From a08fdd77c2bdd6e32414581e68fef0babac07cc1 Mon Sep 17 00:00:00 2001 From: saurabhkumarkardam Date: Thu, 2 Nov 2023 09:56:32 +0000 Subject: [PATCH] feat(indy): replace ansible roles readme with inline code comments This PR enhances the readability and understanding of our roles by adding comment messages throughout the code. Changes: - Added clear and concise comment messages in ansible roles. - Maintained proper code indentation for increased code reliability. - Removed the roles' Readme.md if it existed. fixes #2326 Signed-off-by: saurabhkumarkardam --- .../hyperledger-indy/configuration/README.md | 61 --------- .../configuration/cleanup.yaml | 3 +- .../configuration/deploy-network.yaml | 17 +-- .../roles/check/crypto/README.md | 101 -------------- .../roles/check/crypto/tasks/main.yaml | 8 +- .../roles/check/k8_component/README.md | 75 ----------- .../roles/check/k8_component/tasks/main.yaml | 1 + .../roles/check/validation/README.md | 73 ---------- .../check/validation/tasks/check_count.yaml | 6 + .../roles/check/validation/tasks/main.yaml | 8 +- .../configuration/roles/clean/vault/README.md | 103 -------------- .../create/helm_component/auth_job/README.md | 96 ------------- .../helm_component/auth_job/tasks/main.yaml | 12 +- .../create/helm_component/crypto/README.md | 65 --------- .../helm_component/crypto/tasks/main.yaml | 7 +- .../helm_component/domain_genesis/README.md | 92 ------------- .../domain_genesis/tasks/main.yaml | 14 +- .../helm_component/ledger_txn/Readme.md | 72 ---------- .../helm_component/ledger_txn/tasks/main.yaml | 6 +- .../ledger_txn/tasks/nested_main.yaml | 11 +- .../create/helm_component/node/README.md | 38 ------ .../helm_component/node/tasks/main.yaml | 12 +- .../helm_component/pool_genesis/README.md | 103 -------------- .../pool_genesis/tasks/main.yaml | 16 +-- .../roles/create/imagepullsecret/README.md | 35 ----- .../create/imagepullsecret/tasks/main.yaml | 9 +- .../roles/create/k8_component/README.md | 47 ------- .../roles/create/k8_component/tasks/main.yaml | 11 +- .../roles/create/namespace/README.md | 36 ----- .../roles/create/namespace/tasks/main.yaml | 6 +- .../serviceaccount/by_identities/README.md | 81 ----------- .../create/serviceaccount/main/README.md | 127 ------------------ .../create/serviceaccount/waiting/README.md | 34 ----- .../serviceaccount/waiting/tasks/main.yaml | 2 + .../roles/create/storageclass/README.md | 53 -------- .../roles/create/storageclass/tasks/main.yaml | 4 +- .../roles/setup/auth_job/README.md | 35 ----- .../roles/setup/auth_job/tasks/main.yaml | 18 ++- .../roles/setup/crypto/README.md | 40 ------ .../roles/setup/crypto/tasks/main.yaml | 14 +- .../roles/setup/domain_genesis/README.md | 30 ----- .../setup/domain_genesis/tasks/main.yaml | 8 +- .../roles/setup/endorsers/Readme.md | 78 ----------- .../roles/setup/endorsers/tasks/main.yaml | 6 +- .../configuration/roles/setup/node/README.md | 39 ------ .../roles/setup/node/tasks/main.yaml | 4 +- .../roles/setup/node/tasks/nested_main.yaml | 10 +- .../roles/setup/pool_genesis/README.md | 30 ----- .../roles/setup/pool_genesis/tasks/main.yaml | 6 +- .../roles/setup/stewards/Readme.md | 78 ----------- .../roles/setup/stewards/tasks/main.yaml | 6 +- .../setup/stewards/tasks/nested_main.yaml | 12 +- .../roles/setup/trustees/Readme.md | 78 ----------- .../roles/setup/trustees/tasks/main.yaml | 68 +++++----- .../setup/trustees/tasks/nested_main.yaml | 10 +- .../roles/setup/vault_kubernetes/README.md | 121 ----------------- .../configuration/samples/README.md | 15 --- 57 files changed, 145 insertions(+), 2006 deletions(-) delete mode 100644 platforms/hyperledger-indy/configuration/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/check/crypto/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/check/k8_component/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/check/validation/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/clean/vault/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/Readme.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/node/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/k8_component/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/namespace/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/serviceaccount/by_identities/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/serviceaccount/main/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/create/storageclass/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/auth_job/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/crypto/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/endorsers/Readme.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/node/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/README.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/stewards/Readme.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/trustees/Readme.md delete mode 100644 platforms/hyperledger-indy/configuration/roles/setup/vault_kubernetes/README.md delete mode 100644 platforms/hyperledger-indy/configuration/samples/README.md diff --git a/platforms/hyperledger-indy/configuration/README.md b/platforms/hyperledger-indy/configuration/README.md deleted file mode 100644 index 5956ade95a6..00000000000 --- a/platforms/hyperledger-indy/configuration/README.md +++ /dev/null @@ -1,61 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -# Hyperledger Indy Configuration -This configuration folder contains Ansible playbooks and their corresponding roles, which are used to deploy Hyperledger Indy on Managed Kubernetes Cluster(s). - - -## Approaches -There are two approaches to deploy a DLT network using Hyperledger Bevel: -- Use a machine to deploy and manage the DLT network. This is recommended for production environments, and requires manual setup of Ansible, and other required libraries/tools for setting up the controller machine. More info on setting up this machine is found [here](https://hyperledger-bevel.readthedocs.io/en/latest/operations/configure_prerequisites.html#ansible-inventory-file). -- Use the 'Hyperledger Bevel Build container' to create a containerized Ansible controller from which to deploy/manage your networks. This is recommended for development instances, as it is an easy way to build the required base environment for Hyperledger Bevel deployment. More info can be found [here](https://hyperledger-bevel.readthedocs.io/en/latest/developer/docker-build.html). - -## Installation pre-requisites -Hyperledger Bevel requires tools such as Kubernetes, Git (repository), Vault and more to be installed. -For more information on the installation pre-requisites, please refer to [this guide](https://hyperledger-bevel.readthedocs.io/en/latest/prerequisites.html). - -## Configuration pre-requisites -For each organization in the DLT network you need to set up the following: -1. One Managed Kubernetes cluster; Hyperledger Bevel is currently tested on Amazon EKS, which means you will need AWS CLI set up as well. -2. A Hashicorp Vault installation for each organization which is initialized and unsealed. The Vault Address should be accessible from this machine (where the playbook is run) and the Kubernetes cluster. The Vault root token is used in the network configuration, so this should be available as well. -3. A Git User with write access to all the branches in the chosen Git repository; as well as an access token. -4. The network configuration file (`network.yaml`) which has been filled in according to your requirements. A sample `network.yaml` for Hyperledger Indy can be found in [this folder](./samples/). - -For other general pre-quisites, such as Docker images, Ambassador and DNS setup, please refer to the ['Configure Pre-requisites' guide](https://hyperledger-bevel.readthedocs.io/en/latest/operations/configure_prerequisites.html). - -## Execution -### Step 1 -Ensure that the `network.yaml` is edited properly and saved. Follow the guidance on our [docs for Hyperledger Indy `network.yaml`](https://hyperledger-bevel.readthedocs.io/en/latest/operations/indy_networkyaml.html). - -### Step 2 -Execute the playbook by running the command below - executed from the root of the project: -``` -ansible-playbook platforms/shared/configuration/site.yaml -e "@/path/to/network-indyv3.yaml" -``` -The [platforms/shared/configuration/site.yaml](../../shared/configuration/site.yaml) is the main playbook which does basic environment setup, configures the Kubernetes cluster and then calls platform specific deployment playbooks. - -You can also only run the platform specific deployment playbooks by running the command below (after the prerequisites have been installed) - executed from the root of the project: -``` -ansible-playbook platforms/hyperledger-indy/deploy-network.yaml -e "@/path/to/network-indyv3.yaml" -``` - -### Step 3 -After your Ansible command has completed. your nodes or the participants in the Hyperledger Indy network should be up and running. We are working on a verification document for Hyperledger Indy. - -## Miscellaneous - -1. `./openssl.conf`: This is the configuration file used to generate the Root CA certificates for Indy-CA. - -2. If you want to reset the network, i.e. delete all created resources while setting up the Hyperledger Indy network, then run the following command from the root folder of the project: - ``` - # Call the shared playbook with `reset=true` which will first clean up the configuration (Helm, Kubernetes, Vault) and then reset the network - ansible-playbook platforms/shared/configuration/site.yaml -e "@/path/to/network-indy.yaml" -e "reset=true" - ``` - ``` - # Directly call the platform-specific reset playbook - ansible-playbook platforms/hyperledger-indy/cleanup.yaml -e "@/path/to/network-indy.yaml" - ``` -3. You can maintain separate `network.yaml`'s for separate environments (different amount of organizations, different configuration, etc.). - diff --git a/platforms/hyperledger-indy/configuration/cleanup.yaml b/platforms/hyperledger-indy/configuration/cleanup.yaml index 8fbfea10ccf..a0b5da8760c 100644 --- a/platforms/hyperledger-indy/configuration/cleanup.yaml +++ b/platforms/hyperledger-indy/configuration/cleanup.yaml @@ -7,12 +7,11 @@ ################################################## # Playbook to cleanup platform specific resources ################################################## + - hosts: ansible_provisioners gather_facts: no no_log: "{{ no_ansible_log | default(false) }}" tasks: - # ---------------------------------------------------------------------- - # Cleanup all organizations' vault indy crypto - name: Cleanup Vault indy crypto include_role: diff --git a/platforms/hyperledger-indy/configuration/deploy-network.yaml b/platforms/hyperledger-indy/configuration/deploy-network.yaml index 2e2252970f8..b622b0b5c92 100644 --- a/platforms/hyperledger-indy/configuration/deploy-network.yaml +++ b/platforms/hyperledger-indy/configuration/deploy-network.yaml @@ -227,11 +227,12 @@ - (organizationItem.type == 'peer') - (organizationItem.org_status is not defined or organizationItem.org_status == 'new') - (not add_new_org|bool or (add_new_org|bool and add_new_org_new_nyms_on_ledger_present|bool)) - - vars: #These variables can be overriden from the command line - install_os: "linux" #Default to linux OS - install_arch: "amd64" #Default to amd64 architecture - bin_install_dir: "~/bin" #Default to /bin install directory for binaries - add_new_org: false - add_new_org_network_trustee_present: true - add_new_org_new_nyms_on_ledger_present: true + + # These variables can be overriden from the command line + vars: + install_os: "linux" # Default to linux OS + install_arch: "amd64" # Default to amd64 architecture + bin_install_dir: "~/bin" # Default to /bin install directory for binaries + add_new_org: false # Default to false when not defined. + add_new_org_network_trustee_present: true # Default to true when not defined. + add_new_org_new_nyms_on_ledger_present: true # Default to true when not defined. diff --git a/platforms/hyperledger-indy/configuration/roles/check/crypto/README.md b/platforms/hyperledger-indy/configuration/roles/check/crypto/README.md deleted file mode 100644 index 4d0b7dd4351..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/check/crypto/README.md +++ /dev/null @@ -1,101 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## check/crypto -This role is checking if all crypto jobs are completed and all crypto data are in Vault. - -## Tasks: -### 1. Check if Indy Key management pod for trustee is completed -This task is waiting until job for all trustees in organization are completed. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_ns: A name of namespace' organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - component_name: A name of Crypto job. - -#### Input Variables: - - identity_name: A name of trustee in organization. - -#### Output Variables: - - result: It holds number of running pods. - -### 2. Check if Indy Key management pod for stewards is completed -This task is waiting until job for all stewards in organization are completed. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_ns: A name of namespace' organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - component_name: A name of Crypto job. - -#### Input Variables: - - identity_name: A name of steward in organization. - -#### Output Variables: - - result: It holds number of running pods. - -### 3. Check if Indy Key management pod for endorser is completed -This task is waiting until job for all endorsers in organization are completed. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_ns: A name of namespace' organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - component_name: A name of Crypto job. - -#### Input Variables: - - identity_name: A name of endorser in organization. - -#### Output Variables: - - result: It holds number of running pods. - -### 4. Check trustee in vault -This task check correct completion of job for crypto of trustee. -It reads a public did from trustee. - -#### Variables: - - vault_ac_token: Read-only token for getting public data from Vault. - - vault.url: Url address of Vault. - - organization: A organization's name. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault_ac_token }}* - -#### Output Variables: - - result: It holds result of check. If is empty then task is failed. - -### 5. Check stewards in vault -This task check correct completion of job for crypto of steward. -It reads a public did from steward. - -#### Variables: - - vault_ac_token: Read-only token for getting public data from Vault. - - vault.url: Url address of Vault. - - organization: A organization's name. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault_ac_token }}* - -#### Output Variables: - - result: It holds result of check. If is empty then task is failed. - -### 6. Check endorser in vault -This task check correct completion of job for crypto of endorser. -It reads a public did from endorser. - -#### Variables: - - vault_ac_token: Read-only token for getting public data from Vault. - - vault.url: Url address of Vault. - - organization: A organization's name. