Deployment responsibilities of LSAs
Depending on the culture of the organization, you see some differences in the responsibilities of Lead System Architect (LSA) while deploying application code to higher environments. However, security of the application becomes the first and most important responsibility of LSA. The LSA can make this assessment by verifying the Security Checklist. Failure to complete the application Security Checklist blocks your application deployment.
LSA should complete the following tasks for successful deployment of application code to higher environments
- Performs a detailed assessment of your current security configuration to determine whether the settings follow best practices for application development.
- Provides status on each task in the Security Checklist page and blocks your application deployment if any task fails.
- Stores an audit trail of the security configuration analysis and status at the time of deployment.
The following log is a sample error report that the Verify security checklist task in the DevOps release pipeline can generate:
Error encountered in Verify Security checklist gate 34/34 tasks are incomplete.<br />
Please log into development environment and complete all tasks in the Application Guide: Application security checklist. <br />
Failed tasks:
Please log into development environment and complete all tasks in the Application Guide: Application security checklist. <br />
Failed tasks:
SECURITY_ADMINISTRATORS : Determine who is responsible for this checklistRULE_SECURITY_ANALYZER : Eliminate vulnerabilities in custom codeSECURITY_ALERTS : Address security alerts promptlyCONFIGURE_RULES : Configure rules appropriatelyPASSWORD_POLICY : Configure authentication security policies
Please check deployment logs for the complete list of failed tasks.
The following figure shows the failed status of the DevOps release pipeline if any of the tasks are errored out. In this example, the Verify security checklist task failed.
In a Deployment Manager release pipeline, the Check guardrail compliance task validates the compliance score of the application during deployment. The Check guardrail compliance task returns an error if guardrail compliance for the application is less than the configured compliance score. As a best practice, aim for a compliance score of 97 or higher for high-performing applications.
Draft flow cross-check
Deployment now blocks deployments in systems with a production level of 5 if the artifact contains draft flows. If the production level is lower than 5, a warning message is displayed in the Deployment History and Reports section, which indicates that draft flows might cause production failures.
Application-level rollback to a restore point
Application-level rollbacks now provide a more granular approach to restore points, which you can use to revert rules and data instances in a specific application. This feature requires Pega Platform version 8.4 and later.
Rollback relies on the restore points feature of Pega Platform. The Rollback option is displayed to users only when a step errors out in a deployment. The system generates a restore point automatically every time an import occurs. The system rolls back any changes after the import and before any application generates the next restore point when users initiate the rollback action from the release pipeline.
The following figure shows the Rollback option that is available for the failed deployment in a DevOps release pipeline:
The following figure shows the completed rollback process the failed deployment. The system restores the deployment to the previous state in the DevOps release pipeline.
The following diagram illustrates the release pipeline and the process involved in rolling back a deployment:
- Release Manager creates a CI/CD pipeline for an application.
- Trigger CI/CD.
- Publish the package to the development repository.
- Deploy the package from the development repository to the staging environment.
- Pega Platform creates restore points after every product deployment.
- Run pipeline steps (compliance score, Security Checklist, and test coverage).
- Skip and continue.
- Publish the package to the production repository.
- Roll back the package.
- Get RAP with a restore point from the database.
- Delete individual rule instances.
- Post status update to the Release Manager.
The following log entries from the Deployment manager release pipeline are displayed when rollback occurs:
2020-11-03 07:32:01,580 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Build ROLLBACK, Build ID:BO-4<br />
=============== Beginning of remote server logs for task: rollback, Server:Quality Assurance ===============<br />
2020-11-03 07:32:01,958 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution started for task type: rollback<br />
Request object: {<br />
"pxObjClass":"Pega-Int-Pipeline"<br />
,"pyApplicationName":"Booking"<br />
,"pyApplicationVersion":"01.01.03"<br />
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"<br />
,"pyID":"PEGA-PIPELINE-CD BO-4"<br />
,"pyPipelineName":"BookingApp"<br />
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"<br />
}
=============== Beginning of remote server logs for task: rollback, Server:Quality Assurance ===============<br />
2020-11-03 07:32:01,958 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution started for task type: rollback<br />
Request object: {<br />
"pxObjClass":"Pega-Int-Pipeline"<br />
,"pyApplicationName":"Booking"<br />
,"pyApplicationVersion":"01.01.03"<br />
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"<br />
,"pyID":"PEGA-PIPELINE-CD BO-4"<br />
,"pyPipelineName":"BookingApp"<br />
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"<br />
}
2020-11-03 07:32:02,031 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Rolling back Application using restore point - RP_20201103T073104.595_qfjj
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Import summary for {PageKeeperArchive}<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Total instances in archive: 6<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances imported: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances skipped: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not imported due to error: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not processed: 6<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Import Complete<br />
2020-11-03 07:32:02,215 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Deleting instances marked for removal.<br />
2020-11-03 07:32:02,225 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-RULESET-VERSION BOOKING 01-02-32<br />
