Versions Compared

Old Version 37

changes.mady.by.user Maria Haider

Saved on

compared with

New Version Current

changes.mady.by.user Maria Haider

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open cosmos-rules global/overlay/etc/hiera/data/common.yaml, check the 'max-age' under 'cache_control_beta'. If the current max age is 1 hour, you need to change it to zero, 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  3. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'use.thiss.io'. We can try a new configuration with sticky session 
  4. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.**screenshot**
  5. Update the ds_version under thiss::static_beta in global/overlay/etc/hiera/data/common.yaml.


Code Block
languagebash
'^static-[0-9]+\.thiss\.io$':
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:19.03.13~3-0~ubuntu-focal'
   thiss::static:
      ds_version: 1.6.3
      base_url: https://use.thiss.io/
      mdq_search_url: https://md.thiss.io/entities/
      domain: use.thiss.io
      context: thiss.io
      cache_control: 'public, max-age=3601, must-revalidate, s-maxage=3601, proxy-revalidate'
   https:
  1. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers static-1.thiss.io and static-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_js status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag.
  6. After the verification step is done, everything looks good and few hours have passed open cosmos-rules.yaml and change 'max-age' under 'cache_control' to original value.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works by visiting https://use.thiss.io. It is good to do it in a private window of your browser in case your browser has cached the old version. Click on the 'Login' button and see that it is possible to choose different IDPs from there. Check that the persistent service works by going back and choosing different organizations. You should be able to see the list of organizations that you have chosen and be able to edit them as well. Check that these functions work. https://use.thiss.io/manifest.json is supposed to show the latest version number. You can check the login works through https://demo.beta.seamlessaccess.org as well. 

Rollback

In order to rollback simply downgrade the version in cosmos-rules.yaml and follow the exact steps for committing and pushing the the changes to the git remote repo.

Backend

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_version under thiss::mdq for both 'md-1.thiss.io' and 'md-2.thiss.io'
Code Block
md-1.thiss.io:
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:20.10.12~3-0~ubuntu-bionic'
   thiss::mdq:
      version: 1.3.2
      src: https://a-1.thiss.io/metadata.json
      base_url: https://md.thiss.io
      post: /usr/sbin/service docker-thiss_mdq restart
   https:
   http:
  1. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers md-1.thiss.io and md-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_mdq status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

Verification

Check that https://md.thiss.io is up and showing the right version. Keep an eye on the metadata check alarm on the internal Nagios instance https://monitor.seamlessaccess.org

Rollback

Simply undo the  changes and go back to old changes and commit them in thiss-ops repository.

Production deployment (service.seamlessaccess.org)

Frontend

The current whitelist needs to be checked with the master list before each deploy. Note that use.thiss.io does not do whitelisting which means the WHITELIST variable is not set.

To deploy <version> to production (service.seamlessaccess.org)

ds_version_beta: '2.1.51'
cache_control_beta: 'public, max-age=36000, must-revalidate, s-maxage=172800, proxy-revalidate'


  1. Run git add global/overlay/etc/hiera/data/common.yaml and git commitYou should ofcourse have right to commit in the repository.
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers static-1.thiss.io and static-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_js status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag.
  6. After the verification step is done, everything looks good and few hours have passed open global/overlay/etc/hiera/data/common.yaml and change 'max-age' under 'cache_control_beta to original value.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works by visiting https://use.thiss.io. It is good to do it in a private window of your browser in case your browser has cached the old version. Click on the 'Login' button and see that it is possible to choose different IDPs from there. Check that the persistent service works by going back and choosing different organizations. You should be able to see the list of organizations that you have chosen and be able to edit them as well. Check that these functions work. https://use.thiss.io/manifest.json is supposed to show the latest version number. You can check the login works through https://demo.beta.seamlessaccess.org as well. 

Rollback

In order to rollback simply downgrade the version in cosmos-rules.yaml and follow the exact steps for committing and pushing the the changes to the git remote repo.

Backend

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the version under thiss::mdq for both 'md-1.thiss.io' and 'md-2.thiss.io'
Code Block
md-1.thiss.io:
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:20.10.12~3-0~ubuntu-bionic'
   thiss::mdq:
      version: 1.3.2
      src: https://a-1.thiss.io/metadata.json
      base_url: https://md.thiss.io
      post: /usr/sbin/service docker-thiss_mdq restart
   https:
   http:
  1. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  2. Run the script thiss-ops/bump-tag afterwards.
  3. To verify that the new version is installed, log in to the servers md-1.thiss.io and md-2.thiss.io and enter 'run-cosmo -v'. 
  4. You can check the status by running the command service docker-thiss_mdq status.
  5. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

Verification

Check that https://md.thiss.io is up and showing the right version. Keep an eye on the metadata check alarm on the internal Nagios instance https://monitor.seamlessaccess.org

Rollback

Simply undo the  changes and go back to old changes and commit them in thiss-ops repository.

Production deployment (service.seamlessaccess.org)

Frontend

The current whitelist needs to be checked with the master list before each deploy. Note that use.thiss.io does not do whitelisting which means the WHITELIST variable is not set.

