Produced by Araxis Merge on 3/29/2017 4:53:19 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | CTT-DM CIF Submission.zip\code\aitc_install | CTT_DM_Installation_Guide.docx | Fri Mar 3 16:22:17 2017 UTC |
| 2 | CTT-DM CIF Submission.zip\code\aitc_install | CTT_DM_Installation_Guide.docx | Tue Mar 28 12:55:14 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 8 | 1196 |
| Changed | 7 | 37 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | Collaborat ive Termin ology Tool ing & Data Managemen t (CTT & D M) | ||
| 2 | Tooling an d Server D evelopment | ||
| 3 | Deployment and Insta llation Gu ide | ||
| 4 | |||
| 5 | November 2 016 | ||
| 6 | Department of Vetera ns Affairs | ||
| 7 | Office of Informatio n and Tech nology (OI &T) | ||
| 8 | |||
| 9 | |||
| 10 | Revision H istory | ||
| 11 | Date | ||
| 12 | Version | ||
| 13 | Descriptio n | ||
| 14 | Author | ||
| 15 | |||
| 16 | 1.0 | ||
| 17 | Delivery t o VA | ||
| 18 | ManTech Mi ssion Solu tions & Se rvices | ||
| 19 | 10/31/2016 | ||
| 20 | 0.3 | ||
| 21 | Updated Do cument to Address TW Comments | ||
| 22 | C. Cuestas , ManTech Mission So lutions & Services | ||
| 23 | 10/28/2016 | ||
| 24 | 0.2 | ||
| 25 | Technical Writer Rev iew – Draf t Edits | ||
| 26 | B. Stanley , ManTech Mission So lutions & Services | ||
| 27 | 10/27/2016 | ||
| 28 | 0.1 | ||
| 29 | Initial Dr aft | ||
| 30 | C. Cuestas , ManTech Mission So lutions & Services | ||
| 31 | |||
| 32 | |||
| 33 | Table of C ontents | ||
| 34 | 1Introduct ion1 | ||
| 35 | 1.1Purpose 1 | ||
| 36 | 1.2Depende ncies1 | ||
| 37 | 1.3Constra ints2 | ||
| 38 | 1.4Roles a nd Respons ibilities2 | ||
| 39 | 2Deploymen t3 | ||
| 40 | 2.1Timelin e3 | ||
| 41 | 2.2Site Re adiness As sessment3 | ||
| 42 | 2.2.1Deplo yment Topo logy (Targ eted Archi tecture)4 | ||
| 43 | 2.2.2Site Preparatio n5 | ||
| 44 | 2.3Resourc es5 | ||
| 45 | 2.3.1Facil ity Specif ics5 | ||
| 46 | 2.3.2Hardw are5 | ||
| 47 | 2.3.3Softw are5 | ||
| 48 | 2.3.4Commu nications6 | ||
| 49 | 3Installat ion6 | ||
| 50 | 3.1Pre-ins tallation and System Requireme nts6 | ||
| 51 | 3.2Platfor m Installa tion and P reparation 6 | ||
| 52 | 3.3Downloa d and Extr act Files6 | ||
| 53 | 3.4Databas e Creation 6 | ||
| 54 | 3.5Install ation Scri pts6 | ||
| 55 | 3.6Cron Sc ripts6 | ||
| 56 | 3.7Access Requiremen ts and Ski lls Needed for the I nstallatio n7 | ||
| 57 | 3.8Install ation Proc edure7 | ||
| 58 | 3.8.1JAVA7 | ||
| 59 | 3.8.2SSL C ertsToJDK7 | ||
| 60 | 3.8.3CSR a nd Certifi cate8 | ||
| 61 | 3.8.4TOMCA T9 | ||
| 62 | 3.8.5GitBl it10 | ||
| 63 | 3.8.6Prism e11 | ||
| 64 | 3.8.7Jenki ns11 | ||
| 65 | 3.8.8Maven 12 | ||
| 66 | 3.8.9Nexus 12 | ||
| 67 | 3.8.10Kome t13 | ||
| 68 | 3.8.11Sing le Sign On – Interna l15 | ||
| 69 | 3.9Install ation Veri fication P rocedure16 | ||
| 70 | 3.10System Configura tion16 | ||
| 71 | 3.11Databa se Tuning1 7 | ||
| 72 | 4Back-Out Procedure1 7 | ||
| 73 | 4.1Back-Ou t Strategy 17 | ||
| 74 | 4.2Back-Ou t Consider ations17 | ||
| 75 | 4.2.1Load Testing17 | ||
| 76 | 4.2.2User Acceptance Testing17 | ||
| 77 | 4.3Back-Ou t Criteria 17 | ||
| 78 | 4.4Back-Ou t Risks17 | ||
| 79 | 4.5Authori ty for Bac k-Out17 | ||
| 80 | 4.6Back-Ou t Procedur e17 | ||
| 81 | 4.7Back-ou t Verifica tion Proce dure18 | ||
| 82 | 5Rollback Procedure1 8 | ||
| 83 | 5.1Rollbac k Consider ations18 | ||
| 84 | 5.2Rollbac k Criteria 18 | ||
| 85 | 5.3Rollbac k Risks18 | ||
| 86 | 5.4Authori ty for Rol lback18 | ||
| 87 | 5.5Rollbac k Procedur e18 | ||
| 88 | 5.6Rollbac k Verifica tion Proce dure18 | ||
| 89 | |||
| 90 | |||
| 91 | |||
| 92 | |||
| 93 | Introducti on | ||
| 94 | This docum ent descri bes how to deploy an d install the CTT & DM system as well as how to ba ck-out the product a nd rollbac k to a pre vious vers ion or dat a set. Thi s document is a comp anion to t he project charter a nd managem ent plan f or this ef fort. The scope of t he ETS pro ject is to develop n ew product that prov ides the c apability to create and edit V HAT and ot her termin ology map sets for c onsumption by other VA service s. The tec hnology st ack provid es the cap ability to : | ||
