Deploy FreeRADIUS changes
GovWifi’s implementation of FreeRADIUS is managed by the alphagov/govwifi-frontend repo.
This repo generates an ECR image containing the FreeRADIUS server code which will run on ECS.
Pushing these images to ECR is handled by AWS Codebuild. You can find indepth documentation on this in our team Google drive(you need to be part of the GovWifi team to access this document).
Manually restarting the ECS tasks
Open ECS AWS pages for staging-frontend-cluster in London and Ireland in new tabs.
If you deployed to production, the cluster is called wifi-frontend-cluster.
Navigate to the “Tasks” tab on the ECS cluster page.
Restart one ECS task at a time in each region by selecting the task and clicking the “Stop” button. This will stop the task and a new one will automatically be started by ECS.
The newly started task will use the most recent ECS task definition as well as the most recent ECR image.
Once the first set of tasks have been stopped and restarted in a region, and healthchecks are green with no alarms raised, then restart the remaining three in the other region.
To check the containers are healthy, navigate to the “Healthchecks” section of the Route53 AWS page and ensure all the healthchecks for each region on healthy.
Deploying certificates and keys
Certificates are stored encrypted under passwords/certs/, and hosted in S3 buckets.
Both frontend-cert S3 buckets should contain the CA certificates.
Staging buckets should hold the keys and certificates prefixed with staging.
Production buckets should hold the keys and certificates prefixed with wifi.
For more information on the annual certificate rotation, please see this indepth guide.