Deployment responsibilities of LSAs
Review of the Security Checklist and compliance score
The first responsibility of the lead system architect (LSA) is to assess the application security. The LSA can make this assessment by verifying the Security Checklist. Failure to complete the application Security Checklist blocks your application deployment. This task:
- Performs a detailed assessment of your current security configuration to determine whether the settings follow best practices for application development.
- Provides status on each task in the Security Checklist page and blocks your application deployment if any task fails.
- Stores an audit trail of the security configuration analysis and status at the time of deployment.
Sample error report generated by Verify security checklist task in DevOps release pipeline:
Error encountered in Verify Security checklist gate 34/34 tasks are incomplete.<br />
Please log into development environment and complete all tasks in the Application Guide: Application security checklist. <br />
Failed tasks:
Please log into development environment and complete all tasks in the Application Guide: Application security checklist. <br />
Failed tasks:
SECURITY_ADMINISTRATORS : Determine who is responsible for this checklistRULE_SECURITY_ANALYZER : Eliminate vulnerabilities in custom codeSECURITY_ALERTS : Address security alerts promptlyCONFIGURE_RULES : Configure rules appropriatelyPASSWORD_POLICY : Configure authentication security policies
Please check deployment logs for the complete list of failed tasks.
In a Pega Deployment Manager release pipeline, Check guardrail compliance task validates the compliance score of the application during deployment. Check guardrail compliance task returns an error, if guardrail compliance for the application is less than the configured compliance score. Pega recommends a compliance score of 97 or higher for high performing applications.
Draft flow cross-check
The deployment manager now blocks deployments in systems with a production level of 5 if the artifact contains draft flows. If the production level is lower than 5, a warning message is displayed in the Deployment History and Reports section, which indicates that draft flows might cause production failures.
Application-level rollback to a restore point
Application-level rollbacks now provide a more granular approach to restore points, which you can use to revert rules and data instances in a specific application. This feature requires Pega Platform 8.4 and later.
Rollback relies on the Restore Points feature of Pega Platform™. The Rollback option is presented to the user only when a step errors out in a deployment. A restore point is automatically generated every time an import happens. Any changes that happen after the import and before the next restore point is generated by any application is rolled back when the rollback action is triggered from release pipeline.
The following image depicts the high-level interaction diagram of the release pipeline and the process involved in rollback.
| Sequence # | Description |
|---|---|
| 1 | Release Manager creates CICD pipeline for an application |
| 2 | Trigger CICD |
| 3 | Publish package to Dev repository |
| 4 | Deploy the package from Dev repository to Staging environment |
| 5 | Pega creates restore point after every product deployment |
| 6 | Execute pipeline steps (Compliance score, Security checklist and Test coverage) |
| 7 | Skip and continue |
| 8 | Publish package to PROD repository |
| 9 | Rollback |
| 10 | Get RAP with restore point from Database |
| 11 | Delete individual rule instances |
| 12 | Post status update Release Manager |
The following log entries from the Deployment manager release pipeline are displayed when rollback occurs:
<code>2020-11-03 07:32:01,580 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Build ROLLBACK, Build ID:BO-4
=============== Beginning of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:01,958 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution started for task type: rollback
Request object: {
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
}
2020-11-03 07:32:02,031 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Rolling back Application using restore point - RP_20201103T073104.595_qfjj</code>
<code>2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Import summary for {PageKeeperArchive}
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Total instances in archive: 6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances imported: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances skipped: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not imported due to error: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not processed: 6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Import Complete
2020-11-03 07:32:02,215 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Deleting instances marked for removal.
