Shibboleth Metadata Administration service¶
[Team | Wilson Team] [Tech Lead | rjg21] [Service Owner | vkhs1] [Service Manager | rc118] [Product Manager | TBC]
This page gives an overview of the Shibboleth Metadata Administration service (Metadata App), describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.
Service Description¶
This service allows web site administrators in the University to register web sites so that they work with the shibboleth provided by the Raven SAML2 service and subsequently to manage those registrations. This is achieved by uploading 'SAML Metadata' describing those sites.
Service Status¶
The Metadata App is currently live.
Contact¶
Technical queries and support should be directed to servicedesk@uis.cam.ac.uk and will be picked up by a member of the team working on the service. To ensure that you receive a response, always direct requests to servicedesk@uis.cam.ac.uk rather than reaching out to team members directly.
Issues discovered in the service or new feature requests should be opened as GitLab issues here.
Environments¶
The Metadata App is currently deployed to the following environments:
| Name | Main Application URL | Django Admin URL |
|---|---|---|
| Production | https://metadata.raven.cam.ac.uk/ | https://metadata.raven.cam.ac.uk/admin |
| Staging | https://webapp.test.shib-metadata.gcp.uis.cam.ac.uk/ | https://webapp.test.shib-metadata.gcp.uis.cam.ac.uk/admin |
| Development | https://webapp.devel.shib-metadata.gcp.uis.cam.ac.uk/ | https://webapp.devel.shib-metadata.gcp.uis.cam.ac.uk/admin |
The GCP console pages for managing the infrastructure of each component of the deployment are:
| Name | Main Application Hosting | Database |
|---|---|---|
| Production | GCP Cloud Run | GCP Cloud SQL (Postgres) |
| Staging | GCP Cloud Run | GCP Cloud SQL (Postgres) |
| Development | GCP Cloud Run | GCP Cloud SQL (Postgres) |
All environments share access to a set of secrets stored in the meta-project Secret Manager.
Notification channel(s) for environments¶
| Environment | Display name | |
|---|---|---|
| Production | Shib Metadata - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
| Staging | Shib Metadata - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
Source code¶
The source code for the Metadata App is spread over the following repositories:
| Repository | Description |
|---|---|
| Application Server | The source code for the main application server |
| Infrastructure Deployment | The Terraform infrastructure code for deploying the application server to GCP |
Technologies used¶
The following gives an overview of the technologies the Metadata App is built on.
| Category | Language | Framework(s) |
|---|---|---|
| Web Application | Python 3.8 | Django 2.2 |
| Database | PostgreSQL 11 | n/a |
Operational documentation¶
The following gives an overview of how the Metadata App is deployed and maintained.
How and where the Metadata App is deployed¶
The database for metadata is a PostgreSQL database hosted by GCP Cloud SQL. The main web application is a classic Django application (not DRF), hosted by GCP Cloud Run.
The Metadata App infrastructure is deployed using Terraform, with releases of the main application application deployed by the GitLab CD pipelines associated with the infrastructure deployment repository.
Deploying a new release¶
The README.md files in each of the source code repositories explain how to deploy the
Metadata App.
Monitoring¶
The same method of monitoring the app is with Cloud Logs
Debugging¶
For debugging the deployed app see "Monitoring" above. For debugging locally the
application README.md
describes how the containerised app can be run.
Other operational documentation¶
Service Management¶
The Team responsible for this service is Wilson Team.
The Tech Lead for this service is rjg21.
The Service Owner for this service is vkhs1.
The Service Manager for this service is rc118.
The Product Manager for this service is TBC.
The following engineers have operational experience with this service and are able to respond to support requests or incidents: