[ci-skip] Add operator support (#2313)

* [ci-skip] Add operator support for Fabric
* Add documentation for operator
* Add new fabric version to network schema
---------
Signed-off-by: Roy,Sownak <[email protected]>

Dockerfile

@@ -3,13 +3,11 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
-
 # USAGE: 
 # docker build . -t bevel-build
 # docker run -v $(pwd):/home/bevel/ bevel-build
 
 FROM ubuntu:20.04
-
 # Create working directory
 WORKDIR /home/
 ENV OPENSHIFT_VERSION='0.13.1'
@@ -32,7 +30,6 @@ RUN wget https://download.java.net/java/GA/jdk14/076bab302c7b4508975440c56f6cc26
     && tar xvf openjdk-14_linux-x64_bin.tar.gz \
     && rm openjdk-14_linux-x64_bin.tar.gz
 
-
 RUN apt-get update && apt-get install -y \
     python3-pip && \
     pip3 install --no-cache --upgrade pip setuptools wheel && \
@@ -44,7 +41,7 @@ RUN apt-get update && apt-get install -y \
     rm -rf /var/lib/apt/lists/*
 
 # base58 is needed in Substrate to encode nodeids
-RUN snap install base58
+RUN pip3 install base58
 
 RUN npm install -g ajv-cli
 RUN apt-get update && apt-get install -y python3-venv
@@ -53,14 +50,23 @@ RUN rm /etc/apt/apt.conf.d/docker-clean
 RUN mkdir /etc/ansible/
 RUN /bin/echo -e "[ansible_provisioners:children]\nlocal\n[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
 
+# Install krew for bevel-operator-fabric
+RUN (set -x; cd "$(mktemp -d)" && \
+    OS="$(uname | tr '[:upper:]' '[:lower:]')" && \
+    ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" && \
+    KREW="krew-${OS}_${ARCH}" && \
+    curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && \
+    tar zxvf "${KREW}.tar.gz" && \
+    ./"${KREW}" install krew)
+
 # Copy the provisional script to build container
 COPY ./run.sh /home
 COPY ./reset.sh /home
 RUN chmod 755 /home/run.sh
 RUN chmod 755 /home/reset.sh
-ENV PATH=/root/bin:/root/.local/bin/:$PATH
+
 ENV JAVA_HOME=/home/jdk-14
-ENV PATH=/home/jdk-14/bin:$PATH
+ENV PATH=~/.krew/bin:/home/jdk-14/bin:/root/bin:/root/.local/bin/:$PATH
 
 # The mounted repo should contain a build folder with the following files
 # 1) K8s config file as config
@@ -69,6 +75,4 @@ ENV PATH=/home/jdk-14/bin:$PATH
 
 #path to mount the repo
 VOLUME /home/bevel/
-
-
 CMD ["/home/run.sh"]

docs/source/operationalguide.rst

@@ -33,6 +33,7 @@ Fabric operations
     operations/upgrade_fabricnetwork_1.4.x_2.2.x
     operations/setup_cactus_connector_fabric
     operations/external_chaincode
+    operations/deploy_operator_fabric
 
 Corda operations
 -----------------------

docs/source/operations/deploy_operator_fabric.md

@@ -0,0 +1,53 @@
+[//]: # (##############################################################################################)
+[//]: # (Copyright Accenture. All Rights Reserved.)
+[//]: # (SPDX-License-Identifier: Apache-2.0)
+[//]: # (##############################################################################################)
+
+<a name = "deploy-fabric-network-using-operator"></a>
+# Deploy Fabric Network using Operator
+
+  - [Introduction](#introduction)
+  - [Modifying Configuration File](#modifying-configuration-file)
+  - [Run playbook](#run-playbook)
+
+## Introduction
+The [bevel-operator-fabric](https://github.com/hyperledger/bevel-operator-fabric) provides a different approach to deploying the Fabric Network. It uses 
+the kubernetes operator to deploy CAs, Orderers and Peers. 
+This release supports bevel-operator-fabric version 1.9.0 and all the Fabric platforms supported by it. Also, chaincode and user/certificate management is not yet supported, there will be separate issues to handle this. Current implementation supports till Channel creation and joining.
+
+Due to open issues with bevel-operator-fabric, it is not recommended for Production workloads yet.
+
+---
+**NOTE**: The bevel-operator-fabric deployment has been tested only for Fabric 2.5.3
+
+---
+
+## Modifying Configuration File
+
+A Sample configuration file for deploying using bevel-operator-fabric is available [here](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml). Following are the main changes in this file from previous versions:
+
+1. `network.env.type` must be `operator`. This is how Ansible will understand that bevel-operator-fabric will be used.
+1.  `network.env.proxy` must be `istio` as no other proxy is supported by bevel-operator-fabric.
+1. Only `443` is supported as external port because that is what bevel-operator-fabric supports.
+1. `vault` and `gitops` sections are removed as they are not applicable.
+
+For generic instructions on the Fabric configuration file, refer [this guide](./fabric_networkyaml.md).
+
+<a name = "run-playbook"></a>
+## Run playbook
+
+After all the configurations are updated in the `network.yaml`, execute the following to create the DLT network
+```
+# Run the provisioning scripts
+ansible-playbook platforms/shared/configuration/site.yaml -e "@./build/network.yaml" 
+
+```
+The `site.yaml` playbook, in turn calls various playbooks depending on the configuration file and sets up your DLT/Blockchain network.
+
+The [deploy-fabric-console.yaml](https://github.com/hyperledger/bevel/tree/main/platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml) playbook can be used as well if the pre-requisites like Istio and krew is already installed. This can be done using the following command
+
+```
+ansible-playbook platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml -e "@/path/to/network.yaml"
+```
+
+Refer to [bevel-operator-fabric docs](https://hyperledger.github.io/bevel-operator-fabric/) for details the operator and latest releases.

