Versions Compared

Version Old Version 29 New Version 30
Changes made by

Mike Kellen (Unlicensed)

Mike Kellen (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ditto for auth-prod and reposvc-prod

Create or Configure MySQL

...

RDS Service

If necessary, create a new schema in the AWS RDS, e.g. using MySQL Workbench.

The schema name, for example, might be 'prodRepositoryDb'

Note that we have two different database users that we use to give access to RDS to our services tier: beans-staging for the staging stack and beans-production for the alpha/production stack.  If you create a new schema you must grant all permissions except GRANT_OPTIONS on the new schema to the appropriate user.  Please do not give the platform/root db user to the service tier, it is for admin use only.

Note that all stacks share access to idGeneratorDB, which is a separate schema used to generate unique IDs within the sagebase.org domain.  However, the stack db users should only have INSERT and SELECT access to this schema.

Configure Environments

The configuration of all environments for all Synapse components should be the same, with the exception that we leave port 80 on the web app load balancer open and closed everywhere else.

...

For each stack, we have created a unique IAM User, encryption key, and configuration file.  These values are passed into the container of the environments as described above.  AWS access key ids, secret keys, encryption keys, and the url for an environment can be found on sodo at /work/platform/PasswordsAndCredentials/StackCredentials/IAMUsers in the appropriate .csv file.  All stack environments run under this IAM User, and have permission to access their configuration file from S3.  Configuration files can be loaded / updated in S3 under the elasticbeanstalk-us-east-1-325565585839 bucket (this is the same place the .war files are deployed).  This will give URLs of the form https://s3.amazonaws.com/elasticbeanstalk-us-east-1-325565585839/beanstalk-<stack-name>-stack.properties  If you are creating a new stack, you will have to create the IAM user and grant that user access to access the configuration file using the IAM tab of the AWS console.  In most cases you should be able to keep the configuration the file the same, or replace it with a new file of the same name.

Note that if you are setting up a .properties file, any field that is a password should be encryped.  You can encrypt strings by running StringEncrypter, passing in two arg's: (1) the string to be encoded, (2) the aforementioned encryption key.

How to run the Data Loader

...