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault_ac_token }}* - -#### Output Variables: - - result: It holds result of check. If is empty then task is failed. diff --git a/platforms/hyperledger-indy/configuration/roles/check/crypto/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/check/crypto/tasks/main.yaml index 6571ddb9a73..591266c8869 100644 --- a/platforms/hyperledger-indy/configuration/roles/check/crypto/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/check/crypto/tasks/main.yaml @@ -8,8 +8,7 @@ # This role check trustee and stewards crypto in Vault ############################################################################################## -############################################################################################## - +# Set a variable - name: "Set component_name to a temporary variable for later use" set_fact: temp_component_name: "{{ component_name }}" @@ -27,7 +26,6 @@ loop_var: trusteeItem when: services.trustees is defined -############################################################################################## # Check if Indy Key management pod for stewards is completed - name: Check if Indy Key management pod for stewards is completed include_role: @@ -41,7 +39,6 @@ loop_var: stewardItem when: services.stewards is defined -############################################################################################## # Check if Indy Key management pod for endorser is completed - name: Check if Indy Key management pod for endorser is completed include_role: @@ -55,7 +52,6 @@ loop_var: endorserItem when: services.endorsers is defined -############################################################################################## # Check trustee in vault - name: "Check trustee in vault" environment: @@ -69,7 +65,6 @@ loop_var: trusteeItem when: services.trustees is defined -############################################################################################## # Check stewards in vault - name: "Check stewards in vault" environment: @@ -83,7 +78,6 @@ loop_var: stewardItem when: services.stewards is defined -############################################################################################## # Check endorser in vault - name: "Check endorser in vault" environment: diff --git a/platforms/hyperledger-indy/configuration/roles/check/k8_component/README.md b/platforms/hyperledger-indy/configuration/roles/check/k8_component/README.md deleted file mode 100644 index 9342e5ebabd..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/check/k8_component/README.md +++ /dev/null @@ -1,75 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## check/k8_component -This role is used for waiting to kubernetes component. - -## Tasks: -### 1. Wait for {{ component_type }} {{ component_name }} -This Task is stated when *component_type* is *Namespace*, *ClusterRoleBinding* or *StorageClass*. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_type: A type of component. - - component_name: A name of component. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes context from network.yaml file. - -#### Output Variables: - - component_data: It holds number of running kubernetes components. - -### 2. Wait for {{ component_type }} {{ component_name }} -This Task is stated when *component_type* is *ServiceAccount* or *ConfigMap*. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_type: A type of component. - - component_name: A name of component. - - component_ns: A namespace of organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes context from network.yaml file. - -#### Output Variables: - - component_data: It holds number of running kubernetes components. - -### 3. Wait for {{ component_type }} {{ component_name }} -This Task is stated when *component_type* is *Pod*. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_type: A type of component. - - component_name: A name of component. - - component_ns: A namespace of organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes context from network.yaml file. - -#### Output Variables: - - component_data: It holds number of running pods. - -### 4. Get a ServiceAccount token for {{ component_name }} -This task gets read-only Vault token via Kubernetes ServiceAccount -The task is started only when a variable *component_type* is *GetServiceAccount* - -#### Variables: - - component_name: A name of ServiceAccount for read-only access to Vault. - - component_ns: A namespace of organization. - -#### Input Variables: - - service_account: A name of ServiceAccount for read-only access to Vault. - - role: A name of read only role. By default is *ro* - -#### Output Variables: - - token_output: Read-only Vault token. - -### 5. Store token -This task create map for store read-only Vault token by organization. -Key is organization name and value is a token. -The task is started only when a variable *component_type* is *GetServiceAccount* - -#### Variables: - - token_output: A raw stored token from previous task. - -#### Output Variables: - - ac_vault_tokens: Map of read-only tokens by organization \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml index 7aab8133eb4..2441a097580 100644 --- a/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/check/k8_component/tasks/main.yaml @@ -34,6 +34,7 @@ register: token_output when: component_type == "GetServiceAccount" +# Store token - name: "Store token" set_fact: ac_vault_tokens: "{{ ac_vault_tokens | default({}) | combine( {organization: token_output.stdout} ) }}" diff --git a/platforms/hyperledger-indy/configuration/roles/check/validation/README.md b/platforms/hyperledger-indy/configuration/roles/check/validation/README.md deleted file mode 100644 index a9dc2db76d3..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/check/validation/README.md +++ /dev/null @@ -1,73 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## check/validation -This role checks for validation of network.yaml - -## Tasks: -### 1. Check Validation -Runs subtasks to validation of network.yaml -##### Variables: - - organizationItem: An organization item from network.yaml file. - - network: A variable represents content of network.yaml file. -##### Input Variables: - - trustees: A list of trustees service of current organization. - - endorsers: A list of endorsers service of current organization. - - stewards: A list of stewards service of current organization. - -#### 1.1 Counting Genesis Steward -Counts number of stewards defined in network.yaml file. -##### Input Variables: - - steward_count: A count of stewards. -##### Output Variables: - - steward_count: A count of stewards. - -#### 1.2 Set trustee count to zero -Resets counter of trustees to zero. -##### Input Variables: - - trustee_count: A count of trustees. - -#### 1.3 Counting trustees per Org -Counts number of trustees in current organization and also counts number of truetees in all organization. -##### Input Variables: - - trustee_count: A count of trustees in current organization. - - total_trustees: A count of trustees in all organizations. -##### Output Variables: - - trustee_count: A count of trustees in current organization. - - total_trustees: A count of trustees in all organizations. - -#### 1.4 Print error and end playbook if trustee count limit fails -Prints an error, when exits more then one trustee per organization. -##### Input Variables: - - trustee_count: A count of trustees in current organization. - -#### 1.5 Counting Endorsers -Counts number of endorsers of current organization. -##### Input Variables: - - endorser_count: A count of endorsers in current organization. -##### Output Variables: - - endorser_count: A count of endorsers in current organization. - -#### 1.6 Print error abd end playbook if endorser count limit fails -Prints an error, when exits more then one endorser per organization. -##### Input Variables: - - endorser_count: A count of endorsers in current organization. - -#### 1.7 Reset Endorser count -Resets counter of trustees to zero. -##### Input Variables: - - trustee_count: A count of trustees. - ---- -### 2. Print error and end playbook if genesis steward count limit fails -Prints an error, when count of stewards in all organizations is less then 4. -#### Input Variables: - - steward_count: A count of stewards of all organizations. - ---- -### 3. Print error and end playbook if total trustee count limit fails -Prints an error, when count of trustess in all organization is less then one. -#### Input Variables: - - total_trustees: A count of trustees of all organizations. \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/check_count.yaml b/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/check_count.yaml index 1c46d785741..3f90de962ae 100644 --- a/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/check_count.yaml +++ b/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/check_count.yaml @@ -4,33 +4,39 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +# Reset counters - name: Reset counters set_fact: trustee_count=0 steward_count=0 endorser_count=0 +# Counting Genesis Stewards - name: "Counting Genesis Stewards" set_fact: steward_count={{ steward_count|default(0)|int + 1 }} total_stewards={{ total_stewards|default(0)|int + 1 }} loop: "{{ stewards }}" +# Counting trustees per Org - name: "Counting trustees per Org" set_fact: trustee_count={{ trustee_count|default(0)|int + 1 }} total_trustees={{ total_trustees|default(0)|int + 1 }} loop: "{{ trustees }}" +# Print error and end playbook if trustee count limit fails - name: Print error and end playbook if trustee count limit fails debug: msg="The trustee count is {{ trustee_count }}. There should be max 1 trustee per organization." failed_when: trustee_count|int > 1 +# Counting Endorsers - name: "Counting Endorsers" set_fact: endorser_count={{ endorser_count|default(0)|int + 1 }} loop: "{{ endorsers }}" +# Print error abd end playbook if endorser count limit fails - name: Print error abd end playbook if endorser count limit fails debug: msg="The endorser count is {{ endorser_count }}. There should be max 1 endorser per organization." failed_when: endorser_count|int > 1 diff --git a/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/main.yaml index bd0611e41d1..aa4835adeaa 100644 --- a/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/check/validation/tasks/main.yaml @@ -4,20 +4,22 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +############################################################################################## # This role checks for validation of network.yaml # Conditions to be checked # At least 4 genesis stewards # Max 1 trustee per org # Max 1 endorser per org # At least one trustee per network.yaml +############################################################################################## -#---------------------------------------------------------------------- - +# Set variables - name: Set counters set_fact: total_stewards=0 total_trustees=0 +# Check Validation - name: "Check Validation" include_tasks: check_count.yaml vars: @@ -28,10 +30,12 @@ loop_control: loop_var: organizationItem +# Print error and end playbook if genesis steward count limit fails - name: Print error and end playbook if genesis steward count limit fails debug: msg="The total genesis steward count is {{ total_stewards }}. There should be at least 4 genesis stewards (in case of a fully Hyperledger Bevel-managed cluster)." failed_when: not add_new_org and total_stewards|int < 4 +# Print error and end playbook if total trustee count limit fails - name: Print error and end playbook if total trustee count limit fails debug: msg="The total trustee count is {{ total_trustees }}. There should be at least 1 trustee per network (in case of a fully Hyperledger Bevel-managed cluster)." failed_when: not add_new_org and total_trustees|int < 1 diff --git a/platforms/hyperledger-indy/configuration/roles/clean/vault/README.md b/platforms/hyperledger-indy/configuration/roles/clean/vault/README.md deleted file mode 100644 index 31ca237b914..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/clean/vault/README.md +++ /dev/null @@ -1,103 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## clean/vault -This role get vault root token for organization and remove Indy crypto from a Vault. - -### Tasks: -#### 1. Remove Indy Crypto of {{ organization }} -The task removes all generated crypto of current organization from a Vault. -##### Input Variables: - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. - - organization: A name of current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 2. Remove Policies of trustees -The task removes all policies of current organization's trustees from a Vault. -##### Input Variables: - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. - - organization: A name of current organization. - - serviceItem.name: A name of current trustee. - - services.trustees: A list of trustees in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 3. Remove Policies of stewards -The task removes all policies of current organization's stewards from a Vault. -##### Input Variables: - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. - - organization: A name of current organization. - - serviceItem.name: A name of current steward. - - services.stewards: A list of stewards in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 4. Remove Policies of endorsers -The task removes all policies off current organization's endorsers from a Vault. -##### Input Variables: - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. - - organization: A name of current organization. - - serviceItem.name: A name of current endorser. - - services.endorsers: A list of endorsers in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 5. Remove Policies of {{ organization }} -The task removes admin and ac policies of current organization from a Vault. -##### Input Variables: - - organization: A name of current organization. - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 6. Remove Kubernetes Authentication Methods of {{ organization }} -The task removes admin and ac Kubernetes Authentication Methods of current organization from a Vault. -##### Variables: - - auth_path: A name of Kubernetes Authentication Method. -##### Input Variables: - - organization: A name of current organization. - - vault.root_token: A root token of current organization inserted in network.yaml file. - - vault.url: An url of Vault defined in network.yaml file. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 7. Remove Kubernetes Authentication Methods of {{ organization }} of trustees -The task removes all Kubernetes Authentication Methods of current organization's trustees from a Vault. -##### Input Variables: - - organization: A name of current organization. - - vault.root_token: A root token of current organization inserted in network.yaml file. - - serviceItem.name: A name of current trustee. - - vault.url: An url of Vault defined in network.yaml file. - - services.trustees: A list of trustees in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 8. Remove Kubernetes Authentication Methods of {{ organization }} of stewards -The task removes all Kubernetes Authentication Methods of current organization's stewards from a Vault. -##### Input Variables: - - organization: A name of current organization. - - vault.root_token: A root token of current organization inserted in network.yaml file. - - serviceItem.name: A name of current steward. - - vault.url: An url of Vault defined in network.yaml file. - - services.stewards: A list of stewards in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. - -#### 9. Remove Kubernetes Authentication Methods of {{ organization }} of endorsers -The task removes all Kubernetes Authentication Methods of current organization's endorsers from a Vault. -##### Input Variables: - - organization: A name of current organization. - - vault.root_token: A root token of current organization inserted in network.yaml file. - - serviceItem.name: A name of current endorser. - - vault.url: An url of Vault defined in network.yaml file. - - services.endorsers: A list of endorsers in current organization. -##### Environment Variables: - - vault_token: A root token for Vault. \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/README.