Skip to main content

Deploy FreeRADIUS changes

GovWifi’s implementation of FreeRADIUS is managed by the alphagov/govwifi-frontend repo.

This repo generates an ECR image containing the FreeRADIUS server code which will run on ECS.

Pushing these images to ECR is handled in Concourse via the Frontend pipeline under the main deploy pipeline.

Ensure the image has been pushed by checking that the ECS registry tags have been updated with the SHA shown in the Concourse log.

Manually restarting the ECS tasks

Open ECS AWS pages for staging-frontend-cluster in London and Ireland in new tabs.

If you deployed to production, the cluster is called wifi-frontend-cluster.

Navigate to the “Tasks” tab on the ECS cluster page.

Restart one ECS task at a time in each region by selecting the task and clicking the “Stop” button. This will stop the task and a new one will automatically be started by ECS.

The newly started task will use the most recent ECS task definition as well as the most recent ECR image.

Once the first set tasks have been stopped and restarted in a region, and healthchecks are green with no alarms raised, then restart the remaining three in the other region.

To check the containers are healthy, navigate to the “Healthchecks” section of the Route53 AWS page and ensure all the healthchecks for each region on healthy.

Deploying certificates and keys

Deploying certificates and keys is managed by the Concourse sync-frontend-certs pipeline which pulls from the alphagov/govwifi-build repo.

Certificates are stored encrypted under passwords/certs/, and hosted in S3 buckets.

All S3 buckets should contain the CA certificates.

Staging buckets should hold the keys and certificates prefixed with staging.

Production buckets should hold the keys and certificates prefixed with wifi.

This page was last reviewed on 13 July 2021. It needs to be reviewed again on 13 January 2022 by the page owner #govwifi .
This page was set to be reviewed before 13 January 2022 by the page owner #govwifi. This might mean the content is out of date.