From 7292133ca3cdb9f31e95845b631b3f0906d1e2c2 Mon Sep 17 00:00:00 2001 From: Robert Lin Date: Thu, 11 Jan 2024 15:18:28 -0800 Subject: [PATCH] msp: update generated pages --- .../engineering/managed-services/cloud-ops.md | 64 +++++++--- .../managed-services/cody-analytics.md | 62 +++++++--- .../managed-services/gatekeeper.md | 60 +++++++-- .../engineering/managed-services/index.md | 12 +- .../managed-services/msp-testbed.md | 74 +++++++++--- .../engineering/managed-services/pings.md | 60 +++++++-- .../engineering/managed-services/sams.md | 74 +++++++++--- .../managed-services/support-integration.md | 60 +++++++-- .../managed-services/telemetry-gateway.md | 114 ++++++++++++++---- 9 files changed, 444 insertions(+), 136 deletions(-) diff --git a/content/departments/engineering/managed-services/cloud-ops.md b/content/departments/engineering/managed-services/cloud-ops.md index 1974b73d5c7e..7ebc8303b0af 100644 --- a/content/departments/engineering/managed-services/cloud-ops.md +++ b/content/departments/engineering/managed-services/cloud-ops.md @@ -3,8 +3,8 @@ This document describes operational guidance for Cloud Ops Dashboard infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | -------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------------| | Service ID | [`cloud-ops`](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-ops/service.yaml) | | Owners | **cloud** | | Service kind | Cloud Run service | @@ -27,8 +27,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### prod -| PROPERTY | DETAILS | -| -------------- | -------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------------|----------------------------------------------------------------------------------------------------| | Project ID | [`cloud-ops-prod-dd32`](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) | | Category | **internal** | | Resources | [prod Redis](#prod-redis) | @@ -37,22 +37,56 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] | Cloudflare WAF | ✅ | MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud). + #### prod Cloud Run -| PROPERTY | DETAILS | -| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-ops-prod-dd32) | +The Cloud Ops Dashboard prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-ops-prod-dd32) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs cloud-ops prod +``` #### prod Redis -| PROPERTY | DETAILS | -| -------- | ----------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------|-------------------------------------------------------------------------------------------------------------------------| | Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=cloud-ops-prod-dd32) | + +#### prod Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/cloud-ops/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-ops/service.yaml), and `sg msp generate cloud-ops prod` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general: +> +> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-cloud-ops-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-cloud-ops-prod), or you can use: + +```bash +sg msp tfc view cloud-ops prod +``` diff --git a/content/departments/engineering/managed-services/cody-analytics.md b/content/departments/engineering/managed-services/cody-analytics.md index f766839252f8..64f9193cc406 100644 --- a/content/departments/engineering/managed-services/cody-analytics.md +++ b/content/departments/engineering/managed-services/cody-analytics.md @@ -3,8 +3,8 @@ This document describes operational guidance for Cody Analytics infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | ------------------------------------------------------------------------------------------------------------------ | +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------| | Service ID | [`cody-analytics`](https://github.com/sourcegraph/managed-services/blob/main/services/cody-analytics/service.yaml) | | Owners | **cody-strat** | | Service kind | Cloud Run service | @@ -27,8 +27,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### dev -| PROPERTY | DETAILS | -| -------------- | ------------------------------------------------------------------------------------------------------ | +| PROPERTY | DETAILS | +|----------------|--------------------------------------------------------------------------------------------------------| | Project ID | [`cody-analytics-dev-bd34`](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) | | Category | **test** | | Resources | | @@ -36,17 +36,51 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] | Domain | [cody-analytics.sgdev.org](https://cody-analytics.sgdev.org) | | Cloudflare WAF | ✅ | -MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. +MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud). + #### dev Cloud Run -| PROPERTY | DETAILS | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-dev-bd34) | +The Cody Analytics dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-dev-bd34) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs cody-analytics dev +``` + +#### dev Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/cody-analytics/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/cody-analytics/service.yaml), and `sg msp generate cody-analytics dev` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [dev Cloud Run](#dev-cloud-run) section instead. In general: +> +> - check service logs ([dev Cloud Run](#dev-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-cody-analytics-dev` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-cody-analytics-dev), or