Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBMTD Azure setup #296

Closed
40 tasks done
Tracked by #295
thekaveman opened this issue Aug 16, 2023 · 6 comments
Closed
40 tasks done
Tracked by #295

SBMTD Azure setup #296

thekaveman opened this issue Aug 16, 2023 · 6 comments
Assignees
@thekaveman @angela-tran
Labels
infrastructure Terraform, Azure, etc.
Milestone
SBMTD Mobility Pass

Comments

@thekaveman
Copy link
Member

thekaveman commented Aug 16, 2023
edited
Loading

Some tasks may need help from SBMTD IT.

Most of these tasks come from the notes doc when we did this with MST.

Azure basics

  • Create Azure user group for Compiler, roles:
    • Application developer
  • Add @angela-tran, @machikoyasuda, @thekaveman to group
  • Create Subscription, assign Compiler group the Contributor role

Azure DevOps

Terraform

  • (Manual) Create Resource Group and storage account dedicated to the Terraform state: sbmtd-mobility-pass-tf
  • (Manual) Create container in storage account named tfstate
  • (Manual x3 environments) Create environment Resource Group, Region: West US
    • sbmtd-mobility-pass-eligibility-dev
    • sbmtd-mobility-pass-eligibility-test
    • sbmtd-mobility-pass-eligibility-prod
  • (Manual x3 environments) Create Terraform workspace
  • Trigger a pipeline run to verify plan - https://dev.azure.com/sbmtd/eligibility-server/_build/results?buildId=7&view=results
  • Trigger a pipeline run to verify apply
  • Known chicken-and-egg: Terraform both creates the Key Vault and expects a secret within it, so will always fail on the first deploy

Application

  • Create a keypair for the eligibility verification API
    • test
    • prod
  • (x3 environments) Create settings.py with:
    • AGENCY_NAME
    • AUTH_HEADER
    • AUTH_TOKEN
    • CLIENT_KEY_PATH
    • IMPORT_FILE_PATH
    • SENTRY_DSN
    • SENTRY_TRACES_SAMPLE_RATE
  • (x3 environments) Add settings.py and keys to storage account
@thekaveman thekaveman added the infrastructure Terraform, Azure, etc. label Aug 16, 2023
@thekaveman thekaveman added this to the SBMTD milestone Aug 16, 2023
This was referenced Aug 16, 2023
Closed
Closed
@thekaveman thekaveman moved this from Todo to Blocked in Digital Services Aug 16, 2023
@thekaveman thekaveman moved this from Blocked to In Progress in Digital Services Sep 1, 2023
@thekaveman
Copy link
Member Author

We got stuck in SBMTD's Azure with an Azure AD issue, so the group for Compiler engineers is not yet created. SBMTD is going to work with their Azure consultant on this issue.

Most of the setup for Azure DevOps is complete, the remaining step of establishing a Service Connection depends on the fix for Azure AD.

@thekaveman thekaveman moved this from In Progress to Paused in Digital Services Sep 18, 2023
@thekaveman thekaveman moved this from Paused to Todo in Digital Services Sep 27, 2023
@thekaveman thekaveman moved this from Todo to In Progress in Digital Services Oct 2, 2023
@angela-tran angela-tran mentioned this issue Oct 12, 2023
Merged
@angela-tran
Copy link
Member

  • (Manual x3 environments) Create environment Resource Group, Region: West US
    • sbmtd-mobility-pass-dev
    • sbmtd-mobility-pass-test
    • sbmtd-mobility-pass-prod

Just noticed that our Terraform file expects this to be named sbmtd-mobility-pass-eligibility-dev, etc.:

eligibility-server/terraform/environment.tf

Line 8 in 1fd6140

name = "${var.AGENCY_RESOURCE_GROUP_PREFIX}-eligibility-${local.env_name}"

See the build failure at https://dev.azure.com/sbmtd/eligibility-server/_build/results?buildId=5&view=logs&j=ace7239b-ade7-5b52-2e3a-ab948f392fca&t=86fc3f94-fb9f-52ff-e1d4-fd3623140af8&l=22

I will recreate the Resource Groups to match this naming

@angela-tran
Copy link
Member

For getting the values for TF_VAR_DEPLOYER_APP_OBJECT_ID and TF_VAR_DEPLOYER_APP_OBJECT_ID, make sure you go into the "Managed application in local directory" screen to get the Object ID

https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#list-service-principals-associated-with-an-app

@angela-tran angela-tran mentioned this issue Oct 30, 2023
Merged
2 tasks
@thekaveman thekaveman moved this from In Progress to Blocked in Digital Services Oct 31, 2023
@thekaveman thekaveman moved this from Blocked to In Progress in Digital Services Nov 3, 2023
@thekaveman thekaveman moved this from In Progress to Paused in Digital Services Nov 13, 2023
@thekaveman thekaveman moved this from Paused to In Progress in Digital Services Nov 13, 2023
@thekaveman
Copy link
Member Author

@angela-tran I think we are good to close this??

@angela-tran
Copy link
Member

@thekaveman Yeah, I think so since all the infra is set up. The dev, test, and prod instances are just waiting for data, which isn't necessarily part of this issue

@github-project-automation github-project-automation bot moved this from In Progress to Done in Digital Services Nov 13, 2023
@thekaveman
Copy link
Member Author

@angela-tran I wrote up this one earlier, I think we're covered 👍 cal-itp/benefits#1783

@thekaveman thekaveman mentioned this issue Jan 5, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thekaveman thekaveman

@angela-tran angela-tran

Labels
infrastructure Terraform, Azure, etc.
Projects
Digital Services
Status: Done
Milestone
SBMTD Mobility Pass
Development

No branches or pull requests
2 participants
@thekaveman @angela-tran