Skip to content

Commit

Permalink
Revert "feat(quorum): introduce helm chart deployment capability"
Browse files Browse the repository at this point in the history 
This reverts commit 0b004fa.
  • Loading branch information
@suvajit-sarkar
suvajit-sarkar authored Mar 4, 2024
1 parent 2e96f93 commit f2ece9f
Show file tree
Hide file tree
Showing 91 changed files with 4,258 additions and 3,804 deletions.
53 changes: 14 additions & 39 deletions platforms/hyperledger-besu/charts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,48 +110,24 @@ helm install genesis ./besu-genesis --namespace carrier-bes --values ./values/pr
helm install carrier ./besu-node --namespace carrier-bes --values ./values/proxy-and-vault/txnode-sec.yaml --set global.proxy.p2p=15016 --set node.besu.identity="O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
```

### API call
### API Calls
Once deployed, services are available as follows on the address as provided in your `global.proxy.externalUrlSuffix`.

Once your services are deployed, they can be accessed using the domain name provided in your `global.proxy.externalUrlSuffix`.

1. **Retrieve the Source Host for Your Node**

Run the following command to get the mapping for your node:

```bash
kubectl get mapping --namespace supplychain-bes
```

From the output, copy the source host for your node.

2. **Make HTTP RPC API Calls**

You can interact with your node using HTTP RPC API calls. Here's an example of how to do it:
```bash
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' http://<source-host>
```
Replace `<source-host>` with the source host you copied earlier.
3. **Verify the Node Syncing Status**
If the node running the JSON-RPC service is syncing correctly, the previous command should return the following:
```json
{
"jsonrpc" : "2.0",
"id" : 1,
"result" : "0x64"
}
```
This confirms that your node is syncing as expected.
```bash
# HTTP RPC API
curl -v -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' http://supplychainrpc.test.yourdomain.com

# which should return (confirming that the node running the JSON-RPC service is syncing):
{
"jsonrpc" : "2.0",
"id" : 1,
"result" : "0x64"
}
```

### Clean-up

To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.

To clean up, just uninstall the helm releases.
```bash
helm uninstall --namespace supplychain-bes validator-1
helm uninstall --namespace supplychain-bes validator-2
Expand All @@ -169,5 +145,4 @@ To deploy the proposed validator chart, we need to deploy the Besu node chart fi

```bash
helm install validator-5 ./besu-propose-validator --namespace supplychain-bes --values besu-propose-validator/values.yaml
>>>>>>> upstream/develop
```
13 changes: 5 additions & 8 deletions platforms/hyperledger-besu/charts/besu-genesis/templates/genesis-job-cleanup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,11 @@ spec:
- |
{{- if .Values.settings.removeGenesisOnDelete }}
if kubectl get configmap --namespace {{ .Release.Namespace }} besu-genesis &> /dev/null; then
echo "Deleting genesis configmap in k8s ..."
kubectl delete configmap --namespace {{ .Release.Namespace }} besu-genesis
fi

if kubectl get configmap --namespace {{ .Release.Namespace }} besu-peers &> /dev/null; then
echo "Deleting node-enodes configmap in k8s ..."
kubectl delete configmap --namespace {{ .Release.Namespace }} besu-peers
fi
echo "Deleting genesis configmap in k8s ..."
kubectl delete configmap --namespace {{ .Release.Namespace }} besu-genesis

echo "Deleting node-enodes configmap in k8s ..."
kubectl delete configmap --namespace {{ .Release.Namespace }} besu-peers

{{- end}}
3 changes: 2 additions & 1 deletion platforms/hyperledger-besu/charts/besu-node/templates/node-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,9 +172,10 @@ spec:
--identity={{ .Values.node.besu.identity | quote }} --miner-enabled=false \
--Xdns-enabled=true --Xdns-update-enabled=true --Xnat-kube-service-name={{ include "besu-node.fullname" . }} \
--min-gas-price=0
livenessProbe:
httpGet:
path: /
path: /liveness
port: 8545
initialDelaySeconds: 180
periodSeconds: 60
Expand Down
6 changes: 2 additions & 4 deletions platforms/hyperledger-besu/charts/besu-tlscert-gen/templates/job-cleanup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,5 @@ spec:
- -c
args:
- |
if kubectl get secret --namespace {{ .Release.Namespace }} {{ include "besu-tlscert-gen.name" . }}-tls-certs &>/dev/null; then
echo "Deleting tls-certs secret in k8s ..."
kubectl delete secret --namespace {{ .Release.Namespace }} {{ include "besu-tlscert-gen.name" . }}-tls-certs
fi
echo "Deleting tls-certs secret in k8s ..."
kubectl delete secret --namespace {{ .Release.Namespace }} {{ include "besu-tlscert-gen.name" . }}-tls-certs
9 changes: 6 additions & 3 deletions platforms/hyperledger-besu/charts/besu-tlscert-gen/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,8 @@ spec:
cert=$(echo ${VAULT_SECRET} | jq -r '.["ambassadorcrt"]')
# If the cert is null, empty, or contains a parse error, then the certificates do not exist in Vault
if [ "$cert" == "null" ] || [[ "$cert" = *"error"* ]] || [ "$cert" = "" ]; then
if [ "$cert" == "null" ] || [[ "$cert" = "parse error"* ]] || [ "$cert" = "" ]
then
# Create a file to indicate that the ambassador TLS certificates are absent
echo "Certficates absent in vault. Ignore error warning"
touch ${OUTPUT_PATH}/ambassadortls_absent.txt
Expand Down Expand Up @@ -312,7 +313,8 @@ spec:
# Check if any of the certificate and key fields are missing, empty or having any kind of error
for field in "$CA_PEM" "$CA_KEY" "$AMBASSADORCRT" "$AMBASSADORKEY" "$KEYSTORE" "$PASSWORD" "$KNOWNSERVER"
do
if [ "$field" = "null" ] || [[ "$field" = *"error"* ]] || [ "$field" = "" ]; then
if [ "$field" = "null" ] || [[ "$field" = "parse error"* ]] || [ "$field" = "" ]
then
AMBASSADORTLS_CERT_WRITTEN=false
break
else
Expand All @@ -332,7 +334,8 @@ spec:
# Check if any of the certificate and key fields are missing, empty or having any kind of error
for field in "$CA_PEM" "$CA_KEY" "$AMBASSADORCRT" "$AMBASSADORKEY"
do
if [ "$field" = "null" ] || [[ "$field" = *"error"* ]] || [ "$field" = "" ]; then
if [ "$field" = "null" ] || [[ "$field" = "parse error"* ]] || [ "$field" = "" ]
then
AMBASSADORTLS_CERT_WRITTEN=false
break
else
Expand Down
228 changes: 14 additions & 214 deletions platforms/quorum/charts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,220 +3,20 @@
[//]: # (SPDX-License-Identifier: Apache-2.0)
[//]: # (##############################################################################################)

