Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[indy] enable platform deployment via ansible server #2574

Merged
merged 2 commits into from
Jun 12, 2024
Merged

[indy] enable platform deployment via ansible server #2574

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2c5cba9
feat(indy): enable platform deployment via ansible-server
saurabhkumarkardam Jun 11, 2024
74c67ad
Merge branch 'develop' into indy-2557
sownak Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions platforms/hyperledger-indy/charts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ helm install university-steward-3 ./indy-node --namespace university-ns --values
cd ./indy-register-identity/files
kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
# Register endorser identity from admin
# Register the endorser identity using the trustee's credentials
# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
cd ../..
helm install university-endorser-id ./indy-register-identity --namespace authority-ns
```
Expand Down Expand Up @@ -130,24 +131,26 @@ helm install university-steward-4 ./indy-node --namespace university-ns --values
cd ./indy-register-identity/files
kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
# Register endorser identity from admin
# Register the endorser identity using the trustee's credentials
# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
cd ../..
helm install university-endorser-id ./indy-register-identity --namespace authority-ns
```

### Clean-up

To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
To clean up, simply uninstall the Helm charts.
> **NOTE**: It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.

```bash
helm uninstall --namespace university-ns university-steward-1
helm uninstall --namespace university-ns university-steward-2
helm uninstall --namespace university-ns university-steward-3
helm uninstall --namespace university-ns university-steward-4
helm uninstall --namespace university-ns genesis
helm uninstall --namespace university-ns university-keys
helm uninstall --namespace university-ns genesis

helm uninstall --namespace authority-ns university-endorser-id
helm uninstall --namespace authority-ns genesis
helm uninstall --namespace authority-ns authority-keys
helm uninstall --namespace authority-ns genesis
```
20 changes: 11 additions & 9 deletions platforms/hyperledger-indy/configuration/cleanup.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,19 @@
no_log: "{{ no_ansible_log | default(false) }}"
tasks:
# Cleanup all organizations' vault indy crypto
- name: Cleanup Vault indy crypto
- name: "Clean up Vault indy crypto"
include_role:
name: clean/vault
vars:
organization: "{{ organizationItem.name | lower }}"
organization_ns: "{{ organization }}-ns"
services: "{{ organizationItem.services }}"
acount: "{{ organization }}-admin-vault-auth"
vault: "{{ organizationItem.vault }}"
role: "rw"
auth_path: "kubernetes-{{ organization }}"
org_name: "{{ org.name | lower }}"
org_ns: "{{ org_name }}-ns"
services: "{{ org.services }}"
vault: "{{ org.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
loop_var: org

# Clean up helpers directory
- name: "Clean up helpers directory"
include_role:
name: clean/local_directories
222 changes: 60 additions & 162 deletions platforms/hyperledger-indy/configuration/deploy-network.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@
# SPDX-License-Identifier: Apache-2.0
##############################################################################################

#########################
##############################################################################################
# Playbook to create deployment files for namespaces, service account and clusterrolebinding
# Playbook arguments: complete network.yaml
#########################
##############################################################################################
---
- hosts: ansible_provisioners
gather_facts: no
no_log: "{{ no_ansible_log | default(false) }}"
Expand All @@ -24,203 +25,100 @@
name: check/validation

# Create namespaces for organizations
- name: 'Create namespace'
- name: "Create namespace"
include_role:
name: create/namespace
vars:
component_name: "{{ organizationItem.name | lower }}-ns"
component_type_name: "{{ organizationItem.type | lower }}"
kubernetes: "{{ organizationItem.k8s }}"
release_dir: "{{playbook_dir}}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}"
component_name: "{{ org.name | lower }}-ns"
component_type_name: "{{ org.type | lower }}"
kubernetes: "{{ org.k8s }}"
release_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
loop_var: org

# Create service accounts
- name: 'Create service accounts'
# Create necessary Kubernetes secrets for each organization
- name: "Create k8s secrets"
include_role:
name: create/serviceaccount/main
name: create/secrets
vars:
component_ns: "{{ organizationItem.name | lower }}-ns"
organization: "{{ organizationItem.name | lower }}"
component_type_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
gitops: "{{ organizationItem.gitops }}"
kubernetes: "{{ organizationItem.k8s }}"
component_ns: "{{ org.name | lower }}-ns"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
loop_var: org