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/README.md deleted file mode 100644 index ed6a1956f09..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/README.md +++ /dev/null @@ -1,96 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/auth_job -This role create the job value file for creating Vault auth methods - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - component_type: Set, which type of k8s component may be created. - - component_name: Name of component. - -### 2. Get the kubernetes server url -This role get url address of Kubernetes server and store it into variable. - -#### Variables: - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Environment Variables: - - KUBERNETES_CONFIG_FILE: Kubernetes Config file from network.yaml by a variable *{{ kubernetes.config_file }}* - -#### Output Variables: - - kubernetes_server_url: Stored url address of Kubernetes server. - -### 3. Trustee vault policy and role generating -This task generate vault policy for all trustees in organization. -Value file of Helm release Job is stored. -This task uses template for generating Job. - -#### Input Variables: - - identity_name: Identity name of trustee. It uses a variable *{{ trusteeItem.name }}* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - - policy_path: A path of policy in Vault. - - policy_capabilities: Permissions of Vault policy. - - kubernetes_server: A kubernetes address. It uses a variable *kubernetes_server_url.stdout* - -#### Template: - - auth_job.tpl -### 4. Stewards vault policy and role generating -This task generate vault policy for all stewards in organization. -Value file of Helm release Job is stored. -This task uses template for generating Job. - -#### Input Variables: - - identity_name: Identity name of stewards. It uses a variable *{{ stewardItem.name }}* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - - policy_path: A path of policy in Vault. - - policy_capabilities: Permissions of Vault policy. - - kubernetes_server: A kubernetes address. It uses a variable *kubernetes_server_url.stdout* - -#### Template: - - auth_job.tpl - -### 5. Endorser vault policy and role generating -This task generate vault policy for all endorsers in organization. -Value file of Helm release Job is stored. -This task usesß template for generating Job. - -#### Input Variables: - - identity_name: Identity name of endorsers. It uses a variable *{{ endorserItem.name }}* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - - policy_path: A path of policy in Vault. - - policy_capabilities: Permissions of Vault policy. - - kubernetes_server: A kubernetes address. It uses a variable *kubernetes_server_url.stdout* - -#### Template: - - auth_job.tpl - -### 6. bevel-ac vault policy and role generating -This task generates bevel-ac vault policy value file. -The bevel-ac vault policy is for read-only data from Vault. - -#### Input Variables: - - identity_name: Identity name of policy. It uses *bevel-ac* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - - policy_path: A path of policy in Vault. - - policy_capabilities: Permissions of Vault policy. - - kubernetes_server: A kubernetes address. It uses a variable *kubernetes_server_url.stdout* - -#### Template: - - auth_job.tpl - -## Templates: - - auth_job.tpl - A template for creation Kubernetes Job to create auth methods in Vault. -## Vars: - - auth_job: auth_job.tpl \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/tasks/main.yaml index 5ef50e31cf8..e99cd5acc10 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/auth_job/tasks/main.yaml @@ -8,22 +8,19 @@ # This role creates the job value file for stewards ############################################################################################## -############################################################################################## -# This tasks ensures the directory of auth job existance, if not exits it creates a new one -- name: Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists +# Ensure the directory of auth job existance, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ release_dir }}/{{ component_type }}/{{ component_name }}" -############################################################################################## -# This tasks gets the kubernetes server url +# Get the kubernetes server url - name: Get the kubernetes server url shell: | KUBECONFIG={{ kubernetes.config_file }} kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " " register: kubernetes_server_url -############################################################################################## # Generate vault policy and role for trustee - name: Trustee vault policy and role generating template: @@ -41,7 +38,6 @@ loop_var: trusteeItem when: services.trustees is defined -############################################################################################## # Generate Indy vault policy and role for stewards - name: Stewards vault policy and role generating template: @@ -59,7 +55,6 @@ loop_var: stewardItem when: services.stewards is defined -############################################################################################## # Generate Indy vault policy and role for endorser - name: Endorser vault policy and role generating template: @@ -77,7 +72,6 @@ loop_var: endorserItem when: services.endorsers is defined -############################################################################################## # Generate Indy vault policy and role for bevel-ac - name: bevel-ac vault policy and role generating template: diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/README.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/README.md deleted file mode 100644 index 366b6a5dd96..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/README.md +++ /dev/null @@ -1,65 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/crypto -This role create the job value file for creating Hyperledger Indy Crypto - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - component_type: Set, which type of k8s component may be created. - - component_name: Name of component. - -### 2. Trustee crypto generating -This task generate crypto generator job for all trustees in organization. -Value file of Helm release Job is stored. -This task uses template for generating Job. - -#### Input Variables: - - identity_name: Identity name of trustee. It uses a variable *{{ trusteeItem.name }}* - - vault_path: Path in Vault of this identity. It uses *{{ organization }}.trustees* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - -#### Template: - - crypto-generate.tpl - -### 3. Stewards crypto generating -This task generate crypto generator job for all stewards in organization. -Value file of Helm release Job is stored. -This task uses template for generating Job. - -#### Input Variables: - - identity_name: Identity name of trustee. It uses a variable *{{ stewardsItem.name }}* - - vault_path: Path in Vault of this identity. It uses *{{ organization }}.stewards* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - -#### Template: - - crypto-generate.tpl - -### 4. Endorser crypto generating -This task generate crypto generator job for all endorsers in organization. -Value file of Helm release Job is stored. -This task uses template for generating Job. - -#### Input Variables: - - identity_name: Identity name of trustee. It uses a variable *{{ endorserItem.name }}* - - vault_path: Path in Vault of this identity. It uses *{{ organization }}.endorsers* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type }}/{{ component_name }}/{{ identity_name }}.yaml* - - chart: A chart name. It uses a variable *{{ chartName }}* - -#### Template: - - crypto-generate.tpl - -## Templates: - - crypto-generate.tpl - A template for creation Kubernetes Job to generate crypto into Vault. - -## Vars: - - crypto: crypto-generate.tpl \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/tasks/main.yaml index 781ad8729f3..25707930225 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/crypto/tasks/main.yaml @@ -10,14 +10,13 @@ --- ############################################################################################## -# This tasks ensures the directory of crypto existance, if not exits it creates a new one -- name: Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists +# Ensure the directory of crypto existance, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ release_dir }}/{{ component_type }}/{{ component_name }}" -############################################################################################## # Generate Indy Crypto for trustee - name: Trustee crypto generating template: @@ -34,7 +33,6 @@ loop_var: trusteeItem when: services.trustees is defined -############################################################################################## # Generate Indy Crypto for stewards - name: Stewards crypto generating template: @@ -51,7 +49,6 @@ loop_var: stewardItem when: services.stewards is defined -############################################################################################## # Generate Indy Crypto for endorser - name: Endorser crypto generating template: diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/README.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/README.md deleted file mode 100644 index c304c211d60..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/README.md +++ /dev/null @@ -1,92 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/domain_genesis -This role create the config map value file for storing domain genesis for Indy cluster. - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - gitops: A object, which contains data of organization's gitops from network.yaml file. - - component_name: Name of component. - -### 2. Generate domain genesis for organization -This task generate domain genesis with data from crypto, which is in Vault. -This task need bevel-ac token for getting public data from Vault. -The result is domain genesis transactions, which define initial trusted trustees and stewards. -(Each ledger may have pre-defined transactions defining the initial pool and network.) - -#### Genesis transaction structure -```json -{ - "reqSignature":{}, - "txn":{ - "data":{ - "alias": <...>, - "dest": <...>, - "role": "0", - "verkey": <...> - }, - "metadata":{ - "from": <...> - }, - "type": "1" - }, - "txnMetadata":{ - "seqNo": <...> - }, - "ver": "1" -} -``` -- reqSignature (dict): Submitter's signature over request with transaction. -- txn (dict): Transaction-specific payload (data) - - data (dict): Transaction-specific data fields - - alias (string): NYM's alias - - desc (base58-encoded string): Target DID as base58-encoded string for 16 or 32 byte DID value. It may differ from the from metadata field, where from is the DID of the submitter. If they are equal (in permissionless case), then transaction must be signed by the newly created verkey.
Example: from is a DID of a Endorser creating a new DID, and dest is a newly created DID. - - role (enum number as integer): "0" == TRUSTEE - - verkey (base58-encoded string): Target verification key as base58-encoded string. - - metadata (dict): Metadata as came from the request - - from (base58-encoded string): Identifier (DID) of the transaction author as base58-encoded string for 16 or 32 bit DID value. - - type (enum number as string): "1" == NYM transaction -- txnMetadata (dict): - - seqNo (integer): A unique sequence number of the transaction on Ledger -- ver (string): Transaction version to be able to evolve content. The content of all sub-fields may depend on this version. - - -#### Variables: - - ac_vault_tokens - A map of bevel-ac tokens, which are stored by organization's name. - - organization.vault.url - A url address of Vault for a organization. - - organization.name - An organization name. - -#### Output Variables: - - domain_genesis: A variable, which contains generated domain genesis. - -### 3. create value file for {{ component_name }} {{ component_type }} -This task generate config map for domain genesis of Indy cluster. -Value file of Helm release Config Map is stored. -This task uses template for generating Config Map. - -#### Input Variables: - - organization: A name of organization. - - component_ns: A name of organization's namespace. - - gitops: A object, which contains data of organization's gitops from network.yaml file. - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - component_name: A name of config map. It uses *{{ organizationItem.name }}-dtg* - - domain_genesis_values: A variable, which contains domain genesis. It uses a variable *domain_genesis.stdout* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_name }}/{{ component_type }}.yaml* - - chart: A chart name. Default value is *indy-domain-genesis* - -#### Template: - - domain-genesis.tpl - -## Templates: - - domain_genesis.tpl: A template for creation Kubernetes ConfigMap to store domain genesis for a cluster. - -## Vars: - - domain_genesis: domain_genesis.tpl \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/tasks/main.yaml index 62924fac2bf..e1f14a9cd4b 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/domain_genesis/tasks/main.yaml @@ -7,10 +7,10 @@ ############################################################################################## # This role creates the domain genesis file for organization ############################################################################################## + --- -############################################################################################## -# This tasks ensures the directory of ConfigMap existance, if not exits it creates a new one -- name: Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists +# Ensure the directory of ConfigMap existance, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists vars: organization: "{{ organizationItem.name|lower }}" component_name: "{{ organization }}-dtg" @@ -23,8 +23,7 @@ loop_control: loop_var: organizationItem -################################################################################################ -# This tasks gets data from vault +# Get data from vault - name: Generate domain genesis for organization args: executable: /bin/bash @@ -119,18 +118,19 @@ local_action: copy content="{{ domain_genesis.stdout }}" dest="{{ network.genesis.domain }}" when: network.genesis.state == 'absent' +# Set domain_genesis_values when state is absent - name: Set domain_genesis_values when state is absent set_fact: domain_genesis_values: "{{ domain_genesis.stdout }}" when: network.genesis.state == 'absent' +# Set domain_genesis_values when state is present - name: Set domain_genesis_values when state is present set_fact: domain_genesis_values: "{{ lookup('file', '{{ network.genesis.domain }}') }}" when: network.genesis.state == 'present' -# ################################################################################################ -# This task creates vaules file for domain genesis config map. +# create vaule file for domain genesis config map. - name: "create value file for {{ component_name }} {{ component_type }}" template: src: "{{ dlt_templates[component_type] }}" diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/Readme.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/Readme.md deleted file mode 100644 index 9dcb1ebb903..