| 95 | Develop an integrate d web-acce ssible Ter minology M anagement Platform ( TMP) that supports t erminology developme nt, mainte nance, and distribut ion across VA. The p latform wi ll be buil t on exist ing open s ource tool s and fram eworks suc h as the I nternation al Health Terminolog y Standard s Developm ent Organi zation (IH TSDO) work bench and Informatic s Architec ture Accel eration (I SAAC) edit or. | ||
| 96 | Deploy the TMP (ETS tooling an d server s olution) i n various environmen ts includi ng product ion and pr e-producti on. | ||
| 97 | Provide op erations a nd mainten ance suppo rt for TMP developme nt and dep loyment. | ||
| 98 | Provide su pport for production operation s, product ion perfor mance impr ovements, and portal framework . | ||
| 99 | Create and deploy pa tches to V istA syste ms to inte grate auth oritative terminolog y content into VistA in a nati ve format. | ||
| 100 | Enable com putability of VA hea lth and be nefits ser vices clin ical data through se mantic int eroperabil ity to exc hange clin ical data between VA (VHA, VBA , NCA), Do D, and app roved non- VA entitie s. (Clinic al data wi ll be nati vely coded and mappe d to natio nal standa rds and te rminologie s.) | ||
| 101 | Purpose | ||
| 102 | The purpos e of this plan is to provide a single, c ommon docu ment descr ibing how, when, whe re, and to whom the CTT & DM s ystem will be deploy ed and ins talled as well as ho w it is to be backed out and r olled back if necess ary. The p lan also i dentifies the resour ces, commu nications plan, and rollout sc hedule. Sp ecific ins tructions for instal lation, ba ck-out, an d rollback are inclu ded in thi s document . | ||
| 103 | Dependenci es | ||
| 104 | The CTT&DM tool requ ires a ser ies of ope n source t echnologie s to run u nderneath it. These technologi es are: To mcat, Apac he Webserv er, SSL, J enkins, Gi tBlit, Nex us and Mav en. | ||
| 105 | An assigne d Systems Administra tor will i nstall the required software. PRISME and KOMET may be instal led after the requir ed softwar e installa tion is co mplete. | ||
| 106 | This docum ent is par t of the d eliverable s package. | ||
| 107 | Constraint s | ||
| 108 | Servers in Pre Prod and Prod a t AITC hav e the foll owing conf iguration: | ||
| 109 | 16GB of RA M | ||
| 110 | 64GB x 1 HD1– OS | ||
| 111 | 472GB x 1 HD2 - dat a | ||
| 112 | 4 x CPUs | ||
| 113 | Roles and Responsibi lities | ||
| 114 | The list b elow ident ifies the individual s responsi ble for th e system’s deploymen t, configu ration, an d administ ration. | ||
| 115 | Table 1: D eployment, Installat ion, Back- out, and R ollback Ro les | ||
| 116 | Name | ||
| 117 | Team | ||
| 118 | Role | ||
| 119 | Esigie Agu ele | ||
| 120 | ManTech | ||
| 121 | Program Ma nager | ||
| 122 | Dan Armbru st | ||
| 123 | ManTech | ||
| 124 | Lead Engin eer/Develo per | ||
| 125 | Claudio Cu estas | ||
| 126 | ManTech | ||
| 127 | Sr. System s Administ rator | ||
| 128 | Derrick Al len | ||
| 129 | VA Team | ||
| 130 | Project Ma nager | ||
| 131 | Victor Ram irez | ||
| 132 | VA Team | ||
| 133 | Sr. System s Administ rator | ||
| 134 | The list b elow ident ifies spec ific respo nsibilitie s of each team membe r. | ||
| 135 | Table 2: D eployment, Installat ion, Back- out, and R ollback Re sponsibili ties | ||
| 136 | ID | ||
| 137 | Team | ||
| 138 | Phase / Ro le | ||
| 139 | Tasks | ||
| 140 | Project Ph ase (See S chedule) | ||
| 141 | |||
| 142 | Claudio Cu estas (Man Tech) and Victor Ram irez (VA T eam) | ||
| 143 | Deployment | ||
| 144 | Plan and s chedule de ployment ( including orchestrat ion with v endors) | ||
| 145 | |||
| 146 | |||
| 147 | Claudio Cu estas (Man Tech) and Victor Ra mirez (VA Team) | ||
| 148 | Deployment | ||
| 149 | Determine and docume nt the rol es and res ponsibilit ies of tho se involve d in the d eployment. | ||
| 150 | |||
| 151 | |||
| 152 | Claudio Cu estas (Man Tech) and Victor Ra mirez (VA Team) | ||
| 153 | Deployment | ||
| 154 | Deploy and configure procedure and provi de install ation pack age. | ||
| 155 | |||
| 156 | |||
| 157 | Claudio Cu estas (Man Tech) | ||
| 158 | |||
| 159 | Oversee an d assist d uring the installati on in pre- prod and p rod. | ||
| 160 | |||
| 161 | |||
| 162 | Claudio Cu estas (Man Tech) and Victor Ra mirez (VA Team) | ||
| 163 | Deployment | ||
| 164 | Test for o perational readiness | ||
| 165 | |||
| 166 | |||
| 167 | Victor Ram irez (VA T eam) | ||
| 168 | Deployment | ||
| 169 | Execute de ployment | ||
| 170 | |||
| 171 | |||
| 172 | Victor Ram irez (VA T eam) | ||
| 173 | Installati on | ||
| 174 | Plan and s chedule in stallation | ||
| 175 | |||
| 176 | |||
| 177 | Victor Ram irez (VA T eam) | ||
| 178 | Installati on | ||
| 179 | Ensure aut hority to operate an d that cer tificate a uthority s ecurity do cumentatio n is in pl ace | ||
| 180 | |||
| 181 | |||
| 182 | Victor Ram irez (VA T eam) | ||
| 183 | Installati on | ||
| 184 | Validate t hrough fac ility POC to ensure that IT eq uipment ha s been acc epted usin g asset in ventory pr ocesses | ||
| 185 | |||
| 186 | |||
| 187 | Derrick Al len (VA Te am) | ||
| 188 | Installati ons | ||
| 189 | Coordinate training | ||
| 190 | |||
| 191 | |||
| 192 | N/A | ||
| 193 | Back-out | ||
| 194 | Confirm av ailability of back-o ut instruc tions and back-out s trategy (w hat are th e criteria that trig ger a back -out) | ||
| 195 | |||
| 196 | |||
| 197 | Derrick Al len (VA Te am) | ||
| 198 | Post Deplo yment | ||
| 199 | Hardware, Software a nd System Support | ||
| 200 | |||
| 201 | Once the a pproval pr ocess and certificat ions are c omplete, t he Project and Progr am Manager s will ind icate the starting d eployment time. | ||
| 202 | Deployment | ||
| 203 | This appli cation dep loyment is dependent on a seri es of open source se rvices/pac kages that must be i nstalled, configured and runni ng. | ||
| 204 | We detaile d this pro cess below in sectio n 3.8. | ||
| 205 | Timeline | ||
| 206 | TBD | ||
| 207 | Site Readi ness Asses sment | ||
| 208 | The applic ation will be deploy ed on serv ers hosted at the AI TC Datacen ter in the pre-produ ction and production environme nts. | ||
| 209 | The applic ations wil l be insta lled acros s multiple servers i n these tw o environm ents. | ||
| 210 | The new ap plication is Collabo rative Ter minology T ooling and Data Mana gement sof tware. | ||
| 211 | The applic ation will be instal led and de ployed on the follow ing server in AITC.T he server list below : | ||
| 212 | DNS | ||
| 213 | Deployment Topology (Targeted Architectu re) | ||
| 214 | |||
| 215 | Figure 1: Deployment Topology | ||
| 216 | |||
| 217 | The deploy ment locat ion is pre -productio n and prod uction ser vers at AI TC | ||
| 218 | Site Prepa ration | ||
| 219 | N/A | ||
| 220 | Resources | ||
| 221 | Facility S pecifics | ||
| 222 | N/A | ||
| 223 | Hardware | ||
| 224 | The follow ing table describes hardware s pecificati ons requir ed at each site prio r to deplo yment. | ||
| 225 | Table 3: H ardware sp ecificatio ns | ||
| 226 | Required H ardware | ||
| 227 | Model | ||
| 228 | Version | ||
| 229 | Configurat ion | ||
| 230 | Manufactur er | ||
| 231 | Other | ||
| 232 | Server | ||
| 233 | |||
| 234 | CentOS6.8 | ||
| 235 | 16GB RAM, 1x HD 64GB and 1 x H D 472GB, 4 x CPUs | ||
| 236 | |||
| 237 | |||
| 238 | Server | ||
| 239 | |||
| 240 | CentOS6.8 | ||
| 241 | 16GB RAM, 1x HD 64GB and 1 x H D 2100GB, 4 x CPUs | ||
| 242 | |||
| 243 | |||
| 244 | Please see the Roles and Respo nsibilitie s table in Section 1 .4 for det ails about who is re sponsible for prepar ing the si te to meet these har dware spec ifications . | ||
| 245 | The hardwa re has alr eady been procured a nd running on the ne twork. | ||
| 246 | Software | ||
| 247 | The follow ing table describes software s pecificati ons requir ed at each site prio r to deplo yment. | ||
