2025-07-02 Sys Ops & Management SIG Agenda and Meeting Notes

Welcome

Eureka Test Installation Experiences

• Ingolf and other Early Adopters are following these Installation Instructions for a Eureka Testing Installation: https://folio-org.atlassian.net/wiki/spaces/FOLIJET/pages/442269739

• An overview can be found here: https://folio-org.atlassian.net/wiki/spaces/FOLIJET/pages/438927370

• Useful to get accustomed to new infrastructure pieces like Keylcoak and Kong. Links for further reading can be found in the Installation Instructions, for example for Keycloak: https://www.keycloak.org/guides#getting-started

• many assistance by EBSCO staff was needed to get so far , for all Early Adopters !

• also interesting: A step-by-step guide to deploy base components (Kong, Keycloak etc.): https://github.com/folio-org/eureka-k8s/tree/master

• Bitnami Helm Charts are being used for deployment of the infrastructure. For Kong and Keycloak, Container Images from folioci (snapshot versions) or folioorg Repo are being used, for example: folioorg/folio-kong, folioorg/folio-keycloak. Vault and Keycloak come up with a UI for the administrator, for Kong this has to be installed separately (Kong-UI).

• Helm Charts of modules are taken from the repo folio-helm-v2 .

• Task of the system administrator is to provide YAML values files for the Helm chart deployments. Ingolf has created a local git repo in which he collects all his YAML files: elasticsearch-hbz-values.yaml, kafka-hbz-values.yaml, keycloak-hbz-values.yaml, kong-hbz-values.yaml …, mgr-applications-hbz-values.yaml , mgr-tenant-entitlements-hbz-values.yaml , …

• In addition, Kuberentes Secrets have to be pre-created by the system admin (see below).

• Difficult to figure out what means what (of the Secret keys): Internal URLs (inside Kubernetes) vs. external URLs (DNS names), Service names (“host”) vs. URLs (“hostname”).

• many new platforms, not only platform-complete. For example platform-minimal: https://github.com/folio-org/app-platform-minimal . For the various tags, application descriptors have been pre-created in files named application-descriptor.json . One needs those to deploy a Eureka platform.

Caveats:

• Eureka uses Keycloak to authenticate the modules. An admin client of ID “folio-backend-admin-client” has to be pre-created in the Master Realm of Keycloak.

• Eureka uses Vault or AWS_SSM as a Secret Store. A Secret “folio-backend-admin-client” has to be also created in Vault.

• Other Kuberentes Secrets have to be pre-created as described here . Especially important is the Secret “eureka-common”. You have to match the values to your environment.

• Application Descriptors have to be pre-created (EBSCO sent me the file, thank you) and POSTed to Kong. Using folio-application-generator. There is (not yet) a repo of (module) descriptors as there was for Okapi.

RTR Token Rotation in Ramsons

users sometimes get kicked out unexpectedly, earlier than the expiration period. Ingolf has captured log files for this failure.

Don't forget to set proxy_cookie_path in your nginx configuration for the /okapi/ endpoint when you upgrade your system(s) to Ramson. RTR token rotation will log you out otherwise, once you open a 2nd browser tab for the same user. Documented here: https://docs.folio.org/docs/getting-started/installation/hostnames/#same-host-name    .  Just add the directive `

then it will work as before.

Chat Log

Topics for next meetings

• Eureka Testing Installation

• Next Meeting in 6 weeks, Wednesday the 13th of August.

• Happy 4th of July !