Info |
---|
Work in progress |
Earthdata Access (https://access.earthdata.nasa.gov) is a 508 compliant application that allows users to search, discover, and access NASA Earth Observation data. Additionally, Access will offer a feature that allows other applications (like CMR and MMT) to render collection metadata pages that surfaces helpful information like service associations and related collections.
Environment
esdis-app-edsc-prod-7557 [NGAP 2.0]
esdis-application-edsc-uat-8982 [NGAP 2.0]
Lucidchart | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Generally, building and deploying will be done from Bamboo. Bamboo's deployment mechanisms give the option of a script defined within the UI or a script within the repository alongside the code. Earthdata Access uses a script that is defined within the repository located at `bin/deploy-bamboo.sh`. The script is simply a list of commands so if Bamboo isn't an option, the commands can be ran manually via the command line. The overall process looks like this:
This can be done from within the AWS console by deleting the stack from CloudFormation. You may experience issues related to an S3 bucket not being empty, you can empty the bucket and continue deleting assets if you experience this. Running the commands require valid access tokens, see the Serverless Framework documentation for methods of providing these values.
Using AWS Access Tokens (Serverless Framework): https://www.serverless.com/framework/docs/providers/aws/guide/credentials#using-aws-access-keys
// Destroy Application resources and static content
serverless destroy --stage sit
// Destroy database and application roles
serverless destroy --stage sit --config serverless-infrastructure.yml
Earthdata Access is deployed to NGAP 2.0, aka AWS using the Serverless Framework.
Earthdata Accesses code base and static assets are stored in BitBucket. BitBucket is backed up on-premise as part of EED-2 infrastructure management.
Bitbucket: https://git.earthdata.nasa.gov/projects/EDSC/repos/edsc-cmr-preview/browse
Should Earthdata Access need to be completely recovered (static assets and Lambdas), that process takes around 30 minutes and requires a few tickets that requires additional resources (NGAP).
Tickets depending on other teams:
Once these tickets are completed:
Steps:
Ensure that all environment values are provided, when deploying from Bamboo those values are set in the UI, but when deploying from command line they need to be provided or set.
Earthdata Access follows the SAFe process as implemented by EED. Typically, that means we plan priorities in 3 month increments and release code every 2 weeks. If needed, Earthdata Access can release on-demand with appropriate notice to stakeholders.
Earthdata Access has a blocking step in our deployment process that audits our libraries and dependencies. Once a vulnerability is found, steps are taken to patch and update and resolve the vulnerability immediately.
In the case of a vulnerability discovered for a resource currently deployed, a ticket is filed once the issue is identified. Earthdata Access devops consults with the security team to prioritize the remediation of the vulnerability found. Once a ticket is created, approved, and prioritized, Access dev team works the issue until all vulnerabilities are resolved and deploy the updated app to all operational environments.
Earthdata Access logs to AWS CloudWatch on a per Lambda basis; this allows you for easy access to specific Lambda logging in the event that you know which Lambda is responsible for the logs you're looking for. If a wider search needs to occur, Earthdata Access forwards logs to Splunk which accommodates a wider array of search abilities.
Splunk: https://logs.earthdata.nasa.gov/
Deployments are handled via Bamboo.
Bamboo: https://ci.earthdata.nasa.gov/deploy/viewDeploymentProjectEnvironments.action?id=374046723
Hide comments |
---|