This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

Glossary¶

Ansible Repository

Git repository describing the configuration of our servers in a format that Ansible understands.

It can be found at https://git.tocco.ch/gitweb?p=ansible.git;a=summary.

Ansible Vault

Used to store passwords and other secrets securely.

Two are currently in use, secrets.yml and secrets2.yml.

See section Ansible Vault in this document for a detailed documentation.

BO

Backoffice

This is what we call our own installation of Nice2 that can be reached at https://www.tocco.ch/tocco.

application property

Application properties can be used to configure Nice. They are simple key, value pairs and look like this:

my.property=configuration value

See:

config.yml

Ansible configuration pertaining to a particular customers and installations.

Direct link to config.yml

deployment

In Tocco terminology, a deployment is an update, of Nice, within the same minor version (e.g within version 3.1).

FTL

Freemarker

Freemarker Template Language

Templating language used throughout Nice2. In particular, report and mail content is mostly generated using this language.

HiveApp

Extension of HiveMind.

HiveMind

HiveMind is a service and configuration microkernel used within Nice2. The official web page <https://hivemind.apache.org/hivemind1/index.html> has some more details.

Within Nice2 HiveMind is used to configure listeners, batch jobs, default property value, reports and much more.

JFrog’s Artifactory

Artifactory

Tocco hosts its own JFrog’s Artifactory, a Maven software repository. During build, all artifacts are fetched from there. Either, the package is uploaded to the artifact directly or a Remote Repository can be configured.

Our Artifactory can be found at https://mvn.tocco.ch.

BURP

Backup archiving tool using on some of our servers. See https://burp.grke.org for details.

continuous delivery

CD

Continuous delivery is used to deploy our Nice installations.

Our CD is powered by TeamCity and can be found at https://tc.tocco.ch.

container

A docker image running in a pod.

Configuration is part of the deployment config.

DB refactoring

In the context of Nice, the DB migration in generally referred to as DB refactoring.

deployment config

DC

The deployment config describes the containers associated with it. This includes image sources, resource limits, open ports, roll out strategy, triggers, etc.

Accessible via oc {get|describe|edit|…} dc ….

docker image

An image that contains an application and all run-time dependencies except the OS.

Employee Short Name

Usually the first two letters of an employee’s first and last name combined. For instance, Jane Doe becomes jado.

These are the initials used in Slack and can also be found in BO on Person as Kurzbez.

exposed port

Port that is made available to other pods or services.

This is configured in the deployment config.

hibernate collection

A collection that is persisted to the database (a one-to-many or many-to-many association)

image stream

IS

Describes a docker repository. Pushing a docker image to it can be used to trigger an automatic deployment.

Accessible via oc {get|describe|edit|…} is ….

global.yml

Ansible configuration applying to all installations and customers.

Direct link to global.yml

image stream tag

Describes a docker image tag. Defaults to latest.

Accessible via oc {get|describe|edit|…} imagestreamtag ….

JasperReports

JasperReports is a report technology still used by some legacy reports. The reports use the *.jrxml file extension.

New reports should use wkhtmltopdf.

livenessProbe

Used by Kubernetes to determine if an application is alive. Usually by using frequent HTTP GET request to check if the application responds. Applications failing this probe are terminated and restarted.

See also Configure Liveness, Readiness and Startup Probes.

Maven Archive

An archive (*.tar.gz) of the whole application including all dependencies and other resources needed to run the applicaiton.

Such an archive can be created using this command:

mvn -pl customer/${CUSTOMER} -am install -T1C -DskipTests -P assembly

See also Apache Maven Assembly Plugin.

migration

In Tocco terminology, a migration is an update, of Nice, across a major or minor version (e.g. from version 3.0 to 3.1).

Nginx

Nginx is the web server used for as reverse proxy in front of Nice.

Nginx is running in the same pod as Nice.

persistent volume claim

PVC

A persistent volume that can be mounted into one or more containers.

Accessible via oc {get|describe|edit|…} pvc ….

pod

PO

A pod is one instance of the containers described in its deployment config.

Accessible via oc {get|describe|edit|…} pod ….

pre-hook pod

A pre-hook pod is a pod that is executed during rollout, before executing the actual pod. In our setup, it is used for DB refactoring and some startup checks. For more details, see Pod-based Lifecycle Hook in the OpenShift documentation.

Operations Public channel

Slack channel operations_public that can be used to contact the operations team.

PD4ML

PD4ML is a Java-based HTML to PDF converter used by some legacy reports.

New reports should use wkhtmltopdf.

Remote Repository

In Artifactory, Remote Repositories can be configured. For such repositories, Artifactory will forward requests to the configured upstream repository and cache the result for later use.

Remote Repositories can be configured in Admin → Remote.

Replication Controller

RC

The replication controller is responsible to ensure the specified number of replicas is running at all times.

There is one RC per deployment. Use oc describe rc … to see the configuration (DC) that was used for a deployment.

Accessible via oc {get|describe|edit|…} pod …

secrets.yml

Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets.yml contains secrets required for setting up servers and services other than Nice. See also secrets2.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault view secrets.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault edit secrets.yml

Encrypt a file:

$ cd ${ANSIBLE_REPO}
$ ansible-vault encrypt --encrypt-vault-id ops ${PATH_TO_FILE}

Tip

When an encrypted file needs to be available in the server config as well as from within /tocco/ or /services/, use --encrypted-vault-id dev.

secrets2.yml

Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets2.yml contains secrets required for setting up Nice and related services. As general rule, secrets required so setup an installation go here. See also secrets.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault view secrets2.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault edit  secrets2.yml

Encrypt a file:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault encrypt --encrypt-vault-id dev ${PATH_TO_FILE}

Note

secrets2.yml is also used by services defined in /services/.

service

SVC

Used to make a service available in the network. It provides a DNS name for a service in a way that hides the fact that the service may be provided by several pods (multiple replicas).

Accessible via oc {get|describe|edit|…} svc ….

Solr

Solr is a search engine, Nice uses it to provide full-text search.

Every Nice installation runs exactly one Solr pod.

Solr core

Indexes in Solr are known as cores.

route

Provides a route to a service. This is used to make a service reachable via internet.

Accessible via oc {get|describe|edit|…} route ….

tocco-dotfiles

Git repository containing company-wide configurations and scripts.