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/Readme.md +++ /dev/null @@ -1,72 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/ledger_txn -This role create the job value file for Indy NYM ledger transactions - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - component_type: Set, which type of k8s component may be created. - - component_name: Name of component. - -### 2. Create HelmRelease file -This role calls a nested role for HelmRelease Template generation. - -#### Variables: - - identity_name: Name to Identity(Endorser) for which the value file generated. - - admin_name: AdminIdentity name. - - role: Auth role for the new Identity to be added. - --------------------------------------------------------------------------------- -### nested_main. - -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists - -### 2. Get identity data from vault -This task gets the identity data from vault. -It gets the details of admin did, admin verkey as well as the endorser did and the endorser verkey from the vault. - -### 3. Inserting file into Variable -This task inserts generated yaml file into a variable. -#### Input Variables: - - data.yaml: A yaml file, which consists of identity data. -#### Output Variables: - - file_var: A yaml file, which consists of identity data. - -### 4. create value file for {{ new_component_name }} {{ component_type }} -This task creates the value file from the template. - -#### Input Variables: - - identity_name: Identity name of endorser. - - new_component_name: new Identity's organization name. - - chart: Chart name for NYm ledger transaction - - auth-path: Kubernetes Auth Path. - -#### Template: - - ledger_txn.tpl - This is the template used for creating the value file. It replaces the `{{ variable }}` with its values to generate the final value file. - -### 5. Delete file -This task removes yaml file, which constits of identity data. -#### Input Variables: -- data.yaml: A yaml file, which consists of identity data. - -### 6. Helm lint -This task tests the value file for syntax errors/ missing values -#### Input Variables: - - playbook_dir: A path of playbook directory. - - component_type: A type of component, which will be generated. - - gitops.chart_source: A path of directory where are charts stored. - - new_component_name: A name of component. - - identity_name: A name of identity. -#### Variables: - - helmtemplate_type: A type of component, which will be generated. - - chart_path: A path of directory where are charts stored. - - value_file: A path of generated value file. \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/main.yaml index 02d8f5dc348..cb0c86e912e 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/main.yaml @@ -8,14 +8,14 @@ # This role creates the ledger txn value file for identities ############################################################################################## -############################################################################################## -# This tasks ensures the directory of crypto existance, if not exits it creates a new one -- name: Ensures {{ release_dir }}/{{ component_type }} dir exists +# Ensure the directory of crypto existance, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ component_type }} dir exists include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ release_dir }}/{{ component_type }}/" +# Create HelmRelease file - name: Create HelmRelease file include_tasks: nested_main.yaml vars: diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/nested_main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/nested_main.yaml index a97c03e89ef..b28aee47e17 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/nested_main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/ledger_txn/tasks/nested_main.yaml @@ -4,8 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -################################################################################################ -# This tasks gets data from vault +# Get data from vault - name: Get identity data from vault shell: | rm data.yaml @@ -35,14 +34,14 @@ echo "${identity_data}" >> data.yaml register: identity_data +# Inserting file into Variable - name: "Inserting file into Variable" include_vars: file: data.yaml name: file_var -############################################################################################## -# This task creates deployment file for new identities. -- name: "create value file for {{ new_component_name }} {{ component_type }}" +# Create deployment file for new identities. +- name: "Create value file for {{ new_component_name }} {{ component_type }}" template: src: "{{ dlt_templates[component_type] }}" dest: "{{ values_file }}" @@ -57,7 +56,7 @@ rm data.yaml ################################################################################################ -# This task tests the value file for syntax errors/ missing values +# Test the value file for syntax errors/ missing values # This is done by calling the helm_lint role and passing the value file parameter # When a new k8_component is added, changes should be made in helm_lint role as well - name: Helm lint diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/README.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/README.md deleted file mode 100644 index 9bf18f00409..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/README.md +++ /dev/null @@ -1,38 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/node -This role creates value file for Helm Release of stewards. - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - gitops: A object, which contains data of organization's gitops from network.yaml file. - - component_name: A name of component. - -### 2. create value file for {{ component_name }} {{ component_type }} -This task creates value file for Helm Release of stewards from template. - -#### Variables: - - component_name: A name of component. - - component_type: A type of component. - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - -#### Input Variables: - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_name }}/{{ component_type }}.yaml* - - chart: A name of chart. It uses *indy-node* - -#### Template - - node.tpl - -## Templates: - - node.tpl: A template for generate value file for Helm Release of Stewards - -## Vars: - - node: node.tpl \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/tasks/main.yaml index 71da8ff6d4b..7d7610cd5ff 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/node/tasks/main.yaml @@ -8,18 +8,16 @@ # This role creates the job value file for stewards ############################################################################################## -############################################################################################## -# This tasks ensures the directory existance, if not exits it creates a new one --- -- name: Ensures {{ release_dir }}/{{ organization }}/{{ component_name }} dir exists +# Ensure the directory existance, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ organization }}/{{ component_name }} dir exists include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ release_dir }}/{{ organization }}/{{ component_name }}" -############################################################################################## -# This task creates deployment file for stewards. -- name: "create value file for {{ component_name }} {{ component_type }}" +# Create deployment file for stewards. +- name: "Create value file for {{ component_name }} {{ component_type }}" template: src: "{{ dlt_templates[component_type] }}" dest: "{{ values_file }}" @@ -28,7 +26,7 @@ chart: "indy-node" ################################################################################################ -# This task tests the value file for syntax errors/ missing values +# Test the value file for syntax errors/ missing values # This is done by calling the helm_lint role and passing the value file parameter # When a new k8_component is added, changes should be made in helm_lint role as well # - name: Helm lint diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/README.md b/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/README.md deleted file mode 100644 index bfc2feb67e1..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/README.md +++ /dev/null @@ -1,103 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/helm_component/pool_genesis -This role create the config map value file for storing pool genesis for Indy cluster. - -## Tasks: -### 1. Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists -This task ensure, that release folder for value file exists. -It the folder doesn't exist, then creates them. - -#### Variables: - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - gitops: A object, which contains data of organization's gitops from network.yaml file. - - component_name: Name of component. - -### 2. Generate pool genesis for organization -This task generate pool genesis with data from crypto, which is in Vault. -This task need bevel-ac token for getting public data from Vault. -The result is pool genesis transactions, which define initial trusted nodes in the pool. -(Each ledger may have pre-defined transactions defining the initial pool and network.) - -#### Genesis transaction structure -```json -{ - "reqSignature":{}, - "txn":{ - "data":{ - "data":{ - "alias":$alias, - "blskey":$blskey, - "blskey_pop":$blskey_pop, - "client_ip":$client_ip, - "client_port":$client_port|tonumber, - "node_ip":$node_ip, - "node_port":$node_port|tonumber, - "services":[$type] - }, - "dest":$dest - }, - "metadata":{ - "from":$from - }, - "type":"0" - }, - "txnMetadata":{ - "seqNo":$seqNo|tonumber, - "txnId":$txnId - }, - "ver":"1" -} -``` -- reqSignature (dict): Submitter's signature over request with transaction. -- txn (dict): Transaction-specific payload (data) - - data (dict): Transaction-specific data fields - - alias (string): Node's alias - - blskey (base58-encoded string): BLS multi-signature key as base58-encoded string (it's needed for BLS signatures and state proofs support) - - blskey_pop: specifies Proof of possession for BLS key - - client_ip (string): Node's client listener IP address, that is the IP clients use to connect to the node when sending read and write requests. - - client_port (string): Node's client listener port, that is the port clients use to connect to the node when sending read and write requests. - - node_ip (string): The IP address other Nodes use to communicate with this Node; no clients are allowed here. - - node_port (string): The port other Nodes use to communicate with this Node; no clients are allowed here. - - services (array of strings): the service of the Node. VALIDATOR is the only supported one now. - - metadata (dict): Metadata as came from the request - - from (base58-encoded string): Identifier (DID) of the transaction author as base58-encoded string for 16 or 32 bit DID value. - - type (enum number as string): "0" == NODE -- txnMetadata (dict): - - seqNo (integer): A unique sequence number of the transaction on Ledger -- ver (string): Transaction version to be able to evolve content. The content of all sub-fields may depend on this version. - -#### Variables: - - ac_vault_tokens - A map of bevel-ac tokens, which are stored by organization's name. - - organization.vault.url - A url address of Vault for a organization. - - organization.name - An organization name. - -#### Output Variables: - - pool_genesis: A variable, which contains generated pool genesis. - -### 3. create value file for {{ component_name }} {{ component_type }} -This task generate config map for pool genesis of Indy cluster. -Value file of Helm release Config Map is stored. -This task uses template for generating Config Map. - -#### Input Variables: - - organization: A name of organization. - - component_ns: A name of organization's namespace. - - gitops: A object, which contains data of organization's gitops from network.yaml file. - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - component_name: A name of config map. It uses *{{ organizationItem.name }}-ptg* - - pool_genesis_values: A variable, which contains pool genesis. It uses a variable *pool_genesis.stdout* - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_name }}/{{ component_type }}.yaml* - - chart: A chart name. Default value is *indy-pool-genesis* - -#### Template: - - pool-genesis.tpl - -## Templates: - - pool_genesis.tpl: A template for creation Kubernetes ConfigMap to store pool genesis for a cluster. - -## Vars: - - pool_genesis: pool_genesis.tpl \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/tasks/main.yaml index 7a9eace957c..0737033ec83 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/helm_component/pool_genesis/tasks/main.yaml @@ -7,10 +7,10 @@ ############################################################################################## # This role creates the pool genesis file for organization ############################################################################################## + --- -############################################################################################## -# This tasks ensures the directory of ConfigMap existence, if not exits it creates a new one -- name: Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists +# Ensure the directory of ConfigMap existence, if not exits it creates a new one +- name: Ensure {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists vars: organization: "{{ organizationItem.name }}" component_name: "{{ organization }}-ptg" @@ -23,8 +23,7 @@ loop_control: loop_var: organizationItem -################################################################################################ -# This tasks gets data from vault +# Get data from vault - name: Generate pool genesis for organization args: executable: /bin/bash @@ -77,19 +76,20 @@ local_action: copy content="{{ pool_genesis.stdout }}" dest="{{ network.genesis.pool }}" when: network.genesis.state == 'absent' +# Set pool_genesis_values when state is absent - name: Set pool_genesis_values when state is absent set_fact: pool_genesis_values: "{{ pool_genesis.stdout }}" when: network.genesis.state == 'absent' +# Set pool_genesis_values when state is present - name: Set pool_genesis_values when state is present set_fact: pool_genesis_values: "{{ lookup('file', '{{ network.genesis.pool }}') }}" when: network.genesis.state == 'present' -# ################################################################################################ -# This task creates values file for pool genesis config map. -- name: "create value file for {{ component_name }} {{ component_type }}" +# Create values file for pool genesis config map. +- name: "Create value file for {{ component_name }} {{ component_type }}" template: src: "{{ dlt_templates[component_type] }}" dest: "{{ values_file }}" diff --git a/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/README.md b/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/README.md deleted file mode 100644 index 906526b7124..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/README.md +++ /dev/null @@ -1,35 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - - -## create/imagepullsecret -This role creates secret in Kubernetes for pull docker images from repository. - -## Tasks: -### 1. Check for ImagePullSecret for {{ organization }} -This task check if secret of organization exists in Kubernetes. -The task uses k8s_info Ansible role. - -#### Variables: - - organization: A name of organization. - - component_ns: A name of organization's namespace. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes contex from network.yaml file. - -#### Output Variables: - - secret_present: There is stored, if secret exists. - -### 2. Create the docker pull registry secret for {{ component_ns }} -This task create a new secret of organization in Kubernetes cluster, when doesn't exist. - -#### Variable: - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - component_ns: A name of organization's namespace. - - network.docker.url: Url address of Docker repository. It is defined in network.yaml file. - - network.docker.username: A username of Docker repository user. It is defined in network.yaml file. - - network.docker.password: A password of Docker repository user. It is defined in network.yaml file. - -#### Input Variables: - - secret_present: A variable, which contains of secret's existence in Kubernetes cluster. \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/tasks/main.yaml index bde101f3dea..e9fadf032b6 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/imagepullsecret/tasks/main.yaml @@ -5,8 +5,7 @@ ############################################################################################## -# This role creates the docker pull registry secret within each namespace -########################################################################################## +# Create the docker pull registry secret within each namespace - name: "Check for ImagePullSecret for {{ organization }}" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup" @@ -14,10 +13,12 @@ component_name: "{{ component_ns }}" check: "docker_credentials" -- name: "register the result of docker cred check" +# Register the result of docker cred check +- name: "Register the result of docker cred check" set_fact: secret_present: "{{ get_regcred }}" - + +# Create the docker pull registry secret - name: Create the docker pull registry secret for {{ component_ns }} shell: | KUBECONFIG={{ kubernetes.config_file }} kubectl create secret -n {{ component_ns }} docker-registry regcred --docker-server={{ network.docker.url }} --docker-username={{ network.docker.username }} --docker-password={{ network.docker.password }} --docker-email="test@abc.mail" diff --git a/platforms/hyperledger-indy/configuration/roles/create/k8_component/README.md b/platforms/hyperledger-indy/configuration/roles/create/k8_component/README.md deleted file mode 100644 index ec007b1cf7c..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/k8_component/README.md +++ /dev/null @@ -1,47 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/k8_component -this role create value file for kubernetes component by inserted type. - -## Tasks: -### 1. Ensures {{ component_type_name }} dir exists -This task check if value file of kubernetes component exists in release directory. - -#### Variables: - - component_type_name: A variable for grouping data by type, name or organization. - - release_dir: Release directory, where are stored generated files for gitops. - -### 2. create {{ component_type }} file for {{ component_type_name }} -This task create a value file of kubernetes component. -Type of Kubernetes component is selected by variable *type* and then it is find in templates. - -#### Variables: - - component_type: A type of kubernetes component. - - component_type_name: A variable for grouping data by type, name or organization. - - release_dir: Release directory, where are stored generated files for gitops. - -#### Input Variables: - - values_file: Path for output value file. It uses *{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml* - - type: A type of kubernetes component. - -## Templates: - - admin_cluster_role_binding.tpl: A template for create an admin ClusterRoleBinding component. - - aws_storageclass.tpl: A template for create a StorageClass when provider is AWS - - cluster_role_binding.tpl: A template for create a ClusterRoleBinding component. - - default.tpl: A default template. - - eks_storageclass.tpl: A template for create a StorageClass when provider is EKS. - - mini_storageclass.tpl: A template for create a StorageClass when provider is MiniKube. - - namespace_component.tpl: A template for create Namespace Kubernetes component. - - serviceaccount.tpl: A template for create ServiceAccount Kubernetes component. - -## Vars - - namespace: namespace_component.tpl - - service-account: serviceaccount.tpl - - cluster-role-binding: cluster_role_binding.tpl - - admin-cluster-role-binding: admin_cluster_role_binding.tpl - - aws-baremetal-storageclass: aws_storageclass.tpl - - aws-storageclass: eks_storageclass.tpl - - minikube-storageclass: mini_storageclass.tpl diff --git a/platforms/hyperledger-indy/configuration/roles/create/k8_component/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/k8_component/tasks/main.yaml index 3a16723ca54..e95cc3821d3 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/k8_component/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/k8_component/tasks/main.yaml @@ -8,18 +8,15 @@ # This role generates value files for various k8 components ############################################################################################# - -############################################################################################ -# This task ensures that the directory exists for each entity, if not, it creates them -- name: Ensures {{ component_type_name }} dir exists +# Ensure that the directory exists for each entity, if not, it creates them +- name: Ensure {{ component_type_name }} dir exists include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory" vars: path: "{{ release_dir }}/{{ component_type_name }}" -############################################################################################ -# This task creates the value file for the k8 components -- name: "create {{ component_type }} file for {{ component_type_name }}" +# Create the value file for the k8 components +- name: "Create {{ component_type }} file for {{ component_type_name }}" template: src: "{{ k8_templates[type] | default('default.tpl') }}" dest: "{{ values_file }}" diff --git a/platforms/hyperledger-indy/configuration/roles/create/namespace/README.md b/platforms/hyperledger-indy/configuration/roles/create/namespace/README.md deleted file mode 100644 index 3bbdadc04e7..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/namespace/README.md +++ /dev/null @@ -1,36 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/namespace -This role create value files for namespace. - -## Tasks: -### 1. Check namespace is created -This task check if namespace exists in Kubernetes cluster. -It uses k8s_info Ansible role. - -#### Variables: - - component_name: A name of namespace. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes contex from network.yaml file. - -#### Output Variables: - - get_namespace: A variables, which stores status if namespace exists or not. - -### 2. Create namespaces -This task create a value file of namespace if namespace doesn't exist in Kubernetes cluster. -It calls role *create/k8_component*. - -#### Input Variables: - - component_type: A variable for select, which Kubernetes component may be created. Default value is *namespace* - -### 3. Git Push -This task push a value file into remote branch. -It calls role *{{ playbook_dir }}/../../shared/configuration/roles/git_push* - -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit diff --git a/platforms/hyperledger-indy/configuration/roles/create/namespace/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/namespace/tasks/main.yaml index 46f7ca058a8..001241ccc72 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/namespace/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/namespace/tasks/main.yaml @@ -21,8 +21,7 @@ set_fact: get_namespace: "{{ result }}" -############################################################################################ -# This task creates the value file of Namespace for Organizations +# Create the value file of Namespace for Organizations - name: Create namespaces include_role: name: create/k8_component @@ -30,8 +29,7 @@ component_type: "namespace" when: get_namespace.resources|length == 0 -############################################################################################ -#Git Push : Pushes the above generated files to git directory +# Git Push : Push the above generated files to git directory - name: Git Push include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/by_identities/README.md b/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/by_identities/README.md deleted file mode 100644 index d8de7ebdc0a..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/by_identities/README.md +++ /dev/null @@ -1,81 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/serviceaccount/by_identities -This role create a value files for service accounts and cluster role bindings by identity name. - -## Tasks: -### 1. Check if service account for {{ component_name }} exists -This task checks if current service account exists in Kubernetes cluster. - -#### Variables: - - component_name: A name of service account. - - component_namespace: A name of organization's namespace. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Output Variables: - - serviceaccount_state: A values, in which is stored status of service account existence. - -### 2. Create service account for {{ component_name }} -This task creates a value file of ServiceAccount. -It calls role *create/k8_component* -The value file is created, when a Service Account doesn't exist in Kubernetes cluster. - -#### Variables: - - component_name: A name of Service Account. - -#### Input Variables: - - component_type: A type of Kubernetes components. It is set up to *service-account* - - component_type_name: A type for grouping by name. It uses a variable *component_name* - -### 3. Check cluster role binding for {{ component_name }} -This task checks if current ClusterRoleBinding exists in Kubernetes cluster. - -#### Variables: - - component_name: A name of ClusterRoleBinding. - - component_namespace: A name of organization's namespace. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Output Variables: - - clusterrolebinding_state: A values, in which is stored status of ClusterRoleBinding existence. - -### 4. Get component_name to var -This task save component name into variable for checking in last task. - -#### Variables: - - component_name: A name of component. - -#### Output Variables: - - component_name_var: Stored component name. - -### 5. Get organization and admin string to var -This task create name joining organization name with admin-vault-auth for comparing in last task. - -#### Variables: - - organization: An organization name. - -#### Output Variables: - - organization_admin_var: Stored a new name of component. - -### 6. Create cluster role binding for {{ component_name }} -This task creates a value file of ClusterRoleBinding. -It calls role *create/k8_component* -The value file is created, when a ClusterRoleBinding doesn't exist in Kubernetes cluster. - -#### Variables: - - component_name: A name of ClusterRoleBinding. - -#### Input Variables: - - component_type: A type of Kubernetes components. It is set up to *cluster-role-binding* - - component_type_name: A type for grouping by name. It uses a variable *component_name* - -### 7. Create admin cluster role binding for {{ component_name }} -This task create ClusterRoleBinding for admin ServiceAccount per organization, no per identity. -This task starts only when variables *organization_admin_var* and *component_name_var* have the same value (name of components). -It calls role *create/k8_component* - -#### Input Variables: - - component_type: A type of Kubernetes components. It is set up to *admin-cluster-role-binding* - - component_type_name: A type for grouping by name. It uses a variable *component_name* \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/main/README.md b/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/main/README.md deleted file mode 100644 index ea7a0a1ecb8..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/main/README.md +++ /dev/null @@ -1,127 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/serviceaccount/main -This role creates value files of all needed Service Accounts and ClusterRoleBindings of organization. - -## Tasks: -### 1. Create service account for trustees [{{ organization }}] -This task creates a value file of ServiceAccount for trustees. -It calls role *create/serviceaccount/by_identities*. - -#### Variables: - - organization: A name of organization. - -#### Input Variables: - - component_namespace: A namespace of organization. - - component_name: A name of ServiceAccount. By default it is *{{ organization }}-{{ trusteeItem.name }}-vault-auth* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}* - -### 2. Create service account for stewards [{{ organization }}] -This task creates a value file of ServiceAccount for stewards. -It calls role *create/serviceaccount/by_identities*. - -#### Variables: - - organization: A name of organization. - -#### Input Variables: - - component_namespace: A namespace of organization. - - component_name: A name of ServiceAccount. By default it is *{{ organization }}-{{ stewardItem.name }}-vault-auth* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}* - -### 3. Create service account for endorsers [{{ organization }}] -This task creates a value file of ServiceAccount for endorsers. -It calls role *create/serviceaccount/by_identities*. - -#### Variables: - - organization: A name of organization. - -#### Input Variables: - - component_namespace: A namespace of organization. - - component_name: A name of ServiceAccount. By default it is *{{ organization }}-{{ endorserItem.name }}-vault-auth* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}* - -### 4. Create service account for organization [{{ organization }}] -This task creates a value file of ServiceAccount for organization. -It calls role *create/serviceaccount/by_identities*. - -#### Variables: - - organization: A name of organization. - -#### Input Variables: - - component_namespace: A namespace of organization. - - component_name: A name of ServiceAccount. By default it is *{{ organization }}-admin-vault-auth* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}* - -### 5. Create service account for read only public crypto [{{ organization }}] -This task creates a value file of read-only ServiceAccount for organization. -This ServiceAccount is used for reading public data from Indy Crypto saved in Vault. -It calls role *create/serviceaccount/by_identities*. - -#### Variables: - - organization: A name of organization. - -#### Input Variables: - - component_namespace: A namespace of organization. - - component_name: A name of ServiceAccount. By default it is *{{ organization }}-bevel-ac-vault-auth* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}* - -### 6. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit - -### 7. Waiting for trustees accounts and cluster binding roles -This task is waiting for creating ServiceAccount and ClusterRoleBinding for trustees -It calls role *create/serviceaccount/waiting*. - -#### Variables: - - organization: A organization name. - -#### Input Variables: - - name: A name of ServiceAccount and ClusterRoleBinding. By default is *{{ organization }}-{{ trusteeItem.name }}* - -### 8. Waiting for stewards accounts and cluster binding roles -This task is waiting for creating ServiceAccount and ClusterRoleBinding for stewards -It calls role *create/serviceaccount/waiting*. - -#### Variables: - - organization: A organization name. - -#### Input Variables: - - name: A name of ServiceAccount and ClusterRoleBinding. By default is *{{ organization }}-{{ stewardItem.name }}* - -### 9. Waiting for endorsers accounts and cluster binding roles -This task is waiting for creating ServiceAccount and ClusterRoleBinding for endorsers -It calls role *create/serviceaccount/waiting*. - -#### Variables: - - organization: A organization name. - -#### Input Variables: - - name: A name of ServiceAccount and ClusterRoleBinding. By default is *{{ organization }}-{{ endorserItem.name }}* - -### 10. Waiting for organization accounts and cluster binding roles -This task is waiting for creating ServiceAccount and ClusterRoleBinding for organization -It calls role *create/serviceaccount/waiting*. - -#### Variables: - - organization: A organization name. - -#### Input Variables: - - name: A name of ServiceAccount and ClusterRoleBinding. By default is *{{ organization }}-admin* - -### 11. Waiting for organization read only account and cluster binding role -This task is waiting for creating read-only ServiceAccount and ClusterRoleBinding for organization -It calls role *create/serviceaccount/waiting*. - -#### Variables: - - organization: A organization name. - -#### Input Variables: - - name: A name of ServiceAccount and ClusterRoleBinding. By default is *{{ organization }}-bevel-ac* diff --git a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/README.md b/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/README.md deleted file mode 100644 index 06bf8ad92dd..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/README.md +++ /dev/null @@ -1,34 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/serviceaccount/waiting -This role is waiting for create inserted ServiceAccounts or ClusterRoleBinding. - -## Tasks: -### 1. Wait for creation for service account -This task is waiting for creation ServiceAccount -It calls role *check/k8_component* - -#### Variables: - - name: A name of component. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Input Variables: - - component_type: A type of kubernetes component. Default is *ServiceAccount*. - - component_name: A component name, where adds *-vault-auth* suffix to value of variable *name*. - - kubeconfig: Kubernetes config file from network.yaml file. - -### 2. Wait for creation for cluster role binding -This task is waiting for creation ClusterRoleBinding -It calls role *check/k8_component* - -#### Variables: - - name: A name of component. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Input Variables: - - component_type: A type of kubernetes component. Default is *ClusterRoleBinding*. - - component_name: A component name, where adds *-vault-auth-role-binding* suffix to value of variable *name*. - - kubeconfig: Kubernetes config file from network.yaml file. diff --git a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/tasks/main.yaml index 39aada9630f..b314e4ff309 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/serviceaccount/waiting/tasks/main.yaml @@ -4,6 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## +# Wait for creation for service account - name: "Wait for creation for service account" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -13,6 +14,7 @@ kubeconfig: "{{ kubernetes.config_file }}" type: "retry" +# Wait for creation for cluster role binding - name: "Wait for creation for cluster role binding" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" diff --git a/platforms/hyperledger-indy/configuration/roles/create/storageclass/README.md b/platforms/hyperledger-indy/configuration/roles/create/storageclass/README.md deleted file mode 100644 index 4531a27bbce..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/create/storageclass/README.md +++ /dev/null @@ -1,53 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## create/storageclass -This role creates a value file of StorageClass - -## Tasks: -### 1. Check if storageclass exists -This task check if StorageClass exists in Kubernetes Cluster. -It uses *k8s_info* Ansible role. - -#### Variables: - - storageclass_name: A name of StorageClass. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Output Variables: - - storageclass_state: It holds state of StorageClass existence. - -### 2. Create storageclass -This task creates a value file of StorageClass. -It calls role *create/k8_component* -The value file is created, when StorageClass is missing in Kubernetes cluster. - -#### Variable: - - storageclass_name: A name of StorageClass. - - organization: A name of organization. - -#### Input Variables: - - component_type: A type of StorageClass. It may be append with provider (AWS, EKS, Minikube) - - component_type_name: A type for grouping in release dir. By default is *{{ organization }}* - - release_dir: Release directory, where are stored generated files for gitops. By default is *{{ playbook_dir }}/../../../{{ gitops.release_dir }}* - -### 3. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit - -### 4. Wait for Storageclass creation for {{ component_name }} -This task is waiting for creation StorageClass. -It calls role *check/k8_component*. -It starts when StorageClass missing in Kubernetes cluster. - -#### Variables: - - kubernetes.config_file: Kubernetes config file from network.yaml file. - -#### Input Variables: - - component_type: A type of kubernetes component. By default is *StorageClass* - - kubeconfig: Kubernetes config file from network.yaml file. \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/create/storageclass/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/create/storageclass/tasks/main.yaml index 7d37f60ad33..52ecbd14f9f 100644 --- a/platforms/hyperledger-indy/configuration/roles/create/storageclass/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/create/storageclass/tasks/main.yaml @@ -20,7 +20,8 @@ component_type: StorageClass # register: storageclass_state -- name: "Set Variable" +# Set a variable to cature the presence or absence of a StorageClass +- name: "Set variable" set_fact: storageclass_state: "{{ result }}" @@ -42,6 +43,7 @@ GIT_DIR: "{{ playbook_dir }}/../../../" msg: "[ci skip] Pushing deployment file for storageclass" +# Wait for Storageclass creation - name: "Wait for Storageclass creation for {{ component_name }}" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" diff --git a/platforms/hyperledger-indy/configuration/roles/setup/auth_job/README.md b/platforms/hyperledger-indy/configuration/roles/setup/auth_job/README.md deleted file mode 100644 index 3c52dcba176..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/auth_job/README.md +++ /dev/null @@ -1,35 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/auth_job -This role generates Helm releases of kubernetes jobs, which create Auth Methods into HashiCorp Vault for getting Vault token by Kubernetes Service Accounts - -## Tasks: -### 1. Wait for namespace creation for stewards -This task checking if namespaces for stewards of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create auth_job of stewards, trustee and endorser -This task creates Helm releases of kubernetes jobs, which create Auth Methods for stewards, trustee and endorser in Vault -This task calls role from *create/helm_component/auth_job* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *auth_job*. - - component_name: Name of component, which it may check. It use a variable {{ organization }} - - chartName: Name of Chart, which will be used. Default value *indy-auth-job* - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} -### 3. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit -### 4. Check if auth job finished correctly -This task checks for creating Auth Methods in Vault. -This task calls role *check/auth_job* -#### Input Variables: -This task doesn't use input variables on this place, please check role *check/auth_job*, which input variables are used. diff --git a/platforms/hyperledger-indy/configuration/roles/setup/auth_job/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/auth_job/tasks/main.yaml index 1ed1b8ddd89..95b8c71cee7 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/auth_job/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/auth_job/tasks/main.yaml @@ -7,6 +7,8 @@ ############################################################################################################################################################# # This role generates Helm releases of kubernetes jobs, which create Auth Methods into HashiCorp Vault for getting Vault token by Kubernetes Service Accounts ############################################################################################################################################################# + +# Wait for namespace creation for stewards - name: "Wait for namespace creation for stewards" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -15,8 +17,7 @@ component_name: "{{ component_ns }}" type: "retry" -# --------------------------------------------------------------------- -# generate indy auth_job +# Generate indy auth_job - name: "Create auth_job of stewards, trustee and endorser" include_role: name: create/helm_component/auth_job @@ -26,8 +27,7 @@ chartName: "indy-auth-job" release_dir: "{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}" -# --------------------------------------------------------------------- -# push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -35,14 +35,12 @@ GIT_DIR: "{{ playbook_dir }}/../../../" msg: "[ci skip] Pushing deployment files for {{ organization }}" -#--------------------------------------------------------------------- - # Set component_name to a temporary variable - name: "Set component_name to a temporary variable" set_fact: temp_component_name: "{{ component_name }}" -# Check if Indy auth job pod for trustee is completed +# Check if Indy auth job pod for trustee is completed - name: "Check if auth job finished correctly" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" @@ -55,7 +53,7 @@ loop_var: trusteeItem when: services.trustees is defined - # Check if auth job pod for stewards is completed +# Check if auth job pod for stewards is completed - name: "Check if auth job finished correctly" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" @@ -68,7 +66,7 @@ loop_var: stewardItem when: services.stewards is defined - # Check if Indy auth job pod for endorser is completed +# Check if Indy auth job pod for endorser is completed - name: "Check if auth job finished correctly" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" @@ -81,7 +79,7 @@ loop_var: endorserItem when: services.endorsers is defined -# Check if Indy auth job pod for bevel-ac is completed +# Check if Indy auth job pod for bevel-ac is completed - name: "Check if auth job finished correctly" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" diff --git a/platforms/hyperledger-indy/configuration/roles/setup/crypto/README.md b/platforms/hyperledger-indy/configuration/roles/setup/crypto/README.md deleted file mode 100644 index 877ad097855..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/crypto/README.md +++ /dev/null @@ -1,40 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/crypto -This role generates Helm release of crypto generator, push it into git and check if crypto is inserted into HashiCorp Vault - -## Tasks: -### 1. Wait for namespace creation for stewards -This task checking if namespaces for stewards of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create image pull secret for stewards -This task create pull secret of each stewards of organization. -This task calls role from *create/imagepullsecret* -#### Input Variables: -This task doesn't use input variables on this place, please check role *create/imagepullsecret*, which input variables are used. -### 3. Create crypto of stewards, trustee and endorser -This task creates Helm releases of generator cryptos for stewards, trustee and endorser -This task calls role from *create/helm_component/crypto* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *crypto*. - - component_name: Name of component, which it may check. It use a variable {{ organization }} - - chartName: Name of Chart, which will be used. Default value *indy-key-mgmt* - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} -### 4. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit -### 5. Check Vault for Indy crypto -This task checks for fill Vault of crypto data. -This task calls role *check/crypto* -#### Input Variables: -This task doesn't use input variables on this place, please check role *check/crypto*, which input variables are used. diff --git a/platforms/hyperledger-indy/configuration/roles/setup/crypto/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/crypto/tasks/main.yaml index 23f0d72c7da..272ed9b4ad9 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/crypto/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/crypto/tasks/main.yaml @@ -7,6 +7,8 @@ ################################################################################################### # This role creates the deployment files for indy crypto generate job and pushes them to repository ################################################################################################### + +# Wait for namespace creation for stewards - name: "Wait for namespace creation for stewards" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -15,14 +17,12 @@ component_name: "{{ component_ns }}" type: "retry" -# --------------------------------------------------------------------- -# create image pull secrets +# Create image pull secrets - name: "Create image pull secret for stewards" include_role: name: create/imagepullsecret -# --------------------------------------------------------------------- -# generate indy crypto +# Generate indy crypto - name: "Create crypto of stewards, trustee and endorser" include_role: name: create/helm_component/crypto @@ -32,8 +32,7 @@ chartName: "indy-key-mgmt" release_dir: "{{ playbook_dir }}/../../../{{ gitops.release_dir }}/{{ organization }}" -# --------------------------------------------------------------------- -# push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -41,8 +40,7 @@ GIT_DIR: "{{ playbook_dir }}/../../../" msg: "[ci skip] Pushing deployment files for {{ organization }}" -# --------------------------------------------------------------------- -# check Vault for correct inserted indy crypto +# Check Vault for correct inserted indy crypto - name: "Check Vault for Indy crypto" include_role: name: check/crypto diff --git a/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/README.md b/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/README.md deleted file mode 100644 index 385329f84b3..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/README.md +++ /dev/null @@ -1,30 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/domain_genesis -This role generates Helm releases of Kubernetes Config Maps, which contain of generated domain genesis. - -## Tasks: -### 1. Create domain genesis -This task creates Helm releases of kubernetes Config Maps, which contain of generated domain genesis. -This task calls role from *create/helm_component/domain_genesis* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *domain_genesis*. - - chartName: Name of Chart, which will be used. Default value *domain_genesis* -### 2. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit -### 3. Wait until domain genesis configmap are created -This task is waiting for creation of all Config Maps for each organizations. -This task calls role *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *ConfigMap*. - - kubernetes: A object, which contains kubernetes configurations form network.yaml. it uses a variable *{{ organizationItem.k8s }}* - - component_name: A name of Config Maps, which may be checked. It uses a variable *{{ organizationItem.name }}-dtg* - - component_ns: A name of Namespace, in which are located Config Maps. It uses a variable *{{ organizationItem.name | lower }}-ns* diff --git a/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/tasks/main.yaml index 676185eb0f5..2c0cb60ed81 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/domain_genesis/tasks/main.yaml @@ -8,7 +8,7 @@ # This role creates the values files for organizations domain genesis and pushes them to repository ################################################################################################### -# Create domain genesis variable +# Create domain genesis variable - name: 'Create domain genesis' include_role: name: create/helm_component/domain_genesis @@ -16,8 +16,7 @@ component_type: "domain_genesis" chartName: "domain_genesis" -#--------------------------------------------------------------------- -#push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -29,8 +28,7 @@ loop_control: loop_var: organizationItem -#--------------------------------------------------------------------- -#Wait until domain genesis configmap are created +# Wait until domain genesis configmap are created - name: "Wait until domain genesis configmap are created" include_role: name: check/k8_component diff --git a/platforms/hyperledger-indy/configuration/roles/setup/endorsers/Readme.md b/platforms/hyperledger-indy/configuration/roles/setup/endorsers/Readme.md deleted file mode 100644 index 8511cc805e3..