2020-11-03 07:32:02,350 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-ADMIN-PRODUCT BOOKING 01.01.04 #20201103T103303.222 GMT<br />
2020-11-03 07:32:02,397 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-DECLARE-PAGES D_BOOKINGCONST #20201103T105955.944 GMT<br />
2020-11-03 07:32:02,439 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-HTML-SECTION FSG-BOOKING-UIPAGES ROOMSREQUESTCONTENT #20201103T104359.657 GMT<br />
2020-11-03 07:32:02,613 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-ACTIVITY FSG-BOOKING-DATA-CONSTPROP LOADBOOKINGCONSTDP #20201103T110029.016 GMT<br />
2020-11-03 07:32:02,657 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-WHEN DATA-PORTAL ISEVENTMANAGEMENTWG #20201103T104313.416 GMT<br />
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Completed<br />
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Application has been rolled back using restore point - RP_20201103T073104.595_qfjj<br />
2020-11-03 07:32:02,760 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution completed for task : rollback<br />
Posting status to release manager system. Status object:<br />
{<br />
"pxObjClass":"Pega-Int-Pipeline"<br />
,"pyApplicationName":"Booking"<br />
,"pyApplicationVersion":"01.01.03"<br />
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"<br />
,"pyID":"PEGA-PIPELINE-CD BO-4"<br />
,"pyPipelineName":"BookingApp"<br />
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"<br />
,"pyRollbackLevel":"ApplicationRollback"<br />
,"pyStatusMessage":"Restored to RestorePointName :RP_20201103T073104.595_qfjj"<br />
,"pyStatusValue":"SUCCESS"<br />
,"pySystemNodeID":"35669bb013e2b46be6206f71e7307c11"<br />
}
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Total instances in archive: 6<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances imported: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances skipped: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not imported due to error: 0<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Instances not processed: 6<br />
2020-11-03 07:32:02,207 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Import Complete<br />
2020-11-03 07:32:02,215 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Deleting instances marked for removal.<br />
2020-11-03 07:32:02,225 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-RULESET-VERSION BOOKING 01-02-32<br />
2020-11-03 07:32:02,350 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-ADMIN-PRODUCT BOOKING 01.01.04 #20201103T103303.222 GMT<br />
2020-11-03 07:32:02,397 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-DECLARE-PAGES D_BOOKINGCONST #20201103T105955.944 GMT<br />
2020-11-03 07:32:02,439 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-HTML-SECTION FSG-BOOKING-UIPAGES ROOMSREQUESTCONTENT #20201103T104359.657 GMT<br />
2020-11-03 07:32:02,613 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-ACTIVITY FSG-BOOKING-DATA-CONSTPROP LOADBOOKINGCONSTDP #20201103T110029.016 GMT<br />
2020-11-03 07:32:02,657 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.HistoryMoveLog] INFO Deleting instance RULE-OBJ-WHEN DATA-PORTAL ISEVENTMANAGEMENTWG #20201103T104313.416 GMT<br />
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.util.MoveLog] INFO Operation Status: Completed<br />
2020-11-03 07:32:02,691 [PegaRULES-Batch-3] [com.pega.pegarules.deploy.internal.restorepoint.AbstractRollback] INFO Application has been rolled back using restore point - RP_20201103T073104.595_qfjj<br />
2020-11-03 07:32:02,760 [PegaRULES-Batch-3] [Rule_Obj_Activity.pzCreateTaskWrapper.Pega_Int_Pipeline.Action] INFO Task execution completed for task : rollback<br />
Posting status to release manager system. Status object:<br />
{<br />
"pxObjClass":"Pega-Int-Pipeline"<br />
,"pyApplicationName":"Booking"<br />
,"pyApplicationVersion":"01.01.03"<br />
,"pyCallBackURL":"http://192.168.125.144:9080/prweb/PRRestService/cicd/v1/task/rollback/status?FlowName=pzRunPegaUnits&FlowActionName=pzPauseTask"<br />
,"pyID":"PEGA-PIPELINE-CD BO-4"<br />
,"pyPipelineName":"BookingApp"<br />
,"pyRestorePointName":"RP_20201103T073104.595_qfjj"<br />
,"pyRollbackLevel":"ApplicationRollback"<br />
,"pyStatusMessage":"Restored to RestorePointName :RP_20201103T073104.595_qfjj"<br />
,"pyStatusValue":"SUCCESS"<br />
,"pySystemNodeID":"35669bb013e2b46be6206f71e7307c11"<br />
}
=============== End of remote server logs for task: rollback, Server:Quality Assurance ===============<br />
2020-11-03 07:32:05,102 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Remote task execution completed.
2020-11-03 07:32:05,102 [DM release administrator] [BookingApp] [Booking01.01.03] [Booking_010232_1] INFO Remote task execution completed.
Manual deployment with restore points to enable error recovery
For the manual deployments that use the Import wizard, use the prpcServiceUtils tool to roll back your system to a restore point if any problem arises during a product import.
Pega Platform automatically creates restore points after an archive import. While importing product files, do not select Do not set restore point or save metadata during the import, as shown in the following figure. Otherwise, the option enables Pega Platform to create a restore point as a part of product file import.
Limitations with restore points
There are limitations to what you can restore when you roll back. Pega Platform uses historical records to return most of the system to the restore point state. Changes to the following items do not generate history records and are not rolled back by the rollback feature. Decide on a case-by-case basis whether to remove these changes manually or whether they can remain on the system.
- SQL changes
- JAR imports
- Some custom data instances
When you configure the class for a data type, you can specify not to generate a history record for instances of that type. If the data instance does not generate a history record, you cannot roll back changes to the data instance.
You can specify which rule and data instances return to the previous state:
- System: Roll back every rule and data instance with a historical record; System is the default setting.
- User: Rollback rule and data instances that a specific user modified.
Note: If more than one user changes any rule, you see an error message and must use the system rollback.
- Application: Rollback rule and data instances in a specific application.
For more information about restore points, see Using restore points to enable error recovery.
Check your knowledge with the following interaction:
This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.
Want to help us improve this content?