# Create StorageClass
- name: Create Storage Class
# Generate keys for each nodes
- name: "Generate keys"
include_role:
name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
name: setup/generate-keys
vars:
org_name: "{{ org.name | lower }}"
sc_name: "{{ org_name }}-bevel-storageclass"
region: "{{ org.k8s.region | default('eu-west-1') }}"
stewards: "{{ org.services.stewards }}"
cloud_provider: "{{ org.cloud_provider | lower }}"
vault: "{{ org.vault }}"
kubernetes: "{{ org.k8s }}"
component_type: "generate-keys"
component_ns: "{{ org_name }}-ns"
component_name: "{{ org_name }}-keys"
values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
charts_dir: "{{ org.gitops.chart_source }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: org
when: org.org_status is not defined or org.org_status == 'new'

# Admin K8S auth
- name: Admin K8S auth
include_role:
name: setup/vault_kubernetes
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}-bevel-ac-vault-auth"
component_type: "GetServiceAccount"
vault: "{{ organizationItem.vault }}"
auth_path: "kubernetes-{{ organization }}-admin-auth"
kubernetes: "{{ organizationItem.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Generate auth job
- name: 'Generate auth job'
include_role:
name: setup/auth_job
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Get Vault AC Token via Service Account
- name: Get Vault AC Token via Service Account
include_role:
name: check/k8_component
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}-bevel-ac-vault-auth"
component_type: "GetServiceAccount"
vault: "{{ organizationItem.vault }}"
kubernetes: "{{ organizationItem.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem

# Generate indy crypto and insert into Vault
- name: 'Generate indy crypto and insert into Vault'
# Get each node keys for the Genesis setup
- name: "Get keys for the Genesis setup"
include_role:
name: setup/crypto
name: setup/genesis-node-keys
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
vault_ac_token: "{{ ac_vault_tokens[organization] }}"
component_ns: "{{ org.name | lower }}-ns"
kubernetes: "{{ org.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Create and deploy domain genesis
- name: 'Create domain genesis'
include_role:
name: setup/domain_genesis

# Create and deploy pool genesis
- name: 'Create pool genesis'
include_role:
name: setup/pool_genesis
loop_var: org

# Add new Trustees via existing Trustee
- name: "Add New Trustees via existing Trustee"
# Install Genesis
- name: "Install Genesis"
include_role:
name: setup/trustees
vars:
new_org_query: "organizations[?org_status=='new']"
neworg: "{{ network | json_query(new_org_query) | first }}"
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (add_new_org|bool and add_new_org_network_trustee_present|bool)
- (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')
name: setup/genesis

# Add new Stewards via existing Trustee
- name: "Add New Stewards via existing Trustee"
# Install Steward nodes
- name: Install Steward nodes
include_role:
name: setup/stewards
vars:
new_org_query: "organizations[?org_status=='new']"
neworg: "{{ network | json_query(new_org_query) | first }}"
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
org_name: "{{ org.name | lower }}"
cloud_provider: "{{ org.cloud_provider | lower }}"
kubernetes: "{{ org.k8s }}"
component_ns: "{{ org_name }}-ns"
component_type: "stewards"
values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
charts_dir: "{{ org.gitops.chart_source }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (add_new_org|bool and add_new_org_network_trustee_present|bool)
- (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')
loop_var: org

# Deploy all other nodes
- name: 'Deploy nodes'
# Install Endorser node
- name: "Install Endorser node"
include_role:
name: setup/node
name: setup/endorser
vars:
organization: "{{ organizationItem.name | lower }}"
sc_name: "{{ organization }}-bevel-storageclass"
component_ns: "{{ organizationItem.name | lower }}-ns"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
genesis: "{{ network.genesis }}"
org_name: "{{ org.name | lower }}"
endorser: "{{ org.services.endorser.name | lower }}"
trustee: "{{ org.services.trustee.name | lower }}"
kubernetes: "{{ org.k8s }}"
component_name: "{{ endorser }}"
component_ns: "{{ org_name }}-ns"
values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
charts_dir: "{{ org.gitops.chart_source }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
loop_var: org
when:
- (organizationItem.type == 'peer')
- (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
- (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))
- (org.services.endorser is defined) and (org.services.endorser.name | length > 0)

# Create and deploy Endorser Identities
- name: 'Create Endorser Identities'
include_role:
name: setup/endorsers
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (organizationItem.type == 'peer')
- (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
- (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))

# These variables can be overriden from the command line
vars:
install_os: "linux" # Default to linux OS
Expand Down
Loading
Loading