Currently MDQ servers in Production and Static servers from both Production and Beta/Demo have load balancers in front of them which run HAproxy. (See the diagram here Seamless Access Deployment Architecture)
The image of the HAproxy is in docker.sunet.se. The image is built from eduIDs stable image. We maintain two tags, 'beta' and 'stable'. You need to be authorized to be able to push images to docker.sunet.se.
docker pull docker.sunet.se/eduid/haproxy:stable-tug docker tag docker.sunet.se/eduid/haproxy:stable-tug docker.sunet.se/seamlessaccess/haproxy:beta docker push docker.sunet.se/seamlessaccess/haproxy:beta
docker pull docker.sunet.se/eduid/haproxy:stable-tug docker tag docker.sunet.se/eduid/haproxy:stable-tug docker.sunet.se/seamlessaccess/haproxy:stable docker push docker.sunet.se/seamlessaccess/haproxy:stable
Static Servers
- Update the image_tag under thiss::haproxy_static for static.thiss.io. (https://github.com/TheIdentitySelector/thiss-ops/blob/master/global/overlay/etc/puppet/cosmos-rules.yaml)
- Do git add global/overlay/etc/puppet/cosmos-rules.yaml and git commit. You should ofcourse have right to commit in the repository.
- Run 'make db'
- Run the script thiss-ops/bump-tag afterwards.
static.thiss.io:
sunet_iaas_cloud:
thiss::dockerhost:
version: '5:20.10.12~3-0~ubuntu-focal'
thiss::haproxy_static:
image_tag: beta
location: thiss
https:
After testing the 'beta' tag in Beta environment, the image can be tagged with 'stable' tag and installed in Production load balancers.
Update the image_tag under thiss::haproxy_static for each site (ntx, se-east, aws1 and aws2). Follow the same steps as the Beta environment. Wait between the servers and check that each servie URL is up (for example: https://static.ntx.sunet.eu.seamlessaccess.org/) before changing the tag on the next one.
static.ntx.sunet.eu.seamlessaccess.org:
thiss::dockerhost:
version: '5:20.10.12~3-0~ubuntu-focal'
thiss::haproxy_static:
image_tag: stable
location: ntx
sunet::server:
encrypted_swap: false