Moving patch documentation to public docs

null93 · null93 · commit 70d03bf906db · 2025-03-19T12:55:41.000-05:00
diff --git a/docs/patches/P001C.md b/docs/patches/P001C.md
@@ -0,0 +1,43 @@
+---
+title: P001C
+---
+
+Fixes data persistence issue with OpenSearch and Redis.
+
+## Description
+
+We first noticed the issue that OpenSearch and Redis session data was being deleted every time it was taken out of hibernation.
+As a result, the site had to be re-indexed upon each wake-up.
+
+The root cause lies in the helper scripts that run on boot.
+These scripts manage version changes for OpenSearch and Redis and are also triggered by CloudFormation (CFN) when a version update is requested.
+
+In some cases, we need to delete persistent data to prevent compatibility issues between old data and new software versions.
+However, the problem is that the current boot process clears the data without checking if a version change has actually occurred.
+
+## Impact
+
+- All-In-One (AIO) Servers
+- Web Layer
+- Redis Session Layer
+- Redis Cache Layer
+- OpenSearch Layer
+
+## Changes
+
+The following files are patched on the servers receiving the patch:
+
+- /opt/jrc/sbin/change-search-version
+- /opt/jrc/sbin/change-redis-session-version
+- /opt/jrc/sbin/change-redis-cache-version
+
+## If You Accept
+
+During your chosen maintenance window, the patch will be applied to all targeted servers.
+New Amazon Machine Images (AMIs) will be generated for each of the servers involved, and these new AMIs will be used to replace the current servers.
+Downtime should be minimal and take less than 10 minutes to restore service.
+
+## If You Reject
+
+OpenSearch and Redis session data will continue to be deleted as a side effect every time the deployment is taken out of hibernation.
+This will result in the need to re-index OpenSearch upon each wake-up and loss of session data.
diff --git a/docs/patches/P002R.md b/docs/patches/P002R.md
@@ -0,0 +1,27 @@
+---
+title: P002R
+---
+
+PHP performance improvements.
+
+## Description
+
+The `opcache.max_file_size` directive determines the maximum file size that can be cached by OPcache. Setting this value to zero allows all files to be cached, which can significantly improve the Time To First Byte (TTFB) metric. Previously, this value was limited to avoid caching large files deemed unnecessary for application functionality. However, further analysis has shown that removing this limitation enhances performance without adverse effects.
+
+## Impact
+
+- Web Layer
+
+## Changes
+
+The `opcache.max_file_size` directive will be updated to zero.
+
+## If You Accept
+
+During your chosen maintenance window, the patch will be applied.
+PHP-FPM will be restarted on the web tier to apply the changes.
+No downtime is expected since we are only restarting the PHP-FPM service.
+
+## If You Reject
+
+The current configuration will remain unchanged, and no performance improvements will be applied.
diff --git a/docs/patches/P003O.md b/docs/patches/P003O.md
@@ -0,0 +1,30 @@
+---
+title: P003O
+---
+
+## Description
+
+This patch increases the maximum number of SSH keys allowed by transitioning from a single advanced SSM parameter to multiple standard SSM parameters. Each SSH key is now stored individually, removing the previous 8k size limitation.
+
+## Impact
+
+- All-In-One (AIO) Servers
+- Jump Host Servers
+- Web Layer
+
+## Changes
+
+- Public keys in the advanced SSM parameter are split into multiple standard SSM parameters.
+- The `sync-ssh-keys` script is patched on jump and web leader instances.
+- Cloudformation template is updated to reflect the new method of storing SSH keys:
+
+## If You Accept
+
+The deployment will support effectively unlimited SSH keys.
+During your chosen maintenance window, the patch will be applied to all targeted servers.
+New Amazon Machine Images (AMIs) will be generated for each of the servers involved, and these new AMIs will be used to replace the current servers.
+Downtime should be minimal and take less than 10 minutes to restore service.
+
+## If You Reject
+
+No performance or functionality degradation is expected, but the deployment will not benefit from the increased SSH key limit.
diff --git a/docs/patches/index.md b/docs/patches/index.md
@@ -0,0 +1,13 @@
+---
+title: Patches
+---
+
+Patches are categorized as **Critical**, **Recommended**, or **Optional**, indicating their severity and the urgency of application.
+This classification is reflected in the last character of the patch's name.  
+
+{.compact}
+| Severity        | Description                                                                                     |
+|-----------------|-------------------------------------------------------------------------------------------------|
+| **Critical**    | Must be applied to all environments as soon as possible. |
+| **Recommended** | Includes important fixes and is recommended for all environments, but can be applied later. |
+| **Optional**    | Applied only if specifically requested and does not affect performance or functionality. |
