From 913f9f142049ed76028335a940f9bb5b67cf9a5e Mon Sep 17 00:00:00 2001 From: Alvaro Picazo <76157062+alvaropicazo@users.noreply.github.com> Date: Tue, 28 May 2024 12:44:41 +0200 Subject: [PATCH] update(besu,quorum): adapt besu & quorum ansible tasks and template files to charts (#2562) Signed-off-by: alvaropicazo --- .../templates/besu-config-configmap.yaml | 2 +- .../crypto/key_generation/tasks/main.yaml | 50 ----- .../roles/create/crypto/node/tasks/main.yaml | 63 ------ .../crypto/tessera/tasks/check_vault.yaml | 22 --- .../create/crypto/tessera/tasks/main.yaml | 66 ------- .../helm_component/templates/member.tpl | 4 +- .../roles/create/member/tasks/main.yaml | 25 +-- platforms/network-schema.json | 5 + platforms/quorum/charts/README.md | 2 +- .../quorum/charts/quorum-genesis/Chart.yaml | 3 +- .../quorum/configuration/deploy-network.yaml | 184 +++--------------- .../roles/create/crypto/ibft/meta/main.yaml | 9 - .../roles/create/crypto/ibft/tasks/main.yaml | 12 -- .../create/crypto/ibft/tasks/nested_main.yaml | 34 ---- .../roles/create/crypto/raft/meta/main.yaml | 9 - .../roles/create/crypto/raft/tasks/main.yaml | 12 -- .../create/crypto/raft/tasks/nested_main.yaml | 34 ---- .../crypto/tessera/tasks/check_vault.yaml | 22 --- .../create/crypto/tessera/tasks/main.yaml | 13 -- .../crypto/tessera/tasks/nested_main.yaml | 64 ------ .../helm_component/tasks/main.yaml | 0 .../templates/certs-ambassador-quorum.tpl | 2 +- .../templates/crypto_ibft_job.tpl | 0 .../templates/crypto_raft_job.tpl | 0 .../templates/crypto_tessera.tpl | 0 .../templates/helm_component.tpl | 0 .../helm_component/templates/memberquorum.tpl | 79 ++++++++ .../helm_component/templates/tessera.tpl | 0 .../templates/validatorquorum.tpl | 35 ++++ .../helm_component/vars/main.yaml | 0 .../create/member_node/tasks/enode_data.yaml | 12 -- .../roles/create/member_node/tasks/main.yaml | 59 +++++- .../create/member_node/tasks/member_main.yaml | 88 --------- .../member_node/tasks/nested_enode_data.yaml | 47 ----- .../roles/create/secrets/tasks/main.yaml | 32 +++ .../roles/create/tessera/meta/main.yaml | 12 -- .../create/tessera/tasks/enode_data.yaml | 12 -- .../roles/create/tessera/tasks/main.yaml | 41 ---- .../validator_node/tasks/enode_data.yaml | 12 -- .../create/validator_node/tasks/main.yaml | 44 ++++- .../tasks/nested_enode_data.yaml | 47 ----- .../validator_node/tasks/validator_main.yaml | 88 --------- .../certificates/ambassador/tasks/main.yaml | 23 +++ .../ambassador/tasks/nested_main.yaml | 17 ++ .../delete/vault_secrets/tasks/main.yaml | 35 +--- .../roles/get/genesis/tasks/main.yaml | 30 +++ .../helm_component/templates/memberquorum.tpl | 97 --------- .../templates/validatorquorum.tpl | 81 -------- .../setup/genesis/primary/tasks/main.yaml | 53 +++++ .../setup/genesis/secondary/tasks/main.yaml | 42 ++++ .../roles/setup/get_crypto/tasks/main.yaml | 35 ---- .../roles/setup/geth-bootnode/tasks/main.yaml | 64 ------ .../roles/setup/geth-bootnode/vars/main.yaml | 11 -- .../roles/setup/golang/tasks/main.yaml | 50 ----- .../roles/setup/golang/vars/main.yaml | 12 -- .../roles/setup/istanbul/meta/main.yaml | 9 - .../roles/setup/istanbul/tasks/main.yaml | 49 ----- .../roles/setup/istanbul/vars/main.yaml | 11 -- .../roles/setup/new_member/tasks/main.yaml | 49 +++++ .../configuration/samples/network-quorum.yaml | 140 +++++++------ .../templates/primary_genesis.tpl | 4 +- .../templates/secondary_genesis.tpl | 4 +- .../roles/create/job_component/vars/main.yaml | 4 +- .../roles/helm_lint/vars/main.yaml | 6 +- 64 files changed, 588 insertions(+), 1483 deletions(-) delete mode 100644 platforms/hyperledger-besu/configuration/roles/create/crypto/key_generation/tasks/main.yaml delete mode 100644 platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml delete mode 100644 platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml delete mode 100644 platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/ibft/meta/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/ibft/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/ibft/tasks/nested_main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/raft/meta/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/raft/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/raft/tasks/nested_main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/tessera/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/crypto/tessera/tasks/nested_main.yaml rename platforms/quorum/configuration/roles/{ => create}/helm_component/tasks/main.yaml (100%) rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/certs-ambassador-quorum.tpl (96%) rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/crypto_ibft_job.tpl (100%) rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/crypto_raft_job.tpl (100%) rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/crypto_tessera.tpl (100%) rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/helm_component.tpl (100%) create mode 100644 platforms/quorum/configuration/roles/create/helm_component/templates/memberquorum.tpl rename platforms/quorum/configuration/roles/{ => create}/helm_component/templates/tessera.tpl (100%) create mode 100644 platforms/quorum/configuration/roles/create/helm_component/templates/validatorquorum.tpl rename platforms/quorum/configuration/roles/{ => create}/helm_component/vars/main.yaml (100%) delete mode 100644 platforms/quorum/configuration/roles/create/member_node/tasks/enode_data.yaml delete mode 100644 platforms/quorum/configuration/roles/create/member_node/tasks/member_main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/member_node/tasks/nested_enode_data.yaml create mode 100644 platforms/quorum/configuration/roles/create/secrets/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/tessera/meta/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/tessera/tasks/enode_data.yaml delete mode 100644 platforms/quorum/configuration/roles/create/tessera/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/create/validator_node/tasks/enode_data.yaml delete mode 100644 platforms/quorum/configuration/roles/create/validator_node/tasks/nested_enode_data.yaml delete mode 100644 platforms/quorum/configuration/roles/create/validator_node/tasks/validator_main.yaml create mode 100644 platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/main.yaml create mode 100644 platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/nested_main.yaml create mode 100644 platforms/quorum/configuration/roles/get/genesis/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/helm_component/templates/memberquorum.tpl delete mode 100644 platforms/quorum/configuration/roles/helm_component/templates/validatorquorum.tpl create mode 100644 platforms/quorum/configuration/roles/setup/genesis/primary/tasks/main.yaml create mode 100644 platforms/quorum/configuration/roles/setup/genesis/secondary/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/get_crypto/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/geth-bootnode/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/geth-bootnode/vars/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/golang/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/golang/vars/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/istanbul/meta/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/istanbul/tasks/main.yaml delete mode 100644 platforms/quorum/configuration/roles/setup/istanbul/vars/main.yaml create mode 100644 platforms/quorum/configuration/roles/setup/new_member/tasks/main.yaml diff --git a/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml b/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml index c35d05c00e5..d0ef3e34c47 100644 --- a/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml +++ b/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml @@ -27,7 +27,7 @@ data: node-private-key-file={{.Values.node.besu.privateKeyPath | quote }} # Transaction Pool - tx-pool-layer-max-capacity={{ .Values.node.besu.txPool.maxCapacity }} + tx-pool-max-size={{ .Values.node.besu.txPool.maxCapacity }} {{ if .Values.node.besu.p2p.enabled -}} # P2P network diff --git a/platforms/hyperledger-besu/configuration/roles/create/crypto/key_generation/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/crypto/key_generation/tasks/main.yaml deleted file mode 100644 index 934a4ec1af2..00000000000 --- a/platforms/hyperledger-besu/configuration/roles/create/crypto/key_generation/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ -############################################################################################## -# Copyright Walmart Inc. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- - -# Ensure the directory exists for storing keys -- name: Ensure directory exists - file: - path: "{{ build_path }}/crypto/{{ user }}//{{ org.name }}" - state: directory - recurse: yes - -# Check if the key is present in Vault -- name: Check if the {{ user }} key of {{ org.name }} is present in Vault - shell: | - # Retrieve the public and private keys from Vault - vault kv get -field=key_pub {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/crypto/{{ user }} > "{{ build_path }}/crypto/{{ user }}/{{ org.name }}/key_pub" - vault kv get -field=key {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/crypto/{{ user }} > "{{ build_path }}/crypto/{{ user }}/{{ org.name }}/key" - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - register: vault_result - ignore_errors: yes - -# Set a flag to generate keys if they are not found in Vault -- set_fact: - generate_key: True - when: vault_result.failed is defined and vault_result.failed == True - -# Generate a public key -- name: Generate {{ user }}'s public key for {{ org.name }} - shell: | - # Generate a public key and move it to the specified location - {{ bin_install_dir }}/besu/besu-{{ network.version }}/besu public-key export-address --to={{ build_path }}/crypto/{{ user }}/{{ org.name }}/key_pub - mv {{ bin_install_dir }}/besu/key {{ build_path }}/crypto/{{ user }}/{{ org.name }}/key - register: output - when: generate_key is defined and generate_key == True - -# Store the public and private keys in Vault -- name: Store the {{ user }}'s public and private keys in Vault - shell: | - # Store the public and private keys in Vault - vault kv put {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/crypto/{{ user }} key="$(cat {{ build_path }}/crypto/{{ user }}/{{ org.name }}/key)" key_pub="$(cat {{ build_path }}/crypto/{{ user }}/{{ org.name }}/key_pub)" - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - when: generate_key is defined and generate_key == True diff --git a/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml deleted file mode 100644 index dd55ba45357..00000000000 --- a/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml +++ /dev/null @@ -1,63 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Set node_list to empty -- name: Set node_list to empty - set_fact: - node_list: [] - -# Delete the previously created release file -- name: Delete release file {{ organisation }}-node-key-mgmt - file: - path: "{{ values_dir }}/{{ organisation }}/{{ organisation }}-node-key-mgmt.yaml" - state: absent - -# Git Push : Pushes the above generated files to git directory -- name: Git Push - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ org.gitops }}" - msg: "[ci skip] Delete previous node key mgmt files" - -# Delete the previously created HelmRelease -- name: Delete the previous {{ organisation }}-node-key-mgmt HelmRelease - k8s: - api_version: "helm.toolkit.fluxcd.io/v2beta1" - kind: HelmRelease - name: "{{ organisation }}-node-key-mgmt" - namespace: "{{ organisation }}-bes" - state: absent - kubeconfig: "{{ kubernetes.config_file }}" - context: "{{ kubernetes.context }}" - -# Fetch all node (peers and validators) present in all organizations of the network -- name: Fetching all nodes of the organisation - set_fact: - node_list={{ node_list | default([]) + [ {'name':peer.name} ] }} - loop: "{{ org.services.peers is defined | ternary(org.services.peers, org.services.validators) }}" - loop_control: - loop_var: peer - -# Creates node key mgmt value file for each organization -- name: Create node key mgmt value file for each organization - include_role: - name: create/helm_component - vars: - name: "{{ org.name | lower }}" - component_name: "{{ name }}-node-key-mgmt" - component_ns: "{{ name }}-bes" - type: "node_key_mgmt" - -# Git Push : Pushes the above generated files to git directory -- name: Git Push - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ org.gitops }}" - msg: "[ci skip] Pushing node key mgmt files" diff --git a/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml b/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml deleted file mode 100644 index 04037922a19..00000000000 --- a/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - - -# Check for the crypto material to the vault -- name: Check the crypto material to Vault - shell: | - vault kv get -field=privateKey {{ vault.secret_path | default('secretsv2') }}/{{ component_ns }}/crypto/{{ item.name }}/tm - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - with_items: "{{ peers }}" - register: vault_result - ignore_errors: yes - -# Set a fact based on vault_result -- set_fact: - generate_crypto_tessera: True - when: vault_result.failed is defined and vault_result.failed == True diff --git a/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/main.yaml deleted file mode 100644 index 1b4ea201415..00000000000 --- a/platforms/hyperledger-besu/configuration/roles/create/crypto/tessera/tasks/main.yaml +++ /dev/null @@ -1,66 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check the crypto material in the vault -- name: Check for the crypto material in the vault - include_tasks: check_vault.yaml - vars: - vault: "{{ org.vault }}" - peers: "{{ org.services.peers }}" - -# Wait for namespace creation for members -- name: "Wait for namespace creation for members" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" - vars: - component_type: "Namespace" - component_name: "{{ component_ns }}" - type: "retry" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - -# Generate Tessera crypto helmrelease file -- name: "Create tessera crypto file" - include_role: - name: create/helm_component - vars: - component_type: "crypto" - type: "besu_crypto_tessera" - name: "{{ org.name | lower }}" - component_name: "{{ peer.name }}-tessera-job" - loop: "{{ org.services.peers }}" - loop_control: - loop_var: peer - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - -# Push the created deployment files to repository -- name: "Push the created deployment files to repository" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - msg: "[ci skip] Pushing tessera job files for {{ component_ns }}" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - -# Check if tessera crypto job is completed -- name: Check if tessera crypto job is completed - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - component_name: "{{ peer.name }}-tessera-job" - component_type: Job - namespace: "{{ component_ns }}" - loop: "{{ org.services.peers }}" - loop_control: - loop_var: peer - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera diff --git a/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl b/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl index e8302c80c6d..c74c52c1efe 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl +++ b/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl @@ -60,10 +60,12 @@ spec: {% endif %} tessera: removeKeysOnDelete: true +{% if org.type == 'member' or org.type is not defined %} peerNodes: {% for tm_node in network.config.tm_nodes %} - url: {{ tm_node | quote }} {% endfor %} +{% endif %} resources: cpuLimit: 0.25 cpuRequest: 0.05 @@ -105,7 +107,7 @@ spec: tag: {{ network.version }} node: removeKeysOnDelete: false - isBootnode: {{ peer.bootnode | default(false) }} + isBootnode: false usesBootnodes: false besu: identity: {{ peer.subject | quote }} diff --git a/platforms/hyperledger-besu/configuration/roles/create/member/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/member/tasks/main.yaml index f6f30106268..1f1d609cb3e 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/member/tasks/main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/member/tasks/main.yaml @@ -10,7 +10,14 @@ name: setup/genesis/secondary vars: values_dir: "./build/{{ component_ns }}" + when: org.type == 'member' +# Get the Genesis and staticnodes +- name: Get genesis and staticnodes + include_role: + name: get/genesis + when: org.type == 'member' and org.services.peers is defined + # Creates the Besu node value files for each node of organization - name: Create value file for Besu node include_role: @@ -44,21 +51,3 @@ component_name: "{{ member.name | lower }}" namespace: "{{ component_ns }}" when: org.services.peers is defined - -# Get the Genesis and staticnodes -- name: Get genesis and staticnodes - include_role: - name: get/genesis - when: org.services.peers is defined - -# Add the enode of new organizations to each of the existing nodes using rpc call only when ambassador is used -- name: Adding the enode of new peer to all existing peer. - include_role: - name: setup/new_member - loop: "{{ org.services.peers }}" - loop_control: - loop_var: peer - when: - - org.services.peers is defined - - network.config.besu_nodes is defined - - network.env.proxy == 'ambassador' diff --git a/platforms/network-schema.json b/platforms/network-schema.json index 6e28ab6902d..848014438a3 100755 --- a/platforms/network-schema.json +++ b/platforms/network-schema.json @@ -2633,6 +2633,11 @@ }, "bootnode": { "$ref": "#/definitions/quorum_config_bootnode" + }, + "accounts": { + "type": "array", + "minItems": 0, + "description": "Array of accounts which start with default ETH" } }, "required": [ diff --git a/platforms/quorum/charts/README.md b/platforms/quorum/charts/README.md index ffc04dd1738..c3b1567cb1c 100644 --- a/platforms/quorum/charts/README.md +++ b/platforms/quorum/charts/README.md @@ -115,7 +115,7 @@ helm install supplychain ./quorum-node --namespace supplychain-quo --values ./va ### Setting Up Another Member in a Different Namespace ```bash -# Get the genesis and static nodes from existing member and and place them in the directory 'besu-genesis/files' +# Get the genesis and static nodes from existing member and and place them in the directory 'quorum-genesis/files' cd ./quorum-genesis/files/ kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json diff --git a/platforms/quorum/charts/quorum-genesis/Chart.yaml b/platforms/quorum/charts/quorum-genesis/Chart.yaml index 025b8fbeca8..480cfac68f7 100644 --- a/platforms/quorum/charts/quorum-genesis/Chart.yaml +++ b/platforms/quorum/charts/quorum-genesis/Chart.yaml @@ -1,5 +1,4 @@ -# apiVersion: v2 -apiVersion: v1 +apiVersion: v2 name: quorum-genesis description: "Quorum: This Helm chart deploys genesis." type: application diff --git a/platforms/quorum/configuration/deploy-network.yaml b/platforms/quorum/configuration/deploy-network.yaml index 84bbb4b5dce..19b67ac454d 100644 --- a/platforms/quorum/configuration/deploy-network.yaml +++ b/platforms/quorum/configuration/deploy-network.yaml @@ -33,201 +33,75 @@ gitops: "{{ item.gitops }}" loop: "{{ network['organizations'] }}" - # Create Storageclass - - name: Create Storage Class + # Create necessary secrets + - name: "Create k8s secrets" include_role: - name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass" + name: create/secrets vars: - org_name: "{{ org.name | lower }}" - sc_name: "{{ org_name }}-bevel-storageclass" - region: "{{ org.k8s.region | default('eu-west-1') }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - - # Setup script for Vault and OS Package Manager - - name: "Setup script for Vault and OS Package Manager" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/scripts" - vars: - namespace: "{{ org.name | lower }}-quo" - kubernetes: "{{ org.k8s }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - - # Setup Vault-Kubernetes accesses and Regcred for docker registry - - name: "Setup vault" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault_kubernetes" - vars: - name: "{{ org.name | lower }}" component_ns: "{{ org.name | lower }}-quo" - component_name: "{{ org.name | lower }}-vaultk8s-job" - component_auth: "{{ network.env.type }}{{ name }}" - component_type: "organization" kubernetes: "{{ org.k8s }}" vault: "{{ org.vault }}" - gitops: "{{ org.gitops }}" loop: "{{ network['organizations'] }}" loop_control: loop_var: org + when: + - org.org_status is not defined or org.org_status == 'new' - # Generate Ambassador certificate for nodes - - name: "Create ambassador certificates for Nodes" + # Execute primary genesis for the first organization + - name: "Setup primary genesis with first org as Validators" include_role: - name: create/certificates/ambassador + name: setup/genesis/primary vars: - gitops: "{{ org.gitops }}" - component_auth: "{{ network.env.type }}{{ org.name | lower }}" - component_ns: "{{ org.name | lower }}-quo" - charts_dir: "{{ org.gitops.chart_source }}" - component_name: "{{ org.name | lower }}-ambassador-certs" - kubernetes: "{{ org.k8s }}" - values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}" - vault: "{{ org.vault }}" - peers: "{{ org.services.peers }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - - # Generate the crypto material for quorum network based on RAFT consensus and store it in vault - - name: "Generate crypto material for RAFT consensus" - include_role: - name: create/crypto/raft - vars: - gitops: "{{ org.gitops }}" - org_name: "{{ org.name }}" - component_name: "{{ org.name | lower }}" + build_path: "./build" + org: "{{ network['organizations'] | first }}" + name: "{{ org.name | lower }}" component_ns: "{{ org.name | lower }}-quo" - values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}" - vault: "{{ org.vault }}" - peers: "{{ org.services.peers }}" - charts_dir: "{{ org.gitops.chart_source }}" kubernetes: "{{ org.k8s }}" - loop: "{{ network['organizations'] }}" - when: network.config.consensus == 'raft' - loop_control: - loop_var: org - - # Build istanbul binary and place it in the bin directory - - name: "Setup istanbul-tools" - include_role: - name: setup/istanbul - loop: "{{ network['organizations'] }}" - when: network.config.consensus == 'ibft' - - # Generate the genesis.json and nodekey/enode for all orgs of the network - - name: "Generate genesis and nodekey/enode for the network" - include_role: - name: create/genesis_nodekey - when: network.config.consensus == 'ibft' - - # Generate the crypto material for quorum network based on ibft consensus and store it in vault - - name: "Generate crypto material for IBFT consensus" - include_role: - name: create/crypto/ibft - vars: - component_name: "{{ org.name | lower }}" - component_ns: "{{ org.name | lower }}-quo" vault: "{{ org.vault }}" - org_name: "{{ org.name }}" - kubernetes: "{{ org.k8s }}" - peers: "{{ org.services.peers }}" - values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}" gitops: "{{ org.gitops }}" charts_dir: "{{ org.gitops.chart_source }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - when: network.config.consensus == 'ibft' + values_dir: "./build/{{ component_ns }}" + when: + - not (add_new_org | bool) - # Generate the crypto materials for tessera tm - - name: "Generate crypto for the Tessera transaction manager" + # # This role deploy validator nodes + - name: "Deploy validator nodes" include_role: - name: create/crypto/tessera + name: create/validator_node vars: - build_path: "{{ playbook_dir }}/build" + build_path: "./build" + org: "{{ network['organizations'] | first }}" + name: "{{ org.name | lower }}" component_ns: "{{ org.name | lower }}-quo" kubernetes: "{{ org.k8s }}" vault: "{{ org.vault }}" - org_name: "{{ org.name }}" - peers: "{{ org.services.peers }}" gitops: "{{ org.gitops }}" charts_dir: "{{ org.gitops.chart_source }}" - values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - when: - - network.config.transaction_manager == 'tessera' - - # Deploy Tessera transaction manager node - - name: "Deploy Tessera Transaction Manager" - include_role: - name: create/tessera - vars: - consensus: "{{ network.config.consensus }}" - component_ns: "{{ org.name | lower }}-quo" - name: "{{ org.name | lower }}" - peers: "{{ org.services.peers }}" - sc_name: "{{ name }}-bevel-storageclass" - external_url: "{{ org.external_url_suffix }}" - vault: "{{ org.vault }}" - charts_dir: "{{ org.gitops.chart_source }}" - values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - when: network.config.transaction_manager == 'tessera' + values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ component_ns }}" + when: + - org.org_status is not defined or org.org_status == 'new' # Deploy member nodes - - name: "Deploy member nodes" + - name: "Deploy member nodes with tessera transaction manager" include_role: name: create/member_node vars: build_path: "./build" kubernetes: "{{ org.k8s }}" - consensus: "{{ network.config.consensus }}" - component_ns: "{{ org.name | lower }}-quo" name: "{{ org.name | lower }}" - peers: "{{ org.services.peers }}" - sc_name: "{{ name }}-bevel-storageclass" - external_url: "{{ org.external_url_suffix }}" - vault: "{{ org.vault }}" - git_url: "{{ org.gitops.git_url }}" - git_branch: "{{ org.gitops.branch }}" - docker_url: "{{ network.docker.url }}" - charts_dir: "{{ org.gitops.chart_source }}" - values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" - geth_data: "{{ network.config.bootnode | default('null') }}" - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org - - # Deploy validator nodes - - name: "Deploy validator nodes" - include_role: - name: create/validator_node - vars: - build_path: "./build" - kubernetes: "{{ org.k8s }}" + firstorg: "{{ network['organizations'] | first }}" consensus: "{{ network.config.consensus }}" component_ns: "{{ org.name | lower }}-quo" - name: "{{ org.name | lower }}" - peers: "{{ org.services.peers }}" - sc_name: "{{ name }}-bevel-storageclass" - external_url: "{{ org.external_url_suffix }}" vault: "{{ org.vault }}" - git_url: "{{ org.gitops.git_url }}" - git_branch: "{{ org.gitops.branch }}" - docker_url: "{{ network.docker.url }}" + gitops: "{{ org.gitops }}" charts_dir: "{{ org.gitops.chart_source }}" - values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" + values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ component_ns }}" geth_data: "{{ network.config.bootnode | default('null') }}" loop: "{{ network['organizations'] }}" loop_control: loop_var: org + when: + - org.org_status is not defined or org.org_status == 'new' #These variables can be overriden from the command line vars: diff --git a/platforms/quorum/configuration/roles/create/crypto/ibft/meta/main.yaml b/platforms/quorum/configuration/roles/create/crypto/ibft/meta/main.yaml deleted file mode 100644 index 589d39ae941..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/ibft/meta/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -dependencies: - - role: "setup/geth-bootnode" diff --git a/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/main.yaml b/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/main.yaml deleted file mode 100644 index 452646df471..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Create crypto material for each peer with IBFT consensus -- name: Create crypto material for each peer with IBFT consensus - include_tasks: nested_main.yaml - loop: "{{ peers }}" - loop_control: - loop_var: peer diff --git a/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/nested_main.yaml b/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/nested_main.yaml deleted file mode 100644 index 1a58b99ce2c..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/ibft/tasks/nested_main.yaml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Generate tessera crypto helmrelease file -- name: "Create ibft crypto file" - include_role: - name: helm_component - vars: - component_type: "crypto" - type: "crypto_ibft_job" - name: "{{ org.name | lower }}" - component_name: "{{ peer.name }}-ibft-job" - -# Push the created deployment files to repository -- name: "Push the created deployment files to repository" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - msg: "[ci skip] Pushing tessera job files for {{ component_ns }}" - tags: notest - -# Check if tessera crypto job is completed -- name: Check if tessera crypto job is completed - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - component_name: "{{ peer.name }}-ibft-job" - component_type: Job - namespace: "{{ component_ns }}" - tags: notest diff --git a/platforms/quorum/configuration/roles/create/crypto/raft/meta/main.yaml b/platforms/quorum/configuration/roles/create/crypto/raft/meta/main.yaml deleted file mode 100644 index 589d39ae941..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/raft/meta/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -dependencies: - - role: "setup/geth-bootnode" diff --git a/platforms/quorum/configuration/roles/create/crypto/raft/tasks/main.yaml b/platforms/quorum/configuration/roles/create/crypto/raft/tasks/main.yaml deleted file mode 100644 index 386e1148442..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/raft/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Create crypto material for each peer with RAFT consensus -- name: Create crypto material for each peer with RAFT consensus - include_tasks: nested_main.yaml - loop: "{{ peers }}" - loop_control: - loop_var: peer diff --git a/platforms/quorum/configuration/roles/create/crypto/raft/tasks/nested_main.yaml b/platforms/quorum/configuration/roles/create/crypto/raft/tasks/nested_main.yaml deleted file mode 100644 index 9cb752e3840..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/raft/tasks/nested_main.yaml +++ /dev/null @@ -1,34 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Generate tessera crypto helmrelease file -- name: "Create raft crypto file" - include_role: - name: helm_component - vars: - component_type: "crypto" - type: "crypto_raft_job" - name: "{{ org.name | lower }}" - component_name: "{{ peer.name }}-raft-job" - -# Push the created deployment files to repository -- name: "Push the created deployment files to repository" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - msg: "[ci skip] Pushing tessera job files for {{ component_ns }}" - tags: notest - -# Check if tessera crypto job is completed -- name: Check if tessera crypto job is completed - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - component_name: "{{ peer.name }}-raft-job" - component_type: Job - namespace: "{{ component_ns }}" - tags: notest diff --git a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml b/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml deleted file mode 100644 index f4009d8079a..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/check_vault.yaml +++ /dev/null @@ -1,22 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check for the crypto material to the vault -- name: Check the crypto material to Vault - shell: | - vault kv get -field=publicKey {{ vault.secret_path | default('secretsv2') }}/{{ org.name | lower }}/crypto/{{ item.name }}/tm - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - with_items: "{{ peers }}" - when: item.type == 'member' - register: vault_result - ignore_errors: yes - -# Set a fact vault_result -- set_fact: - generate_crypto_tessera: True - when: vault_result.failed is defined and vault_result.failed == True diff --git a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/main.yaml b/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/main.yaml deleted file mode 100644 index 4128f2d14ec..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Create crypto material for each non validator peer for tessera tm -- name: Create crypto material for each non validator peer for tessera tm - include_tasks: nested_main.yaml - loop: "{{ peers }}" - loop_control: - loop_var: peer - when: peer.type != 'validator' diff --git a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/nested_main.yaml b/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/nested_main.yaml deleted file mode 100644 index 76586044baf..00000000000 --- a/platforms/quorum/configuration/roles/create/crypto/tessera/tasks/nested_main.yaml +++ /dev/null @@ -1,64 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check crypto material in the vault -- name: Check for the crypto material in the vault - include_tasks: check_vault.yaml - vars: - vault: "{{ org.vault }}" - peers: "{{ org.services.peers }}" - -# Wait for namespace creation -- name: "Wait for namespace creation" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" - vars: - component_type: "Namespace" - component_name: "{{ component_ns }}" - type: "retry" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - tags: - - notest - -# Generate tessera crypto helmrelease file -- name: "Create tessera crypto file" - include_role: - name: helm_component - vars: - component_type: "crypto" - type: "crypto_tessera" - name: "{{ org.name | lower }}" - component_name: "{{ peer.name }}-tessera-job" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - -# Push the created deployment files to repository -- name: "Push the created deployment files to repository" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - msg: "[ci skip] Pushing tessera job files for {{ component_ns }}" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - tags: notest - -# Check if tessera crypto job is completed -- name: Check if tessera crypto job is completed - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - component_name: "{{ peer.name }}-tessera-job" - component_type: Job - namespace: "{{ component_ns }}" - when: - - generate_crypto_tessera is defined - - generate_crypto_tessera - tags: notest diff --git a/platforms/quorum/configuration/roles/helm_component/tasks/main.yaml b/platforms/quorum/configuration/roles/create/helm_component/tasks/main.yaml similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/tasks/main.yaml rename to platforms/quorum/configuration/roles/create/helm_component/tasks/main.yaml diff --git a/platforms/quorum/configuration/roles/helm_component/templates/certs-ambassador-quorum.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/certs-ambassador-quorum.tpl similarity index 96% rename from platforms/quorum/configuration/roles/helm_component/templates/certs-ambassador-quorum.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/certs-ambassador-quorum.tpl index f8c9c3a086e..660550bf885 100644 --- a/platforms/quorum/configuration/roles/helm_component/templates/certs-ambassador-quorum.tpl +++ b/platforms/quorum/configuration/roles/create/helm_component/templates/certs-ambassador-quorum.tpl @@ -10,7 +10,7 @@ spec: interval: 1m chart: spec: - chart: {{ charts_dir }}/quorum-tlscerts-gen + chart: {{ charts_dir }}/quorum-tlscert-gen sourceRef: kind: GitRepository name: flux-{{ network.env.type }} diff --git a/platforms/quorum/configuration/roles/helm_component/templates/crypto_ibft_job.