Skip to content

Manage Updates

Jump to bottom
Mark Scrimshire edited this page May 25, 2017 · 2 revisions

Manage Updates

Maintaining security, or adding new functionality, involves making changes to server configurations. These need to be tested and applied consistently across environments. Where more than one server performs a function the configuration needs to be duplicated on each server. The update_ scripts are provided to perform this purpose.

Update scripts should be written in a modular way to allow the changes to be incorporated back in to the appropriate create_ or build_ playbook or role.

Update_ scripts fall into two main types:

  1. Regular updates. For example to apply a new version of the application code into an environment.
  2. Patch updates. One-off changes as a result of a vulnerability scan

Regular updates

A typical example of this type of update is a re-installation of the Application software. This may be performed frequently in Development and Test environments as new functionality is developed and tested. These updates will be applied less frequently to a Production environment.

The typical Python/Django update process would involve:

  • Download the code from GitHub
  • run pip to install any new software dependencies
  • Process any database schema changes
  • Update static files with any additions, changes or deletions
  • Update any variables or settings
  • restart the web server to pick up the new settings and code changes

This can be consolidated in to an app server update script to ensure the process is followed consistently.

Patch updates

An example of this type of update is when a software component requires an update to a new version. This may require downloading the new code and installing the software. The component may also need to be restarted to activate the new version.

This type of update is likely to be a one-off change. However, it needs to be applied consistently across servers and environments. The process should be defined in an update_ script. The script should be tested in a development and/or test environment before being implemented in the production environment.

Once a patch update script has been tested and implemented the net effects of the patch should be applied to the create_ and build_ scripts to ensure the changes are applied to any newly commissioned machines.

Once a patch update has been applied to all relevant servers in all environments and the patches have been integrated into the create_ and build_ scripts the patch update script can be retired.

Home

Created for US Department of Health and Human Services / Centers for Medicare and Medicaid Services by Mark Scrimshire/TransparentHealth

Clone this wiki locally