Merge pull request #920 from cisagov/nmb/migrate-cisa-dotgov

Migrate .gov team's cloud.gov organization

ops/manifests/manifest-ab.yaml

@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-ab.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-ab.app.cloud.gov
   services:

ops/manifests/manifest-bl.yaml

@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-bl.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-bl.app.cloud.gov
   services:

ops/manifests/manifest-dk.yaml

@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-dk.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-dk.app.cloud.gov
   services:

ops/manifests/manifest-rjm.yaml

@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-rjm.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-rjm.app.cloud.gov
   services:

ops/manifests/manifest-stable.yaml

@@ -20,8 +20,8 @@ applications:
     DJANGO_BASE_URL: https://getgov-stable.app.cloud.gov
     # Tell Django how much stuff to log
     DJANGO_LOG_LEVEL: INFO
-    # Public site base URL
-    GETGOV_PUBLIC_SITE_URL: https://federalist-877ab29f-16f6-4f12-961c-96cf064cf070.sites.pages.cloud.gov/site/cisagov/getgov-home/
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
   routes:
     - route: getgov-stable.app.cloud.gov
   services:

ops/scripts/create_environment_migrate.sh

@@ -0,0 +1,128 @@
+# This script sets up a completely new Cloud.gov CF Space with all the corresponding
+# infrastructure needed to run get.gov. It can serve for documentation for running
+# NOTE: This script was written for MacOS and to be run at the root directory
+# of the repository. It uses `docker compose` to compile assets, so it is
+# safest to `docker compose down` before using this script. 
+
+if [ -z "$1" ]; then
+    echo 'Please specify a name on the command line for the new space (i.e. lmm)' >&2
+    exit 1
+fi
+
+if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
+    echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
+    exit 1
+fi
+
+upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
+
+read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    git checkout -b new-environment-$1
+fi
+
+cf target -o cisa-dotgov
+
+read -p "Are you logged in to the cisa-dotgov CF org above? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    cf login -a https://api.fr.cloud.gov --sso
+fi
+
+gh auth status
+read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    gh auth login
+fi
+
+echo "Creating manifest for $1..."
+cp ops/scripts/manifest-sandbox-template-migrate.yaml ops/manifests/manifest-$1.yaml
+sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
+
+echo "Creating new cloud.gov space for $1..."
+cf create-space $1
+cf target -o "cisa-dotgov" -s $1
+cf bind-security-group public_networks_egress cisa-dotgov --space $1
+cf bind-security-group trusted_local_networks_egress cisa-dotgov --space $1
+
+echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
+cf create-service aws-rds micro-psql getgov-$1-database
+
+until cf service getgov-$1-database | grep -q 'The service instance status is succeeded'
+do
+  echo "Database not up yet, waiting..."
+  sleep 30
+done
+
+echo "Creating new cloud.gov credentials for $1..."
+django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
+openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
+login_key=$(base64 -i private-$1.pem)
+jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
+cf cups getgov-credentials -p credentials-$1.json
+
+echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
+echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
+echo "There are two things to update."
+echo "1. You need to upload the public-$1.crt file generated as part of the previous command."
+echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
+https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs."
+read -p "Please confirm when this is done (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..."
+echo "Building assets..."
+open -a Docker
+cd src/
+./build.sh
+cd ..
+cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
+
+read -p "Please provide the email of the space developer: " -r
+cf set-space-role $REPLY cisa-dotgov $1 SpaceDeveloper
+
+read -p "Should we run migrations? (y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate
+fi
+
+echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
+echo
+echo "Moving on to setup Github automation..."
+
+echo "Creating space deployer for Github deploys..."
+cf create-service cloud-gov-service-account space-deployer github-cd-account
+cf create-service-key github-cd-account github-cd-key
+cf service-key github-cd-account github-cd-key
+read -p "Please confirm we should set the above username and key to Github secrets. (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.credentials.username, .credentials.password]|@tsv' |
+while read -r username password; do
+    gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
+    gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password
+done
+
+read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py
+    git commit -m "Add new developer sandbox '"$1"' infrastructure"
+    gh pr create
+fi

ops/scripts/manifest-sandbox-template-migrate.yaml

@@ -0,0 +1,30 @@
+---
+applications:
+- name: getgov-ENVIRONMENT
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs4
+  timeout: 180
+  command: ./run.sh
+  health-check-type: http
+  health-check-http-endpoint: /health
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+    # Tell Django where it is being hosted
+    DJANGO_BASE_URL: https://getgov-ENVIRONMENT.app.cloud.gov
+    # Tell Django how much stuff to log
+    DJANGO_LOG_LEVEL: INFO
+    # default public site location
+    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+  # use a non-default route to avoid conflicts
+  routes:
+    - route: getgov-ENVIRONMENT-migrate.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-ENVIRONMENT-database

ops/scripts/migrate_new_old.sh

@@ -0,0 +1,36 @@
+# This script sets up a completely new Cloud.gov CF Space with all the corresponding
+# infrastructure needed to run get.gov. It can serve for documentation for running
+# NOTE: This script was written for MacOS and to be run at the root directory
+# of the repository.
+
+if [ -z "$1" ]; then
+    echo 'Please specify a name on the command line for the new space (i.e. lmm)' >&2
+    exit 1
+fi
+
+# The user running this script has to be a SpaceDeveloper on both the
+# new and old org/spaces.
+
+OLD_ORG="cisa-getgov-prototyping"
+NEW_ORG="cisa-dotgov"
+
+#
+# delete old route
+cf target -o $OLD_ORG -s $1
+cf delete-route app.cloud.gov -n getgov-$1
+
+# re-claim the route on new orf
+cf target -o $NEW_ORG -s $1
+cf map-route getgov-$1 app.cloud.gov -n getgov-$1
+cf delete-route app.cloud.gov -n getgov-$1-migrate
+
+# delete old app and services
+cf target -o $OLD_ORG -s $1
+cf delete getgov-$1
+cf delete-service getgov-$1-database
+cf delete-service getgov-credentials
+cf delete-service getgov-cd-account
+cf delete-space $1
+
+
+printf "Remove -migrate from ops/manifests/manifest-$1.yaml"