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/crypto_ibft_job.tpl similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/templates/crypto_ibft_job.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/crypto_ibft_job.tpl diff --git a/platforms/quorum/configuration/roles/helm_component/templates/crypto_raft_job.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/crypto_raft_job.tpl similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/templates/crypto_raft_job.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/crypto_raft_job.tpl diff --git a/platforms/quorum/configuration/roles/helm_component/templates/crypto_tessera.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/crypto_tessera.tpl similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/templates/crypto_tessera.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/crypto_tessera.tpl diff --git a/platforms/quorum/configuration/roles/helm_component/templates/helm_component.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/helm_component.tpl similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/templates/helm_component.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/helm_component.tpl diff --git a/platforms/quorum/configuration/roles/create/helm_component/templates/memberquorum.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/memberquorum.tpl new file mode 100644 index 00000000000..0bb9ae0803d --- /dev/null +++ b/platforms/quorum/configuration/roles/create/helm_component/templates/memberquorum.tpl @@ -0,0 +1,79 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: {{ component_name }} + namespace: {{ component_ns }} + annotations: + fluxcd.io/automated: "false" +spec: + releaseName: {{ component_name }} + interval: 1m + chart: + spec: + chart: {{ charts_dir }}/quorum-node + sourceRef: + kind: GitRepository + name: flux-{{ network.env.type }} + namespace: flux-{{ network.env.type }} + values: + global: + serviceAccountName: vault-auth + cluster: + provider: {{ org.cloud_provider }} + cloudNativeServices: false + vault: + type: {{ vault.type | default("hashicorp") }} + network: quorum + address: {{ vault.url }} + secretPrefix: "data/{{ network.env.type }}{{ name }}" + secretEngine: {{ vault.secret_path | default("secretsv2") }} + role: vault-role + authPath: {{ network.env.type }}{{ name }} + proxy: + provider: ambassador + externalUrlSuffix: {{ org.external_url_suffix }} + p2p: {{ peer.p2p.ambassador }} + tmport: {{ peer.tm_nodeport.ambassador | default(443) }} + storage: + size: "2Gi" + tessera: + enabled: true + tessera: + port: + resources: + cpuLimit: 0.25 + cpuRequest: 0.05 + memLimit: "2G" + memRequest: "1G" + password: 'password' + storage: + enabled: false + size: 1Gi + dbSize: 2Gi + allowedTopologies: + enabled: false + + tls: + enabled: true +{% if network.docker.password is defined %} + image: + pullSecret: regcred +{% endif %} + settings: + certSubject: {{ network.config.subject | quote }} + tmTls: {{ network.config.tm_tls | default(false) }} + + + node: + goquorum: + metrics: + serviceMonitorEnabled: true + resources: + cpuLimit: 0.25 + cpuRequest: 0.05 + memLimit: "1G" + memRequest: "300M" + account: + password: 'password' + p2p: + discovery: false diff --git a/platforms/quorum/configuration/roles/helm_component/templates/tessera.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/tessera.tpl similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/templates/tessera.tpl rename to platforms/quorum/configuration/roles/create/helm_component/templates/tessera.tpl diff --git a/platforms/quorum/configuration/roles/create/helm_component/templates/validatorquorum.tpl b/platforms/quorum/configuration/roles/create/helm_component/templates/validatorquorum.tpl new file mode 100644 index 00000000000..80ddd2d1a61 --- /dev/null +++ b/platforms/quorum/configuration/roles/create/helm_component/templates/validatorquorum.tpl @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: {{ component_name }} + namespace: {{ component_ns }} + annotations: + fluxcd.io/automated: "false" +spec: + releaseName: {{ component_name }} + interval: 1m + chart: + spec: + chart: {{ charts_dir }}/quorum-node + sourceRef: + kind: GitRepository + name: flux-{{ network.env.type }} + namespace: flux-{{ network.env.type }} + values: + global: + serviceAccountName: vault-auth + cluster: + provider: {{ org.cloud_provider }} + cloudNativeServices: false + vault: + address: {{ vault.url }} + secretPrefix: data/{{ network.env.type }}{{ name }} + network: quorum + role: vault-role + authPath: {{ network.env.type }}{{ name }} + type: {{ vault.type | default("hashicorp") }} + secretEngine: {{ vault.secret_path | default("secretsv2") }} + proxy: + provider: "ambassador" + externalUrlSuffix: {{ org.external_url_suffix }} + p2p: {{ peer.p2p.ambassador }} diff --git a/platforms/quorum/configuration/roles/helm_component/vars/main.yaml b/platforms/quorum/configuration/roles/create/helm_component/vars/main.yaml similarity index 100% rename from platforms/quorum/configuration/roles/helm_component/vars/main.yaml rename to platforms/quorum/configuration/roles/create/helm_component/vars/main.yaml diff --git a/platforms/quorum/configuration/roles/create/member_node/tasks/enode_data.yaml b/platforms/quorum/configuration/roles/create/member_node/tasks/enode_data.yaml deleted file mode 100644 index d421503af05..00000000000 --- a/platforms/quorum/configuration/roles/create/member_node/tasks/enode_data.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Get enode data -- name: Get enode data - include_tasks: nested_enode_data.yaml - loop: "{{ org1.services.peers }}" - loop_control: - loop_var: peernode diff --git a/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml b/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml index 766d5065673..7b97986556b 100644 --- a/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml +++ b/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml @@ -1,12 +1,53 @@ -# Create helm release files for member nodes -- name: Create helm release files for member nodes - include_tasks: member_main.yaml +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# Execute only for members +- name: Perform secondary genesis + include_role: + name: setup/genesis/secondary vars: - peer_query: "peers[?type=='member']" - member_node: "{{ org.services | json_query(peer_query) | first | default() }}" - loop: "{{ peers }}" + values_dir: "./build/{{ component_ns }}" + when: org.type == 'member' + +# Get the Genesis and staticnodes +- name: Get genesis and staticnodes + include_role: + name: get/genesis + when: org.type == 'member' and org.services.peers is defined + +# Creates the Quorum node value files for each node of organization +- name: Create value file for Quorum node + include_role: + name: create/helm_component + vars: + component_name: "{{ peer.name }}" + type: "memberquorum" + loop: "{{ org.services.peers }}" loop_control: loop_var: peer - when: - - member_node | length > 0 - - peer.type == 'member' + when: org.services.peers is defined + +# Pushes the above generated files to git directory +- name: Git Push + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" + vars: + GIT_DIR: "{{ playbook_dir }}/../../../" + msg: "[ci skip] Pushing Member node files" + when: org.services.peers is defined + +# Wait for the last Member to be running +- name: "Wait for the last member to run" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" + vars: + member: "{{ org.services.peers | last }}" + label_selectors: + - app.kubernetes.io/release = {{ member.name | lower }} + component_type: "Pod" + component_name: "{{ member.name | lower }}" + namespace: "{{ component_ns }}" + when: org.services.peers is defined diff --git a/platforms/quorum/configuration/roles/create/member_node/tasks/member_main.yaml b/platforms/quorum/configuration/roles/create/member_node/tasks/member_main.yaml deleted file mode 100644 index e8f1adba0d6..00000000000 --- a/platforms/quorum/configuration/roles/create/member_node/tasks/member_main.yaml +++ /dev/null @@ -1,88 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Set enode_data_list to empty -- name: Set enode_data_list to [] - set_fact: - enode_data_list: [] - -# Set node status -- name: Set node status - set_fact: - node_status: default - when: not add_new_org - -# Set node status -- name: Set node status - set_fact: - node_status: additional - when: add_new_org - -# Get enode data for all orgs -- name: Get enode data for each node of all organization - include_tasks: enode_data.yaml - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org1 - -# Create the staticnodes file from the template -- name: Create staticnodes file - template: - src: "staticnodes.tpl" - dest: "{{ network.config.staticnodes }}" - when: not add_new_org - -# Add a new node to the existing network -- name: Adds a new node to the existing network - uri: - url: "http://{{ geth_data.url }}" - method: POST - validate_certs: no - return_content: yes - body_format: json - body: '{"jsonrpc":"2.0","method":"raft_addPeer","params": ["enode://{{ enode.enodeval }}@{{ enode.peer_name }}.{{ enode.external_url }}:{{ enode.p2p_ambassador }}?discport=0&raftport={{ enode.raft_ambassador }}"], "id":{{ geth_data.nodeid }} }' - headers: - Content-Type: "application/json" - loop: "{{ enode_data_list }}" - loop_control: - loop_var: enode - register: peer_id - until: peer_id.status == 200 - retries: "{{ network.env.retry_count }}" - delay: 50 - when: add_new_org and network.config.consensus == 'raft' - tags: - - notest - -# Fetch the new peer_id -- name: Get peer_id - set_fact: - peer_id: "{{ peer_id.results[0].json.result }}" - when: add_new_org and network.config.consensus == 'raft' - tags: - - notest - -# Create the Quorum value files for each node of organization -- name: Create value file for Quorum Nodes - include_role: - name: helm_component - vars: - component_name: "{{ name }}{{ peer.name }}quorum" - type: "memberquorum" - genesis: "{{ lookup('file', '{{ network.config.genesis }}') | b64encode }}" - staticnodes: "{{ lookup('file', '{{ network.config.staticnodes }}') | from_yaml | to_nice_json }}" - when: peer.type == 'member' - -# Git Push : Push the above generated files to git directory -- name: Git Push - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ org.gitops }}" - msg: "[ci skip] Pushing Peer files" - tags: - - notest diff --git a/platforms/quorum/configuration/roles/create/member_node/tasks/nested_enode_data.yaml b/platforms/quorum/configuration/roles/create/member_node/tasks/nested_enode_data.yaml deleted file mode 100644 index a1a11400679..00000000000 --- a/platforms/quorum/configuration/roles/create/member_node/tasks/nested_enode_data.yaml +++ /dev/null @@ -1,47 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check if the keystore.json exist in build directory -- name: Check if enode is present in the build directory or not - stat: - path: "{{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode" - register: file_status - -# Create the build directory if it does not exist -- name: Create build directory if it does not exist - file: - path: "{{ build_path }}/{{ org1.name }}/{{ peernode.name }}" - state: directory - mode: '0755' - recurse: yes - when: file_status.stat.exists == False - changed_when: false - -# Fetch nodekey from vault -- name: Get the nodekey from vault and generate the enode - shell: | - vault kv get -field=nodekey {{ vault.secret_path | default('secretsv2') }}/{{ org1.name }}/crypto/{{ peernode.name }}/quorum > {{ build_path }}/{{ org1.name }}/{{ peernode.name }}/nodekey - {{ bin_install_dir }}/bootnode --nodekey={{ build_path }}/{{ org1.name }}/{{ peernode.name }}/nodekey --writeaddress > {{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - when: file_status.stat.exists == False - changed_when: false - -# Get enode data -- name: Get enode_data - set_fact: - enode_data: "{{ lookup('file', '{{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode') }}" - -# Get information about each validator node present in network.yaml and store it as a list of org,node -- name: Get validator and transaction node data for raft - set_fact: - enode_data_list={{ enode_data_list | default([]) + [ {'peer_name':peernode.name, 'enodeval':enode_data, 'external_url':org1.external_url_suffix, 'p2p_ambassador':peernode.p2p.ambassador, 'raft_ambassador':peernode.raft.ambassador } ] }} - when: network.config.consensus == 'raft' -- name: Get validator and transaction node data - set_fact: - enode_data_list={{ enode_data_list | default([]) + [ {'peer_name':peernode.name, 'enodeval':enode_data, 'external_url':org1.external_url_suffix, 'p2p_ambassador':peernode.p2p.ambassador } ] }} - when: network.config.consensus != 'raft' diff --git a/platforms/quorum/configuration/roles/create/secrets/tasks/main.yaml b/platforms/quorum/configuration/roles/create/secrets/tasks/main.yaml new file mode 100644 index 00000000000..cc31dd73c32 --- /dev/null +++ b/platforms/quorum/configuration/roles/create/secrets/tasks/main.yaml @@ -0,0 +1,32 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# Wait for namespace to be created by flux +- name: "Wait for the namespace {{ component_ns }} to be created" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" + vars: + component_type: "Namespace" + component_name: "{{ component_ns }}" + type: "retry" + +# Create the vault roottoken secret +- name: "Create vault token secret" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets" + vars: + namespace: "{{ component_ns }}" + check: "token_secret" + +# Create the docker pull credentials for image registry +- name: "Create docker credentials secret" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets" + vars: + namespace: "{{ component_ns }}" + check: "docker_credentials" + when: + - network.docker.username is defined diff --git a/platforms/quorum/configuration/roles/create/tessera/meta/main.yaml b/platforms/quorum/configuration/roles/create/tessera/meta/main.yaml deleted file mode 100644 index 06bfb7f3714..00000000000 --- a/platforms/quorum/configuration/roles/create/tessera/meta/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -dependencies: - - role: "create/genesis_raft" - vars: - build_path: "./build" - when: network.type == 'quorum' and network.config.consensus == 'raft' diff --git a/platforms/quorum/configuration/roles/create/tessera/tasks/enode_data.yaml b/platforms/quorum/configuration/roles/create/tessera/tasks/enode_data.yaml deleted file mode 100644 index 148175be2ab..00000000000 --- a/platforms/quorum/configuration/roles/create/tessera/tasks/enode_data.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -#Get enode data -- name: Get enode data - include_tasks: nested_enode_data.yaml - loop: "{{ org1.services.peers }}" - loop_control: - loop_var: peernode diff --git a/platforms/quorum/configuration/roles/create/tessera/tasks/main.yaml b/platforms/quorum/configuration/roles/create/tessera/tasks/main.yaml deleted file mode 100644 index c9f74862cb7..00000000000 --- a/platforms/quorum/configuration/roles/create/tessera/tasks/main.yaml +++ /dev/null @@ -1,41 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Set node status -- name: Set node status - set_fact: - node_status: default - when: not add_new_org - -# Set node status -- name: Set node status - set_fact: - node_status: additional - when: add_new_org - -# Create value file for Tessera TM nodes -- name: Create value file for Tessera TM nodes - include_role: - name: helm_component - vars: - component_name: "{{ name }}{{ peer.name }}tessera" - type: "quorum_tessera" - loop: "{{ peers }}" - loop_control: - loop_var: peer - when: - - peer.type == 'member' - -# Git Push : Push the above generated files to git directory -- name: Git Push - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ org.gitops }}" - msg: "[ci skip] Pushing Peer files" - tags: - - notest diff --git a/platforms/quorum/configuration/roles/create/validator_node/tasks/enode_data.yaml b/platforms/quorum/configuration/roles/create/validator_node/tasks/enode_data.yaml deleted file mode 100644 index d421503af05..00000000000 --- a/platforms/quorum/configuration/roles/create/validator_node/tasks/enode_data.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Get enode data -- name: Get enode data - include_tasks: nested_enode_data.yaml - loop: "{{ org1.services.peers }}" - loop_control: - loop_var: peernode diff --git a/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml b/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml index 0b0b5db00fe..aa7e77c1d0b 100644 --- a/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml +++ b/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml @@ -4,15 +4,41 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# Create helm release files for validator nodes -- name: Create helm release files for validator nodes - include_tasks: validator_main.yaml +# This task creates helm release file for each validator node of organization +- name: Create helm release file for each validator node of organization + include_role: + name: create/helm_component vars: - peer_query: "peers[?type=='validator']" - validator_node: "{{ org.services | json_query(peer_query) | first | default() }}" - loop: "{{ peers }}" + component_name: "{{ peer.name }}" + type: "validatorquorum" + loop: "{{ org.services.validators }}" loop_control: loop_var: peer - when: - - validator_node | length > 0 - - peer.type == 'validator' + when: org.services.validators is defined + +# Git Push : Pushes the above generated files to git +- name: Git Push + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" + vars: + GIT_DIR: "{{ playbook_dir }}/../../../" + msg: "[ci skip] Pushing Validator files" + when: org.services.validators is defined + +# Wait for the last validator to be running +- name: "Wait for the last validator to run" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" + vars: + validator: "{{ org.services.validators | last }}" + label_selectors: + - app.kubernetes.io/release = {{ validator.name | lower }} + component_type: "Pod" + namespace: "{{ component_ns }}" + when: org.services.validators is defined + +# Get the Genesis and staticnodes +- name: Get genesis and staticnodes + include_role: + name: get/genesis + when: org.services.validators is defined diff --git a/platforms/quorum/configuration/roles/create/validator_node/tasks/nested_enode_data.yaml b/platforms/quorum/configuration/roles/create/validator_node/tasks/nested_enode_data.yaml deleted file mode 100644 index a1a11400679..00000000000 --- a/platforms/quorum/configuration/roles/create/validator_node/tasks/nested_enode_data.yaml +++ /dev/null @@ -1,47 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check if the keystore.json exist in build directory -- name: Check if enode is present in the build directory or not - stat: - path: "{{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode" - register: file_status - -# Create the build directory if it does not exist -- name: Create build directory if it does not exist - file: - path: "{{ build_path }}/{{ org1.name }}/{{ peernode.name }}" - state: directory - mode: '0755' - recurse: yes - when: file_status.stat.exists == False - changed_when: false - -# Fetch nodekey from vault -- name: Get the nodekey from vault and generate the enode - shell: | - vault kv get -field=nodekey {{ vault.secret_path | default('secretsv2') }}/{{ org1.name }}/crypto/{{ peernode.name }}/quorum > {{ build_path }}/{{ org1.name }}/{{ peernode.name }}/nodekey - {{ bin_install_dir }}/bootnode --nodekey={{ build_path }}/{{ org1.name }}/{{ peernode.name }}/nodekey --writeaddress > {{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode - environment: - VAULT_ADDR: "{{ vault.url }}" - VAULT_TOKEN: "{{ vault.root_token }}" - when: file_status.stat.exists == False - changed_when: false - -# Get enode data -- name: Get enode_data - set_fact: - enode_data: "{{ lookup('file', '{{ build_path }}/{{ org1.name }}/{{ peernode.name }}/enode') }}" - -# Get information about each validator node present in network.yaml and store it as a list of org,node -- name: Get validator and transaction node data for raft - set_fact: - enode_data_list={{ enode_data_list | default([]) + [ {'peer_name':peernode.name, 'enodeval':enode_data, 'external_url':org1.external_url_suffix, 'p2p_ambassador':peernode.p2p.ambassador, 'raft_ambassador':peernode.raft.ambassador } ] }} - when: network.config.consensus == 'raft' -- name: Get validator and transaction node data - set_fact: - enode_data_list={{ enode_data_list | default([]) + [ {'peer_name':peernode.name, 'enodeval':enode_data, 'external_url':org1.external_url_suffix, 'p2p_ambassador':peernode.p2p.ambassador } ] }} - when: network.config.consensus != 'raft' diff --git a/platforms/quorum/configuration/roles/create/validator_node/tasks/validator_main.yaml b/platforms/quorum/configuration/roles/create/validator_node/tasks/validator_main.yaml deleted file mode 100644 index 1b347f8bcb3..00000000000 --- a/platforms/quorum/configuration/roles/create/validator_node/tasks/validator_main.yaml +++ /dev/null @@ -1,88 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Set enode_data_list to empty -- name: Set enode_data_list to [] - set_fact: - enode_data_list: [] - -# Set node status -- name: Set node status - set_fact: - node_status: default - when: not add_new_org - -# Set node status -- name: Set node status - set_fact: - node_status: additional - when: add_new_org - -# Get enode data for all orgs -- name: Get enode data for each node of all organization - include_tasks: enode_data.yaml - loop: "{{ network['organizations'] }}" - loop_control: - loop_var: org1 - -# Create the staticnodes file from the template -- name: Create staticnodes file - template: - src: "staticnodes.tpl" - dest: "{{ network.config.staticnodes }}" - when: not add_new_org - -# Add a new node to the existing network -- name: Adds a new validator node to the existing network - uri: - url: "http://{{ geth_data.url }}:{{ geth_data.rpcport }}" - method: POST - validate_certs: no - return_content: yes - body_format: json - body: '{"jsonrpc":"2.0","method":"raft_addPeer","params": ["enode://{{ enode.enodeval }}@{{ enode.peer_name }}.