Versions Compared

Old Version 33

changes.mady.by.user Maria Haider

Saved on

compared with

New Version Current

changes.mady.by.user Maria Haider

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents

Beta deployment (use.thiss.io)

Frontend

To deploy <version> to beta (use.thiss.io)

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open cosmos-rules.yaml, check the 'max-age' under 'cache_control'. If the current max age is 1 hour, you need to change it to zero 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  3. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'use.thiss.io'
  4. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.**screenshot**
  5. Update the ds_version under thiss::static.


Build & push docker image

Please follow below guide after the tech team has cut the new release. You need to be authorized to push the image to docker.sunet.se, see this.

  1. git clone https://github.com/TheIdentitySelector/thiss-js
  2. git checkout <version-to-be-released>
  3. make docker && make docker_push_sunet 

Beta deployment (use.thiss.io)

Frontend

To deploy <version> to beta (use.thiss.io)

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open global/overlay/etc/hiera/data/common.yaml, check the 'max-age' under 'cache_control_beta'. If the current max age is 1 hour, you need to change it to zero, 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  3. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'use.thiss.io'. We can try a new configuration with sticky session 
  4. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.**screenshot**
  5. Update the ds_version_beta in global/overlay/etc/hiera/data/common.yaml.


Code Block
languagebash
ds_version_beta: '2.1.51'
cache_control_beta
Code Block
languagebash
'^static-[0-9]+\.thiss\.io$':
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:19.03.13~3-0~ubuntu-focal'
   thiss::static:
      ds_version: 1.6.3
      base_url: https://use.thiss.io/
      mdq_search_url: https://md.thiss.io/entities/
      domain: use.thiss.io
      context: thiss.io
      cache_control: 'public, max-age=360136000, must-revalidate, s-maxage=3601172800, proxy-revalidate'
   https:


  1. Run Do git add global/overlay/etc/puppet/cosmos-rules.yaml hiera/data/common.yaml and git commitYou should ofcourse have right to commit in the repository.Run 'make db'
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers static-1.thiss.io and static-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_js status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag.
  6. After the verification step is done, everything looks good and few hours have passed open cosmos-rulespen global/overlay/etc/hiera/data/common.yaml and change 'max-age' under 'cache_control' _beta to original value.

Verification

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_the version under thiss::mdq for both 'md-1.thiss.io' and 'md-2.thiss.io'

...

  1. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.Run 'make db'
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers md-1.thiss.io and md-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_mdq status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open global/overlay/etc/hiera/data/common.yaml and check that the whitelist is right or change it if needed.


    Warning
    titleWhitelisting

    It is important to set the WHITELIST environment variable to the comma-separated list of the current whitelisted domains before deploying. Ask Marina or Leif to verify the list. The list is updated here Seamless Access Configuration Parameters.


  3. Open cosmos-rules.yaml, Open global/overlay/etc/hiera/data/common.yaml, check the 'max-age' under 'cache_control_prod'. If the current max age is 1 hour, you need to change it to zero, 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  4. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'service.seamlessaccess.org'
  5. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.**screenshot**
    6. Update the ds_version under thiss::static_prod for each site (ntx, se-east, aws1 and aws2) Code Block
    languagebash
    '^static-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$': thiss::dockerhost: version: '5:20.10.6~3-0~ubuntu-focal' thiss::static_prod: ds_version: 1.6.3 base_url: https://service.seamlessaccess.org/ mdq_search_url: https://md.seamlessaccess.org/entities/ domain: service.seamlessaccess.org context: seamlessaccess.org cache_control
  6. =0 in their response header now.
  7. Update the ds_version_prod in global/overlay/etc/hiera/data/common.yaml.


