guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: cdn: Update the deployment plan in README.org.

From: Chris Marusich
Subject: 01/01: cdn: Update the deployment plan in README.org.
Date: Tue, 8 Jan 2019 04:51:53 -0500 (EST) 
marusich pushed a commit to branch master
in repository maintenance.

commit 0adacfcf43ad484af4c3f69c62d210be6ec18fb8
Author: Chris Marusich <address@hidden>
Date:   Tue Jan 8 01:49:27 2019 -0800

    cdn: Update the deployment plan in README.org.
    
    * cdn/README.org (Deployment Plan): Update it.
---
 cdn/README.org | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/cdn/README.org b/cdn/README.org
index 4a35eaf..3f04179 100644
--- a/cdn/README.org
+++ b/cdn/README.org
@@ -324,6 +324,13 @@ https://guix.signin.aws.amazon.com/console
 
 * Deployment Plan
 
+** Cuirass will no longer be accessible via ci.guix.info
+
+The CloudFront distribution will only serve substitutes.  This means
+that after the deployment, it will not be possible to access Cuirass
+via ci.guix.info.  Those needing to access Cuirass on the berlin build
+farm will still be able to access it directly via berlin.guixsd.org.
+
 ** DNS
 
 For information about how Guix has configured its DNS, please contact
@@ -348,6 +355,9 @@ distribution.  For details on how this is done with 
CloudFront, see:
 
 
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html
 
+As of 2019-01-08, we have provisioned the certificate, and it is being
+used by the CloudFront distribution.
+
 Currently, the server behind berlin.guixsd.org (which currently, like
 ci.guix.info, is a single A record pointing to 141.80.181.40) returns
 a Let's Encrypt certificate with the following two Subject Alternative
@@ -415,6 +425,11 @@ Before deploying, make sure the following has been done:
 - Run the validation steps successfully against the CloudFront
   distribution (i.e., via the "abcd1234.cloudfront.net" hostname
   instead of ci.guix.info).
+- Additionally, add an entry to /etc/hosts for ci.guix.info that
+  points to one of the distribution's addresses.  Confirm that (1) you
+  can successfully establish a TLS session to ci.guix.info and (2)
+  when you do that, it is using the CloudFront IP address.  This
+  validates that the ACM certificate is working properly.
 
 *** Deployment
 
@@ -427,7 +442,8 @@ Deploy as follows:
 
 *** Validation
 
-Validate ci.guix.info as follows:
+Once you observe that ci.guix.info starts to resolve to the new value,
+perform the following validation activities:
 
 - Using "guix download", download a substitute.  Confirm it succeeds.
 - Using "guix weather", check the weather of ci.guix.info.  Confirm it
@@ -435,8 +451,6 @@ Validate ci.guix.info as follows:
 - Using "guix build", build something using substitutes.  Confirm that
   Guix successfully updates substitute information and downloads
   substitutes.
-- Using IceCat, view the Cuirass web interface.  Confirm it loads and
-  behaves as expected.
 - After 24 hours, check the cache hit rate using the AWS Management
   Console and confirm that it is greater than 0%.
 
@@ -449,6 +463,7 @@ Rollback as follows:
   address, repeat validation activities for ci.guix.info.
 - After that, once at least 2x the TTL for ci.guix.info has passed
   since the DNS flip occurred, disable the CloudFront distribution.
+  This step is only necessary if runaway charges are a concern.
 - Send an email to address@hidden and address@hidden, and notify the
   #guix chat room on Freenode, to let people know you have rolled
   back.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]