2020-11-03 07:32:02,225 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-RULESET-VERSION BOOKING 01-02-32
2020-11-03 07:32:02,350 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-ADMIN-PRODUCT BOOKING 01.01.04 #20201103T103303.222 GMT
2020-11-03 07:32:02,397 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-DECLARE-PAGES D_BOOKINGCONST #20201103T105955.944 GMT
2020-11-03 07:32:02,439 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-HTML-SECTION FSG-BOOKING-UIPAGES ROOMSREQUESTCONTENT #20201103T104359.657 GMT
2020-11-03 07:32:02,613 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-ACTIVITY FSG-BOOKING-DATA-CONSTPROP LOADBOOKINGCONSTDP #20201103T110029.016 GMT
2020-11-03 07:32:02,657 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-WHEN DATA-PORTAL ISEVENTMANAGEMENTWG #20201103T104313.416 GMT
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Completed
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Application has been rolled back using restore point - RP_20201103T073104.595_qfjj
2020-11-03 07:32:02,760 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution completed for task : rollback
Posting status to release manager system. Status object:
{
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
,"pyRollbackLevel":"ApplicationRollback"
,"pyStatusMessage":"Restored to RestorePointName :RP_20201103T073104.595_qfjj"
,"pyStatusValue":"SUCCESS"
,"pySystemNodeID":"35669bb013e2b46be6206f71e7307c11"
}</code>
<code>=============== End of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:05,102 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Remote task execution completed.</code>
=============== Beginning of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:01,958 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution started for task type: rollback
Request object: {
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
}
2020-11-03 07:32:02,031 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Rolling back Application using restore point - RP_20201103T073104.595_qfjj</code>
<code>2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Import summary for {PageKeeperArchive}
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Total instances in archive: 6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances imported: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances skipped: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not imported due to error: 0
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not processed: 6
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Import Complete
2020-11-03 07:32:02,215 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Deleting instances marked for removal.
2020-11-03 07:32:02,225 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-RULESET-VERSION BOOKING 01-02-32
2020-11-03 07:32:02,350 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-ADMIN-PRODUCT BOOKING 01.01.04 #20201103T103303.222 GMT
2020-11-03 07:32:02,397 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-DECLARE-PAGES D_BOOKINGCONST #20201103T105955.944 GMT
2020-11-03 07:32:02,439 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-HTML-SECTION FSG-BOOKING-UIPAGES ROOMSREQUESTCONTENT #20201103T104359.657 GMT
2020-11-03 07:32:02,613 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-ACTIVITY FSG-BOOKING-DATA-CONSTPROP LOADBOOKINGCONSTDP #20201103T110029.016 GMT
2020-11-03 07:32:02,657 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-WHEN DATA-PORTAL ISEVENTMANAGEMENTWG #20201103T104313.416 GMT
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Completed
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Application has been rolled back using restore point - RP_20201103T073104.595_qfjj
2020-11-03 07:32:02,760 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution completed for task : rollback
Posting status to release manager system. Status object:
{
"pxObjClass":"Pega-Int-Pipeline"
,"pyApplicationName":"Booking"
,"pyApplicationVersion":"01.01.03"
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"
,"pyID":"PEGA-PIPELINE-CD BO-4"
,"pyPipelineName":"BookingApp"
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"
,"pyRollbackLevel":"ApplicationRollback"
,"pyStatusMessage":"Restored to RestorePointName :RP_20201103T073104.595_qfjj"
,"pyStatusValue":"SUCCESS"
,"pySystemNodeID":"35669bb013e2b46be6206f71e7307c11"
}</code>
<code>=============== End of remote server logs for task: rollback, Server:Quality Assurance ===============
2020-11-03 07:32:05,102 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Remote task execution completed.</code>
Manual deployment with restore points to enable error recovery
For the manual deployments using Import wizard, use the prpcServiceUtils tool to roll back your system to a restore point if any problem arises during a product import.
Pega Platform automatically creates restore points after an archive import. While importing product files, do not select Do not set restore point or save metadata during the import. Otherwise, the option enables Pega to create a restore point as a part of product file import.
Limitations with restore points
There are limitations to what you can restore when you rollback. Pega Platform uses historical records to return most of the system to the restore point state. Changes to the following items do not generate history records and are not rolled back by the rollback feature. Decide on a case-by-case basis whether to remove these changes manually, or whether they can remain on the system.
- SQL changes
- Java .jar imports
- Some custom data instances
When you configure the class for a data type, you can specify not to generate a history record for instances of that type. If the data instance does not generate a history record, changes to the data instance cannot be rolled back.
You can specify which rule and data instances are returned to the previous state:
- System: Rollback every rule and data instance with a historical record. This is the default setting.
- User: Rollback rule and data instances modified by a specific user.
Note: If any rule is changed by more than one user, you see an error message and must use the system rollback. - Application: Rollback rule and data instances in a specific application.
For more information on restore points, see Using restore points to enable error recovery.
This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.
Want to help us improve this content?