Installing development tools

Building thiss-js and related packages requires a working docker environment as the build/deploy process runs in a docker container.

Cloning repositories

Prepare your deploy environement.

git clone https://github.com/TheIdentitySelector/thiss-js
git clone git@github.com:TheIdentitySelector/origin.thiss.io
git clone git@github.com:seamlessaccess/origin-service

Beta deployment (use.thiss.io)

Frontend

To deploy <version> to beta (use.thiss.io)

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open cosmos-rules.yaml and change 'max-age' under 'cache_control' to 0.
  3. Update the ds_version under thiss::static.


    '^static-[0-9]+\.thiss\.io$':
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:19.03.13~3-0~ubuntu-focal'
   thiss::static:
      ds_version: 1.6.3
      base_url: https://use.thiss.io/
      mdq_search_url: https://md.thiss.io/entities/
      domain: use.thiss.io
      context: thiss.io
      cache_control: 'public, max-age=3601, must-revalidate, s-maxage=3601, proxy-revalidate'
   https:


  4. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  5. Run 'make db'
  6. Run the script thiss-ops/bump-tag afterwards.
  7. To verify that the new version is installed, log in to the servers static-1.thiss.io and static-2.thiss.io and enter 'run-cosmo -v'. 
  8. You can check the status by running the command service docker-thiss_js status.
  9. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 
  10. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'use.thiss.io'
  11. After the verification step is done, everything looks good and few hours have passed open cosmos-rules.yaml and change 'max-age' under 'cache_control' to original value.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works by visiting https://use.thiss.io. It is good to do it in a private window of your browser in case your browser has cached the old version. Click on the 'Login' button and see that it is possible to choose different IDPs from there. Check that the persistent service works by going back and choosing different organizations. You should be able to see the list of organizations that you have chosen and be able to edit them as well. Check that these functions work. https://use.thiss.io/manifest.json is supposed to show the latest version number. 

Rollback

In order to rollback simply downgrade the version in cosmos-rules.yaml and follow the exact steps for committing and pushing the the changes to the git remote repo.

Backend

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_version under thiss::mdq for both 'md-1.thiss.io' and 'md-2.thiss.io'
md-1.thiss.io:
   sunet_iaas_cloud:
   thiss::dockerhost:
      version: '5:20.10.12~3-0~ubuntu-bionic'
   thiss::mdq:
      version: 1.3.2
      src: https://a-1.thiss.io/metadata.json
      base_url: https://md.thiss.io
      post: /usr/sbin/service docker-thiss_mdq restart
   https:
   http:
  1. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  2. Run 'make db'
  3. Run the script thiss-ops/bump-tag afterwards.
  4. To verify that the new version is installed, log in to the servers md-1.thiss.io and md-2.thiss.io and enter 'run-cosmo -v'. 
  5. You can check the status by running the command service docker-thiss_mdq status.
  6. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

Verification

Check that https://md.thiss.io is up and showing the right version. Keep an eye on the metadata check alarm on the internal Nagios instance https://monitor.seamlessaccess.org

Rollback

Simply undo the  changes and go back to old changes and commit them in thiss-ops repository.

Production deployment (service.seamlessaccess.org)

Frontend

The current whitelist needs to be checked with the master list before each deploy. Note that use.thiss.io does not do whitelisting which means the WHITELIST variable is not set.

To deploy <version> to production (service.seamlessaccess.org)

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Open global/overlay/etc/hiera/data/common.yaml and check that the whitelist is right or change it if needed.


    It is important to set the WHITELIST environment variable to the comma-separated list of the current whitelisted domains before deploying. Ask Marina or Leif to verify the list. The list is updated here Seamless Access Configuration Parameters.


