Page MenuHomePhabricator
Create Task
Maniphest T248701

investigate setting up a staging version of payments wiki
Closed, ResolvedPublic
Actions

Description

As an Advancement designer I would like a staging version of payments wiki so that I can test specific donor flows. What will it take to set this up and maintain it? Do we need another server?

Design Decisions

  • Do we need another server? Nope, payments1004 is available.
  • Determine whether staff users will ssh tunnel or we will expose the frontend on a public IP and add client cert authentication. [client cert auth]
  • Determine what hostname staff users will use to reach the frontend. Proposed: payments.frdev.wikimedia.org [payments-staging.wikimedia.org, payments.wikimedia.org]
  • Determine how payments-staging works in terms of the queue. Separate payment ID? Separate queues? [no queue separation to start]
  • Determine how payments-staging works in terms of payment providers. [payments-staging.wikimedia.org and dedicated IP will have to be added to provider allow-lists]
  • Determine who will need access to make wiki changes. [same as production wiki content to start]
  • Is there any reason we would need to change how code deployment works from the current model where only fr-tech developers can deploy changes via FR Deploy? [no change needed]
  • How will we review and deploy staging database changes to production? [same as production]
  • How will we review and deploy staging code changes to production?

Configuration Changes

  • Detach payments1004 mysql instance, configure it read/write locally
  • Adjust routing/NAT for payments1004 to isolate from payments, and possibly make it accessible without tunneling
  • Adjust firewall configuration (payments1004 will remain in PCI scope)
  • Remove LVS configuration from payments1004
  • Establish separate payments-staging role in puppet
  • Reestablish 'staging' project localsettings and puppet payments-wiki configurations
  • Reestablish separate 'staging' project in FRDeploy tools
    • read/write to local-staging mysql instance instead of payments cluster mysql
    • staging queues
    • local-only staging memcache
    • switch to development payment provider APIs
  • Make sure the new payments-staging IP is whitelisted at each payment provider
  • Adjust payments-staging logging and log collection to separate from payments logging [not separated]
  • Adjust monitoring for payments1004
  • Configure backups as needed. [no special backups needed]
  • Develop a pseudo queue consumer to at least clear the staging queues periodically

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedJgreenT248701 investigate setting up a staging version of payments wiki
 ResolvedJgreenT289869 staging-server changes for payments1008
Restricted Task
Restricted Task

Event Timeline

DStrine created this task.Mar 27 2020, 5:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 27 2020, 5:41 PM
DStrine updated the task description. (Show Details)Mar 30 2020, 7:48 PM
DStrine moved this task from Triage to FR-Ops on the Fundraising-Backlog board.Mar 30 2020, 8:03 PM
Jgreen subscribed.Mar 30 2020, 9:17 PM

Mostly from today's fr-tech/fr-tech-ops meeting, how we architect this really depends on what we need in terms of backend and endpoint handling.

Host on frdev1001

  • this is more of a 'testing' approach
  • good if we don't need accept/process payments
  • we'd keep it behind client cert authentication
  • we'd either turn off message queueing or inject to a local redis instance
  • frdev1001 may need to make outbound API requests to payment providers
  • since the ccard numbers are fake and it's all dev APIs, it wouldn't be in PCI scope
  • avoiding PCI scopes is more flexible in terms of code and UI testing

Host on payments1004 or the inactive datacenter

  • this is more of a 'staging' approach
  • only makes sense if we need to handle real payments
  • already configured for outbound request to provider APIs
  • it would probably be in PCI scope, constraining code/UI testing
  • would probably require SSH tunneling
Jgreen moved this task from Triage to Backlog on the fundraising-tech-ops board.Mar 31 2020, 1:16 PM
DStrine added a comment.Apr 7 2020, 5:19 PM

Notes with stakeholders April 7th.

  • Reasons we haven’t done a staging environment yet
    • Dstrine hasn’t seen a payments staging environment work exactly like production
    • Some sandboxes have fake cards, but there will always be slight differences between fake experience and actual donor experience
  • Payments Wiki UI, copy changes, etc. could be tested on a staging environment
  • Staging environment transactions would not show up in civi, so no content (like TY emails, 2nd TY email for convert) would be triggered by civi
  • Difference in production and dev environment are why fr-tech hasn’t actually set up their own staging environment

Tasks fr-creative is interested in working on

  • Add payment logos to the form variant that just includes a Continue button
  • Add a tooltip to the PAN field for dLOCAL
  • Test monthly convert designs / copy
Jgreen moved this task from Backlog to Watching on the fundraising-tech-ops board.Apr 9 2020, 3:48 PM
Jgreen updated the task description. (Show Details)Jun 3 2020, 9:17 PM
Jgreen updated the task description. (Show Details)Jun 3 2020, 9:20 PM
Jgreen updated the task description. (Show Details)
Jgreen updated the task description. (Show Details)Jun 3 2020, 9:23 PM
Jgreen updated the task description. (Show Details)Jun 3 2020, 9:44 PM
Jgreen updated the task description. (Show Details)Jun 15 2020, 4:04 PM
Jgreen moved this task from FR-Ops to Triage on the Fundraising-Backlog board.Jul 14 2020, 4:08 PM

Moving from FR-Ops back into Triage because afaict this is not blocked on fr-tech-ops, we'll need design decisions about how we want queues and payment-providers to work to proceed.

DStrine moved this task from Triage to Q4 FY21-22 on the Fundraising-Backlog board.Jul 20 2020, 8:06 PM
Jgreen updated the task description. (Show Details)Sep 3 2021, 5:26 PM
Jgreen closed subtask T289869: staging-server changes for payments1008 as Resolved.Sep 3 2021, 6:00 PM
Jgreen closed this task as Resolved.Sep 7 2021, 12:55 PM
Jgreen claimed this task.
Jgreen triaged this task as Medium priority.
Jgreen moved this task from Watching to Done on the fundraising-tech-ops board.
Jgreen updated the task description. (Show Details)Sep 7 2021, 1:00 PM
Jgreen updated the task description. (Show Details)Sep 7 2021, 1:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL