Merge pull request #2574 from saurabhkumarkardam/indy-2557

[indy] enable platform deployment via ansible server

Author: sownak

platforms/hyperledger-indy/charts/README.md

@@ -79,7 +79,8 @@ helm install university-steward-3 ./indy-node --namespace university-ns --values
 cd ./indy-register-identity/files
 kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
 kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
-# Register endorser identity from admin
+# Register the endorser identity using the trustee's credentials
+# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
 cd ../..
 helm install university-endorser-id ./indy-register-identity --namespace authority-ns
 ```
@@ -130,24 +131,26 @@ helm install university-steward-4 ./indy-node --namespace university-ns --values
 cd ./indy-register-identity/files
 kubectl --namespace university-ns get secret university-endorser-identity-public -o jsonpath='{.data.value}' | base64 -d | jq '.["did"]'> university-endorser-did.json
 kubectl --namespace university-ns get secret university-endorser-node-public-verif-keys -o jsonpath='{.data.value}' | base64 -d | jq '.["verification-key"]' > university-endorser-verkey.json
-# Register endorser identity from admin
+# Register the endorser identity using the trustee's credentials
+# Deploy the endorser identity registration Helm chart in the authority namespace, where the trustee resides
 cd ../..
 helm install university-endorser-id ./indy-register-identity --namespace authority-ns
 ```
 
 ### Clean-up
 
-To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
+To clean up, simply uninstall the Helm charts. 
+> **NOTE**: It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.
 
 ```bash
 helm uninstall --namespace university-ns university-steward-1
 helm uninstall --namespace university-ns university-steward-2
 helm uninstall --namespace university-ns university-steward-3
 helm uninstall --namespace university-ns university-steward-4
-helm uninstall --namespace university-ns genesis
 helm uninstall --namespace university-ns university-keys
+helm uninstall --namespace university-ns genesis
 
 helm uninstall --namespace authority-ns university-endorser-id
-helm uninstall --namespace authority-ns genesis
 helm uninstall --namespace authority-ns authority-keys
+helm uninstall --namespace authority-ns genesis
 ```

platforms/hyperledger-indy/configuration/cleanup.yaml

@@ -13,17 +13,19 @@
   no_log: "{{ no_ansible_log | default(false) }}"
   tasks:
   # Cleanup all organizations' vault indy crypto
-  - name: Cleanup Vault indy crypto
+  - name: "Clean up Vault indy crypto"
     include_role:
       name: clean/vault
     vars:
-      organization: "{{ organizationItem.name | lower }}"
-      organization_ns: "{{ organization }}-ns"
-      services: "{{ organizationItem.services }}"
-      acount: "{{ organization }}-admin-vault-auth"
-      vault: "{{ organizationItem.vault }}"
-      role: "rw"
-      auth_path: "kubernetes-{{ organization }}"
+      org_name: "{{ org.name | lower }}"
+      org_ns: "{{ org_name }}-ns"
+      services: "{{ org.services }}"
+      vault: "{{ org.vault }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
+      loop_var: org
+  
+  # Clean up helpers directory
+  - name: "Clean up helpers directory"
+    include_role:
+      name: clean/local_directories

platforms/hyperledger-indy/configuration/deploy-network.yaml

@@ -4,10 +4,11 @@
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
-#########################
+##############################################################################################
 # Playbook to create deployment files for namespaces, service account and clusterrolebinding
 # Playbook arguments: complete network.yaml
-#########################
+##############################################################################################
+---
 - hosts: ansible_provisioners
   gather_facts: no
   no_log: "{{ no_ansible_log | default(false) }}"
@@ -24,203 +25,100 @@
       name: check/validation
 
   # Create namespaces for organizations
-  - name: 'Create namespace'
+  - name: "Create namespace"
     include_role:
       name: create/namespace
     vars:
-      component_name: "{{ organizationItem.name | lower }}-ns"
-      component_type_name: "{{ organizationItem.type | lower }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      release_dir: "{{playbook_dir}}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}"
+      component_name: "{{ org.name | lower }}-ns"
+      component_type_name: "{{ org.type | lower }}"
+      kubernetes: "{{ org.k8s }}"
+      release_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
+      loop_var: org
 
-  # Create service accounts
-  - name: 'Create service accounts'
+  # Create necessary Kubernetes secrets for each organization
+  - name: "Create k8s secrets"
     include_role:
-      name: create/serviceaccount/main
+      name: create/secrets
     vars:
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      organization: "{{ organizationItem.name | lower }}"
-      component_type_name: "{{ organization }}"
-      services: "{{ organizationItem.services }}"
-      gitops: "{{ organizationItem.gitops }}"
-      kubernetes: "{{ organizationItem.k8s }}"
+      component_ns: "{{ org.name | lower }}-ns"
+      kubernetes: "{{ org.k8s }}"
+      vault: "{{ org.vault }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
-    when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
+      loop_var: org
 
