Skip to content

Commit

Permalink
feat(indy): enable platform deployment via ansible-server
Browse files Browse the repository at this point in the history
This commit introduces support for deploying a decentralized ledger technology (DLT) network using Ansible automation. The changes include:

1. Updated the Ansible codebase to support network deployment in respect of the standalone Helm chart.
2. The following Ansible roles have been introduced to appropriately deploy the network:
   - 1. Generate keys for each node of each organization.
   - 2. Fetch generated keys in JSON format to deploy genesis with known nodes only.
   - 3. Utilize keys stored in the JSON file to configure the genesis with known nodes and then install the genesis block.
   - 4. A secondary genesis setup is also included to support deployment in multiple namespaces for a multi-organization Indy network.
   - 5. Deploy stewards for all organizations.
   - 6. Deploy the endorser.
3. Updated the Reset Ansible code to delete each node's key from the vault, along with the organization policy and Authentication engine.
4. Added an individual role to clean all the network-supported local files (JSON files).
5. Updated the sample network configuration file to provide information on which networks can be deployed using this file and how to customize the network by following the network rules specified in the file itself.

fixes #2557

Signed-off-by: saurabhkumarkardam <[email protected]>
  • Loading branch information
saurabhkumarkardam committed Jun 6, 2024
1 parent 75e4ddd commit b76b7e3
Show file tree
Hide file tree
Showing 47 changed files with 1,049 additions and 889 deletions.
13 changes: 8 additions & 5 deletions platforms/hyperledger-indy/charts/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ helm install university-steward-3 ./indy-node --namespace university-ns --values
cd ./indy-register-identity/files
kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
# Register endorser identity from admin
# Register the endorser identity using the trustee's credentials
# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
cd ../..
helm install university-endorser-id ./indy-register-identity --namespace authority-ns
```
Expand Down Expand Up @@ -130,24 +131,26 @@ helm install university-steward-4 ./indy-node --namespace university-ns --values
cd ./indy-register-identity/files
kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
# Register endorser identity from admin
# Register the endorser identity using the trustee's credentials
# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
cd ../..
helm install university-endorser-id ./indy-register-identity --namespace authority-ns
```

### Clean-up

To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
To clean up, simply uninstall the Helm charts.
> **NOTE**: It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.

```bash
helm uninstall --namespace university-ns university-steward-1
helm uninstall --namespace university-ns university-steward-2
helm uninstall --namespace university-ns university-steward-3
helm uninstall --namespace university-ns university-steward-4
helm uninstall --namespace university-ns genesis
helm uninstall --namespace university-ns university-keys
helm uninstall --namespace university-ns genesis
helm uninstall --namespace authority-ns university-endorser-id
helm uninstall --namespace authority-ns genesis
helm uninstall --namespace authority-ns authority-keys
helm uninstall --namespace authority-ns genesis
```
18 changes: 6 additions & 12 deletions platforms/hyperledger-indy/configuration/cleanup.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,11 @@
no_log: "{{ no_ansible_log | default(false) }}"
tasks:
# Cleanup all organizations' vault indy crypto
- name: Cleanup Vault indy crypto
- name: "Clean up Vault indy crypto"
include_role:
name: clean/vault
vars:
organization: "{{ organizationItem.name | lower }}"
organization_ns: "{{ organization }}-ns"
services: "{{ organizationItem.services }}"
acount: "{{ organization }}-admin-vault-auth"
vault: "{{ organizationItem.vault }}"
role: "rw"
auth_path: "kubernetes-{{ organization }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem

# Clean up helpers directory
- name: "Clean up helpers directory"
include_role:
name: clean/local_directories
211 changes: 47 additions & 164 deletions platforms/hyperledger-indy/configuration/deploy-network.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,203 +24,86 @@
name: check/validation

# Create namespaces for organizations
- name: 'Create namespace'
- name: "Create namespace"
include_role:
name: create/namespace
vars:
component_name: "{{ organizationItem.name | lower }}-ns"
component_type_name: "{{ organizationItem.type | lower }}"
kubernetes: "{{ organizationItem.k8s }}"
release_dir: "{{playbook_dir}}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}"
component_name: "{{ org.name | lower }}-ns"
component_type_name: "{{ org.type | lower }}"
kubernetes: "{{ org.k8s }}"
release_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
loop_var: org

# Create service accounts
- name: 'Create service accounts'
# Create necessary Kubernetes secrets for each organization
- name: "Create k8s secrets"
include_role:
name: create/serviceaccount/main
name: create/secrets
vars:
component_ns: "{{ organizationItem.name | lower }}-ns"
organization: "{{ organizationItem.name | lower }}"
component_type_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
gitops: "{{ organizationItem.gitops }}"
kubernetes: "{{ organizationItem.k8s }}"
component_ns: "{{ org.name | lower }}-ns"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
loop_var: org

# Create StorageClass
- name: Create Storage Class
# Generate keys for each nodes
- name: "Generate keys"
include_role:
name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
name: setup/generate-keys
vars:
org_name: "{{ org.name | lower }}"
sc_name: "{{ org_name }}-bevel-storageclass"
region: "{{ org.k8s.region | default('eu-west-1') }}"
stewards: "{{ org.services.stewards }}"
cloud_provider: "{{ org.cloud_provider | lower }}"
vault: "{{ org.vault }}"
kubernetes: "{{ org.k8s }}"
component_type: "generate-keys"
component_ns: "{{ org_name }}-ns"
component_name: "{{ org_name }}-keys"
values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
charts_dir: "{{ org.gitops.chart_source }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: org
when: org.org_status is not defined or org.org_status == 'new'

# Admin K8S auth
- name: Admin K8S auth
include_role:
name: setup/vault_kubernetes
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}-bevel-ac-vault-auth"
component_type: "GetServiceAccount"
vault: "{{ organizationItem.vault }}"
auth_path: "kubernetes-{{ organization }}-admin-auth"
kubernetes: "{{ organizationItem.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Generate auth job
- name: 'Generate auth job'
include_role:
name: setup/auth_job
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Get Vault AC Token via Service Account
- name: Get Vault AC Token via Service Account
include_role:
name: check/k8_component
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}-bevel-ac-vault-auth"
component_type: "GetServiceAccount"
vault: "{{ organizationItem.vault }}"
kubernetes: "{{ organizationItem.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem

# Generate indy crypto and insert into Vault
- name: 'Generate indy crypto and insert into Vault'
# Get each node keys for the Genesis setup
- name: "Get keys for the Genesis setup"
include_role:
name: setup/crypto
name: setup/genesis-node-keys
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
vault_ac_token: "{{ ac_vault_tokens[organization] }}"
component_ns: "{{ org.name | lower }}-ns"
kubernetes: "{{ org.k8s }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'

# Create and deploy domain genesis
- name: 'Create domain genesis'
include_role:
name: setup/domain_genesis
loop_var: org

# Create and deploy pool genesis
- name: 'Create pool genesis'
# Install Genesis
- name: "Install Genesis"
include_role:
name: setup/pool_genesis
name: setup/genesis

# Add new Trustees via existing Trustee
- name: "Add New Trustees via existing Trustee"
include_role:
name: setup/trustees
vars:
new_org_query: "organizations[?org_status=='new']"
neworg: "{{ network | json_query(new_org_query) | first }}"
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (add_new_org|bool and add_new_org_network_trustee_present|bool)
- (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')

# Add new Stewards via existing Trustee
- name: "Add New Stewards via existing Trustee"
# Install Steward nodes
- name: Install Steward nodes
include_role:
name: setup/stewards
vars:
new_org_query: "organizations[?org_status=='new']"
neworg: "{{ network | json_query(new_org_query) | first }}"
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
component_name: "{{ organization }}"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
org_name: "{{ org.name | lower }}"
cloud_provider: "{{ org.cloud_provider | lower }}"
kubernetes: "{{ org.k8s }}"
component_ns: "{{ org_name }}-ns"
component_type: "stewards"
values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
charts_dir: "{{ org.gitops.chart_source }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (add_new_org|bool and add_new_org_network_trustee_present|bool)
- (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')
loop_var: org

# Deploy all other nodes
- name: 'Deploy nodes'
# Install Endorser node
- name: "Install Endorser node"
include_role:
name: setup/node
vars:
organization: "{{ organizationItem.name | lower }}"
sc_name: "{{ organization }}-bevel-storageclass"
component_ns: "{{ organizationItem.name | lower }}-ns"
services: "{{ organizationItem.services }}"
kubernetes: "{{ organizationItem.k8s }}"
vault: "{{ organizationItem.vault }}"
gitops: "{{ organizationItem.gitops }}"
genesis: "{{ network.genesis }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (organizationItem.type == 'peer')
- (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
- (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))
name: setup/endorser

# Create and deploy Endorser Identities
- name: 'Create Endorser Identities'
include_role:
name: setup/endorsers
vars:
organization: "{{ organizationItem.name | lower }}"
component_ns: "{{ organizationItem.name | lower }}-ns"
kubernetes: "{{ organizationItem.k8s }}"
gitops: "{{ organizationItem.gitops }}"
vault: "{{ organizationItem.vault }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: organizationItem
when:
- (organizationItem.type == 'peer')
- (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
- (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))

# These variables can be overriden from the command line
vars:
install_os: "linux" # Default to linux OS
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,40 +4,23 @@
# SPDX-License-Identifier: Apache-2.0
##############################################################################################

# Reset counters
- name: Reset counters
# Counting the number of steward nodes
- name: "Count steward nodes"
set_fact:
trustee_count=0
steward_count=0
endorser_count=0
total_stewards: "{{ total_stewards | int + 1 }}"
loop: "{{ org.services.stewards }}"
loop_control:
loop_var: stewards
when: (stewards is defined) and (stewards | length > 0)

# Counting Genesis Stewards
- name: "Counting Genesis Stewards"
# Counting the number of trustee nodes
- name: "Count trustee nodes"
set_fact:
steward_count={{ steward_count|default(0)|int + 1 }}
total_stewards={{ total_stewards|default(0)|int + 1 }}
loop: "{{ stewards }}"
total_trustee: "{{ total_trustee | int + 1 }}"
when: (org.services.trustee is defined) and (org.services.trustee | length > 0)

# Counting trustees per Org
- name: "Counting trustees per Org"
# Counting the number of endorser nodes
- name: "Count endorser nodes"
set_fact:
trustee_count={{ trustee_count|default(0)|int + 1 }}
total_trustees={{ total_trustees|default(0)|int + 1 }}
loop: "{{ trustees }}"

# Print error and end playbook if trustee count limit fails
- name: Print error and end playbook if trustee count limit fails
debug: msg="The trustee count is {{ trustee_count }}. There should be max 1 trustee per organization."
failed_when: trustee_count|int > 1

# Counting Endorsers
- name: "Counting Endorsers"
set_fact:
endorser_count={{ endorser_count|default(0)|int + 1 }}
loop: "{{ endorsers }}"

# Print error abd end playbook if endorser count limit fails
- name: Print error abd end playbook if endorser count limit fails
debug: msg="The endorser count is {{ endorser_count }}. There should be max 1 endorser per organization."
failed_when: endorser_count|int > 1
when: endorser_count is defined
total_endorser: "{{ total_endorser | int + 1 }}"
when: (org.services.endorser is defined) and (org.services.endorser | length > 0)
Loading

0 comments on commit b76b7e3

Please sign in to comment.