CAMMS Deployment Guide

Set Up New Environment

Part 1: Set up a pipeline

To be able to deploy the code automatically when one commit the code to the repository, we need to create a pipeline that auto deploy the code, we use a Docker image to the new environment.

In this example we create a pipeline for the Development environment. Every time a developer commit their code to the CAMMS Repo (Dev Branch) , the pipeline is triggered and pushes the code to the Development environment.

  1. Go to https://dev.azure.com/transport-canada/Medical Certificate Processing/_build and click on create a new pipeline

  2. Select Use the classic editor

  3. Select the correct branch you need for the pipeline and click Continue

  4. Under the Select a template select Empty job or Docker container

  5. Give the pipeline a name

  6. Under Get sources make sure to select the correct repo and branch

  7. Under Agent job check that you have a check mark under Allow scripts to access the OAuth token

  8. Click to add a task if you selected an empty job, if selected Docker container in step 4 you will have this task already.

  9. Configure the first task “Build an image”. Under the Task version make sure to change it to 0.*. The Action should be Build an image. The Display name you can change to reflect building an image. Select the correct Subscription.

  10. Select the Dockerfile by clicking on the 3 dots

  11. Under Build Arguments add the following:

    PAT=$(System.AccessToken) FEED_URL=https://pkgs.dev.azure.com/transport-canada/_packaging/DevOps-Nuget/nuget/v3/index.json

12. Under the Image name add the environment name - pipeline name : $(Build.BuildNumber)

ncdsafsecsurcr-camms-smmac-dev:$(Build.BuildNumber)

13. Click add a new task (similar to step 8). Search for Docker container and add the task and configure the “Push an image” task. Under Task version select 0.*. Under Action select Push an image. the Display name should change to Push an image. Make sure the subscription and container are correct.

14. Repeat step 12 to configure the image name for the push an image, if not already done.

15. Save the pipeline so you won’t lose any info before continuing to the Variables.

16. Add two new pipeline variables:

BuildConfiguration Release

17. Configure the Triggers: Check “Enable continuous integration”

18. Configure the options. Make sure the Build number is in the following format:

19. Save the pipeline and run it. At this point all should be running correctly and the code should be in the container registry under Repository.

Pipeline on IIS Special consideration:

The following pipelines are using these configurations: CAMIS-SIMAC-API, CAMMS-SMMAC-Publisher and the CAMMS-SMMAC-Ocelot.

Configurations:

  1. We add a File Transform task as in the picture

2. Add pipeline variables:

3. Add Variable groups and link them to the pipeline

4. All Variable groups are created and stored in the Library

 

Part 2: Set up and configure Azure AD

Setting up Azure portal involved few steps:

Activate your Developer role in order to configure Azure AD

In order to configure and view some features in Azure AD we need to activate our Developer role for the day or for few hours. To do that go to Azure Ad Privileged Identity Management

Click on My roles

Click on Activate

Give a reason for activating your role and click continue

 

Once your role is activated you can continue to configure the other steps.

Configure App registrations

To do ..

How to set up app reg.

How to set up app roles

and all the other configurations under app reg.

API permissions

In API permission, our clients that don’t have the role “Application Developer” in Azure can have an error to open the website.

So, we need to grant TC/TC and admin consent required for all permissions.

 

 

Configure Groups

To do..

Why do we need a group

How to configure

What is the link with the other services on Azure AD like the app reg. groups etc.

Configure Container registries

Under Container registries we have 3 existing containers for Development, Test and Acceptance.

ncdsafsecsurcr → Development

nctsafsecsurcr → Test

ncasafsecsurcr → Acceptance

 

The repository holds all the images that are pushed to this Development environment

 

Configure App Services

Go to App Services and click on Create

Click Next: Docker to set up the Docker container with the correct image.

No more changes required, click Review + create.

Once created → We need to configure the following in app services:

Go to Configuration and create 3 new application settings with the correct value depending on the Environment:

ASPNETCORE_ENVIRONMENT

ASPNETCORE_FORWARDEDHEADERS_ENABLED

ENVIRONMENT

Go to TLS/SSL settings and click on “On” to enable HTTPS only

Go to Deployment center to verify that the settings are correct

Go to Identity to verify that the Status is ON

You will need the Object ID to search our App service for the Key vault.

Lastly, we can go to Overview to restart the app service and see the URL for our new environment

Configure Key vaults

To DO…

Configure the access policies

Click on he correct environment under Key vault.

Go to Access polices and add a new Access Policy

 

 

Select Get and List for all Secret permissions, Certificate permissions. Then click on None selected under Select principal to configure the Principal.

Enter the Object Id from the Identity under the App Service in order to find your Principal

 

Test

Part 3: How to push and publish the code