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/endorsers/Readme.md +++ /dev/null @@ -1,78 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/endorsers -This role creates the deployment files for endorsers and pushes them to repository. - -## Tasks: -### 1. Wait for namespace creation -This task checking if namespaces for identities of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create image pull secret for identities -This task create pull secret of each identity of organization. -This task calls role from *create/imagepullsecret* -### 3. Create Deployment files for Identities -This task creates Helm releases Indy Ledger Transaction Job for Endorser Identities. -It calls a nested_main.yaml task. -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *node*. - - component_name: Name of Helm release. Default value is {{ organization }}-{{ endorserItem.name }}-node - - indy_version: Version of Hyperledger Indy Node. Default value is indy-{{ network.version }} - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - newIdentity: A list of endorsers in current organization. - - component_ns: A name of organizatio's namespace. - - org_vault_url: Vault URL of organization -### 4. Wait until identities are creating -This task is waiting until identity transaction is done. -#### Input Variables: - - component_name: A name of current organization. - - endorsers: A list of endorsers of current organization. - ---------------------------------------------------------------------------------------- -nested_main.yaml - -### 1. Select Admin Identity for Organisation {{ component_name }} -This task selects the admin identity for a particular organization. - -### 2. Inserting file into Variable -This task inserts a file of admin identity into variable. -#### Input Variables. - - admin.yaml: A file of admin identity. -#### Output Variables: - - admin_var: A variable consists of admin identity file. - -### 3. Calling Helm Release Development Role... -It calls the helm release development role for for creation of deployment file. -#### Input Variables: - - component_type: "Set, which type of k8s component may be created." -- component_name: "Name of the component" -- indy_version: "Network version of indy" -- release_dir: "Release directory in which the deployment file is saved" -- component_ns: "Namespace of the component" -- newIdentityName: "Name of identity endorser to be added" -- newIdentityRole: "Role of the endorser" -- adminIdentityName: "Name of admin identity" -- admin_component_name: "Name of admin Identity's Organization" -- admin_org_vault_url: "Admin Org's Vault URL" -- new_org_vault_url: "New Identity's vault URL" -- new_component_name: "Name of New Identity's Organization" -- admin_type: "Type of Admin Identity" -- identity_type: "Type of identity to be added" - -### 4. Delete file -This task deletes admin identity file. -#### Input Variables: - - admin.yaml: A file of admin identity. - -### 4. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit diff --git a/platforms/hyperledger-indy/configuration/roles/setup/endorsers/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/endorsers/tasks/main.yaml index dba5b427074..ab771d7c78f 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/endorsers/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/endorsers/tasks/main.yaml @@ -8,6 +8,7 @@ # This role creates the deployment files for endorsers and pushes them to repository ################################################################################################### +# Wait for namespace creation for identities - name: "Wait for namespace creation for identities" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -16,13 +17,11 @@ component_name: "{{ component_ns }}" type: "retry" -# --------------------------------------------------------------------- -# create image pull secrets +# Create image pull secrets - name: "Create image pull secret for identities" include_role: name: create/imagepullsecret -# --------------------------------------------------------------------- # Create Deployment files for new Identities - name: "Create Deployment files" include_tasks: nested_main.yaml @@ -36,7 +35,6 @@ org_vault_url: "{{ organizationItem.vault.url}}" when: organizationItem is defined and organizationItem.services.endorsers is defined -# --------------------------------------------------------------------- # Wait until identities are creating - name: "Wait until identities are creating" include_role: diff --git a/platforms/hyperledger-indy/configuration/roles/setup/node/README.md b/platforms/hyperledger-indy/configuration/roles/setup/node/README.md deleted file mode 100644 index c335d7d96ac..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/node/README.md +++ /dev/null @@ -1,39 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/node -This role generates Helm releases of Kubernetes StatefulSet for nodes of Stewards. - -## Tasks: -### 1. Wait for namespace creation for stewards -This task checking if namespaces for stewards of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create image pull secret for stewards -This task create pull secret of each stewards of organization. -This task calls role from *create/imagepullsecret* -### 3. Create steward deployment file -This task creates Helm releases of Kubernetes StatefulSet for nodes of Stewards. -This task calls role from *create/helm_component/node* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *node*. - - component_name: Name of Helm release. Default value is {{ organization }}-{{ stewardItem.name }}-node - - indy_version: Version of Hyperledger Indy Node. Default value is indy-{{ network.version }} - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} -### 4. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit -### 5. Wait until steward pods are running -This task is waiting for creation of all Config Maps for each organizations. -This task calls role *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *Pod*. - - component_name: A name of component, which may be checked. It uses a variable *{{ organization }}-{{ stewardItem.name }}-node* \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/main.yaml index a516775d24c..c90c883aa1b 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/main.yaml @@ -7,6 +7,8 @@ ############################################################################################## # This role creates the deployment files for stewards and pushes them to repository ############################################################################################## + +# Wait for namespace creation for stewards - name: "Wait for namespace creation for stewards" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -15,13 +17,11 @@ component_name: "{{ component_ns }}" type: "retry" -# ---------------------------------------------------------------------- # create image pull secrets - name: "Create image pull secret for stewards" include_role: name: create/imagepullsecret -# --------------------------------------------------------------------- # create deployment file for node steward - name: "Create Deployment files" include_tasks: nested_main.yaml diff --git a/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/nested_main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/nested_main.yaml index 5ebbad53830..214a8b12abb 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/nested_main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/node/tasks/nested_main.yaml @@ -4,10 +4,8 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################################################## -# This deploys all nodes sequencially per organization --- -#---------------------------------------------------------------------- -# create deployment file for node steward +# Create deployment files for all of the steward's nodes sequentially - name: "Create steward deployment file" include_role: name: create/helm_component/node @@ -17,8 +15,7 @@ indy_version: "indy-{{ network.version }}" release_dir: "{{ playbook_dir }}/../../../{{ gitops.release_dir }}" -# --------------------------------------------------------------------- -# push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -26,8 +23,7 @@ GIT_DIR: "{{ playbook_dir }}/../../../" msg: "[ci skip] Pushing deployment files for {{ organization }}-{{ stewardItem.name }}-node" -# --------------------------------------------------------------------- -# wait until steward pods are running +# Wait until steward pods are running - name: "Wait until steward pods are running" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" diff --git a/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/README.md b/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/README.md deleted file mode 100644 index 82c2ec69ad6..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/README.md +++ /dev/null @@ -1,30 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/pool_genesis -This role generates Helm releases of Kubernetes Config Maps, which contain of generated pool genesis. - -## Tasks: -### 1. Create pool genesis -This task creates Helm releases of kubernetes Config Maps, which contain of generated pool genesis. -This task calls role from *create/helm_component/pool_genesis* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *pool_genesis*. - - chartName: Name of Chart, which will be used. Default value *pool_genesis* -### 2. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit -### 3. Wait until pool genesis configmap are created -This task is waiting for creation of all Config Maps for each organizations. -This task calls role *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *ConfigMap*. - - kubernetes: A object, which contains kubernetes configurations form network.yaml. it uses a variable *{{ organizationItem.k8s }}* - - component_name: A name of Config Maps, which may be checked. It uses a variable *{{ organizationItem.name }}-ptg* - - component_ns: A name of Namespace, in which are located Config Maps. It uses a variable *{{ organizationItem.name | lower }}-ns* \ No newline at end of file diff --git a/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/tasks/main.yaml index b163903912b..96922674373 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/pool_genesis/tasks/main.yaml @@ -16,8 +16,7 @@ component_type: "pool_genesis" chartName: "pool_genesis" -#--------------------------------------------------------------------- -#push the created deployment files to repository +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" @@ -29,8 +28,7 @@ loop_control: loop_var: organizationItem -#--------------------------------------------------------------------- -#Wait until pool genesis configmap are created +# Wait until pool genesis configmap are created - name: "Wait until pool genesis configmap are created" include_role: name: check/k8_component diff --git a/platforms/hyperledger-indy/configuration/roles/setup/stewards/Readme.md b/platforms/hyperledger-indy/configuration/roles/setup/stewards/Readme.md deleted file mode 100644 index 1eb441fd5c5..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/stewards/Readme.md +++ /dev/null @@ -1,78 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/stewards -This role creates the deployment files for stewards and pushes them to repository. - -## Tasks: -### 1. Wait for namespace creation -This task checking if namespaces for identities of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create image pull secret for identities -This task create pull secret of each identity of organization. -This task calls role from *create/imagepullsecret* -### 3. Create Deployment files for Identities -This task creates Helm releases Indy Ledger Transaction Job for steward Identities. -It calls a nested_main.yaml task. -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *node*. - - component_name: Name of Helm release. Default value is {{ organization }}-{{ stewardItem.name }}-node - - indy_version: Version of Hyperledger Indy Node. Default value is indy-{{ network.version }} - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - newIdentity: A list of stewards in current organization. - - component_ns: A name of organizatio's namespace. - - org_vault_url: Vault URL of organization -### 4. Wait until identities are creating -This task is waiting until identity transaction is done. -#### Input Variables: - - component_name: A name of current organization. - - stewards: A list of stewards of current organization. - ---------------------------------------------------------------------------------------- -nested_main.yaml - -### 1. Select Admin Identity for Organisation {{ component_name }} -This task selects the admin identity for a particular organization. - -### 2. Inserting file into Variable -This task inserts a file of admin identity into variable. -#### Input Variables. - - admin.yaml: A file of admin identity. -#### Output Variables: - - admin_var: A variable consists of admin identity file. - -### 3. Calling Helm Release Development Role... -It calls the helm release development role for for creation of deployment file. -#### Input Variables: - - component_type: "Set, which type of k8s component may be created." -- component_name: "Name of the component" -- indy_version: "Network version of indy" -- release_dir: "Release directory in which the deployment file is saved" -- component_ns: "Namespace of the component" -- newIdentityName: "Name of identity steward to be added" -- newIdentityRole: "Role of the steward" -- adminIdentityName: "Name of admin identity" -- admin_component_name: "Name of admin Identity's Organization" -- admin_org_vault_url: "Admin Org's Vault URL" -- new_org_vault_url: "New Identity's vault URL" -- new_component_name: "Name of New Identity's Organization" -- admin_type: "Type of Admin Identity" -- identity_type: "Type of identity to be added" - -### 4. Delete file -This task deletes admin identity file. -#### Input Variables: - - admin.yaml: A file of admin identity. - -### 4. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit diff --git a/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/main.yaml index ea904993124..f7ef830772c 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/main.yaml @@ -8,6 +8,7 @@ # This role creates the deployment files for stewards and pushes them to repository ################################################################################################### +# Wait for namespace creation for identities - name: "Wait for namespace creation for identities" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" @@ -16,13 +17,11 @@ component_name: "{{ component_ns }}" type: "retry" -# --------------------------------------------------------------------- -# create image pull secrets +# Create image pull secrets - name: "Create image pull secret for identities" include_role: name: create/imagepullsecret -# --------------------------------------------------------------------- # Create Deployment files for new Identities - name: "Create Deployment files" include_tasks: nested_main.yaml @@ -35,7 +34,6 @@ org_vault_url: "{{ organizationItem.vault.url }}" when: organizationItem is defined and organizationItem.services.stewards is defined -# --------------------------------------------------------------------- # Wait until identities are creating - name: "Wait until identities are creating" include_role: diff --git a/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/nested_main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/nested_main.yaml index f46404b9819..c7e731bddfd 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/nested_main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/stewards/tasks/nested_main.yaml @@ -65,14 +65,13 @@ echo "type: ${admin_type}" >> admin.yaml register: admin_file -#---------------------------------------------------------------------------------------------- +# Inserting file into Variable - name: "Inserting file into Variable" include_vars: file: admin.yaml name: admin_var -#---------------------------------------------------------------------------------------------- -# Create Deployment files for new Identities +# Create deployment files for new Identities - name: "Calling Helm Release Development Role..." include_role: name: create/helm_component/ledger_txn @@ -96,11 +95,12 @@ loop_var: newIdentityItem when: newIdentity is defined -- name: "Delete file" +# Delete the file +- name: "Delete the file" shell: | rm admin.yaml -# --------------------------------------------------------------------- -# push the created deployment files to repository + +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/hyperledger-indy/configuration/roles/setup/trustees/Readme.md b/platforms/hyperledger-indy/configuration/roles/setup/trustees/Readme.md deleted file mode 100644 index 25dbc5d7e37..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/trustees/Readme.md +++ /dev/null @@ -1,78 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/trustees -This role creates the deployment files for trustees and pushes them to repository. - -## Tasks: -### 1. Wait for namespace creation -This task checking if namespaces for identities of organizations are created. -This task calls role from *check/k8_component* -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default a value *Namespace*. - - component_name: Name of component, which it may check. It use a variable {{ component_ns }} -### 2. Create image pull secret for identities -This task create pull secret of each identity of organization. -This task calls role from *create/imagepullsecret* -### 3. Create Deployment files for Identities -This task creates Helm releases Indy Ledger Transaction Job for trustee Identities. -It calls a nested_main.yaml task. -#### Input Variables: - - component_type: Set, which type of k8s component may be created. Default value *node*. - - component_name: Name of Helm release. Default value is {{ organization }}-{{ stewardItem.name }}-node - - indy_version: Version of Hyperledger Indy Node. Default value is indy-{{ network.version }} - - release_dir: Release directory, where are stored generated files for gitops. Default value: {{ playbook_dir }}/../../../{{ gitops.release_dir }} - - newIdentity: A list of trustees in current organization. - - component_ns: A name of organizatio's namespace. - - org_vault_url: Vault URL of organization -### 4. Wait until identities are creating -This task is waiting until identity transaction is done. -#### Input Variables: - - component_name: A name of current organization. - - trustees: A list of trustees of current organization. - ---------------------------------------------------------------------------------------- -nested_main.yaml - -### 1. Select Admin Identity for Organisation {{ component_name }} -This task selects the admin identity for a particular organization. - -### 2. Inserting file into Variable -This task inserts a file of admin identity into variable. -#### Input Variables. - - admin.yaml: A file of admin identity. -#### Output Variables: - - admin_var: A variable consists of admin identity file. - -### 3. Calling Helm Release Development Role... -It calls the helm release development role for for creation of deployment file. -#### Input Variables: - - component_type: "Set, which type of k8s component may be created." -- component_name: "Name of the component" -- indy_version: "Network version of indy" -- release_dir: "Release directory in which the deployment file is saved" -- component_ns: "Namespace of the component" -- newIdentityName: "Name of identity trustee to be added" -- newIdentityRole: "Role of the trustee" -- adminIdentityName: "Name of admin identity" -- admin_component_name: "Name of admin Identity's Organization" -- admin_org_vault_url: "Admin Org's Vault URL" -- new_org_vault_url: "New Identity's vault URL" -- new_component_name: "Name of New Identity's Organization" -- admin_type: "Type of Admin Identity" -- identity_type: "Type of identity to be added" - -### 4. Delete file -This task deletes admin identity file. -#### Input Variables: - - admin.yaml: A file of admin identity. - -### 4. Push the created deployment files to repository -This task pushes generated Helm releases into remote branch. -This task calls role from: *{{ playbook_dir }}/../../shared/configuration/roles/git_push* -#### Input Variables: - - GIT_DIR: A path of git directory. By default "{{ playbook_dir }}/../../../" - - gitops: *item.gitops* from network.yaml - - msg: A message for git commit diff --git a/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/main.yaml index 5231a1c3be4..92a36493f83 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/main.yaml @@ -8,43 +8,41 @@ # This role creates the deployment files for trustees and pushes them to repository ################################################################################################### - - name: "Wait for namespace creation for identities" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" - vars: - component_type: "Namespace" - component_name: "{{ component_ns }}" - type: "retry" +# Wait for namespace creation for identities +- name: "Wait for namespace creation for identities" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component" + vars: + component_type: "Namespace" + component_name: "{{ component_ns }}" + type: "retry" -# --------------------------------------------------------------------- -# create image pull secrets - - name: "Create image pull secret for identities" - include_role: - name: create/imagepullsecret +# Create image pull secrets +- name: "Create image pull secret for identities" + include_role: + name: create/imagepullsecret -# --------------------------------------------------------------------- # Create Deployment files for new Identities - - name: "Create Deployment files" - include_tasks: nested_main.yaml - vars: - component_type: "identity" - component_name: "{{ organizationItem.name }}" - indy_version: "indy-{{ network.version }}" - release_dir: "{{playbook_dir}}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" - newIdentity: "{{ neworg.services.trustees }}" - org_vault_url: "{{ organizationItem.vault.url }}" - when: organizationItem is defined and organizationItem.services.trustees is defined +- name: "Create Deployment files" + include_tasks: nested_main.yaml + vars: + component_type: "identity" + component_name: "{{ organizationItem.name }}" + indy_version: "indy-{{ network.version }}" + release_dir: "{{playbook_dir}}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + newIdentity: "{{ neworg.services.trustees }}" + org_vault_url: "{{ organizationItem.vault.url }}" + when: organizationItem is defined and organizationItem.services.trustees is defined -# --------------------------------------------------------------------- # Wait until identities are creating - - name: "Wait until identities are creating" - include_role: - name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" - vars: - component_type: "Job" - namespace: "{{ component_ns }}" - component_name: "{{ organizationItem.name }}-{{ trusteeItem.name }}-transaction" - loop: "{{ neworg.services.trustees }}" - when: neworg is defined and neworg.services.trustees is defined - loop_control: - loop_var: trusteeItem +- name: "Wait until identities are creating" + include_role: + name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component" + vars: + component_type: "Job" + namespace: "{{ component_ns }}" + component_name: "{{ organizationItem.name }}-{{ trusteeItem.name }}-transaction" + loop: "{{ neworg.services.trustees }}" + when: neworg is defined and neworg.services.trustees is defined + loop_control: + loop_var: trusteeItem diff --git a/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/nested_main.yaml b/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/nested_main.yaml index 850d506c049..bef8d8ff1b5 100644 --- a/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/nested_main.yaml +++ b/platforms/hyperledger-indy/configuration/roles/setup/trustees/tasks/nested_main.yaml @@ -65,13 +65,12 @@ echo "type: ${admin_type}" >> admin.yaml register: admin_file -#---------------------------------------------------------------------------------------------- +# Inserting file into Variable - name: "Inserting file into Variable" include_vars: file: admin.yaml name: admin_var -#---------------------------------------------------------------------------------------------- # Create Deployment files for new Identities - name: "Calling Helm Release Development Role..." include_role: @@ -96,11 +95,12 @@ loop_var: newIdentityItem when: newIdentity is defined -- name: "Delete file" +# Delete the file +- name: "Delete the file" shell: | rm admin.yaml -# --------------------------------------------------------------------- -# push the created deployment files to repository + +# Push the created deployment files to repository - name: "Push the created deployment files to repository" include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" diff --git a/platforms/hyperledger-indy/configuration/roles/setup/vault_kubernetes/README.md b/platforms/hyperledger-indy/configuration/roles/setup/vault_kubernetes/README.md deleted file mode 100644 index 290c696a79e..00000000000 --- a/platforms/hyperledger-indy/configuration/roles/setup/vault_kubernetes/README.md +++ /dev/null @@ -1,121 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -## setup/vault_kubernetes -This role checks HashiCorp Vault for existing of admin-vault-auth SA. When this doesn't exist, then creates it. - -## Tasks: -### 1. Check namespace is created -This task checking if namespaces for stewards of organizations are created. -It uses *k8s_info* Ansible role. - -#### Variables: - - component_ns: A name of namespace of organization. - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - kubernetes.context: Kubernetes contex from network.yaml file. -### 2. Ensures build dir exists -This task check if *build* directory exists. -If directory doesn't exist, then creates it. -### 3. Check if Kubernetes-auth already created for Organization -This task lists auth methods in Vault. It uses installed vault binaries. -Result is stored in variable. - -#### Environment variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -#### Output Variables: - - auth_list: Ansible variable, where is stored output of this role, so list of auth methods. -### 4. Enable and configure Kubernetes-auth for Organization -This task enables auth method in Vault by name, which is in variable *{{ auth_path }}*. -This task is started, when auth method doesn't exist. - -#### Variables: - - auth_path: Vault auth method path. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -### 5. Get Kubernetes cert files for organizations -This task gets Kubernetes CA certificate from ServiceAccount by organization and store them into *build* directory. - -#### Variables: - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - organization: A name of current organization. - - component_ns: A name of namespace of organization. - - auth_path: Vault auth method path. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -#### Output: - - A certification stored in *./build/{{ organization }}.ca.cert* file. -### 6. Write reviewer token for Organizations -This task write reviewer token into Kubernetes auth method in Vault by organization - -#### Input: - - A certification stored in *./build/{{ organization }}.ca.cert* file. - -#### Variables: - - kubernetes.config_file: Kubernetes config file from network.yaml file. - - organization: A name of current organization. - - component_ns: A name of namespace of organization. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -### 7. Check if policy exists -This task check if policy of organization exists and store result into variable. - -#### Variables: - - organization: A name of current organization. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -#### Output Variables: - - vault_policy_result - Stored output of this role. - -### 8. Create policy for Access Control -This task creates a *.hcl* file from template *admin-rw.tpl*. -The *.hcl* file is for creating a access control policy in Vault. - -#### Input: - - admin-rw.tpl: A template for a policy - -#### Output: - - ./build/{{ organization }}-admin-rw.hcl: A hcl file ready for vault policy. - -### 9. Write Policy to Vault -This task creates Vault policy from a *.hcl* file. -The task stats, when the policy doesn't exist. -It can be checked by variable *vault_policy_result* - -#### Input: - - ./build/{{ organization }}-admin-rw.hcl: A hcl file ready for vault policy. - -#### Variables: - - organization: A name of current organization. - - vault_policy_result: Result of previous task for checking if policy exists in Vault. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* - -### 10. Create Vault auth role -This task creates auth role by auth method, Kubernetes ServiceAccount and Vault policy. - -#### Variables: - - auth_path: Vault auth method path. - - organization: A name of current organization. - - component_ns: A name of namespace of organization. - -#### Environment Variables: - - VAULT_ADDR: Vault address, which is defined in variable *{{ vault.url }}* - - VAULT_TOKEN: Vault token, which is defined in variable *{{ vault.root_token }}* diff --git a/platforms/hyperledger-indy/configuration/samples/README.md b/platforms/hyperledger-indy/configuration/samples/README.md deleted file mode 100644 index 765ddb50b80..00000000000 --- a/platforms/hyperledger-indy/configuration/samples/README.md +++ /dev/null @@ -1,15 +0,0 @@ -[//]: # (##############################################################################################) -[//]: # (Copyright Accenture. All Rights Reserved.) -[//]: # (SPDX-License-Identifier: Apache-2.0) -[//]: # (##############################################################################################) - -# Playbooks - -## Getting started -This folder contains an example network.yaml file, which can be used to deploy Hyperledger Indy on Managed Kubernetes Cluster(s). - -## Example files: - ### Deploy on Kubernetes Cluster over AWS Bare Metal - The file `network-indyv3.yaml` is a sample file for deploying Hyperledger Indy on AWS Bare Metal instalce where is running Kubernetes Cluster. - ### Deploy on Minikube - The file `network-minikube.yaml` is a sample file for deploying Hyperledger Indy on Minikube locally. Plase follow [this](../../../../docs/source/developer/dev_prereq.md) for more information.