| 248 | Table 4: S oftware sp ecificatio ns | ||
| 249 | Required S oftware | ||
| 250 | Make | ||
| 251 | Version | ||
| 252 | Configurat ion | ||
| 253 | Manufactur er | ||
| 254 | Other | ||
| 255 | Tomcat | ||
| 256 | Apache | ||
| 257 | 8.0.33 | ||
| 258 | |||
| 259 | |||
| 260 | |||
| 261 | WebServer | ||
| 262 | Apache | ||
| 263 | 2.2.15 | ||
| 264 | |||
| 265 | |||
| 266 | |||
| 267 | JDK | ||
| 268 | Oracle | ||
| 269 | 8.9.1 | ||
| 270 | |||
| 271 | |||
| 272 | |||
| 273 | Gitblit | ||
| 274 | |||
| 275 | |||
| 276 | |||
| 277 | |||
| 278 | |||
| 279 | Jenkins | ||
| 280 | Hudson | ||
| 281 | 2.19.1 | ||
| 282 | |||
| 283 | |||
| 284 | |||
| 285 | Maven | ||
| 286 | Apache | ||
| 287 | 3.3.9 | ||
| 288 | |||
| 289 | |||
| 290 | |||
| 291 | Nexus | ||
| 292 | Sonatype | ||
| 293 | 2.14.0 | ||
| 294 | |||
| 295 | |||
| 296 | |||
| 297 | SSL Certs | ||
| 298 | VA Provide r | ||
| 299 | |||
| 300 | |||
| 301 | |||
| 302 | |||
| 303 | Please see the Roles and Respo nsibilitie s table in Section 1 .4 above f or details about who is respon sible for preparing the site t o meet the se softwar e specific ations. | ||
| 304 | Communicat ions | ||
| 305 | For inquir ies relate d to deplo yment, con figuration , manageme nt, and er ror handli ng of thes e applicat ions, cont act Dan Ar mbrust at PII and/or Cl audio Cues tas PII | ||
| 306 | Deployment /Installat ion/Back-O ut Checkli st | ||
| 307 | N/A | ||
| 308 | Installati on | ||
| 309 | Pre-instal lation and System Re quirements | ||
| 310 | All the ha rdware is in place a t AITC and ready to receive th e installa tion. | ||
| 311 | Platform I nstallatio n and Prep aration | ||
| 312 | All the ha rdware is in place a t AITC and ready to receive th e installa tion. | ||
| 313 | Download a nd Extract Files | ||
| 314 | Our deploy ment packa ge include s all nece ssary soft ware. | ||
| 315 | Database C reation | ||
| 316 | The Oracle databases and accou nts have a lready bee n created and are re ady for us e. | ||
| 317 | Installati on Scripts | ||
| 318 | See sectio n 4.8 for details. | ||
| 319 | Cron Scrip ts | ||
| 320 | N/A | ||
| 321 | Access Req uirements and Skills Needed fo r the Inst allation | ||
| 322 | The System s Administ rator exec uting the deployment will have elevated access to each syste m in pre-p roduction and produc tion syste ms. | ||
| 323 | Installati on Procedu re | ||
| 324 | Use this d ocument to install a nd configu re the fol lowing ser vices: | ||
| 325 | Java | ||
| 326 | SSL Certif icate | ||
| 327 | Tomcat Ser ver | ||
| 328 | GitBlit | ||
| 329 | Maven | ||
| 330 | Jenkins | ||
| 331 | Nexus | ||
| 332 | Prisme | ||
| 333 | Komet | ||
| 334 | Single Sig n On | ||
| 335 | The provid ed serverS etup.zip f ile contai ns a “cert ” director y with all of the In ternal, In termediate and Root SSL Certif icates. | ||
| 336 | There is a lso an “in stallers” directory where you can find J ava, Tomca t, Maven, GitBlit an d other sc ripts that will help during th e installa tion proce ss. | ||
| 337 | JAVA | ||
| 338 | From the r oot direct ory “ / ” unzip the provided s erverSetup .tar.gz fi le contain ing the Ja va RPM, se t the appr opriate pe rmissions and instal l it. | ||
| 339 | Assuming t hat the se rverSetup. tar.gz fil e has been placed in servers / tmp direct ory. | ||
| 340 | cd / | ||
| 341 | tar –zxvf /tmp/serve rSetup.tar .gz | ||
| 342 | As root ru n the foll owing: | ||
| 343 | /app/insta llers/inst alljava.sh | ||
| 344 | SSL CertsT oJDK | ||
| 345 | This will install th e CA Root and Interm ediate Cer tificates to the JDK version j ust instal led in the previous step. | ||
| 346 | As root ru n the foll owing: | ||
| 347 | /app/insta llers/inst allsslcert .sh | ||
| 348 | You will b e asked th e followin g question three tim es, one fo r each cer tificate: | ||
| 349 | “Trust thi s certific ate?” | ||
| 350 | Respond “y es” | ||
| 351 | CSR and Ce rtificate | ||
| 352 | This step requires t he use of keytool an d openssl to generat e the CSR and the ce rtificate chain requ ired for S SL to be p roperly se t up. | ||
