This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

Glossary¶

Ansible Repository¶

Git repository describing the configuration of our servers in a format that Ansible understands.

It can be found at https://git.tocco.ch/gitweb?p=ansible.git;a=summary.

Ansible Vault¶

Used to store passwords and other secrets securely.

Two are currently in use, secrets.yml and secrets2.yml.

See section Ansible Vault in this document for a detailed documentation.

BO¶

Backoffice¶

This is what we call our own installation of Nice2 that can be reached at https://www.tocco.ch/tocco.

application property¶

Application properties can be used to configure Nice. They are simple key, value pairs and look like this:

my.property=configuration value

See:

config.yml¶

Ansible configuration pertaining to a particular customers and installations.

Direct link to config.yml

deployment¶

In Tocco terminology, a deployment is an update, of Nice, within the same minor version (e.g within version 3.1).

FTL¶

Freemarker¶

Freemarker Template Language¶

Templating language used throughout Nice2. In particular, report and mail content is mostly generated using this language.

JFrog’s Artifactory¶

Artifactory¶

Tocco hosts its own JFrog’s Artifactory, a Maven software repository. During build, all artifacts are fetched from there. Either, the package is uploaded to the artifact directly or a Remote Repository can be configured.

Our Artifactory can be found at https://mvn.tocco.ch.

BURP¶

Backup archiving tool using on some of our servers. See https://burp.grke.org for details.

continuous delivery¶

CD¶

Continuous delivery is used to deploy our Nice installations.

Our CD is powered by TeamCity and can be found at https://tc.tocco.ch.

container¶

A docker image running in a pod.

Configuration is part of the deployment config.

DB refactoring¶

In the context of Nice, the DB migration in generally referred to as DB refactoring.

deployment config¶

DC¶

The deployment config describes the containers associated with it. This includes image sources, resource limits, open ports, roll out strategy, triggers, etc.

Accessible via oc {get|describe|edit|…} dc ….

docker image¶

An image that contains an application and all run-time dependencies except the OS.

Employee Short Name¶

Usually the first two letters of an employee’s first and last name combined. For instance, Jane Doe becomes jado.

These are the initials used in Slack and can also be found in BO on Person as Kurzbez.

exposed port¶

Port that is made available to other pods or services.

This is configured in the deployment config.

hibernate collection¶

A collection that is persisted to the database (a one-to-many or many-to-many association)

image stream¶

IS¶

Describes a docker repository. Pushing a docker image to it can be used to trigger an automatic deployment.

Accessible via oc {get|describe|edit|…} is ….

global.yml¶

Ansible configuration applying to all installations and customers.

Direct link to global.yml

image stream tag¶

Describes a docker image tag. Defaults to latest.

Accessible via oc {get|describe|edit|…} imagestreamtag ….

JasperReports¶

JasperReports is a report technology still used by some legacy reports. The reports use the *.jrxml file extension.

New reports should use wkhtmltopdf.

livenessProbe¶

Used by Kubernetes to determine if an application is alive. Usually by using frequent HTTP GET request to check if the application responds. Applications failing this probe are terminated and restarted.

See also Configure Liveness, Readiness and Startup Probes.

migration¶

In Tocco terminology, a migration is an update, of Nice, across a major or minor version (e.g. from version 3.0 to 3.1).

Nginx¶

Nginx is the web server used for as reverse proxy in front of Nice.

Nginx is running in the same pod as Nice.

persistent volume claim¶

PVC¶

A persistent volume that can be mounted into one or more containers.

Accessible via oc {get|describe|edit|…} pvc ….

pod¶

PO¶

A pod is one instance of the containers described in its deployment config.

Accessible via oc {get|describe|edit|…} pod ….

pre-hook pod¶

A pre-hook pod is a pod that is executed during rollout, before executing the actual pod. In our setup, it is used for DB refactoring and some startup checks. For more details, see Pod-based Lifecycle Hook in the OpenShift documentation.

Operations Public channel¶

Slack channel operations_public that can be used to contact the operations team.

PD4ML¶

PD4ML is a Java-based HTML to PDF converter used by some legacy reports.

New reports should use wkhtmltopdf.

Remote Repository¶

In Artifactory, Remote Repositories can be configured. For such repositories, Artifactory will forward requests to the configured upstream repository and cache the result for later use.

Remote Repositories can be configured in Admin → Remote.

Replication Controller¶

RC¶

The replication controller is responsible to ensure the specified number of replicas is running at all times.

There is one RC per deployment. Use oc describe rc … to see the configuration (DC) that was used for a deployment.

Accessible via oc {get|describe|edit|…} pod …

secrets.yml¶

Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets.yml contains secrets required for setting up servers and services other than Nice. See also secrets2.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault view secrets.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/servers
$ ansible-vault edit secrets.yml

Encrypt a file:

$ cd ${ANSIBLE_REPO}
$ ansible-vault encrypt --encrypt-vault-id ops ${PATH_TO_FILE}

Tip

When an encrypted file needs to be available in the server config as well as from within /tocco/ or /services/, use --encrypted-vault-id dev.

secrets2.yml¶

Used to store passwords, API keys and other secrets. Encrypted using Ansible Vault and stored in the Ansible Repository.

secrets2.yml contains secrets required for setting up Nice and related services. As general rule, secrets required so setup an installation go here. See also secrets.yml.

View secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault view secrets2.yml

Edit secrets:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault edit  secrets2.yml

Encrypt a file:

$ cd ${ANSIBLE_REPO}/tocco
$ ansible-vault encrypt --encrypt-vault-id dev ${PATH_TO_FILE}

Note

secrets2.yml is also used by services defined in /services/.

service¶

SVC¶

Used to make a service available in the network. It provides a DNS name for a service in a way that hides the fact that the service may be provided by several pods (multiple replicas).

Accessible via oc {get|describe|edit|…} svc ….

route¶

Provides a route to a service. This is used to make a service reachable via internet.

Accessible via oc {get|describe|edit|…} route ….

tocco-dotfiles¶

Git repository containing company-wide configurations and scripts.