{{ enode.external_url }}:{{ enode.p2p_ambassador }}?discport=0&raftport={{ enode.raft_ambassador }}"], "id":{{ geth_data.nodeid }} }' - headers: - Content-Type: "application/json" - loop: "{{ enode_data_list }}" - loop_control: - loop_var: enode - register: peer_id - until: peer_id.status == 200 - retries: "{{ network.env.retry_count }}" - delay: 50 - when: add_new_org and network.config.consensus == 'raft' - tags: - - notest - -# Fetch the new peer_id -- name: Get validator peer_id - set_fact: - peer_id: "{{ peer_id.results[0].json.result }}" - when: add_new_org and network.config.consensus == 'raft' - tags: - - notest - -# Create the Quorum value files for each node of organization -- name: Create value file for Quorum Nodes - include_role: - name: helm_component - vars: - component_name: "{{ name }}{{ peer.name }}quorum" - type: "validatorquorum" - genesis: "{{ lookup('file', '{{ network.config.genesis }}') | b64encode }}" - staticnodes: "{{ lookup('file', '{{ network.config.staticnodes }}') | from_yaml | to_nice_json }}" - when: peer.type == 'validator' - -# Git Push: Push the above generated files to git directory -- name: Git Push - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" - vars: - GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ org.gitops }}" - msg: "[ci skip] Pushing Peer files" - tags: - - notest diff --git a/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/main.yaml b/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/main.yaml new file mode 100644 index 00000000000..57000c86907 --- /dev/null +++ b/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/main.yaml @@ -0,0 +1,23 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## +--- + +# Delete Ambassador certificates +- name: delete Ambassador certificates + include_tasks: nested_main.yaml + vars: + node_name: "{{ node.name | lower }}" + loop: "{{ services.peers is defined | ternary(services.peers, services.validators) }}" + loop_control: + loop_var: node + +# Delete clusterissuer helm chart +- name: Delete ClusterIssuer + kubernetes.core.helm: + kubeconfig: "{{ kubernetes.config_file }}" + name: letsencrypt-clusterissuer + state: absent + release_namespace: "default" diff --git a/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/nested_main.yaml b/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/nested_main.yaml new file mode 100644 index 00000000000..4bd5f1814f4 --- /dev/null +++ b/platforms/quorum/configuration/roles/delete/certificates/ambassador/tasks/nested_main.yaml @@ -0,0 +1,17 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# This role generates certificates for rootca and ambassador +# and places them in vault. Certificates are created using openssl +--- + +# Delete ambassador tls certificates created by cert-manager +- name: Delete TLS certificate + kubernetes.core.helm: + kubeconfig: "{{ kubernetes.config_file }}" + name: "letsencrypt-cert-{{node_name}}" + state: absent + release_namespace: "default" diff --git a/platforms/quorum/configuration/roles/delete/vault_secrets/tasks/main.yaml b/platforms/quorum/configuration/roles/delete/vault_secrets/tasks/main.yaml index 90eb1d90f9e..113c88ddfdf 100644 --- a/platforms/quorum/configuration/roles/delete/vault_secrets/tasks/main.yaml +++ b/platforms/quorum/configuration/roles/delete/vault_secrets/tasks/main.yaml @@ -10,7 +10,7 @@ ############################################################################################# -# Delete the Docker credentials +# Delete Docker credentials - name: Delete docker creds k8s: kind: Secret @@ -19,34 +19,19 @@ state: absent kubeconfig: "{{ kubernetes.config_file }}" context: "{{ kubernetes.context }}" - ignore_errors: yes + ignore_errors: true -# Delete Ambassador creds -- name: Delete Ambassador creds - k8s: - kind: Secret - namespace: "{{ org_namespace }}" - name: "{{ peer.name }}-ambassador-certs" - kubeconfig: "{{ kubernetes.config_file }}" - context: "{{ kubernetes.context }}" - state: absent - loop: "{{ services.peers }}" - loop_control: - loop_var: peer - ignore_errors: yes - -# Delete crypto materials -- name: Delete Crypto materials +# Deletes crypto materials +- name: Delete Crypto material shell: | - vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/{{ peer.name }}/tm - vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/{{ peer.name }}/quorum - vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/{{ peer.name }}/certs - vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/crypto/genesis - vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ org_name }}/smartContracts/General - loop: "{{ services.peers }}" + vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/quorum-node-{{ peer.name }}-keys + vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/tessera-{{ peer.name }}-keys + vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/tlscerts + vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/genesis environment: VAULT_ADDR: "{{ item.vault.url }}" VAULT_TOKEN: "{{ item.vault.root_token }}" + loop: "{{ services.peers is defined | ternary( services.peers, services.validators) }}" loop_control: loop_var: peer - ignore_errors: yes + ignore_errors: true diff --git a/platforms/quorum/configuration/roles/get/genesis/tasks/main.yaml b/platforms/quorum/configuration/roles/get/genesis/tasks/main.yaml new file mode 100644 index 00000000000..cbeba800ede --- /dev/null +++ b/platforms/quorum/configuration/roles/get/genesis/tasks/main.yaml @@ -0,0 +1,30 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# Get the genesis file from current org +- name: Get genesis from config map of current org + kubernetes.core.k8s_info: + kubeconfig: "{{ kubernetes.config_file }}" + kind: ConfigMap + name: "quorum-genesis" + namespace: "{{ component_ns }}" + register: genesis_data + +# Get the static node file from current org +- name: Get static-nodes from config map of current org + kubernetes.core.k8s_info: + kubeconfig: "{{ kubernetes.config_file }}" + kind: ConfigMap + name: "quorum-peers" + namespace: "{{ component_ns }}" + register: nodes_data + +- name: Save genesis locally for Secondary genesis + shell: | + echo {{ genesis_data.resources[0].data['genesis.json'] | to_nice_json }} > {{ files_loc }}/genesis.json + echo {{ nodes_data.resources[0].data['static-nodes.json'] | to_nice_json }} > {{ files_loc }}/static-nodes.json + vars: + files_loc: "{{playbook_dir}}/../../../{{ charts_dir }}/quorum-genesis/files" diff --git a/platforms/quorum/configuration/roles/helm_component/templates/memberquorum.tpl b/platforms/quorum/configuration/roles/helm_component/templates/memberquorum.tpl deleted file mode 100644 index 74d4c9fe9d6..00000000000 --- a/platforms/quorum/configuration/roles/helm_component/templates/memberquorum.tpl +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: {{ component_name }} - namespace: {{ component_ns }} - annotations: - fluxcd.io/automated: "false" -spec: - releaseName: {{ component_name }} - interval: 1m - chart: - spec: - chart: {{ charts_dir }}/quorum-member-node - sourceRef: - kind: GitRepository - name: flux-{{ network.env.type }} - namespace: flux-{{ network.env.type }} - values: - replicaCount: 1 - metadata: - namespace: {{ component_ns }} - labels: - images: - node: quorumengineering/quorum:{{ network.version }} - alpineutils: ghcr.io/hyperledger/bevel-alpine:latest - node: - name: {{ peer.name }} -{% if add_new_org %} -{% if network.config.consensus == 'raft' %} - peer_id: {{ peer_id | int }} -{% endif %} -{% endif %} - status: {{ node_status }} - consensus: {{ consensus }} - subject: {{ peer.subject }} - mountPath: /etc/quorum/qdata - imagePullSecret: regcred - keystore: keystore_1 -{% if org.cloud_provider == 'minikube' %} - servicetype: NodePort -{% else %} - servicetype: ClusterIP -{% endif %} - lock: {{ peer.lock | lower }} - ports: - rpc: {{ peer.rpc.port }} -{% if network.config.consensus == 'raft' %} - raft: {{ peer.raft.port }} -{% endif %} - quorum: {{ peer.p2p.port }} - - tm: - type: {{ network.config.transaction_manager }} - - vault: - type: {{ vault.type | default("hashicorp") }} - address: {{ vault.url }} - secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ name }}/crypto/{{ peer.name }} - serviceaccountname: vault-auth - keyname: quorum - tm_keyname: tm - role: vault-role - authpath: {{ network.env.type }}{{ name }} - -{% if network.config.transaction_manager != "none" %} - tessera: -{% if network.config.tm_tls == 'strict' %} - url: "https://{{ peer.name }}.{{ external_url }}:{{ peer.transaction_manager.ambassador }}" -{% else %} - url: "http://{{ peer.name }}.{{ external_url }}:{{ peer.transaction_manager.ambassador }}" -{% endif %} - clienturl: "http://{{ peer.name }}-tessera:{{ peer.transaction_manager.clientport }}" #TODO: Enable tls strict for q2t -{% endif %} - genesis: {{ genesis }} - staticnodes: - {{ staticnodes }} -{% if network.env.proxy == 'ambassador' %} - proxy: - provider: "ambassador" - external_url: {{ external_url }} - quorumport: {{ peer.p2p.ambassador }} -{% if network.config.consensus == 'raft' %} - portRaft: {{ peer.raft.ambassador }} -{% endif %} -{% else %} - proxy: - provider: none - external_url: {{ name }}.{{ component_ns }} - quorumport: {{ peer.p2p.port }} -{% if network.config.consensus == 'raft' %} - portRaft: {{ peer.raft.port }} -{% endif %} -{% endif %} - storage: - storageclassname: {{ sc_name }} - storagesize: 1Gi - dbstorage: 1Gi diff --git a/platforms/quorum/configuration/roles/helm_component/templates/validatorquorum.tpl b/platforms/quorum/configuration/roles/helm_component/templates/validatorquorum.tpl deleted file mode 100644 index f26a3736eb9..00000000000 --- a/platforms/quorum/configuration/roles/helm_component/templates/validatorquorum.tpl +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: {{ component_name }} - namespace: {{ component_ns }} - annotations: - fluxcd.io/automated: "false" -spec: - releaseName: {{ component_name }} - interval: 1m - chart: - spec: - chart: {{ charts_dir }}/quorum-validator-node - sourceRef: - kind: GitRepository - name: flux-{{ network.env.type }} - namespace: flux-{{ network.env.type }} - values: - replicaCount: 1 - metadata: - namespace: {{ component_ns }} - labels: - images: - node: quorumengineering/quorum:{{ network.version }} - alpineutils: ghcr.io/hyperledger/bevel-alpine:latest - node: - name: {{ peer.name }} -{% if add_new_org %} -{% if network.config.consensus == 'raft' %} - peer_id: {{ peer_id | int }} -{% endif %} -{% endif %} - status: {{ node_status }} - consensus: {{ consensus }} - subject: {{ peer.subject }} - mountPath: /etc/quorum/qdata - imagePullSecret: regcred - keystore: keystore_1 -{% if org.cloud_provider == 'minikube' %} - servicetype: NodePort -{% else %} - servicetype: ClusterIP -{% endif %} - lock: {{ peer.lock | lower }} - ports: - rpc: {{ peer.rpc.port }} -{% if network.config.consensus == 'raft' %} - raft: {{ peer.raft.port }} -{% endif %} - quorum: {{ peer.p2p.port }} - vault: - address: {{ vault.url }} - secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ name }}/crypto/{{ peer.name }} - serviceaccountname: vault-auth - keyname: quorum - role: vault-role - authpath: {{ network.env.type }}{{ name }} - type: {{ vault.type | default("hashicorp") }} - genesis: {{ genesis }} - staticnodes: {{ staticnodes }} -{% if network.env.proxy == 'ambassador' %} - proxy: - provider: "ambassador" - external_url: {{ external_url }} - quorumport: {{ peer.p2p.ambassador }} -{% if network.config.consensus == 'raft' %} - portRaft: {{ peer.raft.ambassador }} -{% endif %} -{% else %} - proxy: - provider: none - external_url: {{ name }}.