  3. Open cosmos-rules.yaml and change 'max-age' under 'cache_control' to 0.
  4. Update the ds_version under thiss::static_prod for each site (ntx, se-east, aws1 and aws2)


    '^static-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$':
   thiss::dockerhost:
      version: '5:20.10.6~3-0~ubuntu-focal'
   thiss::static_prod:
      ds_version: 1.6.3
      base_url: https://service.seamlessaccess.org/
      mdq_search_url: https://md.seamlessaccess.org/entities/
      domain: service.seamlessaccess.org
      context: seamlessaccess.org
      cache_control: 'public, max-age=36000, must-revalidate, s-maxage=604800, proxy-revalidate'


  5. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. Do git add global/overlay/etc/hiera/data/common.yaml as well if whitelist is changed. You should ofcourse have right to commit in the repository.
  6. Run 'make db'
  7. Run the script thiss-ops/bump-tag afterwards.
  8. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 


    static-1.aws1.geant.eu.seamlessaccess.org

    static-1.aws2.geant.eu.seamlessaccess.org

    static-1.ntx.sunet.eu.seamlessaccess.org

    static-1.se-east.sunet.eu.seamlessaccess.org

    static-2.aws1.geant.eu.seamlessaccess.org

    static-2.aws2.geant.eu.seamlessaccess.org

    static-2.ntx.sunet.eu.seamlessaccess.org

    static-2.se-east.sunet.eu.seamlessaccess.org

  9. You can check the status by running the command service docker-thiss_js status.
  10. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 
  11. Log into Fastly management web GUI https://manage.fastly.com/ and purge all cache for the  service 'service.seamlessaccess.org'
  12. After the verification step is done, everything looks good and few hours have passed open cosmos-rules.yaml and change 'max-age' under 'cache_control' to original value for all 4 sites.

Verification

Verify that the changes have taken effect - this may take a while depending on how quickly the CDN picks up the changes. Find out which changes should be tested, check with the developer team or technical lead Leif Johansson. In addition to that, it should be checked that the discovery service works as usual by trying to login to a service for example wiki.sunet.se. It is good to do it in a private window of your browser in case your browser has cached the old version. https://service.seamlessaccess.org/manifest.json is supposed to show the latest version number. You can check the login works through https://demo.seamlessaccess.org as well. 

Rollback

In order to rollback simply downgrade the version in cosmos-rules.yaml and follow the exact steps for committing and pushing the the changes to the git remote repo.

Backend

  1. Clone the git repository in your computer (git@github.com:TheIdentitySelector/thiss-ops.git)
  2. Update the ds_version under thiss::mdq for each site (ntx, se-east, aws1 and aws2)


    '^md-[0-9]\.ntx\.sunet\.eu\.seamlessaccess\.org$':
   thiss::dockerhost:
   thiss::mdq:
      version: 1.3.2
      src: https://meta.ntx.sunet.eu.seamlessaccess.org/metadata.json
      base_url: https://md.seamlessaccess.org
      post: /usr/sbin/service docker-thiss_mdq restart


  3. Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
  4. Run 'make db'
  5. Run the script thiss-ops/bump-tag afterwards.
  6. To verify that the new version is installed, log in to below servers and enter 'run-cosmo -v'. 

    md-1.aws1.geant.eu.seamlessaccess.org

    md-1.aws2.geant.eu.seamlessaccess.org

    md-1.ntx.sunet.eu.seamlessaccess.org

    md-1.se-east.sunet.eu.seamlessaccess.org

    md-2.aws1.geant.eu.seamlessaccess.org

    md-2.aws2.geant.eu.seamlessaccess.org

    md-2.ntx.sunet.eu.seamlessaccess.org

    md-2.se-east.sunet.eu.seamlessaccess.org

  7. You can check the status by running the command service docker-thiss_mdq status.
  8. You can also enter 'docker ps' in order to see if the new version is present on docker image tag. 

Verification

Check that https://md.seamlessaccess.org is up and showing the right version. Keep an eye on the metadata check alarm on the NagiosXI instance for SUNET NOC, there are checks for each site as well.

Rollback

Simply undo the  changes and go back to old changes and commit them in thiss-ops repository.