| 353 | -Generate a CSR (Cer tificate S igning Req uest) | ||
| 354 | Update the CN (Commo n Name, wh ich is the Fully Qua lified Ser ver Name) to have th e right ho stname. | ||
| 355 | cd /app/ce rts/ | ||
| 356 | openssl re q -new -ne wkey rsa:2 048 -nodes -keyout s erver.key -out serve r.csr -sub j " DN S D N S /emailAddr ess= PII " | ||
| 357 | View the C SR | ||
| 358 | The openss l tool wil l allow us to view t he content s of the C SR. | ||
| 359 | Once Gener ated, the contents o f the CSR should loo k like the following : | ||
| 360 | openssl re q -text -n oout -veri fy -in ser ver.csr | ||
| 361 | verify OK | ||
| 362 | Certificat e Request: | ||
| 363 | Data: | ||
| 364 | Version: 0 (0x0) | ||
| 365 | Subject: C =US, ST=TX , L=Austin , O=VA, OU =STS, CN= DNS /emailAddr ess= PII | ||
| 366 | Subject Pu blic Key I nfo: | ||
| 367 | Public Key Algorithm : rsaEncry ption | ||
| 368 | Public-Key : (2048 bi t) | ||
| 369 | CSR Submis sion | ||
| 370 | Please sub mit the CS R server.k ey via the following URLs: | ||
| 371 | http://DNS / | ||
| 372 | https://DN S | ||
| 373 | Create Cer tificate C hain | ||
| 374 | When fulfi lled, put the certif icate into a server. crt file. | ||
| 375 | ensure tha t your .cr t file sta rts with | ||
| 376 | -----BEGIN CERTIFICA TE----- | ||
| 377 | and ends w ith | ||
| 378 | -----END C ERTIFICATE ----- | ||
| 379 | Now we exp ort the ce rtificate from the s erver.crt file you r ecently cr eated and the keysto re file th at was use d to gener ate the CS R server.k ey into a new pkcs12 file call ed server. p12 togeth er with th e VA’s Int ernal Cert ficate nam ed VA-Inte rnal-E5-IC A1-v1.crt | ||
| 380 | openssl pk cs12 -expo rt -in ser ver.crt -i nkey serve r.key -out server.p1 2 -name to mcat -CAfi le VA-Inte rnal-E5-IC A1-v1.crt -caname ro ot | ||
| 381 | (password - tomcat) | ||
| 382 | Then we im port the s erver.p12 file into a new keys tore file called ser ver.keysto re | ||
| 383 | This serve r.keystore file will be used t o configur e apache a nd tomcat to support SSL. | ||
| 384 | keytool -i mportkeyst ore -dests torepass t omcat -des tkeystore server.key store -src keystore s erver.p12 -srcstoret ype PKCS12 -srcstore pass tomca t -alias t omcat | ||
| 385 | Place the server.key store file in the “/ app/certs” directory and set t he appropr iate permi ssions. | ||
| 386 | sudo chown root /app /certs/ser ver.keysto re | ||
| 387 | sudo chmod 700 /app/ certs/serv er.keystor e | ||
| 388 | To view th e contents of the ke ystore fil e: keytool –list –v –keystore server.key store | ||
| 389 | TOMCAT | ||
| 390 | From the r oot direct ory “/app“ unzip the provided tomcat fil e as part of the ori ginal serv erSetup.zi p file. Be come root on the ser ver, unzip the tomca t file and run the “ finishTomc atSetup.sh ” script t o install and config ure tomcat . | ||
| 391 | sudo su - | ||
| 392 | cd /app | ||
| 393 | yum –y ins tall unzip | ||
| 394 | unzip inst allers/apa che-tomcat -8.0.33.zi p | ||
| 395 | ./installe rs/finishT omcatSetup .sh | ||
| 396 | Configure SSL in Tom cat | ||
| 397 | Verify tha t the 8080 connector for SSL i s in place . | ||
| 398 | in the fil e /app/apa che-tomcat -8.0.33/co nf/server. xml” | ||
| 399 | <Connector port="808 0" protoco l="org.apa che.coyote .http11.Ht tp11NioPro tocol" | ||
| 400 | maxThreads ="150" SSL Enabled="t rue" schem e="https" secure="tr ue" | ||
| 401 | clientAuth ="false" s slProtocol ="TLS" | ||
| 402 | keyst oreFile="/ app/certs/ server.key store" key storePass= "tomcat" | ||
| 403 | maxPo stSize="20 9715200"/> | ||
| 404 | <!-- De fine an AJ P 1.3 Conn ector on p ort 8009 - -> | ||
| 405 | <Conne ctor port= "8009" pro tocol="AJP /1.3" redi rectPort=" 8080" /> | ||
| 406 | GitBlit | ||
| 407 | Deploy and Configure | ||
| 408 | Run /app/i nstaller/i nstallgit. sh to crea te the dir ectory and set up pr oper owner ship. It w ill also d eploy the applicatio n in Tomca t | ||
