This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

Ansible: Ingress/Route Settings

Add Route / Endpoint

1. Add the necessary DNS entries.

2. Add the route to config.yml:

    abc:   # <- customer
      installations:
        abc:  # <- installation
          routes:
            abc.ch:
            www.abc.ch:
            xyz.ch:              # <= add the new routes here
            www.xyz.ch:          # <=
        abctest:
   

   The default route ${INSTALLATION}.tocco.ch is added implicitly. Only add it explicitly if you wish to override the default settings.

   Technical note: the default route, if absent, is added by the inventory script (inventory.py).

   Hint

   If a reverse proxy is in front of Nice (e.g. Cloudflare), a route needs to be added still and the type set to proxy:

    abc:  # <- customer
      installations:
        abc:  # <- installation
          routes:
            example.net:
              type: proxy
   

   Proxies should use https://${INSTALLATION}.tocco.ch as upstream.

3. Apply change:

   ansible-playbook playbook.yml -t route -l ${INSTALLATION}

Hint

The required TLS certificates are issued automatically in the background. This can take some time though. See Troubleshooting if you run into any issues.

Wordpress

1. Add the necessary DNS entries

2. Add record to config.yml:

    abc:   # <- customer
      installations:
        abc:  # <- installation
          wordpress:
            page.abc.ch:
   

3. Apply change:

   ansible-playbook playbook.yml -t route -l ${INSTALLATION}

Hint

When you create page.abc.ch, a route for tocco.page.abc.ch is added implicitly. If you need to override settings on the implicit route, add it explicitly:

 abc:   # <- customer
   installations:
     abc:  # <- installation
       routes:
         tocco.page.abc.ch:
           monitoring_enabled: false
       wordpress:
         page.abc.ch:

Remove Route / Endpoint

1. Remove route from config.yml

2. Apply change:

   ansible-playbook playbook.yml -t route -l ${INSTALLATION}

Common Route Settings

monitoring_enabled	Whether to enabled monitoring. Valid values: true, false
sso_enable_support_login	Enable login via /support-tocco. Enabled by default for ${installation}.tocco.ch. Valid values: true, false
hsts_secs	Adjust max-age, in seconds, sent via Strict-Transport-Security header.
hsts_include_subdomains	Set includeSubDomains in Strict-Transport-Security header. Valid values: true, false
hsts_preload	Set preload in Strict-Transport-Security header. Dangerous. Read warning on https://hstspreload.org first. Valid values: true, false
http_request_timeout	Request read timeout enforced by OpenShift. Examples values: 60s, 3m

Settings can be applyied on customer, installation or route level:

 abc:
   monitoring_enabled: false  # disable for customer
   installations:
     abc:
       monitoring_enabled: true  # re-enable for installation
       routes:
         abc.org:
         www.abc.org:
           monitoring_alert_tocco: false  # do not send alerts for www.abc.org
     abctest: