linux Debian machine running a VMWare image using VMWare on Linux

TODO:

Install macOS running Odoo in a Docker image using Docker Desktop

  1. Install Docker and Docker Compose.

  2. Create a Docker image using HashiCorp Packer. See:

    https://wilsonmar.github.io/packer which describes use of https://github.com/bomonike/packer

    Create a new file with a .pkr.hcl extension (e.g., vm-image.pkr.hcl) and define your VM image configuration. Here’s an example for creating an Amazon EC2 AMI:

    Dockerfile

TODO:

Install macOS Intel chips running Odoo in a VMWare image using VMWare Fusion

  1. Create a VMware image using HashiCorp Packer. See:

    https://wilsonmar.github.io/packer which describes use of https://github.com/bomonike/packer

    Create a new file with a .pkr.hcl extension (e.g., vm-image.pkr.hcl) and define your VM image configuration. Here’s an example for creating an Amazon EC2 AMI:

  2. Obtain license for VMWare Fusion.
  3. Download and install VMWare Fusion.

TODO:

Install macOS Silicon chips running Odoo in a VMWare image using Parallels

TODO:

  1. Obtain a key pair to SSH into the instance.

  2. SSH into the instance using the asymetric key pair.

  3. Create folder and environment variables:

    cd
# Create the destination folder and cd into it:
cd Projects
export OS_TO_INSTALL="debian"  # or "ubuntu" (less favored)
export GITHUB_READ_TOKEN="???"  # DO NOT echo this secret!
echo "OS_TO_INSTALL=\"${OS_TO_INSTALL}\" in $PWD"

  4. Download shell script (instead of git clone):

    if [ -f "odoo_install_${OS_TO_INSTALL}.sh" ]; then
echo "using $(ls -al odoo_install_${OS_TO_INSTALL}.sh)"
sudo wget "https://raw.githubusercontent.com/bomonike/odoo-setup/main/debian/odoo_install_${OS_TO_INSTALL}.sh?token=${GITHUB_READ_TOKEN}"
   # odoo_install_debian.sh?token=ghp_l 100%[===...===>]  13.86K  --.-KB/s    in 0.1s
fi
# Set eXecute permissions:
sudo chmod +x "odoo_install_${OS_TO_INSTALL}.sh"

  5. Use text editor to modify the shell file if parameter values need to be made current going forward and thus updated in GitHub :

    # Based on
# Summary of release at https://www.odoo.com/odoo-17-release-notes
OE_VERSION="17.0"
# Based on https://www.debian.org/releases/ and
# https://www.wikiwand.com/en/Debian_version_history : Bookworm (10 Feb 2024)
OS_VERSION="12.5"

  6. Set custom values that should not be within a public script (substiting sample values here):

     export OE_SUPERADMIN="admin"
 export ADMIN_EMAIL="me@example.com"

  7. Execute the script:

    sudo ./"odoo_install_${OS_TO_INSTALL}.sh"

Create odoo within AWS EC2 AMI

VIDEO:

https://www.pluralsight.com/cloud-guru/labs/aws/using-packer-to-create-an-ami

https://app.pluralsight.com/library/courses/hashicorp-packer-getting-started/table-of-contents

.gitignore

NOTE: .gitignore from odoo does not contain “_DS_Store” from macOS because Odoo doesn’t run on macOS.

The .gitignore file was generated using this:

https://www.toptal.com/developers/gitignore/api/macOS,linux,windows,github,visualstudiocode,nginx,node,python,virtualenv

TODO: An explanation of each line is becoming a favorite topic during developer interviews.

See https://github.com/github/gitignore

Configuration

  1. Configuration (activations?)

    https://github.com/odoo/odoo/blob/master/.tx/config

https://www.odoo.com/documentation/master/applications/studio.html

Multi-lingual

  1. Translators use the “Weblate” tool for translation:

    https://docs.weblate.org/en/latest/user/translating.html

    QUESTION: What is the extent of usage of Generative AI tools?

  2. A dashboard about progress of each translation project is at:

    https://translation.odoo-community.org/

  3. Docs about Translating

    https://github.com/odoo/odoo/wiki/Translations

    https://odoo-community.org/resources/translate

  4. Localization text are defined in a .po file for each i18n folder within each module.

    https://github.com/odoo/odoo/tree/master/addons/fleet/i18n

Python Packages

There are two lists of Python packages below.

The first list are packages in the requirements.txt file as of v17.0 on May 20, 2024 at https://github.com/odoo/odoo/blob/17.0/requirements.txt Each package name in the file is referenced in an import statement within a Python source code file. The description of each package was manually drafted from Snyk.com and other sources.

PROTIP: It’s evident Odoo is paying attention to version numbers (and trying to stay ahead of security despite its app code dependent on prior versions) by security backports from services vendor CrowdStrike. QUESTION: How comprehensive is Odoo’s testing infrastructure? What percentage of code is covered by testing?

Some packages are mentioned more than once when a different version needs to be used based on the version of Python used.

SBOM

IMPORTANT: The commpany has no SOC2/27000 certification.

QUESTION: What RBAC permissions?

Never Paid ransomware?

  1. Export SBOM about the 102 modules in the Dependency graph

    https://github.com/odoo/odoo/network/dependencies

    Analyze the SBOM spdx json file output.

You have discovered a security issue and want to report it, write us to: security@odoo-community.org. You can also encrypt and verify messages to/from our security team with our GPG Key with ID 0xed07aacf416f9287.

The Python packages below were discovered by looking into each package above and identifying what packages each referenced, then (recursively) looking each of those references, building a “Suply Chain Dependency graph” to identify vulnerabilities within indirectly obtained dependencies.

  1. Dependency scans

After obtaining dependency SBOM from odoo v17.0 at 6f6763b Run of osv-scanner scan -S odoo_odoo_6f6763b6728335b0728645806d77a0cb7453ffc7.json reported vulnerabilities identified at:

APIs

Odoo documentation explains how to do XMLRPC. But JSON will be used for controllers.

https://github.com/OCA/odoorpc Python module to pilot your Odoo servers through JSON-RPC.

https://mart-e.be/2024/01/utiliser-api-odoo-python calling RPC

by Martin Trigaux, developer at Odoo

https://github.com/it-projects-llc/odoo-saas-tools

https://github.com/itpp-labs/misc-addons from itpp.dev for web_debranding and web_theme_kit until v15.

Testing runboat

https://github.com/odoo/odoodays-2014/blob/master/automated_tests/index.rst

OCA Board

https://www.camptocamp.com/en Camptocamp SA Route de la Chaux 4, 1030 Bussigny, Switzerland

Members in the US

Open Source Integrators: www.o2btechnologies.com (Loma Linda, CA) https://osicon23.com/

Hibou Corp.

Mame Abdoul Aziz Sy Senegal

Canada

Generate Test Data

Sample data for demo apps are in XML format.

TODO:

Consultants

https://www.upwork.com/freelancers/~01f688ac2ee5f3320a $95/hr Andrew H. Garden Valley, ID

https://www.upwork.com/freelancers/asimzaidi $45/hr Asim Z.

References

Wilson Mar is a veteran of many transformations - from working on the Skunkworks stealth fighter IT ERP to cloud to AI. He is APICS-certified to work on SAP, Salesforce, Azure, AWS, and many other technologies.

What can waste your time, money, and reputation? You can spend a lot of money attracting prospects but not allowed to demo because your company doesn’t have a SOC2/ISO 27000 letter. You can make millions only to lose it to ransomware. This talk is about what organizations can do to avoid such fate.