you can use: + +```bash +sg msp tfc view cody-analytics dev +``` diff --git a/content/departments/engineering/managed-services/gatekeeper.md b/content/departments/engineering/managed-services/gatekeeper.md index 00a0e0cd8086..2f08720790c4 100644 --- a/content/departments/engineering/managed-services/gatekeeper.md +++ b/content/departments/engineering/managed-services/gatekeeper.md @@ -3,8 +3,8 @@ This document describes operational guidance for Cody Gatekeeper infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | ---------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|------------------------------------------------------------------------------------------------------------| | Service ID | [`gatekeeper`](https://github.com/sourcegraph/managed-services/blob/main/services/gatekeeper/service.yaml) | | Owners | **cody-services** | | Service kind | Cloud Run job | @@ -27,24 +27,58 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### prod -| PROPERTY | DETAILS | -| ---------- | --------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|------------|-----------------------------------------------------------------------------------------------------| | Project ID | [`gatekeeper-prod-1c93`](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) | | Category | **internal** | | Resources | | | Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=gatekeeper-prod-1c93) | MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud). + #### prod Cloud Run -| PROPERTY | DETAILS | -| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Console | [Cloud Run job](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_job%22;summaryFields=labels%252F%2522run.googleapis.com%252Fexecution_name%2522,jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=gatekeeper-prod-1c93) | +The Cody Gatekeeper prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run job](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_job%22;summaryFields=labels%252F%2522run.googleapis.com%252Fexecution_name%2522,jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=gatekeeper-prod-1c93) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs gatekeeper prod +``` + +#### prod Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/gatekeeper/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/gatekeeper/service.yaml), and `sg msp generate gatekeeper prod` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general: +> +> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-gatekeeper-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-gatekeeper-prod), or you can use: + +```bash +sg msp tfc view gatekeeper prod +``` diff --git a/content/departments/engineering/managed-services/index.md b/content/departments/engineering/managed-services/index.md index ae61066f74ef..ac952e15ff2f 100644 --- a/content/departments/engineering/managed-services/index.md +++ b/content/departments/engineering/managed-services/index.md @@ -3,8 +3,8 @@ These pages contain generated operational guidance for the infrastructure of [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md) services. @@ -58,8 +58,10 @@ Managed Services Platform services owned by `core-services`: For MSP service environments other than `category: test`, access needs to be requested through Entitle. Test environments are placed in the "Engineering Projects" GCP folder, which should have access granted to engineers by default. -Entitle access to a production MSP project is most easily provisioned through the `mspServiceReader` and custom roles, which provide read-only and editing access respectively. -You can request access to a project in Entitle by following these steps: +Entitle access to a production MSP project is generally provisioned through the `mspServiceReader` and `mspServiceEditor` custom GCP roles, which provide read-only and editing access respectively. +Convenience links for requesting these roles are available in the per-service operation pages above, based on each environment. + +You can also choose to request access to an individual project in Entitle by following these steps: - Go to [app.entitle.io/request](https://app.entitle.io/request) and select **Specific Permission** - Fill out the following: @@ -69,7 +71,7 @@ You can request access to a project in Entitle by following these steps: - Role: `mspServiceReader` (or `mspServiceEditor` if you need additional privileges - use with care!) - Duration: choose your own adventure! -These custom roles are configured [in in the infrastructure repo](https://github.com/sourcegraph/infrastructure/blob/main/gcp/custom-roles/msp.tf). +The custom roles used for MSP infrastructure access are [configured in `sourcegraph/infrastructure`](https://github.com/sourcegraph/infrastructure/blob/main/gcp/custom-roles/msp.tf). ### Terraform Cloud access diff --git a/content/departments/engineering/managed-services/msp-testbed.md b/content/departments/engineering/managed-services/msp-testbed.md index 592398f79101..25a1eee41f31 100644 --- a/content/departments/engineering/managed-services/msp-testbed.md +++ b/content/departments/engineering/managed-services/msp-testbed.md @@ -3,8 +3,8 @@ This document describes operational guidance for MSP Testbed infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | -------------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------------------| | Service ID | [`msp-testbed`](https://github.com/sourcegraph/managed-services/blob/main/services/msp-testbed/service.yaml) | | Owners | **core-services** | | Service kind | Cloud Run service | @@ -27,39 +27,48 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### test -| PROPERTY | DETAILS | -| ---------- | --------------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|------------|-----------------------------------------------------------------------------------------------------------------------------------| | Project ID | [`msp-testbed-test-77589aae45d0`](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) | | Category | **test** | | Resources | [test Redis](#test-redis), [test PostgreSQL instance](#test-postgresql-instance), [test BigQuery dataset](#test-bigquery-dataset) | | Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=msp-testbed-test-77589aae45d0) | | Domain | [msp-testbed.sgdev.org](https://msp-testbed.sgdev.org) | -MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. +MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [test Terraform Cloud](#test-terraform-cloud). + #### test Cloud Run -| PROPERTY | DETAILS | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-test-77589aae45d0) | +The MSP Testbed test service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-test-77589aae45d0) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs msp-testbed test +``` #### test Redis -| PROPERTY | DETAILS | -| -------- | --------------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------|-----------------------------------------------------------------------------------------------------------------------------------| | Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=msp-testbed-test-77589aae45d0) | #### test PostgreSQL instance -| PROPERTY | DETAILS | -| --------- | ----------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|-----------|-------------------------------------------------------------------------------------------------------------| | Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=msp-testbed-test-77589aae45d0) | | Databases | `primary` | @@ -75,8 +84,33 @@ sg msp pg connect -write-access msp-testbed test #### test BigQuery dataset -| PROPERTY | DETAILS | -| --------------- | ---------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|-----------------|------------------------------------------------------------------------------------------------------------------------| | Dataset Project | `msp-testbed-test-77589aae45d0` | | Dataset ID | `msp_testbed` | | Tables | [`example`](https://github.com/sourcegraph/managed-services/blob/main/services/msp-testbed/example.bigquerytable.json) | + +#### test Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/msp-testbed/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/msp-testbed/service.yaml), and `sg msp generate msp-testbed test` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [test Cloud Run](#test-cloud-run) section instead. In general: +> +> - check service logs ([test Cloud Run](#test-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-msp-testbed-test` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-msp-testbed-test), or you can use: + +```bash +sg msp tfc view msp-testbed test +``` diff --git a/content/departments/engineering/managed-services/pings.md b/content/departments/engineering/managed-services/pings.md index 986f05ed02cc..3e3491f61318 100644 --- a/content/departments/engineering/managed-services/pings.md +++ b/content/departments/engineering/managed-services/pings.md @@ -3,8 +3,8 @@ This document describes operational guidance for Pings Service infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | -------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------| | Service ID | [`pings`](https://github.com/sourcegraph/managed-services/blob/main/services/pings/service.yaml) | | Owners | **core-services** | | Service kind | Cloud Run service | @@ -27,8 +27,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### prod -| PROPERTY | DETAILS | -| ---------- | ------------------------------------------------------------------------------------------------------ | +| PROPERTY | DETAILS | +|------------|--------------------------------------------------------------------------------------------------------| | Project ID | [`pings-prod-2f4f73edf1db`](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) | | Category | **external** | | Resources | | @@ -36,16 +36,50 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] | Domain | [pings.sourcegraph.com](https://pings.sourcegraph.com) | MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud). + #### prod Cloud Run -| PROPERTY | DETAILS | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=pings-prod-2f4f73edf1db) | +The Pings Service prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=pings-prod-2f4f73edf1db) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs pings prod +``` + +#### prod Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/pings/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/pings/service.yaml), and `sg msp generate pings prod` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general: +> +> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-pings-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-pings-prod), or you can use: + +```bash +sg msp tfc view pings prod +``` diff --git a/content/departments/engineering/managed-services/sams.md b/content/departments/engineering/managed-services/sams.md index 46ddd7003083..07d464a94f77 100644 --- a/content/departments/engineering/managed-services/sams.md +++ b/content/departments/engineering/managed-services/sams.md @@ -3,8 +3,8 @@ This document describes operational guidance