Overview
( For Jason to fill in Admin App has been discovered to have an issue with DPAPI, we're switching to AES and resolutions to come from this. )
Installation Instructions
Upgrading/ installing AdminApp 2.2.0 while resource group, ODS API and Admin app older version already available and running on Azure.
Steps for upgrading:
1. Stop existing ODS API and AdminApp services on azure resource group
2. Connect to Azure SQL server from SSMS and run the following SQL commands to delete records/ data to void the first-time setup from old AdminApp application
DECLARE @ApplicationId INT;
SELECT @ApplicationId = ApplicationId FROM dbo.Applications WHERE ClaimSetName = 'Ed-Fi ODS Admin App'
DELETE FROM dbo.ClientAccessTokens WHERE EXISTS (
SELECT 1 FROM dbo.ApiClients
WHERE ClientAccessTokens.ApiClient_ApiClientId = ApiClients.ApiClientId
AND Application_ApplicationId = @ApplicationId
)
DELETE FROM dbo.ApiClients WHERE Application_ApplicationId = @ApplicationId
DELETE FROM dbo.ApplicationEducationOrganizations WHERE --Application_ApplicationId = @ApplicationId
DELETE FROM dbo.ProfileApplications WHERE Application_ApplicationId = @ApplicationId
DELETE FROM dbo.Applications WHERE ApplicationId = @ApplicationId
DELETE FROM dbo.OdsInstances
3. Deploy AdminApp 2.2.0 to an existing resource group using powershell script from
https://github.com/Ed-Fi-Exchange-OSS/Ed-Fi-X-Ods-Deploy-Azure
Please follow the naming conventions (https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best- practices/resource-naming) for AdminAppName
$params = @{
ResourceGroupName = " Existing resource group name "
AdminAppName = "AdminApp-Latest"
AppInsightLocation = "South Central US"
ProductionApiUrl = " Existing ODS API url "
SQLServerHostname = " Existing SQL server url "
SQLServerUserName = "username"
SQLServerPassword = ConvertTo-SecureString "password" -AsPlainText -Force
}
Upgrade-AdminApp> .\Deploy-EdFiOdsAdminApp.ps1 @params
EncryptionKey:
Base64-encoded 256 bit key appropriate for use with AES encryption. This is an
optional parameter. If user wants to provide own value, then use following script to generate:
$aes = [System.Security.Cryptography.Aes]::Create()
$aes.KeySize = 256
$aes.GenerateKey()
$EncryptionKey = [System.Convert]::ToBase64String($aes.Key)
Note: If user is not providing Encryption key, then key will be generated during deployment.
4. Once the application deployment done, user will be prompted to confirm deleting and recreating Admin App specific database tables. If yes, then deployment process will delete existing Admin App specific tables and re-create them with latest table schemas on EdFi_Admin database.
5. Data validations and update:
1. We can persist existing vendor applications, key and secrets created. Need to manually update OdsInstance_OdsInstanceId column on dbo.Applications table to have default Ods instance id. Since, latest AdminApp needs association between dbo.Applications and dbo.OdsInstances tables to filter applications for selected instance.
2. Vendor applications created using older AdminApp have prefixed with “Production”. May need to manually remove that prefix.