Overview

( For Jason to fill in Admin App has been discovered to have an issue with DPAPI, we're switching to AES and resolutions to come from this. )

Installation Instructions

Upgrading/ installing AdminApp 2.2.0 while resource group, ODS API and Admin app older version already available and running on Azure.

Steps for upgrading:

1. Stop existing ODS API and AdminApp services on azure resource group
2. Connect to Azure SQL server from SSMS and run the following scripts to delete existing AdminApp specific tables (since the latest AdminApp table schemas are different)

DROP TABLE [adminapp].[SecretConfigurations];

DROP TABLE [adminapp].[UserClaims];

DROP TABLE [adminapp].[UserLogins];

DROP TABLE [adminapp].[UserRoles];

DROP TABLE [adminapp].[ApplicationConfigurations];

DROP TABLE [adminapp].[AzureSqlConfigurations];

DROP TABLE [adminapp].[Users];

DROP TABLE [adminapp].[Roles];

DROP TABLE [adminapp_HangFire].[Counter];

DROP TABLE [adminapp_HangFire].[List];

DROP TABLE [adminapp_HangFire].[JobParameter];

DROP TABLE [adminapp_HangFire].[Hash];

DROP TABLE [adminapp_HangFire].[Schema];

DROP TABLE [adminapp_HangFire].[State];

DROP TABLE [adminapp_HangFire].[JobQueue];

DROP TABLE [adminapp_HangFire].[Job];

DROP TABLE [adminapp_HangFire].[Server];

DROP TABLE [adminapp_HangFire].[Set];

DROP TABLE [adminapp_HangFire].[AggregatedCounter];

DROP SCHEMA adminapp

DROP SCHEMA adminapp_HangFire

1. SQL commands to delete records/ data to void the first-time setup from old AdminApp application

DECLARE @ApplicationId INT;

SELECT @ApplicationId = ApplicationId FROM dbo.Applications WHERE ApplicationName = 'Ed-Fi ODS Admin App'   

DELETE FROM dbo.ClientAccessTokens WHERE EXISTS (

SELECT 1 FROM dbo.ApiClients

WHERE ClientAccessTokens.ApiClient_ApiClientId = ApiClients.ApiClientId

AND Application_ApplicationId = @ApplicationId

)

DELETE FROM dbo.ApiClients WHERE Application_ApplicationId = @ApplicationId

DELETE FROM dbo.ApplicationEducationOrganizations WHERE --Application_ApplicationId = @ApplicationId

DELETE FROM dbo.ProfileApplications WHERE Application_ApplicationId = @ApplicationId

DELETE FROM dbo.Applications WHERE ApplicationId = @ApplicationId

DELETE FROM dbo.OdsInstances

3. Deploy AdminApp 2.0 to an existing resource group using powershell script from

https://github.com/Ed-Fi-Exchange-OSS/Ed-Fi-X-Ods-Deploy-Azure

Ex:

Upgrade-AdminApp> .\Deploy-EdFiOdsAdminApp.ps1

Supply values for the following parameters:

ResourceGroupName: Existing  resource name

ResourceGroupLocation: South Central US

AdminAppName: AdminApp-latest

AppInsightLocation: South Central US

ProductionApiUrl: Existing ODS API url

EncryptionKey:

Optional parameter, if Please follow the naming conventions (https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-  practices/resource-naming) for AdminAppName

Ex:

$params = @{

        ResourceGroupName = " Existing resource group name "

        AdminAppName = "AdminApp-Latest"

        AppInsightLocation = "South Central US"

        ProductionApiUrl = " Existing ODS API url "

        SQLServerHostname = " Existing SQL server url "

        SQLServerUserName = "username"

        SQLServerPassword = ConvertTo-SecureString "password"  -AsPlainText -Force

    }

Upgrade-AdminApp> .\Deploy-EdFiOdsAdminApp.ps1 @params

EncryptionKey:

Base64-encoded 256 bit key appropriate for use with AES encryption. This is an

optional parameter.  If user wants to provide own value, then that can be created using following script:

$aes = [System.Security.Cryptography.Aes]::Create()

$aes.KeySize = 256

$aes.GenerateKey()

$EncryptionKey = [System.Convert]::ToBase64String($aes.Key)

               If user is not providing the value, then deployment script will generate.

User will be prompted to enter existing SQL server url and credentials:

SQL Server Hostname (ex: sql.mydomain.com,1433): edfiodssql-azure-unique-key.database.windows.net

Please enter a username and password for your SQL Server.  These credentials will be used to create new database users for your Ed-Fi ODS installation.

Username: username

Password: password

Confirm Password: password

4. Once 4. Once the application deployment done, user will be prompted to confirm the database tables verification/ deletions are done.  deleting and recreating Admin App specific database            tables. If yes, then deployment process will run delete existing Admin App specific tables and re-create them with latest table schemas      on EdFi_Admin db migrations scripts, to setup required tablesdatabase.

5. Data validations and update:

1. We can persist existing vendor applications, key and secrets created. Need to manually update OdsInstance_OdsInstanceId column on dbo.Applications table to have default Ods instance id. Since, latest AdminApp needs association between dbo.Applications and dbo.OdsInstances.

2. Vendor applications created using older AdminApp have prefixed with “Production”. May need to manually remove that prefix.