for Sourcegraph Accounts infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Service ID | [`sams`](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml) | | Owners | **core-services** | | Service kind | Cloud Run service | @@ -27,8 +27,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### dev -| PROPERTY | DETAILS | -| -------------- | --------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------------|-----------------------------------------------------------------------------------------------------------------------------| | Project ID | [`sams-dev-bfec`](https://console.cloud.google.com/run?project=sams-dev-bfec) | | Category | **test** | | Resources | [dev Redis](#dev-redis), [dev PostgreSQL instance](#dev-postgresql-instance), [dev BigQuery dataset](#dev-bigquery-dataset) | @@ -36,31 +36,40 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] | Domain | [accounts.sgdev.org](https://accounts.sgdev.org) | | Cloudflare WAF | ✅ | -MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. +MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud). + #### dev Cloud Run -| PROPERTY | DETAILS | -| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-dev-bfec) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-dev-bfec) | +The Sourcegraph Accounts dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-dev-bfec) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-dev-bfec) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs sams dev +``` #### dev Redis -| PROPERTY | DETAILS | -| -------- | ----------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------|-------------------------------------------------------------------------------------------------------------------| | Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=sams-dev-bfec) | #### dev PostgreSQL instance -| PROPERTY | DETAILS | -| --------- | ------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|-----------|---------------------------------------------------------------------------------------------| | Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=sams-dev-bfec) | | Databases | `accounts`, `cody_management` | @@ -76,8 +85,33 @@ sg msp pg connect -write-access sams dev #### dev BigQuery dataset -| PROPERTY | DETAILS | -| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Dataset Project | `sams-dev-bfec` | | Dataset ID | `sams` | | Tables | [`user_emails`](https://github.com/sourcegraph/managed-services/blob/main/services/sams/user_emails.bigquerytable.json), [`events`](https://github.com/sourcegraph/managed-services/blob/main/services/sams/events.bigquerytable.json) | + +#### dev Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/sams/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml), and `sg msp generate sams dev` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [dev Cloud Run](#dev-cloud-run) section instead. In general: +> +> - check service logs ([dev Cloud Run](#dev-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-sams-dev` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-sams-dev), or you can use: + +```bash +sg msp tfc view sams dev +``` diff --git a/content/departments/engineering/managed-services/support-integration.md b/content/departments/engineering/managed-services/support-integration.md index 56d3a96f4e47..c58ce82cb020 100644 --- a/content/departments/engineering/managed-services/support-integration.md +++ b/content/departments/engineering/managed-services/support-integration.md @@ -3,8 +3,8 @@ This document describes operational guidance for Support Integration infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | ---------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|------------------------------------------------------------------------------------------------------------------------------| | Service ID | [`support-integration`](https://github.com/sourcegraph/managed-services/blob/main/services/support-integration/service.yaml) | | Owners | **Customer Support** | | Service kind | Cloud Run service | @@ -27,8 +27,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### prod -| PROPERTY | DETAILS | -| -------------- | ------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|----------------|---------------------------------------------------------------------------------------------------------------| | Project ID | [`support-integration-prod-549b`](https://console.cloud.google.com/run?project=support-integration-prod-549b) | | Category | **internal** | | Resources | | @@ -37,16 +37,50 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] | Cloudflare WAF | ✅ | MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud). + #### prod Cloud Run -| PROPERTY | DETAILS | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=support-integration-prod-549b) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=support-integration-prod-549b) | +The Support Integration prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=support-integration-prod-549b) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=support-integration-prod-549b) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs support-integration prod +``` + +#### prod Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/support-integration/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/support-integration/service.yaml), and `sg msp generate support-integration prod` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general: +> +> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-support-integration-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-support-integration-prod), or