Skip to content

Production Configuration

Dann edited this page Nov 4, 2020 · 2 revisions

Production Configuration

Environment Variable Where set Defaults to
Vault Values
DATACITE_ENDPOINT vault secret/app/scholarsphere/prod
DATACITE_PREFIX vault secret/app/scholarsphere/prod
DATACITE_PUBLISHER vault secret/app/scholarsphere/prod
DATACITE_PASSWORD vault secret/app/scholarsphere/prod
DATACITE_USERNAME vault secret/app/scholarsphere/prod
DEFAULT_URL_HOST vault secret/app/scholarsphere/prod
OAUTH_APP_ID vault secret/app/scholarsphere/prod
OAUTH_APP_SECRET vault secret/app/scholarsphere/prod
SECRET_KEY_BASE vault secret/app/scholarsphere/prod
POSTGRES_DB vault secret/app/scholarsphere/prod
POSTGRES_HOST vault secret/app/scholarsphere/prod
POSTGRES_PASSWORD vault secret/app/scholarsphere/prod
POSTGRES_USER vault secret/app/scholarsphere/prod
Helm App Values
SMTP_ADDRESS .Values.mail.server smtp.psu.edu
SMTP_PORT .Values.mail.port 25
MAIL_DELIVERY_METHOD .Values.mail.deliveryMethod smtp
DEFAULT_URL_PROTOCOL .Values.default_url_protocol https
SOLR_USERNAME auto generated secret "scholarsphere-solr"
SOLR_PASSWORD auto generated secret "scholarsphere-solr"
REDIS_HOST auto generated based off deployment
SOLR_COLLECTION .Values.solr.collection scholarsphere
SOLR_HOST auto generated based off deployment
AWS_BUCKET auto generated secret "scholarsphere-aws-prod"
AWS_REGION auto generated secret "scholarsphere-aws-prod"
AWS_ACCESS_KEY_ID auto generated secret "scholarsphere-aws-prod"
AWS_SECRET_ACCESS_KEY auto generated secret "scholarsphere-aws-prod"
LOGRAGE_ENABLED .Values.logging.lograge true
RAILS_LOG_JSON .Values.logging.json true
DD_ENV set based off env prod
DD_AGENT_HOST set based of host pod is running on

Any value that gets set via vault will trump any value set via the deployment. If we want to override SMTP_ADDRESS for a short time, we could do it in vault and perform a rollout on the deployments

You can override any of the app values in the scholarsphere-config repository, by adding the values to the argocd application object. for example, the file ./argocd-prod/prod.yaml in the scholarsphere-config to turn off json logging you'd issue a PR :

---
apiVersion: argoproj.io/v1alpha1
...
spec:
  ...
  source:
  	...
    helm:
      values: |
        logging:
          json: false
        ...
...

All other overridables, can be found here: https://github.com/psu-stewardship/scholarsphere-config/blob/main/chart/values.yaml

we shouldn't need to change too many of these, but this is where we would do things like add replicas for workers, or disable datadog, for example.

References:

Vault Client setup: https://sites.psu.edu/dltdocs/?p=5380

Vault k/v secret engine https://sites.psu.edu/dltdocs/?p=5399

Helm Values: https://helm.sh/docs/chart_template_guide/values_files/

Clone this wiki locally