Updating Cloud Foundry
The pipeline starts with the
deploy-cf-staging job, that is triggered automatically when one of the following is updated:
- The upstream CloudFoundry release
stagingbranch of [cg-deploy-cf]() repository.
- A secrets.yml stored in S3
If the deployment job is successful, it then runs a job for basic set of ‘smoke tests’ to check a minimal set of functionality of CloudFoundry. When the ‘smoke tests’ job passes, the pipeline will run a job for a suite of acceptance tests to fully exercise the system.
targets plugin is recommended.
- Visit login.green.18f.gov.
- Click “Sign in with GSA.gov”.
cf login --sso -a https://api.green.18f.gov
Follow the instructions.
You may need to ask in #cg-platform to be given access to orgs.
Upon successfully going through the staging portion of the pipeline, you are now ready to tackle production.
- If there were any changes to the manifests in the
stagingbranch, they will need to be merged into
masterfor the production deployment.
- If you made changes to the secrets.yml for staging, more than likely, you’ll need to address those changes for the production version as well.
- Run the
- When the
deploy-cf-prodjob completes successfully, run the
- Finally, when
smoke-tests-prodcompletes successfully, run the
acceptance-tests-prodjob. These set of tests are expected to fail at this time, in the following test:
• Failure in Spec Setup (BeforeEach) [2.238 seconds] Wildcard Routes [BeforeEach] Adding a wildcard route to a domain completes successfully /var/vcap/packages/acceptance-tests/src/github.com/cloudfoundry/cf-acceptance-tests/apps/wildcard_routes_test.go
- Download the appropriate
- Get the passphrase from the pipeline
fly get-pipeline --pipeline deploy-cf
- Use this script for decryption. In your terminal:
INPUT_FILE=secrets.yml OUTPUT_FILE=unencrypted-secrets.yml PASSPHRASE=pipelinepassphrase ./decrypt.sh
- Make changes to the
- Use this script for encryption. In your terminal:
INPUT_FILE=unencrypted-secrets.yml OUTPUT_FILE=secrets.yml PASSPHRASE=pipelinepassphrase ./encrypt.sh
- Upload the encrypted YAML file back to the appropriate S3 bucket, with the correct filename
- Problem: The upstream manifests have added new configuration
- Problem: The upstream manifests have removed a default value that must now be provided
- Problem: Removed packages/jobs still being configured in our own manifests (likely, cruft)
- Solution: Use this script to identify upstream changes in the CloudFoundry release configuration and address as necessary
- Problem: Timeouts from dependent services (NewRelic, etc)
- Solution: Check status of dependent services, restart job when available