Indy Configurations
In Hyperledger Bevel project, ansible is used to automate the certificate generation, putting them in vault and generate value files, which are then pushed to the repository for deployment, using GitOps. This is achieved using Ansible playbooks. Ansible playbooks contains a series of roles and tasks which run in sequential order to achieve the automation.
/hyperledger-indy
|-- charts
| |-- indy-auth-job
| |-- indy-cli
| |-- indy-domain-genesis
| |-- indy-domain-genesis
| |-- indy-key-mgmt
| |-- indy-ledger-txn
| |-- indy-node
| |-- indy-pool-genesis
|-- images
|-- configuration
| |-- roles/
| |-- samples/
| |-- playbook(s)
| |-- cleanup.yaml
|-- releases
| |-- dev/
|-- scripts
| |-- indy_nym_txn
| |-- setup indy cluster
For Hyperledger-Indy, the ansible roles and playbooks are located at /platforms/hyperledger-indy/configuration/
Some of the common roles and playbooks between Hyperledger-Fabric, Hyperledger-Indy, Hyperledger-Besu, R3 Corda and Quorum are located at /platforms/shared/configurations/
Roles for setting up Indy Network
Roles in ansible are a combination of logically inter-related tasks.
To deploy the indy network, run the deploy-network.yaml in bevel\platforms\hyperledger-indy\configuration\
The roles included in the file are as follows.
check/crypto
This role is checking if all crypto jobs are completed and all crypto data are in Vault.
Check if Indy Key management pod for trustee is completed
Check if Indy Key management pod for stewards is completed
Check if Indy Key management pod for endorser is completed
Check trustee in vault
Check stewards in vault
Check endorser in vault
Follow Readme for detailed information.
check/k8_component
This role is used for waiting to kubernetes component.
Wait for {{ component_type }} {{ component_name }}
Wait for {{ component_type }} {{ component_name }}
Wait for {{ component_type }} {{ component_name }}
Get a ServiceAccount token for {{ component_name }}
Store token
Follow Readme for detailed information.
check/validation
This role checks for validation of network.yaml
Check Validation
Counting Genesis Steward
Set trustee count to zero
Counting trustees per Org
Print error and end playbook if trustee count limit fails
Counting Endorsers
Print error abd end playbook if endorser count limit fails
Reset Endorser count
Print error and end playbook if genesis steward count limit fails
Print error and end playbook if total trustee count limit fails
Follow Readme for detailed information.
clean/flux
The role deletes the Helm release of Flux and git authentication secret from Kubernetes.
Delete Helm release
Wait for deleting of Helm release flux-{{ network.env.type }}
Follow Readme for detailed information.
clean/gitops
This role deletes all the gitops release files
Delete release files
Git push
Follow Readme for detailed information.
clean/k8s_resourses
The role deletes all running Kubernetes components and Helm releases of all organizations.
Remove all Helm releases of organization {{ organization }}
Get all existing Cluster Role Bindings of organization {{ organization }}
Remove an existing Cluster Role Binding of {{ organization }}
Remove an existing Namespace {{ organization_ns }}
Remove an existing Storage Class of {{ organization }}
Follow Readme for detailed information.
clean/vault
This role get vault root token for organization and remove Indy crypto from vault
Remove Indy Crypto of {{ organization }}
Remove Policies of trustees
Remove Policies of stewards
Remove Policies of endorsers
Remove Policies of {{ organization }}
Remove Kubernetes Authentication Methods of {{ organization }}
Remove Kubernetes Authentication Methods of {{ organization }} of trustees
Remove Kubernetes Authentication Methods of {{ organization }} of stewards
Remove Kubernetes Authentication Methods of {{ organization }} of endorsers
Follow Readme for detailed information.
create/helm_component/auth_job
This role create the job value file for creating Vault auth methods
This role creates the job value file for stewards
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Get the kubernetes server url
Trustee vault policy and role generating
Stewards vault policy and role generating
Endorser vault policy and role generating
bevel-ac vault policy and role generating
Follow Readme for detailed information.
create/helm_component/crypto
This role create the job value file for creating Hyperledger Indy Crypto
This role creates the job value file for stewards
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Trustee crypto generating
Stewards crypto generating
Endorser crypto generating
Follow Readme for detailed information.
create/helm_component/domain_genesis
This role create the config map value file for storing domain genesis for Indy cluster.
This role creates the domain genesis file for organization
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Generate domain genesis for organization
create value file for {{ component_name }} {{ component_type }}
Follow Readme for detailed information.
create/helm_component/ledger_txn
This role create the job value file for Indy NYM ledger transactions
This role create the job value file for Indy NYM ledger transactions
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Create HelmRelease file
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Get identity data from vault
Inserting file into Variable
create value file for {{ new_component_name }} {{ component_type }}
Delete file
Helm lint
Follow Readme for detailed information.
create/helm_component/node
This role creates value file for Helm Release of stewards.
