DTW - Deployment RunBook
Dependent Tuition Waiver Deployment Guide
This document describes the steps for deploying the Dependent Tuition Waiver (DTW) Application to a new environment.
KRAPPS node
External Config File
There is one used by an application on the box to which it has been deployed(i.e <env>.krapps):
- workflow_clientapp.xml – This file contains configuration information that is common to all client applications. This file resides in the following location: /srv/uconn_configs/workflow/conf
The contents of the workflow_clientapp.xml look like this:
<config> <param name="encryption.key">7IC64w6ksLU</param> <param name="keystore.alias">rice</param> <param name="keystore.file">/usr/local/rice/rice.keystore</param> <param name="keystore.password">r1c3pw</param> <param name="webservices.settings.url"> http://dev.kfs.uconn.edu/kr-dev/remoting/WorkflowDocumentActionsService </param> <param name="workflowutility.javaservice.endpoint"> http://dev.kfs.uconn.edu/kr-dev/remoting/WorkflowUtilityService </param> <param name="workflowdocument.javaservice.endpoint">http://dev.kfs.uconn.edu/kr-dev/remoting/WorkflowDocumentActionsService</param> <param name="identity.javaservice.endpoint">http://dev.kfs.uconn.edu/kr-dev/remoting/kimIdentityService</param> <param name="identitymanagement.javaservice.endpoint">http://dev.kfs.uconn.edu/kr-dev/remoting/kimIdentityManagementService</param> <param name="group.javaservice.endpoint">http://dev.kfs.uconn.edu/kr-dev/remoting/kimGroupService</param> <param name="clientapp.environment">dev</param> <param name="engine.url">http://dev.kfs.uconn.edu/kr-dev</param> <!-- externalized configuration for workflow --> <param name="ldapwsdl">http://dev.kfs.uconn.edu/kr-dev/remoting/uconnLdapService?wsdl</param> <param name="mudwsdl">http://dev.kfs.uconn.edu/kr-dev/remoting/ucMudOrgWsService?wsdl</param> <param name="kimwsdl">http://dev.kfs.uconn.edu/kr-dev/remoting/kimIdentityServiceSOAP?wsdl</param> <param name="uconnwfwsdl">http://dev.kfs.uconn.edu/kr-dev/remoting/ucWorkFlowWsService?wsdl</param> <param name="kewutilwsdl">http://dev.kfs.uconn.edu/kr-dev/remoting/WorkflowUtilityServiceSOAP?wsdl</param> </config>
The encryption.key and keystore.password values highlighted above have to match the values in the rice-config.xml file. The rice-config.xml file resides on the machine that hosts the rice server. The rice server host name that is highlighted above will change depending on the environment on which the application is being deployed.
JNDI Entries
Apart from the two files mentioned above, there are JNDI entries that need to be made in tomcat’s server.xml. This file is found in $CATALINA_BASE/conf.
Enter the following resources between the <GlobalNamingResources></GlobalNamingResources> tags (with the appropriate url for the environment in question)
<!-- rice --> <Resource auth="Container" connectionProperties="MaxStatementsLimit=5, MinLimit=1, MaxLimit=1, ValidateConnection=true" defaultAutoCommit="false" defaultReadOnly="false" defaultTransactionIsolation="READ_COMMITTED" driverClassName="oracle.jdbc.driver.OracleDriver" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" fairQueue="false" initialSize="10" jdbcInterceptors="ConnectionState;StatementFinalizer" jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100" maxWait="30000" minEvictableIdleTimeMillis="5000" minIdle="10" name="jdbc/krice" password="xxxxx" username="xxxxx" removeAbandoned="true" removeAbandonedTimeout="60" testOnBorrow="true" testOnReturn="false" testWhileIdle="false" timeBetweenEvictionRunsMillis="5000" type="javax.sql.DataSource" url="jdbc:oracle:thin:@dbserver02.uits.uconn.edu:1521:kfs40t" useEquals="false" validationInterval="30000" validationQuery="select 1 from dual"/> <!¿tuition waiver --> <Resource auth="Container" connectionProperties="MaxStatementsLimit=5, MinLimit=1, MaxLimit=1, ValidateConnection=true" defaultAutoCommit="false" defaultReadOnly="false" defaultTransactionIsolation="READ_COMMITTED" driverClassName="oracle.jdbc.driver.OracleDriver" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" fairQueue="false" initialSize="10" jdbcInterceptors="ConnectionState;StatementFinalizer" jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100" maxWait="30000" minEvictableIdleTimeMillis="5000" minIdle="10" removeAbandonedTimeout="60" testOnBorrow="true" testOnReturn="false" testWhileIdle="false" timeBetweenEvictionRunsMillis="5000" type="javax.sql.DataSource" removeAbandoned="true" name="jdbc/dtw" password="xxxxx" username="xxxxx" url="jdbc:oracle:thin:@dbserver02.uits.uconn.edu:1521:kfs40t" useEquals="false" validationInterval="30000" validationQuery="select 1 from dual"/> <!-- peoplesoft view --> <Resource auth="Container" connectionProperties="MaxStatementsLimit=5,MinLimit=1,ValidateConnection=true" defaultAutoCommit="false" defaultReadOnly="false" defaultTransactionIsolation="READ_COMMITTED" driverClassName="oracle.jdbc.driver.OracleDriver" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" fairQueue="false" initialSize="10" jdbcInterceptors="ConnectionState;StatementFinalizer" jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100" maxWait="30000" minEvictableIdleTimeMillis="5000" minIdle="10" name="jdbc/tw_psview" password="bursar123" removeAbandoned="true" removeAbandonedTimeout="60" testOnBorrow="true" testOnReturn="false" testWhileIdle="false" timeBetweenEvictionRunsMillis="5000" type="javax.sql.DataSource" url="jdbc:oracle:thin:@cstestdb.psoft.uconn.edu:1521:csdv" useEquals="false" username="bursar" validationInterval="30000" validationQuery="select 1 from dual"/>
CAS Rule
Must add this location definition to /etc/httpd/conf.d/ssl.conf (make sure *.conf of cond.d is loaded on apache startup)
<Location /dtw/*.do> # ProxyPass ajp://localhost:8009/dtw # ProxyPassReverse ajp://localhost:8009/dtw # commented out as requested in Jira (Spew-16) by Mike Oatley # Uncommented by Matt as requested in DTW-21 AuthType CAS Require valid-user </Location>
depwaivers.prn File
/home/dtw/depwaivers.prn file must be touched (owned by dtw/dtw, but read / writable by tomcat & dtw)
The password, username and url entries have been highlighted above as they may change (ideally, they should be different) from environment to environment. You can obtain that information from the appropriate individual(s) (DBAs?).
Database Schema creation
To create the DTW database schema, run the following sql script. This script can be found in SVN at this location https://svn0.uits.uconn.edu/kuali/dtw2/trunk/dtw-maven/dtw-war/src/main/resources
The name of the script to run is create_tuitionwaiver_tables.sql
You will see some error messages that state table not found (or something to that effect). These messages are generated because the script tries to drop the tables before creating them. This is to ensure that a clean schema is created. In short ignore those errors.
Build / Deploy
- run the 'dtw' jenkins job
- copy war to webapps on krapps server
RICE node
External Config File PLUGIN
Another file is placed on the same server (<env>.kr) as the rice application. This file is used by the plugin:
- dtwPlugin-config.xml – This file contains application specific information
This file resides in the following location: /srv/uconn_configs/workflow/en-plugins/conf
The dtwPlugin-config.xml file looks like this:
<?xml version="1.0" encoding="UTF-8"?> <config> <param name="datasource.username">xxxxx</param> <param name="datasource.password">xxxxx</param> <param name="datasource.url">jdbc:oracle:thin:@dbserver02.uits.uconn.edu:1521:kfs40t</param> <param name="datasource.ojb.platform">Oracle10g</param> <param name="datasource.platform">org.kuali.rice.core.database.platform.OracleDatabasePlatform</param> <param name="datasource.driver.name">oracle.jdbc.driver.OracleDriver</param> <param name="datasource.validationQuery">select 1 from dual</param> <param name="datasource.minIdle">300</param> <param name="datasource.initialSize">8</param> <param name="datasource.maxActive">8</param> <param name="datasource.pool.maxSize">32</param> <param name="datasource.accessToUnderlyingConnectionAllowed">true</param> </config>
Ingestion of the xml
Assuming that rice has been deployed and is up and running, and the configurations specified in the previous section have been completed, all that remains to be done is to deploy the dtw.war, tuitionWaiverPlugin.zip and the ingestion of the following files:
- src/main/resources/HCTuitionWaiverDoc.xml
- src/main/resources/HCTuitionWaiverRuleAttribute.xml
- src/main/resources/HCTuitionWaiverRules.xml
- src/main/resources/HCTuitionWaiverRuleTemplate.xml
- src/main/resources/TuitionWaiverDoc.xml
- src/main/resources/TuitionWaiverRuleAttribute.xml
- src/main/resources/TuitionWaiverRules.xml
- src/main/resources/TuitionWaiverRuleTemplate.xml
These files are saved in subversion under dtw2/trunk/dtw-maven/dtw-war/src/main/resources
One element in the HCTuitionWaiverDoc.xml and TuitionWaiverDoc.xml files that needs to be changed is the value of docHandler. There are two ways this can be done. Selecting which way to change depends entirely on individual preference.
