feat (r3-corda-ent): enable platform deployment via ansible-server

This commit introduces support for deploying a decentralized ledger technology (DLT) network using Ansible automation.

Updated the Ansible codebase to support network deployment in respect of the standalone Helm chart

The following Ansible roles have been introduced to appropriately deploy the network of one organization only: 1. initlize the organization 2. setup cenm 3. setup notary 4. setup networkmap

updated the sample network configuration file to provide information on which networks can be deployed using this file

fixes #2548

Signed-off-by: saikumarbommakanti <[email protected]>

platforms/network-schema.json

@@ -970,54 +970,16 @@
  "type": "object",
  "properties": {
  "keystore": {
- "type": "object",
- "properties": {
- "keystore": {
- "type": "string"
- },
- "idman": {
- "type": "string"
- },
- "networkmap": {
- "type": "string"
- },
- "subordinateca": {
- "type": "string"
- },
- "rootca": {
- "type": "string"
- },
- "tlscrlsigner": {
- "type": "string"
- }
- },
+ "type": "string",
  "required": [
- "keystore",
- "idman",
- "networkmap",
- "subordinateca",
- "rootca",
- "tlscrlsigner"
+ "keystore"
  ],
  "additionalProperties": false
  },
  "truststore": {
- "type": "object",
- "properties": {
- "truststore": {
- "type": "string"
- },
- "rootca": {
- "type": "string"
- },
- "ssl": {
- "type": "string"
- }
- },
+ "type": "string",
  "required": [
- "truststore",
- "rootca",
- "ssl"
+ "truststore"
  ],
  "additionalProperties": false
  },
@@ -1052,8 +1014,7 @@
  },
  "required": [
  "keystore",
- "truststore",
- "ssl"
+ "truststore"
  ],
  "additionalProperties": false
  },

platforms/r3-corda-ent/charts/README.md

@@ -99,11 +99,10 @@ helm install notary ./enterprise-node --namespace supplychain-ent --values ./val
 
 # Install cenm services : Networkmap service
 helm install networkmap ./cenm-networkmap --namespace supplychain-ent --values ./values/proxy-and-vault/cenm.yaml
-
 ```
 
-### To setup another node in a different namespace
 
+### To setup another node in a different namespace
 ```bash
 kubectl create namespace manufacturer-ent # if the namespace does not exist already
 # Create the roottoken secret

platforms/r3-corda-ent/charts/cenm-networkmap/templates/service.yaml

@@ -47,7 +47,7 @@ kind: Host
 metadata:
  name: {{ .Release.Name }}-nms
 spec:
- hostname: cenm-nms.{{ .Values.global.proxy.externalUrlSuffix }}
+ hostname: {{ .Values.cenm.prefix }}-nms.{{ .Values.global.proxy.externalUrlSuffix }}
  acmeProvider:
  authority: none
  requestPolicy:
@@ -64,7 +64,7 @@ metadata:
  name: {{ .Release.Name }}-mapping
  namespace: {{ .Release.Namespace }}
 spec:
- host: cenm-nms.{{ .Values.global.proxy.externalUrlSuffix }}
+ host: {{ .Values.cenm.prefix }}-nms.{{ .Values.global.proxy.externalUrlSuffix }}
  prefix: /
  service: {{ include "networkmap.name" . }}.{{ .Release.Namespace }}:{{ .Values.global.cenm.networkmap.port }}
 {{- end }}

platforms/r3-corda-ent/configuration/deploy-network.yaml

@@ -20,98 +20,103 @@
  path: "./build"
  state: absent
 
- # create namespace, service account and clusterrolebinding
- - name: "Create namespace, service accounts and clusterrolebinding"
- include_role: 
- name: create/namespace_serviceaccount
+ # Create namespaces for organizations
+ - name: "Create namespace"
+ include_role:
+ name: create/namespace
+ vars:
+ component_name: "{{ org.name | lower }}-ent"
+ component_type_name: "{{ org.type | lower }}"
+ kubernetes: "{{ org.k8s }}"
+ release_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+
+ # Create necessary Kubernetes secrets for each organization
+ - name: "Create k8s secrets"
+ include_role:
+ name: create/secrets
  vars:
  component_ns: "{{ org.name | lower }}-ent"
- organisation: "{{ org.name | lower }}"
  kubernetes: "{{ org.k8s }}"
- gitops: "{{ org.gitops }}"
+ vault: "{{ org.vault }}"
  loop: "{{ network['organizations'] }}"
  loop_control:
  loop_var: org
 
- # Create Storageclass that will be used for this deployment
- - name: Create Storage Class
+ # # Setup Init
+ - name: "Setup Init"
  include_role:
- name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+ name: setup/init
  vars:
  org_name: "{{ org.name | lower }}"
- sc_name: "{{ org_name }}-bevel-storageclass"
- region: "{{ org.k8s.region | default('eu-west-1') }}"
+ component_name: "{{ org_name }}-init"
+ component_ns: "{{ org_name }}-ent"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
+ charts_dir: "{{ org.gitops.chart_source }}"
  loop: "{{ network['organizations'] }}"
  loop_control:
  loop_var: org
 
- # Setup CENM services for the network
+ # Setup CENM
  - name: "Setup cenm" 
  include_role: 
  name: "setup/cenm"
  vars:
- services: "{{ org.services }}"
- organisation: "{{ org.name | lower }}"
- name: "{{ org.name | lower }}"
- sc_name: "{{ name }}-bevel-storageclass"
- component_ns: "{{ org.name | lower }}-ent"
+ org: "{{ network['organizations'] | first }}"
+ org_name: "{{ org.name | lower }}"
+ org_services: "{{ org.services }}"
+ component_name: "{{ org_name }}-cenm"
+ component_ns: "{{ org_name }}-ent"
  kubernetes: "{{ org.k8s }}"
  vault: "{{ org.vault }}"
- gitops: "{{ org.gitops }}"
- policy_type: "r3-corda-ent"
- loop: "{{ network['organizations'] }}"
- loop_control:
- loop_var: org
- when: org.type == 'cenm'
-
- # Wait for cenm services to respond 
- - name: Check that CENM uri are reachable
- uri:
- url: "{{ item.uri }}/status"
- validate_certs: no
- register: this
- until: this.status == 200
- loop: "{{ network['network_services'] }}"
- retries: "{{ network.env.retry_count}}"
- delay: 50
+ external_url_suffix: "{{ org.external_url_suffix }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
 
- # Setup Corda Node services for the network
- - name: Setup Corda Node services
+ # Deploy notaries
+ - name: Deploy notary service
  include_role:
- name: setup/node
+ name: setup/notary
  vars:
- services: "{{ org.services }}"
- organisation: "{{ org.name | lower }}"
- name: "{{ org.name | lower }}"
- sc_name: "{{ name }}-bevel-storageclass"
- component_ns: "{{ org.name | lower }}-ent"
+ org_name: "{{ org.name | lower }}"
+ component_name: "{{ org_name }}-notary"
+ component_ns: "{{ org_name }}-ent"
+ cloud_provider: "{{ org.cloud_provider }}"
+ external_url_suffix: "{{ org.external_url_suffix }}"
+ node: "{{ org.services.notaries }}"
  kubernetes: "{{ org.k8s }}"
  vault: "{{ org.vault }}"
  gitops: "{{ org.gitops }}"
- policy_type: "r3-corda-ent"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}"
  loop: "{{ network['organizations'] }}"
  loop_control:
  loop_var: org
- when: org.type == 'node'
+ when: 
+ - org.services.notaries is defined
 
- # Setup Additional Notary services for the network
- - name: Setup Additional Notary services
- include_role:
- name: setup/notary
+ # Setup NETWORK_MAP
+ - name: "Setup network_map" 
+ include_role: 
+ name: "setup/network_map"
  vars:
- services: "{{ org.services }}"
- organisation: "{{ org.name | lower }}"
- name: "{{ org.name | lower }}"
- sc_name: "{{ name }}-bevel-storageclass"
- component_ns: "{{ org.name | lower }}-ent"
+ org: "{{ network['organizations'] | first }}"
+ org_name: "{{ org.name | lower }}"
+ cloud_provider: "{{ org.cloud_provider | lower }}"
+ org_services: "{{ org.services }}"
+ component_name: "{{ org_name }}-nm"
+ component_ns: "{{ org_name }}-ent"
  kubernetes: "{{ org.k8s }}"
  vault: "{{ org.vault }}"
  gitops: "{{ org.gitops }}"
- policy_type: "r3-corda-ent"
- loop: "{{ network['organizations'] }}"
- loop_control:
- loop_var: org
- when: org.type == 'notary'
+ external_url_suffix: "{{ org.external_url_suffix }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}"
+
 
