As an Advancement designer I would like a staging version of payments wiki so that I can test specific donor flows. What will it take to set this up and maintain it? Do we need another server?
Design Decisions
- Do we need another server? Nope, payments1004 is available.
- Determine whether staff users will ssh tunnel or we will expose the frontend on a public IP and add client cert authentication. [client cert auth]
- Determine what hostname staff users will use to reach the frontend. Proposed: payments.frdev.wikimedia.org [payments-staging.wikimedia.org, payments.wikimedia.org]
- Determine how payments-staging works in terms of the queue. Separate payment ID? Separate queues? [no queue separation to start]
- Determine how payments-staging works in terms of payment providers. [payments-staging.wikimedia.org and dedicated IP will have to be added to provider allow-lists]
- Determine who will need access to make wiki changes. [same as production wiki content to start]
- Is there any reason we would need to change how code deployment works from the current model where only fr-tech developers can deploy changes via FR Deploy? [no change needed]
- How will we review and deploy staging database changes to production? [same as production]
- How will we review and deploy staging code changes to production?
Configuration Changes
- Detach payments1004 mysql instance, configure it read/write locally
- Adjust routing/NAT for payments1004 to isolate from payments, and possibly make it accessible without tunneling
- Adjust firewall configuration (payments1004 will remain in PCI scope)
- Remove LVS configuration from payments1004
- Establish separate payments-staging role in puppet
- Reestablish 'staging' project localsettings and puppet payments-wiki configurations
- Reestablish separate 'staging' project in FRDeploy tools
- read/write to local-staging mysql instance instead of payments cluster mysql
- staging queues
- local-only staging memcache
- switch to development payment provider APIs
- Make sure the new payments-staging IP is whitelisted at each payment provider
- Adjust payments-staging logging and log collection to separate from payments logging [not separated]
- Adjust monitoring for payments1004
- Configure backups as needed. [no special backups needed]
- Develop a pseudo queue consumer to at least clear the staging queues periodically