One way is to edit the file and enter the appropriate url and then continue with the ingestion steps a little further down below.
The value that needs to be changed is highlighted below:
<docHandler> http://dev.krapps.uconn.edu/dtw/tuitionWaiverDocument.do?methodToCall=docHandler</docHandler>
The second way to change the docHandler url is to use the functionality provided by the Kuali portal. This is done post ingestion. The steps to do this are provided after the ingestion steps listed below.
The ingestion steps are as follows:
- Log into the Kuali Portal as admin (you can login as you and use the ‘admin’ backdoor id)
- Go to the Administration Tab.
- In the Workflow section, click on XML ingester.
- Click on the Choose File button, select the file.
- Upon exiting the dialog. Click on the “upload xml data” button. This will ingest the file.
If you have already modified the docHandler url, then there is nothing else to be done. However should you need to modify the url post-ingestion follow the steps below.
- Log into the Kuali Portal if you have not done so already.
- Click on the Administration tab.
- Click on the Document Type link in the Workflow section.
- Enter “UCONN-tuitionWaiverDocument” in the name field and click on the search button.
- Click on edit under the Actions section displayed in the information returned.
- Enter a description of the change (example: Changing the doc handler url)
- Enter the new Document Handler URL in the Edit Document Type/New section.
- Click on Save.
Rice Data needed for workflow
The following data would have to be added to Rice to enable the workflow.
FIRST CREATE NAMESPACES AND GROUPS, THEN INGEST, THEN CREATE RESPONSIBILITIES THEN ROLES.
In general save then submit, blanket aprove might not always be necessary.
Default for role type name, doesn't really show up unless you do a blank role seach, then select return value next to the Kuali Default entry.
Namespaces:
Namespace Code | Name | Application Code | Active |
UCONN-KR-DTW | UCONN DEPENDENT TUITION WAIVER |
| Y |
Groups:
Group Type Name | Group Namespace | Group Name | Group Description | Active |
Default | UCONN-KR-DTW | DTW-Admin-GROUP |
| Y |
Default | UCONN-KR-DTW | DTW-HR1-GROUP |
| Y |
Default | UCONN-KR-DTW | DTW-HR4HC-GROUP | Y | |
Default | UCONN-KR-DTW | DTW-HR2-GROUP |
| Y |
Default | UCONN-KR-DTW | DTW-Report-GROUP |
| Y |
Group Members:
Members need to be assigned to the groups listed above so that requests can be approved at the appropriate level.
In production, configurations of group members are as following:
1. DTW-HR1-GROUP - Patty Geissler & Pamela Heath-Johnston (pag07007, pah02003)
2. DTW-HR2-GROUP- JP Lacombe & Francoise Murphy (jal03008, fmm06001)
3. DTW-HR4HC-GROUP- Erin Ransford & Jessica Van Alstyne (enr05002, jav04007)
4. DTW-Admin- (pag07007, jal03008, glo02001, nab02003, rkk98002, enr05002)
5. DTW-Report-GROUP - (pag07007, jal03008, glo02001, nab02003, rkk98002, enr05002)
Roles:
when you select 'create new role' it will take you to a kim type lookup, type 'Default' into Role Type Name, and click search, then select 'return value' for the returned result
Role Type Name | Namespace | Role Name | Role Description | Active |
Default | UCONN-KR-DTW | HR1 Reviewer |
| Y |
Default | UCONN-KR-DTW | HR4HC Reviewer | Y | |
Default | UCONN-KR-DTW | HR2 Reviewer |
| Y |
Default | UCONN-KR-DTW | DTW Admin |
| Y |
Default | UCONN-KR-DTW | DTW Report |
| Y |
|
|
|
|
|
Add Members to Roles:
Namespace | Role Name | Member Type Code | Member Name |
UCONN-KR-DTW | HR1 Reviewer | Group | DTW-HR1-GROUP |
UCONN-KR-DTW | HR4HC Reviewer | Group | DTW-HR4HC-GROUP |
UCONN-KR-DTW | HR2 Reviewer | Group | DTW-HR2-GROUP |
UCONN-KR-DTW | DTW Admin | Group | DTW-Admin |
UCONN-KR-DTW | DTW Report | Group | DTW-Report-GROUP |
Database:
For production deployment, update TUITIONWAIVER_OPTIONS table with the following data:
EmailFromAddrUchc = ransford@uchc.edu
EmailFromAddrStorrs = hr-osd@uconn.edu
EmailFromAddrBursar = bursar@uconn.edu
Build / Deploy plugin
- run the 'dtw' jenkins job
- copy zip to /usr/local/rice/plugins folder of RICE node**
** make sure in unzipped correctly it should read /TuitionWaiverPlugin/classes, not /TuitionWaiverPlugin/TuitionWaiverPlugin/classes, etc.