  # These variables can be overriden from the command line
  vars:

platforms/r3-corda-ent/configuration/roles/create/k8_component/tasks/main.yaml

@@ -13,29 +13,18 @@
 ################################################################################################
 
 ---
-# Create and/or check if the target directory exists
-- name: Ensures {{ release_dir }}/{{ component_name }} dir exists
- file:
- path: "{{ release_dir }}/{{ component_name }}"
- state: directory
+# Ensure that the directory exists for each entity, if not, it creates them
+- name: Ensure {{ component_type_name }} dir exists
+ include_role: 
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory"
+ vars:
+ path: "{{ release_dir }}/{{ component_type_name }}"
 
-# Create deployment file from a template
-- name: Create {{ component_type }} file for {{ component_name }}
+# Create the value file for the k8 components
+- name: "Create {{ component_type }} file for {{ component_type_name }}"
  template:
- src: "{{ dlt_templates[component_type] }}"
+ src: "{{ k8_templates[type] | default('default.tpl') }}"
  dest: "{{ values_file }}"
  vars:
- values_file: "{{ release_dir }}/{{ component_name }}/{{ component_type }}.yaml"
-
-################################################################################################
-# Test the value file for syntax errors/ missing values
-# This is done by calling the helm_lint role and passing the value file parameter
-# When a new k8_component is added, changes should be made in helm_lint role as well
-- name: Helm lint
- include_role: 
- name: "{{ playbook_dir }}/../../shared/configuration/roles/helm_lint"
- vars:
- helmtemplate_type: "{{ component_type }}"
- chart_path: "{{ charts_dir }}"
- value_file: "{{ release_dir }}/{{ component_name }}/{{ helmtemplate_type }}.yaml"
- when: helm_lint=="true"
+ values_file: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
+ type: "{{ component_type }}"

platforms/r3-corda-ent/configuration/roles/create/k8_component/vars/main.yaml

@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
-dlt_templates:
+k8_templates:
  namespace: namespace.tpl
  reviewer_rbac: reviewer_rbac.tpl
  vault-reviewer: reviewer.tpl

platforms/r3-corda-ent/configuration/roles/create/namespace/tasks/main.yaml

@@ -0,0 +1,39 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates value files for namespaces of organizations
+#############################################################################################
+
+# Check if namespace created
+- name: Check namespace is created
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
+ vars:
+ component_type: "Namespace"
+ type: "no_retry"
+
+# Assign the result of check namespace task to a local variable
+- name: "Set Variable"
+ set_fact:
+ get_namespace: "{{ result }}"
+
+# Create the value file of Namespace for Organizations
+- name: Create namespaces
+ include_role:
+ name: create/k8_component
+ vars: 
+ component_type: "namespace" 
+ when: get_namespace.resources|length == 0
+
+# Git Push : Push the above generated files to git directory 
+- name: Git Push
+ include_role: 
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
+ vars:
+ GIT_DIR: "{{ playbook_dir }}/../../../"
+ gitops: "{{ org.gitops }}"
+ msg: "[ci skip] Pushing deployment files for namespace"

platforms/r3-corda-ent/configuration/roles/create/secrets/tasks/main.yaml

@@ -0,0 +1,32 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Wait for namespace to be created by flux
+- name: "Wait for the namespace {{ component_ns }} to be created"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
+ vars:
+ component_type: "Namespace"
+ component_name: "{{ component_ns }}"
+ type: "retry"
+
+# Create the vault roottoken secret
+- name: "Create vault token secret"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+ vars: 
+ namespace: "{{ component_ns }}" 
+ check: "token_secret"
+
+# Create the docker pull credentials for image registry
+- name: "Create docker credentials secret"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+ vars: 
+ namespace: "{{ component_ns }}" 
+ check: "docker_credentials"
+ when: 
+ - network.docker.username is defined