Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR Upgrade Orca from v8.1.0 to v9.0.5 #359

Merged
merged 1 commit into from
Apr 29, 2024
Merged

PR Upgrade Orca from v8.1.0 to v9.0.5 #359

merged 1 commit into from
Apr 29, 2024

Conversation

krisstanton
Copy link
Collaborator

@krisstanton krisstanton commented Apr 24, 2024
edited
Loading

For this PR, here is what we do.

(Note: I'll add reviewers and do the usual PR process after I make the manual changes to UAT, so we don't run into collision problems when doing a UAT deploy)

  • Pull down the latest code
git pull / git fetch 
git checkout iss355__orca_upgrade_9_05
git pull / git fetch
  • Do your sandbox deploy (See UAT Changes described Below for easier to follow instructions)
    • Follow the below manual AWS instructions for your sand box
    • Run make all-init DOTENV=.env.sandbox make all-init
    • Run make all-up-yes DOTENV=.env.sandbox make all-up-yes (or if just deploying only the Cumulus module: up-cumulus-yes)
  • Run a smoke test
DOTENV=.env.sandbox make bash
cumulus rules run --name PSScene3Band___1_SmokeTest

If Smoke test works in your prod, please approve this pull request!

For UAT Deploy, there are a couple of extra steps I need to follow before we let github do the UAT deployment.

  • Complete the Release notes steps
    • (Detailed Instruction: See Below what is done)

For a PROD Deploy, there are a couple of extra steps I need to follow before we let github do the PROD deployment.

  • Complete the Release notes steps
    • (Detailed Instruction: See Below what was done for UAT)
  • Complete the Policy Fix on CBA DR PROD (that was already done on CBA DR UAT during the sandbox deploy)
    • on the DR Archive bucket, Change policy: Remove line "s3:x-amz-acl": "bucket-owner-full-control"
    • Also remove the comma on the line before it

See Ticket #355 for more details.

For Reference,
Here is what I did to UAT

manual AWS instructions

-Remove the Lambdas that have "Application"=="ORCA"
	-Manually remove All Lambda functions with the tag "Application"=="ORCA" (19 total in sandbox 7894)
	https://us-west-2.console.aws.amazon.com/lambda/home?region=us-west-2#/functions?fo=and&k0=application&o0=%3D&v0=ORCA
	-Deleted 19 of them

-Remove Rule: 				PREFIX-vpc-ingress-all-egress 		// https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:groupId=sg-09a1b25077a9b8280 		// sgr-01154ca5312ae2d26
	-sg-09a1b25077a9b8280
	-Inbound security group rules successfully modified on security group (sg-09a1b25077a9b8280 | cumulus-uat-vpc-ingress-all-egress) 	// Details 	// Revoke

-Remove the inbound rule ("sgr-01915d2b3ad2395dc PostgreSQL TCP Allows cumulus-kris-sbx7894 Orca lambda access.") that was attached to RDS cluster access ingress security group 		// https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:groupId=sg-01f57f8b1758acb69
	-cumulus_rds_cluster_acess_ingress20230213165434378100000001
	-sgr-0ab8f9155dffc023f	PostgreSQL	TCP	Allows cumulus-uat Orca lambda access.
	-Inbound security group rules successfully modified on security group (sg-01f57f8b1758acb69 | cumulus_rds_cluster_acess_ingress20230221232818225700000005) 	// Details 	// 	Revoke

-Remove the Whole Group:  	PREFIX-vpc-ingress-all-egress 		// https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroup:group-id=sg-09a1b25077a9b8280 
	-cumulus-uat-vpc-ingress-all-egress 		// sg-09a1b25077a9b8280 - cumulus-uat-vpc-ingress-all-egress
	https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#SecurityGroups:v=3;search=:cumulus-uat-vpc-ingress-all-egress
	Clicked the two network interfaces to remove them
	-Security group (sg-09a1b25077a9b8280 | cumulus-uat-vpc-ingress-all-egress) successfully deleted

-Remove the Target Group and then the HTTP listener from the load balancer
	-First Remove the target group (find it on the interface for the listener)  // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#TargetGroup:targetGroupArn=arn:aws:elasticloadbalancing:us-west-2:201920261686:targetgroup/b6ab76cc-gql-a/095782963b6c57dd
	-Then remove the listener // https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#LoadBalancer:loadBalancerArn=arn:aws:elasticloadbalancing:us-west-2:201920261686:loadbalancer/app/cumulus-uat-gql-a/7f895496239367b0;tab=listeners

-Added the SSM Params to the UAT Server

Added version check 0 value for terraspace to the docker file to prev…
56ee2c4 
…ent deployment failures. Updated Orca package from v8.1.0 to v9.0.5.
jsrikish
jsrikish approved these changes Apr 29, 2024
View reviewed changes
Copy link
Collaborator

@jsrikish jsrikish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@krisstanton
Copy link
Collaborator Author

Merging now, to trigger a UAT Deploy.
Please do not approve the PROD Deploy,
After I verify the UAT deploy works with a smoke test, then I have a set of steps that must be run against PROD before attempting a PROD deploy.

@krisstanton krisstanton merged commit 8e6c951 into main Apr 29, 2024
6 checks passed
@krisstanton krisstanton mentioned this pull request Apr 29, 2024
Closed
29 tasks
@krisstanton
Copy link
Collaborator Author

Ready to attempt a Prod Deploy now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsrikish jsrikish jsrikish approved these changes

@chuckwondo chuckwondo chuckwondo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@krisstanton @chuckwondo @jsrikish