platforms/hyperledger-fabric/configuration/cleanup.yaml

@@ -27,20 +27,28 @@
         services: "{{ item.services }}"
         kubernetes: "{{ item.k8s }}"
       loop: "{{ network['organizations'] }}"
+      when: network.env.type != 'operator'
 
     # Delete genesis
     - include_role:
         name: "delete/genesis"
       vars:
         component_name: "{{ item.name | lower }}-net"
       loop: "{{ network['organizations'] }}"
-      when: item.type == "orderer"
+      when: 
+      - item.type == "orderer"
+      - network.env.type != 'operator'
 
-    # delete orderer certs directory
-    - name: Remove orderers certs directory
-      file:
-        path:  "{{ playbook_dir }}/../charts/catools/certs"
-        state: absent
+    - include_role: 
+        name: "delete/operator"
+      vars:
+        component_name: "{{ item.name | lower }}-net"
+        org_name: "{{ item.name | lower }}"
+        component_type: "{{ item.type | lower }}"
+        services: "{{ item.services }}"
+        kubernetes: "{{ item.k8s }}"
+      loop: "{{ network['organizations'] }}"
+      when: network.env.type == 'operator'
 
     # delete build directory
     - name: Remove build directory

platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml

@@ -0,0 +1,119 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# This playbook deploys a DLT network on existing Kubernetes clusters
+# The Kubernetes clusters should already be created and the infomation to connect to the
+#  clusters be updated in the network.yaml file that is used as an input to this playbook
+###########################################################################################
+# To Run this playbook from this directory, use the following command (network.yaml also in this directory)
+#  ansible-playbook deploy-network.yaml -e "@./network.yaml"
+############################################################################################
+# Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml
+---
+  # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group
+- hosts: ansible_provisioners
+  gather_facts: no
+  no_log: "{{ no_ansible_log | default(false) }}"
+  tasks:
+    # delete build directory
+    - name: Remove build directory
+      file:
+        path: "./build"
+        state: absent
+
+    - name: Create namespace for each organization
+      include_role:
+        name: k8_component
+      vars:    
+        component_type: "namespace"
+        component_name: "{{ item.name | lower }}-net"
+        component_type_name: "{{ item.type | lower }}"
+        kubernetes: "{{ item.k8s }}"
+        release_dir: "./build"
+      loop: "{{ network['organizations'] }}"
+
+    - name: Create storageclass for each organization
+      include_role:
+        name: "create/storageclass"
+      vars:
+        sc_name: "{{ item.name | lower}}sc"
+        component_type: "{{ item.type | lower}}"
+        kubernetes: "{{ item.k8s }}"
+        release_dir: "./build"
+      loop: "{{ network['organizations'] }}"
+
+    - name: Create CA server for each organization
+      include_role:
+        name: "operator/create/ca/server"
+      vars:
+        ca: "{{ item.services.ca }}"
+        namespace: "{{ item.name | lower }}-net"
+        component_name: "{{ item.name | lower }}"
+      loop: "{{ network['organizations'] }}"
+      when: item.services.ca is defined
+
+    - name: Register default users for each organization
+      include_role:
+        name: "operator/create/ca/user"
+      vars:
+        user_type: "default"
+        namespace: "{{ item.name | lower }}-net"
+        component_name: "{{ item.name | lower }}"
+        component_type: "{{ item.type | lower }}"
+      loop: "{{ network['organizations'] }}"
+
+    - name: Create orderer nodes
+      include_role:
+        name: "operator/create/orderer"
+      vars:
+        namespace: "{{ item.name | lower }}-net"
+        component_name: "{{ item.name | lower }}"
+        component_type: "{{ item.type | lower }}"
+        kubeconfig_path: "{{ item.k8s.config_file }}"
+      loop: "{{ network['organizations'] }}"
+      when: item.type == 'orderer'
+
+    - name: Create all peers
+      include_role:
+        name: "operator/create/peer"
+      vars:
+        namespace: "{{ item.name | lower }}-net"
+        component_name: "{{ item.name | lower }}"
+        component_type: "{{ item.type | lower }}"
+      loop: "{{ network['organizations'] }}"
+      when: item.type == 'peer'
+
+    - name: Register admin users for each organization
+      include_role:
+        name: "operator/create/ca/user"
+      vars:
+        user_type: "admin"
+        namespace: "{{ item.name | lower }}-net"
+        component_name: "{{ item.name | lower }}"
+        component_type: "{{ item.type | lower }}"
+      loop: "{{ network['organizations'] }}"
+
+    - name: Create the main channels
+      include_role:
+        name: "operator/create/mainchannel"
+      vars:
+        participants: "{{ item.participants }}"
+      loop: "{{ network['channels'] }}"
+
+    - name: Join the main channels
+      include_role:
+        name: "operator/create/followerchannel"
+      vars:
+        build_path: "./build"
+        participants: "{{ item.participants }}"
+      loop: "{{ network['channels'] }}"
+
+  vars: #These variables can be overriden from the command line
+    privilege_escalate: false           #Default to NOT escalate to root privledges
+    install_os: "linux"                 #Default to linux OS
+    install_arch:  "amd64"              #Default to amd64 architecture
+    bin_install_dir:  "~/bin"            #Default to /bin install directory for binaries
+    add_new_org: 'false'                # Default to false as this is for main network creation

platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/create_package.yaml

@@ -32,7 +32,7 @@
   when: not chaincode.tls
 
 # This tasks packs the chaincode details file
-- name : Packs the chaicode package file
+- name: Packs the chaicode package file
   shell: | 
     # Packages chaincode details
     cd {{ package_dir }}

platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml

@@ -1,4 +1,3 @@
-
 ##############################################################################################
 #  Copyright Accenture. All Rights Reserved.
 #

platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/nested_main.yaml

@@ -6,4 +6,4 @@
     loop_var: chaincode
   when: 
     - chaincode.external_chaincode is defined and chaincode.external_chaincode == true  
-    - chaincode.tls
+    - chaincode.tls

platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/nested_main.yaml

@@ -8,4 +8,4 @@
   loop: "{{ peer_chaincodes }}"
   loop_control:
     loop_var: chaincode
-  when: chaincode.external_chaincode is defined and chaincode.external_chaincode == true 
+  when: chaincode.external_chaincode is defined and chaincode.external_chaincode == true

platforms/hyperledger-fabric/configuration/roles/create/storageclass/tasks/main.yaml

@@ -52,16 +52,29 @@
     values_file: "{{ release_dir }}/{{ component_type }}/{{ sc_name }}.yaml"
   when: component_type == 'peer' and get_sc.resources|length == 0
 
-#Git Push : Pushes the above generated files to git directory 
-- name: Git Push
+- name: Git Push when not using operator
   include_role: 
     name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
   vars:
     GIT_DIR: "{{ playbook_dir }}/../../../"
     gitops: "{{ item.gitops }}"
     GIT_RESET_PATH: "platforms/hyperledger-fabric/configuration"
     msg: "[ci skip] Pushing Storageclass files"
-  when: get_sc.resources|length == 0
+  when: 
+  - get_sc.resources|length == 0
+  - network.env.type != 'operator'
+  tags:
+    - notest
+
+- name: Create the storagelass when using operator
+  kubernetes.core.k8s:
+    state: present
+    src: "{{ release_dir }}/{{ component_type }}/{{ sc_name }}.yaml"
+    kubeconfig: "{{ kubernetes.config_file }}"
+    context: "{{ kubernetes.context }}"
+  when: 
+  - get_sc.resources|length == 0
+  - network.env.type == 'operator'
   tags:
     - notest
 

platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/delete_channel.yaml

@@ -0,0 +1,25 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+- name: Delete follower channel
+  k8s:
+    kind: "FabricFollowerChannel"
+    api_version: "hlf.kungfusoftware.es/v1alpha1"
+    name: "{{ channel_name }}-{{ org_name }}"
+    state: absent
+    kubeconfig: "{{ kubernetes.config_file }}"
+    context: "{{ kubernetes.context }}"
+  ignore_errors: yes
+
+- name: Delete main channel
+  k8s:
+    kind: "FabricMainChannel"
+    api_version: "hlf.kungfusoftware.es/v1alpha1"
+    name: "{{ channel_name }}"
+    state: absent
+    kubeconfig: "{{ kubernetes.config_file }}"
+    context: "{{ kubernetes.context }}"
+  ignore_errors: yes