-  # Create StorageClass
-  - name: Create Storage Class
+  # Generate keys for each nodes
+  - name: "Generate keys"
     include_role:
-      name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+      name: setup/generate-keys
     vars:
       org_name: "{{ org.name | lower }}"
-      sc_name: "{{ org_name }}-bevel-storageclass"
-      region: "{{ org.k8s.region | default('eu-west-1') }}"
+      stewards: "{{ org.services.stewards }}"
+      cloud_provider: "{{ org.cloud_provider | lower }}"
+      vault: "{{ org.vault }}"
+      kubernetes: "{{ org.k8s }}"
+      component_type: "generate-keys"
+      component_ns: "{{ org_name }}-ns"
+      component_name: "{{ org_name }}-keys"
+      values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
+      charts_dir: "{{ org.gitops.chart_source }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
       loop_var: org
-    when: org.org_status is not defined or org.org_status == 'new'
-
-  # Admin K8S auth
-  - name: Admin K8S auth
-    include_role:
-      name: setup/vault_kubernetes
-    vars:
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}-bevel-ac-vault-auth"
-      component_type: "GetServiceAccount"
-      vault: "{{ organizationItem.vault }}"
-      auth_path: "kubernetes-{{ organization }}-admin-auth"
-      kubernetes: "{{ organizationItem.k8s }}"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: organizationItem
-    when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
-
-  # Generate auth job
-  - name: 'Generate auth job'
-    include_role:
-      name: setup/auth_job
-    vars:
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}"
-      services: "{{ organizationItem.services }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      vault: "{{ organizationItem.vault }}"
-      gitops: "{{ organizationItem.gitops }}"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: organizationItem
-    when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
-
-  # Get Vault AC Token via Service Account
-  - name: Get Vault AC Token via Service Account
-    include_role:
-      name: check/k8_component
-    vars:
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}-bevel-ac-vault-auth"
-      component_type: "GetServiceAccount"
-      vault: "{{ organizationItem.vault }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: organizationItem
 
-  # Generate indy crypto and insert into Vault
-  - name: 'Generate indy crypto and insert into Vault'
+  # Get each node keys for the Genesis setup
+  - name: "Get keys for the Genesis setup"
     include_role:
-      name: setup/crypto
+      name: setup/genesis-node-keys
     vars:
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}"
-      services: "{{ organizationItem.services }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      vault: "{{ organizationItem.vault }}"
-      gitops: "{{ organizationItem.gitops }}"
-      vault_ac_token: "{{ ac_vault_tokens[organization] }}"
+      component_ns: "{{ org.name | lower }}-ns"
+      kubernetes: "{{ org.k8s }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
-    when: organizationItem.org_status is not defined or organizationItem.org_status == 'new'
-
-  # Create and deploy domain genesis
-  - name: 'Create domain genesis'
-    include_role:
-      name: setup/domain_genesis
-
-  # Create and deploy pool genesis
-  - name: 'Create pool genesis'
-    include_role:
-      name: setup/pool_genesis
+      loop_var: org
 
-  # Add new Trustees via existing Trustee
-  - name: "Add New Trustees via existing Trustee"
+  # Install Genesis
+  - name: "Install Genesis"
     include_role:
-      name: setup/trustees
-    vars:
-      new_org_query: "organizations[?org_status=='new']"
-      neworg: "{{ network | json_query(new_org_query) | first }}"
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      gitops: "{{ organizationItem.gitops }}"
-      vault: "{{ organizationItem.vault }}"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: organizationItem
-    when:
-    - (add_new_org|bool and add_new_org_network_trustee_present|bool)
-    - (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')
+      name: setup/genesis
 
-  # Add new Stewards via existing Trustee
-  - name: "Add New Stewards via existing Trustee"
+  # Install Steward nodes
+  - name: Install Steward nodes
     include_role:
       name: setup/stewards
     vars:
-      new_org_query: "organizations[?org_status=='new']"
-      neworg: "{{ network | json_query(new_org_query) | first }}"
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      component_name: "{{ organization }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      gitops: "{{ organizationItem.gitops }}"
-      vault: "{{ organizationItem.vault }}"
+      org_name: "{{ org.name | lower }}"
+      cloud_provider: "{{ org.cloud_provider | lower }}"
+      kubernetes: "{{ org.k8s }}"
+      component_ns: "{{ org_name }}-ns"
+      component_type: "stewards"
+      values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}"
+      charts_dir: "{{ org.gitops.chart_source }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
-    when:
-    - (add_new_org|bool and add_new_org_network_trustee_present|bool)
-    - (organizationItem.org_status is not defined or organizationItem.org_status == 'existing')
+      loop_var: org
 
-  # Deploy all other nodes
-  - name: 'Deploy nodes'
+  # Install Endorser node
+  - name: "Install Endorser node"
     include_role:
-      name: setup/node
+      name: setup/endorser
     vars:
-      organization: "{{ organizationItem.name | lower }}"
-      sc_name: "{{ organization }}-bevel-storageclass"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      services: "{{ organizationItem.services }}"
-      kubernetes: "{{ organizationItem.k8s }}"
-      vault: "{{ organizationItem.vault }}"
-      gitops: "{{ organizationItem.gitops }}"
-      genesis: "{{ network.genesis }}"
+      org_name: "{{ org.name | lower }}"
+      endorser: "{{ org.services.endorser.name | lower }}"
+      trustee: "{{ org.services.trustee.name | lower }}"
+      kubernetes: "{{ org.k8s }}"
+      component_name: "{{ endorser }}"
+      component_ns: "{{ org_name }}-ns"
+      values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
+      charts_dir: "{{ org.gitops.chart_source }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
-      loop_var: organizationItem
+      loop_var: org
     when:
-    - (organizationItem.type == 'peer')
-    - (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
-    - (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))
+    - (org.services.endorser is defined) and (org.services.endorser.name | length > 0)
 
-  # Create and deploy Endorser Identities
-  - name: 'Create Endorser Identities'
-    include_role:
-      name: setup/endorsers
-    vars:
-      organization: "{{ organizationItem.name | lower }}"
-      component_ns: "{{ organizationItem.name | lower }}-ns"
-      kubernetes: "{{ organizationItem.k8s }}"
-      gitops: "{{ organizationItem.gitops }}"
-      vault: "{{ organizationItem.vault }}"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: organizationItem
-    when:
-    - (organizationItem.type == 'peer')
-    - (organizationItem.org_status is not defined or organizationItem.org_status == 'new')
-    - (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool))
-  
   # These variables can be overriden from the command line
   vars: 
     install_os: "linux"                           # Default to linux OS