    Code Block
    languagebash
    ds_version_prod: '2.1.51'
cache_control_prod: 'public, max-age=36000, must-revalidate, s-maxage=
    8. 604800
  8. 172800, proxy-revalidate'
    9. Do 


  10. Run git add global/overlay/etc/hiera/
    11. puppet
  11. data/
    12. cosmos-rules.yaml and git commit. Do
  12. common.yaml and git commitYou should ofcourse have right to commit in the repositoryRun git add global/overlay/etc/hiera/data/common.yamlas well if whitelist is changed. You should ofcourse have right to commit in the repository.
    13. Run 'make db'
  14. Run the script thiss-ops/bump-tagafterwards.
  15. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 


    static-1.aws1.geant.eu.seamlessaccess.org

    static-1.aws2.geant.eu.seamlessaccess.org

    static-1.ntx.sunet.eu.seamlessaccess.org

    static-1.se-east.sunet.eu.seamlessaccess.org (have to run service sunet-thiss_js restart manually)

    static-2.aws1.geant.eu.seamlessaccess.org

    static-2.aws2.geant.eu.seamlessaccess.org

    static-2.ntx.sunet.eu.seamlessaccess.org

    static-2.se-east.sunet.eu.seamlessaccess.org

  16. You can check the status by running the command service docker-thiss_js status.
  17. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 
  18. After the verification step is done, everything looks good and few hours have passed open cosmos-rules, open global/overlay/etc/hiera/data/common.yaml and change 'max-age' under 'cache_control_prod' to  to original value for all 4 sites.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works as usual by trying to login to a service for example wiki.sunet.se. It is good to do it in a private window of your browser in case your browser has cached the old version. https://service.seamlessaccess.org/manifest.json is supposed to show the latest version number. You can check the login works through https://demo.seamlessaccess.org as well. 

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open global/overlay/etc/hiera/data/common.yaml and check that the whitelist is right or change it if needed.


    Warning
    titleWhitelisting

    It is important to set the WHITELIST environment variable to the comma-separated list of the current whitelisted domains before deploying. Ask Marina or Leif to verify the list. The list is updated here Seamless Access Configuration Parameters.


  3. Do git add global/overlay/etc/hiera/data/common.yaml as well if whitelist is changed. You should ofcourse have right to commit in the repository.
  4. Run the script thiss-ops/bump-tag afterwards.
  5. Log in to below servers and enter 'run-cosmo -v'. 'thiss-js' docker container should get restarted.


    static-1.aws1.geant.eu.seamlessaccess.org

    static-1.aws2.geant.eu.seamlessaccess.org

    static-1.ntx.sunet.eu.seamlessaccess.org

    static-1.se-east.sunet.eu.seamlessaccess.org

    static-2.aws1.geant.eu.seamlessaccess.org

    static-2.aws2.geant.eu.seamlessaccess.org

    static-2.ntx.sunet.eu.seamlessaccess.org

    static-2.se-east.sunet.eu.seamlessaccess.org.eu.seamlessaccess.org

  6. You can check the status by running the command service docker-thiss_js status.
  7. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the service 'service.seamlessaccess.org' otherwise it will take the amount of seconds set in 's-maxage' in the static servers for the Fastly servers to fetch the updated JSON pageYou can check the status by running the command service docker-thiss_js status.

Verification

https://service.seamlessaccess.org/ps.js should contain the new whitelisted domain. It may take a while to get updated depending on the age of the cache in your browser. It is also good to check that the service is working by visiting https://demo.seamlessaccess.org.

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_version under  under thiss::mdq for each site (ntx, se-east, aws1 and aws2)


    Code Block
    '^md-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$':
   thiss::dockerhost:
   thiss::mdq:
      version: 1.3.2
      src: https://meta.ntx.sunet.eu.seamlessaccess.org/metadata.json
      base_url: https://md.seamlessaccess.org
      post: /usr/sbin/service docker-thiss_mdq restart


  3. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.Run 'make db'
  4. Run the script thiss-ops/bump-tag afterwards.
  5. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 

    md-1.aws1.geant.eu.seamlessaccess.org

    md-1.aws2.geant.eu.seamlessaccess.org

    md-1.ntx.sunet.eu.seamlessaccess.org

    md-1.se-east.sunet.eu.seamlessaccess.org

    md-2.aws1.geant.eu.seamlessaccess.org

    md-2.aws2.geant.eu.seamlessaccess.org

    md-2.ntx.sunet.eu.seamlessaccess.org

    md-2.se-east.sunet.eu.seamlessaccess.org

  6. You can check the status by running the command service docker-thiss_mdq status.
  7. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

...