Updated documentation for deployment environments

openshift/README.md

@@ -1,53 +1,85 @@
-# How to configure a CI/CD pipeline for eDivorce on OpenShift
+# Uploading Templates into OpenShift
 
-- Create a project to house the Jenkins instance that will be responsible for promoting application images (via OpenShift ImageStreamTagS) across environment; the exact project name used was "edivorce".
-- Create the BuildConfiguration within this project using the ```oc``` command and "edivorce-build-template.yaml" file in the templates directory:
+1. Clone the project from Github, and then ```cd``` into the openshift/templates directory.
 
-```
-oc process -f edivorce-build-template.yaml -v NAME=<product-name> -v SOURCE_REPOSITORY_URL=<github url> -v SOURCE_REPOSITORY_REF=<branch or ref> | oc create -f -
-```
+2. Log into the OpenShift Console to get your command line token.  Then log into OpenShift from the command line.
 
-For example:
+3. Upload the templates into OpenShift with the following commands (this can also be done via the web interface)
 
 ```
-oc process -f edivorce-build-template.yaml -v NAME=edivorce-django -v SOURCE_REPOSITORY_URL=https://github.com/bcgov/eDivorce.git -v SOURCE_REPOSITORY_REF=master | oc create -f -
+oc create -f edivorce-build-template.yaml -n jag-csb-edivorce-tools
+oc create -f nginx-build-template.yaml -n jag-csb-edivorce-tools
+oc create -f ../jenkins/pipeline.yaml -n jag-csb-edivorce-tools
+
+oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-dev
+oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-test
+oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-prod
+
+oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-dev
+oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-test
+oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-prod
+
 ```
 
 
+# Setting up Dev/Test/Prod Environments
 
-- Deploy a Jenkins instance with persistent storage into the edivorce project using the web gui
-- Install the Promoted Builds Jenkins plugin
-- Configure a job that has an OpenShift ImageStream Watcher as its SCM source and promotion states for each environment
-- In each promotion configuration, tag the target build's image to the appropriate promotion level; this was done using a shell command because the OpenShift plugins do not appear to handle parameter subsitution inside promotions properly.
-- Create an OpenShift project for each "environment" (e.g. DEV, TEST, PROD); Exact names used were jag-csb-edivorce-dev, jag-csb-edivorce-test, jag-csb-edivorce-prod
-- Configure the access controls to allow the Jenkins instance to tag imagestreams in the environment projects, and to allow the environment projects to pull images from the eDivorce project:
+1. Give the dev/test/prod projects access to ImageStreams stored in the tools project
 
-```
-oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-<env-name>:default -n jag-csb-edivorce-tools
-oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-<env-name>
-```
+    ```
+    oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-dev:default -n jag-csb-edivorce-tools
+    oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-dev
 
-- Use the YAML files in this directory  and `oc` tool to create the necessary resources within each project:
+    oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-test:default -n jag-csb-edivorce-tools
+    oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-test
 
-```
-oc process -f edivorce-environment-template.yaml -v ENVIRONMENT_TYPE=<env-name> | oc create -f -
-```
+    oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-prod:default -n jag-csb-edivorce-tools
+    oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-prod
+    ```
+
+2. In the web console, go into the project you want to configure
+
+3. Select "Add to Project"
+
+4. On the Browse Catalog tab, type "edivorce" into the filter field.  Select the edivorce template.
+
+    You need to enter values for the following fields:
+    ```
+        Type of environnment (dev,test or prod).
+            - Type the word dev, test, or prod
+
+        Network of upstream proxy
+            - This is used to ensure that requests come from the Justice Proxy only. It
+              should be entered in IPV4 CIDR notation e.g. 10.10.15.10/16. (The actual
+              value you need to enter cannot be stored on Github because this would
+              violate BC Government Github policies. However the PROXY_NETWORK setting
+              is currently the same for all 3 environemts [dev/test/prod] )
+    ```
+
+5. Select "Add to Project" again
+
+6. On the Browse Catalog tab, type "nginx" into the filter field.  Select the nginx template
+
+    You need to enter values for the following fields:
+
+    ```
+        Type of environnment (dev,test or prod).
+            - Type the word dev, test, or prod
+    ```
+
+7. Weasyprint doesn't deploy itself by default. (outstanding issue).  Go to Applications => Deployments => weasyprint and press the 'Deploy' button.
 
-For example:
 
-```
-oc process -f edivorce-environment-template.yaml -v ENVIRONMENT_TYPE=dev,VOLUME_CAPACITY=1Gi | oc create -f -
-```
 
 # eDivorce Environments
 
 There are several environments set up for different purposes within OpenShift. They are available at the URLs below.
 
-|Environment| URL |Notes|
+|Environment| URL |Justice URL|
 |-----------|-----|-----|
-|DEV|edivorce-dev.pathfinder.gov.bc.ca| |
-|TEST|edivorce-test.pathfinder.gov.bc.ca| |
-|PROD|edivorce-prod.pathfinder.gov.bc.ca| |
+|DEV|edivorce-dev.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-dev|
+|TEST|edivorce-test.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-test|
+|PROD|edivorce-prod.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce|
 
 
 
@@ -58,7 +90,7 @@ There are several environments set up for different purposes within OpenShift. T
 # How to access OpenShift for eDivorce
 
 ## Web UI
-- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization.
+- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization.  You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects.
 
 ## Command-line (```oc```) tools
 - Download OpenShift [command line tools](https://github.com/openshift/origin/releases/download/v1.2.1/openshift-origin-client-tools-v1.2.1-5e723f6-mac.zip), unzip, and add ```oc``` to your PATH.
@@ -71,19 +103,13 @@ There are several environments set up for different purposes within OpenShift. T
 
 # Data management operations
 
-todo: add instructions on how to 'oc rsh' into the django pod to manage the postgresql pod
-
-# Background reading/Resources
-
-[Free OpenShift book](https://www.openshift.com/promotions/for-developers.html) from RedHat – good overview
-
-[Red Hat Container Development Kit](http://developers.redhat.com/products/cdk/overview/)
-
-OpenShift CI/CD pieline Demos:
-
-- https://www.youtube.com/watch?v=65BnTLcDAJI
-- https://www.youtube.com/watch?v=wSFyg6Etwx8
-
+You can either use the terminal window in the OpenShift console or the ```oc rsh``` command to get to the command line on the postgresql pod.
 
+```
+oc rsh postgresql-2-qp0oh
 
+psql -d default
 
+\dt
+```
+ ** the pod identifiers change regularly, you need to find the current one

openshift/templates/edivorce-environment-template.yaml

@@ -337,8 +337,7 @@ parameters:
   displayName: Type of environnment (dev,test or prod).
   required: true
 - name: PROXY_NETWORK
-  displayName: Network of upstream proxy
-  value: 0.0.0.0/0
+  displayName: Network of upstream proxy (CIDR notation 0.0.0.0/0)
   required: true
 - name: BASICAUTH_ENABLED
   displayName: Enable basic auth (recommended for Dev and Test environments)