You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: jekyll/_cci2/high-availability.md
+39-8Lines changed: 39 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -102,6 +102,14 @@ If you are brand new to MongoDB, see the [MongoDB on the AWS Cloud](https://docs
102
102
103
103
It is best practice to set up PostgreSQL 9.5 or later using Amazon Relational Database Service (Amazon RDS) with multi Availability Zone (multi-AZ) mode for automated backups and failover. Refer to the [Amazon RDS Multi-AZ Deployments](https://aws.amazon.com/rds/details/multi-az/) documentation for details.
104
104
105
+
Five databases are required for 2.0 services:
106
+
107
+
* `vms`
108
+
* `conductor_production` with extension `uuid-ossp` enabled
109
+
* `contexts_service_production` with extension `uuid-ossp` enabled
110
+
* `cron_service_production`
111
+
* `circle` with extensions `pgcrypto` and `uuid-ossp` enabled
112
+
105
113
## Exporting Existing Databases
106
114
107
115
**Note:** This process will require downtime. Please schedule an outage window with CircleCI users.
@@ -136,10 +144,10 @@ It is best practice to set up PostgreSQL 9.5 or later using Amazon Relational Da
1. On the Services machine where you ran the export script, use the following `psql` command to restore the database replacing the variables with the approrpiate user credentials and the name of the PostgreSQL database.
147
+
1. On the Services machine where you ran the export script, use the following `psql` command to restore the databases, replacing the variables with the appropriate user credentials and the name of the PostgreSQL database.
@@ -263,6 +271,18 @@ The encryption keys are plain text files for easy backup from the `/data/circle/
263
271
264
272
Restore the directory to the same location **before** starting up CircleCI.
265
273
274
+
### Vault Requirements
275
+
276
+
Vault is required for the `contexts-service` to securely encrypt and decrypt shared contexts.
277
+
278
+
Vault should be setup as follows:
279
+
280
+
* Vault version `0.7` is the only version currently supported
281
+
* It is highly recommend that Vault be configured with TLS enabled
282
+
* There must be a `transit` mount available
283
+
* A token must be provided with permissions to manage keys and encrypt/decrypt data for the mounted `transit` backend
284
+
285
+
266
286
## Configuring Replicated
267
287
268
288
To securely pass Mongodb, Postgresql and Vault connection settings to services running in Replicated, use of `/etc/circle-installation-customizations` file is required.
@@ -273,16 +293,27 @@ Following is the content of the `circle-installation-customizations` file necces
0 commit comments