{{ component_ns }} - quorumport: {{ peer.p2p.port }} -{% if network.config.consensus == 'raft' %} - portRaft: {{ peer.raft.port }} -{% endif %} -{% endif %} - storage: - storageclassname: {{ sc_name }} - storagesize: 1Gi - dbstorage: 1Gi diff --git a/platforms/quorum/configuration/roles/setup/genesis/primary/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/genesis/primary/tasks/main.yaml new file mode 100644 index 00000000000..083936f8cca --- /dev/null +++ b/platforms/quorum/configuration/roles/setup/genesis/primary/tasks/main.yaml @@ -0,0 +1,53 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# create build directory +- name: Create build directory if it does not exist + file: + path: "{{ build_path }}" + state: directory + +# Get number of validators +- name: Validator count + set_fact: + validator_count={{ validator_count | default(0) | int + 1 }} + loop: "{{ org.services.validators | default([]) }}" + +- name: Fail when no validators detected + ansible.builtin.fail: + msg: The first organization must have Validators. + when: validator_count == 0 + +- name: Get the kubernetes server url + shell: | + KUBECONFIG={{ kubernetes.config_file }} kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " " + register: kubernetes_server_url + +# This task runs the genesis job +- name: Genesis job helm install + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component" + vars: + component_name: "genesis" + type: "primary_genesis" + kubernetes_url: "{{ kubernetes_server_url.stdout }}" + +# Pushes the above generated files to git directory +- name: Git Push + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" + vars: + GIT_DIR: "{{ playbook_dir }}/../../../" + msg: "[ci skip] Pushing genesis file" + +# Wait for Genesis job to complete +- name: "Wait for the genesis job to complete" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" + vars: + component_name: "genesis" + component_type: Job + namespace: "{{ component_ns }}" diff --git a/platforms/quorum/configuration/roles/setup/genesis/secondary/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/genesis/secondary/tasks/main.yaml new file mode 100644 index 00000000000..9fbc4d7ce4d --- /dev/null +++ b/platforms/quorum/configuration/roles/setup/genesis/secondary/tasks/main.yaml @@ -0,0 +1,42 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## + +# create build directory +- name: Create build directory if it does not exist + file: + path: "{{ build_path }}" + state: directory + +- name: Get the kubernetes server url + shell: | + KUBECONFIG={{ kubernetes.config_file }} kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " " + register: kubernetes_server_url + +# This task runs the genesis job +- name: Genesis job helm install + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component" + vars: + component_name: "genesis" + type: "secondary_genesis" + kubernetes_url: "{{ kubernetes_server_url.stdout }}" + +# Pushes the above generated files to git directory +- name: Git Push + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" + vars: + GIT_DIR: "{{ playbook_dir }}/../../../" + msg: "[ci skip] Pushing genesis file" + +# Wait for Genesis job to complete +- name: "Wait for the genesis job to complete" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" + vars: + component_name: "genesis" + component_type: Job + namespace: "{{ component_ns }}" diff --git a/platforms/quorum/configuration/roles/setup/get_crypto/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/get_crypto/tasks/main.yaml deleted file mode 100644 index dc298818b5d..00000000000 --- a/platforms/quorum/configuration/roles/setup/get_crypto/tasks/main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -############################################################################################# -# This role saves the crypto from Vault into ansible_provisioner -############################################################################################# - -# Ensure admincerts directory is present in build -- name: Ensure directory exists - file: - path: "{{ cert_path }}" - state: directory - -# Save the cert file -- name: Save cert - local_action: copy content="{{ vault_output['data'].data.ambassadorcrt | b64decode }}" dest="{{ cert_path }}/ambassador.crt" - when: type == "ambassador" - -# Save the key file -- name: Save key - local_action: copy content="{{ vault_output['data'].data.ambassadorkey | b64decode }}" dest="{{ cert_path }}/ambassador.key" - when: type == "ambassador" - -# Save root rootcapem -- name: Save root rootcapem - local_action: copy content="{{ vault_output['data'].data.rootcapem | b64decode }}" dest="{{ cert_path }}/rootca.pem" - when: type == "rootca" - -# Save root rootcakey -- name: Save root rootcakey - local_action: copy content="{{ vault_output['data'].data.rootcakey | b64decode }}" dest="{{ cert_path }}/rootca.key" - when: type == "rootca" diff --git a/platforms/quorum/configuration/roles/setup/geth-bootnode/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/geth-bootnode/tasks/main.yaml deleted file mode 100644 index 4d742fd5d90..00000000000 --- a/platforms/quorum/configuration/roles/setup/geth-bootnode/tasks/main.yaml +++ /dev/null @@ -1,64 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Create a temporary directory -- name: create temporary directory - tempfile: - state: directory - register: tmp_directory - -# Check if the geth binary is already in place or not -- name: Check geth - stat: - path: "{{ bin_install_dir }}/geth" - register: geth_stat_result - -# Check if the bootnode binary is already in place or not -- name: Check bootnode - stat: - path: "{{ bin_install_dir }}/bootnode" - register: bootnode_stat_result - -# Download the geth and bootnode tar -- name: Download geth and bootnode tar - get_url: - url: "{{ geth_tar.location }}" - dest: "{{ tmp_directory.path }}" - mode: 0440 - when: geth_stat_result.stat.exists == False or bootnode_stat_result.stat.exists == False - -# Create the bin directory, if it doesn't exist -- name: Create bin directory - file: - path: "{{ bin_install_dir }}" - state: directory - when: geth_stat_result.stat.exists == False or bootnode_stat_result.stat.exists == False - -# Extract the tar file containing the geth and bootnode binary -- name: Extracts the tar file containing the geth and bootnode binary - unarchive: - src: "{{ tmp_directory.path }}/geth-alltools-linux-amd64-1.10.0-56dec25a.tar.gz" - dest: "{{ tmp_directory.path }}" - copy: no - when: geth_stat_result.stat.exists == False or bootnode_stat_result.stat.exists == False - -# Copy the binary to destination directory -- name: Copy geth binary to destination directory - copy: - src: "{{ tmp_directory.path }}/geth-alltools-linux-amd64-1.10.0-56dec25a/geth" - dest: "{{ bin_install_dir }}" - mode: 0777 - remote_src: yes - when: geth_stat_result.stat.exists == False - -# Copy the binary to destination directory -- name: Copy bootnode binary to destination directory - copy: - src: "{{ tmp_directory.path }}/geth-alltools-linux-amd64-1.10.0-56dec25a/bootnode" - dest: "{{ bin_install_dir }}" - mode: 0777 - remote_src: yes - when: bootnode_stat_result.stat.exists == False diff --git a/platforms/quorum/configuration/roles/setup/geth-bootnode/vars/main.yaml b/platforms/quorum/configuration/roles/setup/geth-bootnode/vars/main.yaml deleted file mode 100644 index 9f1f5b843df..00000000000 --- a/platforms/quorum/configuration/roles/setup/geth-bootnode/vars/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}" - -geth_tar: - location: "https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.0-56dec25a.tar.gz" diff --git a/platforms/quorum/configuration/roles/setup/golang/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/golang/tasks/main.yaml deleted file mode 100644 index b3bd6951cde..00000000000 --- a/platforms/quorum/configuration/roles/setup/golang/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Register a temporary directory -- name: Register temporary directory - tempfile: - state: directory - register: tmp_directory - changed_when: false - -# Check if go is already installed or not -- name: Check go - stat: - path: "{{ go_root_dir }}/go" - register: go_stat_result - changed_when: false - -# Download golang tar -- name: Download golang tar - get_url: - url: "https://storage.googleapis.com/golang/go{{ go.version }}.{{ install_os }}-{{ install_arch }}.tar.gz" - dest: "{{ tmp_directory.path }}" - mode: 0440 - when: not go_stat_result.stat.exists - -# Create bin directory -- name: Create bin directory - file: - path: "{{ bin_install_dir }}" - state: directory - when: not go_stat_result.stat.exists - -# Extract the Go tarball -- name: Extract the Go tarball - unarchive: - src: "{{ tmp_directory.path }}/go{{ go.version }}.{{install_os}}-{{install_arch}}.tar.gz" - dest: "{{ go_root_dir }}" - copy: no - become: yes - when: not go_stat_result.stat.exists - -# Test go installation -- name: Test go installation - command: "go version" - changed_when: false - environment: - GOROOT: "{{ go_root_dir }}" diff --git a/platforms/quorum/configuration/roles/setup/golang/vars/main.yaml b/platforms/quorum/configuration/roles/setup/golang/vars/main.yaml deleted file mode 100644 index 66ffbe92d7c..00000000000 --- a/platforms/quorum/configuration/roles/setup/golang/vars/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}" - -go: - version: 1.13.5 -go_root_dir: "{{ go_root_folder | default('/usr/local') }}" diff --git a/platforms/quorum/configuration/roles/setup/istanbul/meta/main.yaml b/platforms/quorum/configuration/roles/setup/istanbul/meta/main.yaml deleted file mode 100644 index b23df7b8e02..00000000000 --- a/platforms/quorum/configuration/roles/setup/istanbul/meta/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- - dependencies: - - role: "setup/golang" diff --git a/platforms/quorum/configuration/roles/setup/istanbul/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/istanbul/tasks/main.yaml deleted file mode 100644 index e6bd2d67605..00000000000 --- a/platforms/quorum/configuration/roles/setup/istanbul/tasks/main.yaml +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - -# Check if the istanbul-tools is already in place or not -- name: Check istanbul - stat: - path: "{{ bin_install_dir }}/istanbul" - register: istanbul_stat_result - -# Check if istanbul repo directory exists -- name: Check istanbul repo dir exists - stat: - path: "{{ bin_install_dir }}/istanbul_repo" - register: repo_stat_result - -# Clone the istanbul-tools git repository -- name: Clone the istanbul-tools git repo - git: - repo: "{{ istanbul.repo }}" - version: v1.1.0 - force: yes - dest: "{{ bin_install_dir }}/istanbul_repo" - when: not ( repo_stat_result.stat.exists and istanbul_stat_result.stat.exists ) - -# Build the istanbul binary -- name: Make istanbul - make: - chdir: "{{ bin_install_dir }}/istanbul_repo" - when: istanbul_stat_result.stat.exists == False - -# Create the bin directory, if it doesn't exist, for storing the istanbul binary -- name: "Create bin directory" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" - vars: - path: "{{ bin_install_dir }}" - when: istanbul_stat_result.stat.exists == False - -# Move the istanbul binary to above created bin directory -- name: Copy istanbul binary to destination directory - copy: - src: "{{ bin_install_dir }}/istanbul_repo/build/bin/istanbul" - dest: "{{ bin_install_dir }}/istanbul" - mode: 0755 - remote_src: yes - when: istanbul_stat_result.stat.exists == False diff --git a/platforms/quorum/configuration/roles/setup/istanbul/vars/main.yaml b/platforms/quorum/configuration/roles/setup/istanbul/vars/main.yaml deleted file mode 100644 index 57b7973ff1f..00000000000 --- a/platforms/quorum/configuration/roles/setup/istanbul/vars/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}" - -istanbul: - repo: https://github.com/ConsenSys/istanbul-tools.git diff --git a/platforms/quorum/configuration/roles/setup/new_member/tasks/main.yaml b/platforms/quorum/configuration/roles/setup/new_member/tasks/main.yaml new file mode 100644 index 00000000000..2619c9779fa --- /dev/null +++ b/platforms/quorum/configuration/roles/setup/new_member/tasks/main.yaml @@ -0,0 +1,49 @@ +############################################################################################## +# Copyright Accenture. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################################################## +- name: Read static-nodes file + slurp: + src: "{{ files_loc }}/static-nodes.json" + register: staticnodes_file_content + vars: + files_loc: "{{playbook_dir}}/../../../{{ charts_dir }}/quorum-genesis/files" + +- name: Get Node enode URL from static-nodes + set_fact: + enode_url: "{{ (staticnodes_file_content.content | b64decode | from_json) | json_query('[?contains(@, `' + peer.name + '`)]') }}" + +- name: Get Node enode URL from static-nodes + set_fact: + enode: "{{ enode_url[0].split('@')[0] }}" + +#Get IP Address using getent for ubuntu/linux +- name: Get host ip + shell: | + getent hosts {{ peer.name }}.