This role creates the job value file for stewards
Ensures {{ release_dir }}/{{ component_name }} dir exists
create value file for {{ component_name }} {{ component_type }}
Follow Readme for detailed information.
create/helm_component/pool_genesis
This role creates the pool genesis file for organization
Ensures {{ release_dir }}/{{ component_type }}/{{ component_name }} dir exists
Generate pool genesis for organization
create value file for {{ component_name }} {{ component_type }}
Follow Readme for detailed information.
create/imagepullsecret
This role creates secret in Kubernetes for pull docker images from repository.
This role creates the docker pull registry secret within each namespace
Check for ImagePullSecret for {{ organization }}
Create the docker pull registry secret for {{ component_ns }}
Follow Readme for detailed information.
create/k8_component
This role create value file for kubernetes component by inserted type.
This role generates value files for various k8 components
Ensures {{ component_type_name }} dir exists
create {{ component_type }} file for {{ component_type_name }}
Follow Readme for detailed information.
create/namespace
This role creates value files for namespaces of organizations
Check namespace is created
Create namespaces
Git Push
Follow Readme for detailed information.
create/serviceaccount/by_identities
This role creates value files for service account
Check if service account for {{ component_name }} exists
Create service account for {{ component_name }}
Check cluster role binding for {{ component_name }}
Get component_name to var
Get organization and admin string to var
Create cluster role binding for {{ component_name }}
Create admin cluster role binding for {{ component_name }}
Follow Readme for detailed information.
create/serviceaccount/main
This role creates value files for service account for vault
Create service account for trustees [{{ organization }}]
Create service account for stewards [{{ organization }}]
Create service account for endorsers [{{ organization }}]
Create service account for organization [{{ organization }}]
Create service account for read only public crypto [{{ organization }}]
Push the created deployment files to repository
Waiting for trustees accounts and cluster binding roles
Waiting for stewards accounts and cluster binding roles
Waiting for endorsers accounts and cluster binding roles
Waiting for organization accounts and cluster binding roles
Waiting for organization read only account and cluster binding role
Follow Readme for detailed information.
create/serviceaccount/waiting
This role is waiting for create inserted ServiceAccounts or ClusterRoleBinding.
Wait for creation for service account
Wait for creation for cluster role binding
Follow Readme for detailed information.
create/storageclass
This role creates value files for storage class
Check if storageclass exists
Create storageclass
Push the created deployment files to repository
Wait for Storageclass creation for {{ component_name }}
Follow Readme for detailed information.
setup/auth_job
This role generates Helm releases of kubernetes jobs, which create Auth Methods into HashiCorp Vault for getting Vault token by Kubernetes Service Accounts
Wait for namespace creation for stewards
Create auth_job of stewards, trustee and endorser
Push the created deployment files to repository
Check if auth job finished correctly
Follow Readme for detailed information.
setup/crypto
This role creates the deployment files for indy crypto generate job and pushes them to repository
Wait for namespace creation for stewards
Create image pull secret for stewards
Create crypto of stewards, trustee and endorser
Push the created deployment files to repository
Check Vault for Indy crypto
Follow Readme for detailed information.
setup/domain_genesis
This role creates the values files for organizations domain genesis and pushes them to repository
Create domain genesis
Push the created deployment files to repository
Wait until domain genesis configmap are created
Follow Readme for detailed information.
setup/endorsers
This role creates the deployment files for endorsers and pushes them to repository
Wait for namespace creation
Create image pull secret for identities
Create Deployment files for Identities
Select Admin Identity for Organisation {{ component_name }}
Inserting file into Variable
Calling Helm Release Development Role…
Delete file
Push the created deployment files to repository
Wait until identities are creating
Follow Readme for detailed information.
setup/node
This role creates the deployment files for stewards and pushes them to repository
Wait for namespace creation for stewards
Create image pull secret for stewards
Create steward deployment file
Push the created deployment files to repository
Wait until steward pods are running
Follow Readme for detailed information.
setup/pool_genesis
This role creates the values files for organizations domain genesis and pushes them to repository
Create pool genesis
Push the created deployment files to repository
Wait until pool genesis configmap are created
Follow Readme for detailed information.
setup/trustees
This role creates the deployment files for adding new trustees to existing network
Wait for namespace creation
Create image pull secret for identities
Create Deployment files for Identities
Select Admin Identity for Organisation {{ component_name }}
Inserting file into Variable
Calling Helm Release Development Role…
Delete file
Push the created deployment files to repository
Wait until identities are creating
Follow Readme for detailed information.
setup/stewards
This role creates the deployment files for adding new stewards to existing network
Wait for namespace creation
Create image pull secret for identities
Create Deployment files for Identities
Select Admin Identity for Organisation {{ component_name }}
Inserting file into Variable
Calling Helm Release Development Role…
Delete file
Push the created deployment files to repository
Wait until identities are creating
Follow Readme for detailed information.
setup/vault_kubernetes
This role setups communication between the vault and kubernetes cluster and install neccessary configurations.
Check namespace is created
Ensures build dir exists
Check if Kubernetes-auth already created for Organization
Enable and configure Kubernetes-auth for Organization
Get Kubernetes cert files for organizations
Write reviewer token for Organizations
Check if policy exists
Create policy for Access Control
Write Policy to Vault
Create Vault auth role
Follow Readme for detailed information.