you can use: + +```bash +sg msp tfc view support-integration prod +``` diff --git a/content/departments/engineering/managed-services/telemetry-gateway.md b/content/departments/engineering/managed-services/telemetry-gateway.md index fbe458edbb3a..0b96203e08b3 100644 --- a/content/departments/engineering/managed-services/telemetry-gateway.md +++ b/content/departments/engineering/managed-services/telemetry-gateway.md @@ -3,8 +3,8 @@ This document describes operational guidance for Telemetry Gateway infrastructure. @@ -14,8 +14,8 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ## Service overview -| PROPERTY | DETAILS | -| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|--------------|----------------------------------------------------------------------------------------------------------------------------------------------| | Service ID | [`telemetry-gateway`](https://github.com/sourcegraph/managed-services/blob/main/services/telemetry-gateway/service.yaml) | | Owners | **core-services** | | Service kind | Cloud Run service | @@ -27,33 +27,67 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services] ### dev -| PROPERTY | DETAILS | -| ---------- | --------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|------------|-----------------------------------------------------------------------------------------------------------| | Project ID | [`telemetry-gateway-dev-0050`](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) | | Category | **test** | | Resources | | | Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-dev-0050) | | Domain | [telemetry-gateway.sgdev.org](https://telemetry-gateway.sgdev.org) | -MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. +MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud). + #### dev Cloud Run -| PROPERTY | DETAILS | -| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-dev-0050) | +The Telemetry Gateway dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-dev-0050) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs telemetry-gateway dev +``` + +#### dev Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/telemetry-gateway/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/telemetry-gateway/service.yaml), and `sg msp generate telemetry-gateway dev` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [dev Cloud Run](#dev-cloud-run) section instead. In general: +> +> - check service logs ([dev Cloud Run](#dev-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-telemetry-gateway-dev` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-telemetry-gateway-dev), or you can use: + +```bash +sg msp tfc view telemetry-gateway dev +``` ### prod -| PROPERTY | DETAILS | -| ---------- | ---------------------------------------------------------------------------------------------------------- | +| PROPERTY | DETAILS | +|------------|------------------------------------------------------------------------------------------------------------| | Project ID | [`telemetry-gateway-prod-acae`](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) | | Category | **external** | | Resources | | @@ -61,16 +95,50 @@ Test environments have less stringent requirements. | Domain | [telemetry-gateway.sourcegraph.com](https://telemetry-gateway.sourcegraph.com) | MSP infrastructure access needs to be requested using Entitle for time-bound privileges. -Test environments have less stringent requirements. -| ACCESS | ENTITLE REQUEST TEMPLATE | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ACCESS | ENTITLE REQUEST TEMPLATE | +|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | | GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) | +For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud). + #### prod Cloud Run -| PROPERTY | DETAILS | -| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) | -| Logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-prod-acae) | +The Telemetry Gateway prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run). + +| PROPERTY | DETAILS | +|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) | +| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-prod-acae) | + +You can also use `sg msp` to quickly open a link to your service logs: + +```bash +sg msp logs telemetry-gateway prod +``` + +#### prod Terraform Cloud + +This service's configuration is defined in [`sourcegraph/managed-services/services/telemetry-gateway/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/telemetry-gateway/service.yaml), and `sg msp generate telemetry-gateway prod` generates the required infrastructure configuration for this environment in Terraform. +Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration. +You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc). + +> [!NOTE] +> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general: +> +> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving +> - check TFC workspaces for infrastructure provisioning or configuration issues + +To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19). +The "Managed Services Platform Operator" team has access to all MSP TFC workspaces. + +> [!WARNING] +> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**. +> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation. + +The Terraform Cloud workspaces for this service environment are [grouped under the `msp-telemetry-gateway-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-telemetry-gateway-prod), or you can use: + +```bash +sg msp tfc view telemetry-gateway prod +```