{{ org.external_url_suffix }} | awk '{ print $1 }' + register: host_details + +# Use host IP because admin_addPeer function does not accept DNS for host address +- name: Get host_ip + set_fact: + host_ip: "{{ host_details.stdout.split('\n') | first }}" + +# Add a new node to the existing network using admin_addPeer API +- name: Add a new node to the existing network + uri: + url: "{{ node }}" + method: POST + validate_certs: no + return_content: yes + body_format: json + body: '{"jsonrpc":"2.0","method":"admin_addPeer","params":["{{ enode }}@{{ host_ip }}:{{ peer.p2p.ambassador }}"],"id":1}' + headers: + Content-Type: "application/json" + loop: "{{ network.config.tm_nodes }}" + loop_control: + loop_var: node + register: peer_id + until: peer_id.status == 200 + retries: "{{ network.env.retry_count }}" + delay: 20 diff --git a/platforms/quorum/configuration/samples/network-quorum.yaml b/platforms/quorum/configuration/samples/network-quorum.yaml index 57b15b726be..3238b25cde4 100644 --- a/platforms/quorum/configuration/samples/network-quorum.yaml +++ b/platforms/quorum/configuration/samples/network-quorum.yaml @@ -100,40 +100,91 @@ network: private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) # The participating nodes are named as peers services: - peers: - - peer: - name: carrier - subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB" # This is the node subject. L=lat/long is mandatory for supplychain sample app - type: member # value can be validator or member, only applicable if consensus = 'ibft' - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node + validators: + - validator: + name: validator-1 + bootnode: true # true if the validator node is used also a bootnode for the network + cactus_connector: disabled # set to enabled to create a cactus connector for Besu p2p: port: 21000 ambassador: 15010 #Port exposed on ambassador service (use one port per org if using single cluster) rpc: + port: 8545 + ambassador: 80 # Will only support port 80 + ws: port: 8546 - transaction_manager: - port: 443 - ambassador: 443 - clientport: 8888 - raft: # Only used if consensus = 'raft' - port: 50401 - ambassador: 15013 - db: # Only used if transaction_manager = "tessera" - port: 3306 + metrics: + enabled: true # Set this to true to enable Prometheus monitoring for this node, or false to disable it. + port: 9545 # Specify the port that Prometheus will use to collect metrics for this node. + - validator: + name: validator-2 + bootnode: true # true if the validator node is used also a bootnode for the network + cactus_connector: disabled # set to enabled to create a cactus connector for Besu + p2p: + port: 21000 + ambassador: 15011 #Port exposed on ambassador service (use one port per org if using single cluster) + rpc: + port: 8545 + ambassador: 80 # Will only support port 80 + ws: + port: 8546 + metrics: + enabled: true # Set this to true to enable Prometheus monitoring for this node, or false to disable it. + port: 9545 # Specify the port that Prometheus will use to collect metrics for this node. + - validator: + name: validator-3 + bootnode: false # true if the validator node is used also a bootnode for the network + p2p: + port: 21000 + ambassador: 15012 #Port exposed on ambassador service (use one port per org if using single cluster) + rpc: + port: 8545 + ambassador: 80 # Will only support port 80 + ws: + port: 8546 + metrics: + enabled: false # Set this to true to enable Prometheus monitoring for this node, or false to disable it. + port: 9545 # Specify the port that Prometheus will use to collect metrics for this node. + - validator: + name: validator-4 + bootnode: false # true if the validator node is used also a bootnode for the network + p2p: + port: 21000 + ambassador: 15013 #Port exposed on ambassador service (use one port per org if using single cluster) + rpc: + port: 8545 + ambassador: 80 # Will only support port 80 + ws: + port: 8546 + metrics: + enabled: false # Set this to true to enable Prometheus monitoring for this node, or false to disable it. + port: 9545 # Specify the port that Prometheus will use to collect metrics for this node. + peers: - peer: - name: validator1 - subject: "O=Validator1,OU=Validator1,L=51.50/-0.13/London,C=GB" # This is the node subject. L=lat/long is mandatory for supplychain sample app - type: validator # value can be validator or member, only applicable if consensus = 'ibft' + name: supplychain + subject: "O=SupplyChain,OU=ValidatorOrg,L=51.50/-0.13/London,C=GB" # This is the node subject. L=lat/long is mandatory for supplychain sample app geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node + lock: true # Sets Besu node to lock or unlock mode. Can be true or false + cactus_connector: disabled # set to enabled to create a cactus connector for Besu p2p: port: 21000 ambassador: 15014 #Port exposed on ambassador service (use one port per org if using single cluster) rpc: + port: 8545 + ambassador: 80 # Will only support port 80 + ws: port: 8546 - db: # Only used if transaction_manager = "tessera" - port: 3306 + db: + port: 3306 # Only applicable for tessra where mysql db is used + tm_nodeport: + port: 443 # Port exposed on ambassador service must be same + ambassador: 443 + tm_clientport: + port: 8888 + metrics: + enabled: false # Set this to true to enable Prometheus monitoring for this node, or false to disable it. + port: 9545 # Specify the port that Prometheus will use to collect metrics for this node. + # Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster - organization: @@ -180,7 +231,7 @@ network: lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node p2p: port: 21000 - ambassador: 15020 #Port exposed on ambassador service (use one port per org if using single cluster) + ambassador: 15015 #Port exposed on ambassador service (use one port per org if using single cluster) rpc: port: 8546 transaction_manager: @@ -192,19 +243,6 @@ network: ambassador: 15023 db: # Only used if transaction_manager = "tessera" port: 3306 - - peer: - name: validator2 - subject: "O=Validator2,OU=Validator2,L=47.38/8.54/Zurich,C=CH" # This is the node subject. L=lat/long is mandatory for supplychain sample app - type: validator # value can be validator or member, only applicable if consensus = 'ibft' - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node - p2p: - port: 21000 - ambassador: 15024 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8546 - db: # Only used if transaction_manager = "tessera" - port: 3306 - organization: name: store @@ -249,7 +287,7 @@ network: lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node p2p: port: 21000 - ambassador: 15030 #Port exposed on ambassador service (use one port per org if using single cluster) + ambassador: 15016 #Port exposed on ambassador service (use one port per org if using single cluster) rpc: port: 8546 transaction_manager: @@ -261,19 +299,6 @@ network: ambassador: 15033 db: # Only used if transaction_manager = "tessera" port: 3306 - - peer: - name: validator3 - subject: "O=Validator3,OU=Validator3,L=40.73/-74/New York,C=US" # This is the node subject. L=lat/long is mandatory for supplychain sample app - type: validator # value can be validator or member, only applicable if consensus = 'ibft' - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node - p2p: - port: 21000 - ambassador: 15034 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8546 - db: # Only used if transaction_manager = "tessera" - port: 3306 - organization: name: warehouse @@ -318,7 +343,7 @@ network: lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node p2p: port: 21000 - ambassador: 15040 #Port exposed on ambassador service (use one port per org if using single cluster) + ambassador: 15017 #Port exposed on ambassador service (use one port per org if using single cluster) rpc: port: 8546 transaction_manager: @@ -330,16 +355,3 @@ network: ambassador: 15043 db: # Only used if transaction_manager = "tessera" port: 3306 - - peer: - name: validator4 - subject: "O=Validator4,OU=Validator4,L=42.36/-71.06/Boston,C=US" # This is the node subject. L=lat/long is mandatory for supplychain sample app - type: validator # value can be validator or member, only applicable if consensus = 'ibft' - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: false # true or false: corresponds to, **geth --allow-insecure-unlock**, while starting up the node - p2p: - port: 21000 - ambassador: 15044 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8546 - db: # Only used if transaction_manager = "tessera" - port: 3306 diff --git a/platforms/shared/configuration/roles/create/job_component/templates/primary_genesis.tpl b/platforms/shared/configuration/roles/create/job_component/templates/primary_genesis.tpl index 662596f19f8..2d79849d53e 100644 --- a/platforms/shared/configuration/roles/create/job_component/templates/primary_genesis.tpl +++ b/platforms/shared/configuration/roles/create/job_component/templates/primary_genesis.tpl @@ -2,8 +2,8 @@ global: serviceAccountName: vault-auth vault: - type: hashicorp - network: besu + type: {{ vault.type | default("hashicorp") }} + network: {{ network.type }} address: {{ vault.url }} authPath: {{ network.env.type }}{{ name }} secretEngine: {{ vault.secret_path | default("secretsv2") }} diff --git a/platforms/shared/configuration/roles/create/job_component/templates/secondary_genesis.tpl b/platforms/shared/configuration/roles/create/job_component/templates/secondary_genesis.tpl index e2a92aa2ef1..33cdc13d656 100644 --- a/platforms/shared/configuration/roles/create/job_component/templates/secondary_genesis.tpl +++ b/platforms/shared/configuration/roles/create/job_component/templates/secondary_genesis.tpl @@ -2,8 +2,8 @@ global: serviceAccountName: vault-auth vault: - type: hashicorp - network: besu + type: {{ vault.type | default("hashicorp") }} + network: {{ network.type }} address: {{ vault.url }} authPath: {{ network.env.type }}{{ name }} secretEngine: {{ vault.secret_path | default("secretsv2") }} diff --git a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml index 15f49338062..77488d3b028 100644 --- a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml +++ b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml @@ -10,7 +10,7 @@ job_templates: primary_init: primary_init.tpl secondary_init: secondary_init.tpl charts: - primary_genesis: besu-genesis - secondary_genesis: besu-genesis + primary_genesis: "{{ network.type }}-genesis" + secondary_genesis: "{{ network.type }}-genesis" primary_init: corda-init secondary_init: corda-init diff --git a/platforms/shared/configuration/roles/helm_lint/vars/main.yaml b/platforms/shared/configuration/roles/helm_lint/vars/main.yaml index a602dd42ef6..d81b402eddb 100644 --- a/platforms/shared/configuration/roles/helm_lint/vars/main.yaml +++ b/platforms/shared/configuration/roles/helm_lint/vars/main.yaml @@ -26,8 +26,8 @@ charts: corda_node: corda-node quorum_tessera: quorum-tessera-node quorum: quorum-member-node - validatorquorum: quorum-validator-node - memberquorum: quorum-member-node + validatorquorum: quorum-node + memberquorum: quorum-node pki-generator: cenm-pki-gen signer: cenm-signer gateway: cenm-gateway @@ -61,7 +61,7 @@ charts: node_substrate: substrate-node genesis_job: substrate-genesis dscp_ipfs_node: dscp-ipfs-node - certs-ambassador-quorum: quorum-tlscerts-gen + certs-ambassador-quorum: quorum-tlscert-gen crypto_raft_job: quorum-raft-crypto-gen fabric-connector: fabric-cacti-connector quorum-connector: quorum-cacti-connector