| 409 | Define new Git data directory in context .xml | ||
| 410 | edit /app/ apache-tom cat-8.0.33 /conf/cont ext.xml - add: (towa rds end of file insi de the Con text tags) | ||
| 411 | <Environme nt name="b aseFolder" type="jav a.lang.Str ing" value ="/app/git Data" over ride="fals e" /> | ||
| 412 | Install To mcat’s sta rtup scrip t | ||
| 413 | cp /app/et c/init.d/t omcat” to “/etc/init .d/” | ||
| 414 | The server running T omcat must be able t o run it w ith an Xmx of 14GB | ||
| 415 | This can b e tuned in /etc/init .d/tomcat | ||
| 416 | Bring up T omcat | ||
| 417 | /etc/init. d/tomcat s tart | ||
| 418 | Tail the l ogs to che ck Tomcat coming up and to spo t any poss ible issue s | ||
| 419 | tail –f /a pp/apache- tomcat-8.0 .33/logs/c atalina.ou t | ||
| 420 | Finally, | ||
| 421 | Edit /app/ gitData/de faults.pro perties – add the fo llowing at the end o f the file : | ||
| 422 | web.enable RpcServlet =true | ||
| 423 | web.enable RpcManagem ent=true | ||
| 424 | web.enable RpcAdminis tration=tr ue | ||
| 425 | Restart To mcat /etc/ init.d/tom cat restar t | ||
| 426 | Login to g itblit wit h admin/ad min - crea te a new a ccount and delete de fault acco unt | ||
| 427 | Replace th e “ServerN ame” with the actual fully qua lified hos tname. | ||
| 428 | https://ho stname.dom ainname:80 80/git/ | ||
| 429 | Remember t he new adm in account you creat ed (for la ter config uration) | ||
| 430 | Create the following Repositor ies: | ||
| 431 | With Acces s Policy: “Restrict Push (Name d) | ||
| 432 | contentCon figuration s | ||
| 433 | editChange sets | ||
| 434 | Prisme | ||
| 435 | Deploy and Configure | ||
| 436 | Execute th e followin g: | ||
| 437 | /app/insta llers/inst allprisme. sh | ||
| 438 | cd /app/pr ismeData | ||
| 439 | make sure the server _config.ym l and orac le_databas e.yml file s are pres ent. | ||
| 440 | Rename the file acco rdingly: | ||
| 441 | PreProd | ||
| 442 | mv /app/pr ismeData/o racle_data base.yml-P RE/app/pri smeData/or acle_datab ase.yml | ||
| 443 | mv /app/pr ismeData/s erver_conf ig.yml-PRE /app/pris meData/ser ver_config .ymlmv /ap p/prismeDa ta/oracle_ database.y ml-PROD /a pp/prismeD ata/oracle _database. yml | ||
| 444 | mv /app/pr ismeData/s erver_conf ig.yml-PRO D /app/pri smeData/se rver_confi g.yml | ||
| 445 | Start Tomc at | ||
| 446 | sudo /etc/ init.d/tom cat start | ||
| 447 | Jenkins | ||
| 448 | Install an d Configur e | ||
| 449 | We are goi ng to inst all the Je nkins repo first and install t he RPM via yum. | ||
| 450 | As Root ru n the foll owing: | ||
| 451 | /app/insta llers/inst alljenkins .sh | ||
| 452 | If a ssh k ey is need ed, this i s the manu al process of genera ting one. | ||
| 453 | ########## ########## ######## | ||
| 454 | # sudo -u jenkins ss h-keygen | ||
| 455 | That will generate t he key for you here: | ||
| 456 | /var/lib/ jenkins/.s sh/id_rsa. pub | ||
| 457 | ########## ########## ########## | ||
| 458 | /etc/init. d/Jenkins start | ||
| 459 | Replace th e “ServerN ame” with the actual fully qua lified hos tname. | ||
| 460 | Go to http s://Server Name:8080/ jenkins | ||
| 461 | Log In wit h the foll owing cred entials de vtest/devt esthardtog uess | ||
| 462 | Go to Conf igure / l ook for Je nkins Loca tion and c hange the Jenkins UR L to : | ||
| 463 | https://Se rverName:8 080/jenkin s | ||
| 464 | Replace th e “ServerN ame” with the actual fully qua lified hos tname. | ||
| 465 | Click Appl y and Save | ||
| 466 | Maven | ||
| 467 | Install an d Configur e | ||
| 468 | Maven must be instal led on the same serv er as Jenk ins. | ||
| 469 | Become roo t on the s erver, and run the f ollowing: | ||
| 470 | /app/insta llers/inst allmaven.s h | ||
| 471 | Edit /app/ jenkinsMav enSettings .xml file and add th e serverna me and cre dentials f or nexus. | ||
| 472 | Nexus | ||
| 473 | Install an d Configur e | ||
| 474 | As Root r un the fol lowing: | ||
| 475 | /app/insta llers/inst allnexus.s h | ||
