[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: cdn: Update the deployment plan in

From: Chris Marusich
Subject: 01/01: cdn: Update the deployment plan in
Date: Tue, 8 Jan 2019 04:51:53 -0500 (EST)

marusich pushed a commit to branch master
in repository maintenance.

commit 0adacfcf43ad484af4c3f69c62d210be6ec18fb8
Author: Chris Marusich <address@hidden>
Date:   Tue Jan 8 01:49:27 2019 -0800

    cdn: Update the deployment plan in
    * cdn/ (Deployment Plan): Update it.
 cdn/ | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/cdn/ b/cdn/
index 4a35eaf..3f04179 100644
--- a/cdn/
+++ b/cdn/
@@ -324,6 +324,13 @@
 * Deployment Plan
+** Cuirass will no longer be accessible via
+The CloudFront distribution will only serve substitutes.  This means
+that after the deployment, it will not be possible to access Cuirass
+via  Those needing to access Cuirass on the berlin build
+farm will still be able to access it directly via
 ** DNS
 For information about how Guix has configured its DNS, please contact
@@ -348,6 +355,9 @@ distribution.  For details on how this is done with 
CloudFront, see:
+As of 2019-01-08, we have provisioned the certificate, and it is being
+used by the CloudFront distribution.
 Currently, the server behind (which currently, like, is a single A record pointing to returns
 a Let's Encrypt certificate with the following two Subject Alternative
@@ -415,6 +425,11 @@ Before deploying, make sure the following has been done:
 - Run the validation steps successfully against the CloudFront
   distribution (i.e., via the "" hostname
   instead of
+- Additionally, add an entry to /etc/hosts for that
+  points to one of the distribution's addresses.  Confirm that (1) you
+  can successfully establish a TLS session to and (2)
+  when you do that, it is using the CloudFront IP address.  This
+  validates that the ACM certificate is working properly.
 *** Deployment
@@ -427,7 +442,8 @@ Deploy as follows:
 *** Validation
-Validate as follows:
+Once you observe that starts to resolve to the new value,
+perform the following validation activities:
 - Using "guix download", download a substitute.  Confirm it succeeds.
 - Using "guix weather", check the weather of  Confirm it
@@ -435,8 +451,6 @@ Validate as follows:
 - Using "guix build", build something using substitutes.  Confirm that
   Guix successfully updates substitute information and downloads
-- Using IceCat, view the Cuirass web interface.  Confirm it loads and
-  behaves as expected.
 - After 24 hours, check the cache hit rate using the AWS Management
   Console and confirm that it is greater than 0%.
@@ -449,6 +463,7 @@ Rollback as follows:
   address, repeat validation activities for
 - After that, once at least 2x the TTL for has passed
   since the DNS flip occurred, disable the CloudFront distribution.
+  This step is only necessary if runaway charges are a concern.
 - Send an email to address@hidden and address@hidden, and notify the
   #guix chat room on Freenode, to let people know you have rolled

reply via email to

[Prev in Thread] Current Thread [Next in Thread]