To deploy <version> to production (service.seamlessaccess.org)

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open global/overlay/etc/hiera/data/common.yaml and check that the whitelist is right or change it if needed.


    Warning
    titleWhitelisting

    It is important to set the WHITELIST environment variable to the comma-separated list of the current whitelisted domains before deploying. Ask Marina or Leif to verify the list. The list is updated here Seamless Access Configuration Parameters.

    3. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)


  4. Open global/overlay/etc/hiera/data/common.yaml and , check that the whitelist is right or change it if needed.
    Warning
    titleWhitelisting

    It is important to set the WHITELIST environment variable to the comma-separated list of the current whitelisted domains before deploying. Ask Marina or Leif to verify the list. The list is updated here Seamless Access Configuration Parameters.

  5. Open cosmos-rules.yaml, check the 'max-age' under 'cache_control'. If the current max age is 1 hour, you need to change it to zero 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  6. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'service.seamlessaccess.org'
  7. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.**screenshot**
    8. Update the ds_version under thiss::static_prod for each site (ntx, se-east, aws1 and aws2) Code Block
    languagebash
  8. the 'max-age' under 'cache_control_prod'. If the current max age is 1 hour, you need to change it to zero, 1 hour before the deployment. If it is one day, you need to change it to zero exactly 1 day before. We need to do it so the browsers old cache gets cleared and new files are requested from Fastly during the deployment.
  9. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'service.seamlessaccess.org'
  10. Wait as long as the old 'max-age' and then proceed to the next step. Befor you do that, you can check in the 'developer tools' of your browser (e.g. Chrome, Firefox) that the old cache has been cleared and the new files have max-age=0 in their response header now.
  11. Update the ds_version_prod in global/overlay/etc/hiera/data/common.yaml.


    Code Block
    languagebash
    ds_version_prod: '2.1.51'
cache_control_prod
    12. '^static-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$': thiss::dockerhost: version: '5:20.10.6~3-0~ubuntu-focal' thiss::static_prod: ds_version: 1.6.3 base_url: https://service.seamlessaccess.org/ mdq_search_url: https://md.seamlessaccess.org/entities/ domain: service.seamlessaccess.org context: seamlessaccess.org cache_control
  12. : 'public, max-age=36000, must-revalidate, s-maxage=
    13. 604800
  13. 172800, proxy-revalidate'
    14. Do 


  15. Run git add global/overlay/etc/
    16. puppet/cosmos-rules.yaml and git commit. Do
  16. hiera/data/common.yaml and git commitYou should ofcourse have right to commit in the repositoryRun git add global/overlay/etc/hiera/data/common.yamlas well if whitelist is changed. You should ofcourse have right to commit in the repository.
  17. Run the script thiss-ops/bump-tagafterwards.
  18. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 


    static-1.aws1.geant.eu.seamlessaccess.org

    static-1.aws2.geant.eu.seamlessaccess.org

    static-1.ntx.sunet.eu.seamlessaccess.org

    static-1.se-east.sunet.eu.seamlessaccess.org (have to run service sunet-thiss_js restart manually)

    static-2.aws1.geant.eu.seamlessaccess.org

    static-2.aws2.geant.eu.seamlessaccess.org

    static-2.ntx.sunet.eu.seamlessaccess.org

    static-2.se-east.sunet.eu.seamlessaccess.org

  19. You can check the status by running the command service docker-thiss_js status.
  20. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 
  21. After the verification step is done, everything looks good and few hours have passed open cosmos-rules, open global/overlay/etc/hiera/data/common.yaml and change 'max-age' under 'cache_control_prod' to  to original value for all 4 sites.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works as usual by trying to login to a service for example wiki.sunet.se. It is good to do it in a private window of your browser in case your browser has cached the old version. https://service.seamlessaccess.org/manifest.json is supposed to show the latest version number. You can check the login works through https://demo.seamlessaccess.org as well. 

...

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_version under  under thiss::mdq for each site (ntx, se-east, aws1 and aws2)


    Code Block
    '^md-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$':
   thiss::dockerhost:
   thiss::mdq:
      version: 1.3.2
      src: https://meta.ntx.sunet.eu.seamlessaccess.org/metadata.json
      base_url: https://md.seamlessaccess.org
      post: /usr/sbin/service docker-thiss_mdq restart


  3. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  4. Run the script thiss-ops/bump-tag afterwards.
  5. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 

    md-1.aws1.geant.eu.seamlessaccess.org

    md-1.aws2.geant.eu.seamlessaccess.org

    md-1.ntx.sunet.eu.seamlessaccess.org

    md-1.se-east.sunet.eu.seamlessaccess.org

    md-2.aws1.geant.eu.seamlessaccess.org

    md-2.aws2.geant.eu.seamlessaccess.org

    md-2.ntx.sunet.eu.seamlessaccess.org

    md-2.se-east.sunet.eu.seamlessaccess.org

  6. You can check the status by running the command service docker-thiss_mdq status.
  7. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

...