| 476 | Add the fo llowing in to “/app/n exus-2.14. 0-01/bin/j sw/conf/wr apper.conf ” | ||
| 477 | vi /app/ne xus-2.14.0 -01/bin/js w/conf/wra pper.conf | ||
| 478 | wrapper.ap p.paramete r.3=./conf /jetty-htt ps.xml | ||
| 479 | wrapper.ap p.paramete r.4=./conf /jetty-htt p-redirect -to-https. xml | ||
| 480 | To set up SSL, use t he existin g keystore “server.k eystore” b ut rename it accordi ngly and s et ownersh ip. | ||
| 481 | cp /app/ce rts/server .keystore /app/certs /nexus.key store | ||
| 482 | chown nexu s /app/cer ts/nexus.k eystore | ||
| 483 | chgrp nexu s /app/cer ts/nexus.k eystore | ||
| 484 | Set the SS L port in “/app/nexu s-2.14.0-0 1/conf/nex us.propert ies” | ||
| 485 | vi /app/ne xus-2.14.0 -01/conf/n exus.prope rties | ||
| 486 | applicatio n-port-ssl =8443 | ||
| 487 | Configure “jetty-htt ps.xml” to specify k eystore | ||
| 488 | change /ap p/nexus-2. 13.0-01/co nf/jetty-h ttps.xml t o like thi s: | ||
| 489 | <Set name= "keyStore" >/app/cert s/nexus.ke ystore</Se t> | ||
| 490 | <Set name= "trustStor e">/app/ce rts/nexus. keystore</ Set> | ||
| 491 | <Set name= "keyStoreP assword">t omcat</Set > | ||
| 492 | <Set name= "keyManage rPassword" >tomcat</S et> | ||
| 493 | <Set name= "trustStor ePassword" >tomcat</S et> | ||
| 494 | Start Nexu s, log in and config ure via th e GUI. | ||
| 495 | /etc/init. d/nexus st art | ||
| 496 | Go to http s://YourSe rverName:8 080/nexus/ | ||
| 497 | login (adm in/admin12 3), update permissio ns, disabl e unneeded repositor ies | ||
| 498 | Create "te rmdata" re lease repo | ||
| 499 | disable ap ache snaps hots, disa ble / dele te 3rd par ty, disabl e m1 shado w | ||
| 500 | update 'pu blic' grou p to match repos | ||
| 501 | Komet | ||
| 502 | Komet is i nstalled 1 00% via th e Prisme U I. | ||
| 503 | Log in to prisme htt p://YourHo stName:808 0/ | ||
| 504 | Once in, C lick on “A pp Deploye r” | ||
| 505 | Select the applicati on type “K omet Tooli ng Deploym ent” and c lick “Next ” | ||
| 506 | |||
| 507 | Figure 2: Applicatio n Deployer Applicati on Type Sc reen | ||
| 508 | Then, sele ct the app lication c omponent(s ) “Tomcat Applicatio n Server: Isaac-rest ” and clic k “Next” | ||
| 509 | |||
| 510 | Figure 3: Applicatio n Componen ts for Dep loyment to Tomcat | ||
| 511 | |||
| 512 | Then, sele ct the tom cat server “Tomcat l ocalhost” and click “Next” | ||
| 513 | |||
| 514 | Figure 4: Applicatio n Deployer Tomcat Ho st Server | ||
| 515 | Lastly, re view and s ubmit the “Deploymen t Request” and click “Finish” | ||
| 516 | |||
| 517 | Figure 5: Applicatio n Deployme nt Summary | ||
| 518 | Single Sig n On – Int ernal | ||
| 519 | There are 2 main com ponents fo r SSOi: | ||
| 520 | Siteminder webagent and Apache webserver . | ||
| 521 | Apache is already in stalled on servers i n pre-prod and prod. | ||
| 522 | If it is n ot install ed, please run as ro ot: | ||
| 523 | yum –y ins tall httpd | ||
| 524 | Once httpd is instal led, the s iteminder for SSOi w ebagent mu st be sour ced in the Apache st art up scr ipt. | ||
| 525 | vi /etc/in it.d/httpd | ||
| 526 | # Source f unction li brary. | ||
| 527 | . /app/CA/ webagent/c a_wa_env.s h | ||
| 528 | Run the fo llowing co mmand to e xtract and copy all the necess ary files. | ||
| 529 | This will also set t he proper file permi ssions and ownership | ||
| 530 | app/instal lers/insta llssoi.sh | ||
| 531 | Copy the c orrect ssl .conf file to /etc/h ttpd/conf. d | ||
| 532 | cp app/ins tallers/ap ache_exten sions/ssl. conf-PRE / etc/httpd/ conf.d/ssl .conf | ||
| 533 | cp app/ins tallers/ap ache_exten sions/ssl. conf-PROD /etc/httpd /conf.d/ss l.conf | ||
| 534 | There will be update d ssl.conf files for both PreP rod and Pr od contain ing the ab ility to d eploy mult iple insta nces of is aac-rest a s well as komet in a single to mcat serve r. | ||
| 535 | With this changes we have also updated t he server_ config.yml file that was initi ally insta lled as pe r in secti on 3.8.6.1 of this m anual. | ||
| 536 | |||
| 537 | Install SS Oi webagen t | ||
| 538 | Refer To s iteminder webagent i nstallatio n document | ||
| 539 | Installati on Verific ation Proc edure | ||
| 540 | To verify the instal lation acc ess each s ystem URL | ||
| 541 | Replace th e “ServerN ame” with the actual fully qua lified hos tname. | ||
| 542 | Tomcat | ||
| 543 | DNS | ||
| 544 | DNS | ||
| 545 | https://DN S | ||
| 546 | Git | ||
| 547 | DNS | ||
| 548 | DNS | ||
| 549 | DNS | ||
| 550 | System Con figuration | ||
| 551 | System con figuration is detail ed in the installati on section . No added configura tion neede d. | ||
| 552 | Database T uning | ||
| 553 | N/A | ||
| 554 | Back-Out P rocedure | ||
| 555 | The operat ion is not currently working o n legacy a pplication s. A manua l back-up process fo r creating and editi ng termino logy is av ailable. A s a result , the back -out strat egy for CT T_DM Relea se 2 (R2) is to turn off the a pplication if necess ary to add ress issue s. A back out proced ure will b e provided for Relea se 3. | ||
| 556 | Back-Out S trategy | ||
| 557 | The AITC w ill follow establish ed communi cations pr ocedures a nd turn of f the appl ication if necessary . | ||
| 558 | Back-Out C onsiderati ons | ||
| 559 | In the abs ence of le gacy appli cation, al l “Go/No-G o” decisio ns regardi ng deploym ent and in stallation in produc tion will be made du ring final functiona lity testi ng in pre- production . | ||
| 560 | Load Testi ng | ||
| 561 | TBD. This informatio n is expec ted by Nov ember 30, 2016. | ||
| 562 | User Accep tance Test ing | ||
| 563 | TBD. This informatio n is expec ted by Dec ember 09, 2016. | ||
| 564 | Back-Out C riteria | ||
| 565 | Back-out c riteria wo uld includ e a critic al data er ror discov ered under approval by the COR and VA PM . | ||
| 566 | Back-Out R isks | ||
| 567 | Slower op erations i n processi ng termino logy updat es has bee n identifi ed as a ba ck-out ris k. | ||
| 568 | Authority for Back-O ut | ||
| 569 | Alan Arnol d, COR, is the back- out author ity for th is project . | ||
| 570 | Back-Out P rocedure | ||
| 571 | Currently the back-o ut procedu re is to t urn the sy stem off. A back-out procedure will be p rovided wi th Release 3. | ||
| 572 | Back-out V erificatio n Procedur e | ||
| 573 | In the eve nt of a ba ck-out, th e team wil l verify t he presenc e of an ap plication landing pa ge informi ng that th e system i s not curr ently avai lable. | ||
| 574 | Rollback P rocedure | ||
| 575 | N/A | ||
| 576 | Rollback C onsiderati ons | ||
| 577 | N/A | ||
| 578 | Rollback C riteria | ||
| 579 | N/A | ||
| 580 | Rollback R isks | ||
| 581 | N/A | ||
| 582 | Authority for Rollba ck | ||
| 583 | N/A | ||
| 584 | Rollback P rocedure | ||
| 585 | N/A | ||
| 586 | Rollback V erificatio n Procedur e | ||
| 587 | N/A | ||
| 588 | |||
| 589 | |||
| 590 | Template R evision Hi story | ||
| 591 | Date | ||
| 592 | Version | ||
| 593 | Descriptio n | ||
| 594 | Author | ||
| 595 | March 2016 | ||
| 596 | 2.2 | ||
| 597 | Changed th e title fr om Install ation, Bac k-Out, and Rollback Guide to D eployment and Instal lation Gui de, with t he underst anding tha t Back-Out and Rollb ack belong with Inst allation. | ||
| 598 | VIP Team | ||
| 599 | February 2 016 | ||
| 600 | 2.1 | ||
| 601 | Changed ti tle from I nstallatio n, Back-Ou t, and Rol lback Plan to Instal lation, Ba ck-Out, an d Rollback Guide as recommende d by OI&T Documentat ion Standa rds Commit tee | ||
| 602 | OI&T Docum entation S tandards C ommittee | ||
| 603 | December 2 015 | ||
| 604 | 2.0 | ||
| 605 | The OI&T D ocumentati on Standar ds Committ ee merged the existi ng “Instal lation, Ba ck-Out, Ro llback Pla n” templat e with the content r equirement s in the O I&T End-us er Documen tation Sta ndards for a more co mprehensiv e Installa tion Plan. | ||
| 606 | OI&T Docum entation S tandards C ommittee | ||
| 607 | February 2 015 | ||
| 608 | 1.0 | ||
| 609 | Initial Dr aft | ||
| 610 | Lifecycle and Releas e Manageme nt |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.