# Charts for Goquorum components
# Charts for Quorum components

## About
This folder contains the helm charts which are used for the deployment of the Hyperledger Goquorum components. Each helm that you can use has the following keys and you need to set them. The `global.cluster.provider` is used as a key for the various cloud features enabled. Also you only need to specify one cloud provider, **not** both if deploying to cloud. As of writing this doc, AWS is fully supported.

```yaml
global:
serviceAccountName: vault-auth
cluster:
provider: aws # choose from: minikube | aws
cloudNativeServices: false # future: set to true to use Cloud Native Services
kubernetesUrl: "https://yourkubernetes.com" # Provide the k8s URL, ignore if not using Hashicorp Vault
vault:
type: hashicorp # choose from hashicorp | kubernetes
network: quorum # must be quorum for these charts
# Following are necessary only when hashicorp vault is used.
address: http://vault.url:8200
authPath: supplychain
secretEngine: secretsv2
secretPrefix: "data/supplychain"
role: vault-role
```
## Usage
### Pre-requisites
- Kubernetes Cluster (either Managed cloud option like EKS or local like minikube)
- Accessible and unsealed Hahsicorp Vault (if using Vault)
- Configured Ambassador AES (if using Ambassador as proxy)
- Update the dependencies
```
helm dependency update quorum-genesis
helm dependency update quorum-node
```


## `Without Proxy and Vault`

### 1. Install Genesis Node
```bash
# Install the genesis node
helm install genesis ./quorum-genesis --namespace supplychain-quo --create-namespace --values ./values/noproxy-and-novault/genesis.yaml
```

### 2. Install Validator Nodes
```bash
# Install validator nodes
helm install validator-1 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-2 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-3 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
helm install validator-4 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/validator.yaml
```

### 3. Deploy Member and Tessera Node Pair
```bash
# Deploy Quorum and Tessera node pair
helm install member-1 ./quorum-node --namespace supplychain-quo --values ./values/noproxy-and-novault/txnode.yaml
```

### Setting Up Another Member in a Different Namespace

```bash
# Get the genesis and static nodes from existing member and and place them in the directory 'besu-genesis/files'
cd ./quorum-genesis/files/
kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json
kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json
# Install secondary genesis node
helm install genesis ./quorum-genesis --namespace carrier-quo --values ./values/noproxy-and-novault/genesis-sec.yaml
# Install secondary member node
helm install member-2 ./quorum-node --namespace carrier-quo --values ./values/noproxy-and-novault/txnode-sec.yaml
```

---

## `With Ambassador Proxy and Vault`

### 1. Create Namespace and Secret
```bash
# Create a namespace
kubectl create namespace supplychain-quo
# Create the roottoken secret
kubectl -n supplychain-quo create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
```

### 2. Install Genesis Node
```bash
# Install the genesis node
helm install genesis ./quorum-genesis --namespace supplychain-quo --values ./values/proxy-and-vault/genesis.yaml
```

### 3. Install Validator Nodes
```bash
# Install validator nodes
helm install validator-1 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15011
helm install validator-2 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15012
helm install validator-3 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15013
helm install validator-4 ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/validator.yaml --set global.proxy.p2p=15014
```

### 4. Deploy Member and Tessera Node Pair
```bash
# Deploy Quorum and Tessera node pair
helm install supplychain ./quorum-node --namespace supplychain-quo --values ./values/proxy-and-vault/txnode.yaml --set global.proxy.p2p=15015
```

### Setting Up Another Member in a Different Namespace

```bash
# Get the genesis and static nodes from existing member and and place them in the directory 'besu-genesis/files'
cd ./quorum-genesis/files/
kubectl --namespace supplychain-quo get configmap quorum-peers -o jsonpath='{.data.static-nodes\.json}' > static-nodes.json
kubectl --namespace supplychain-quo get configmap quorum-genesis -o jsonpath='{.data.genesis\.json}' > genesis.json
# Create a new namespace
kubectl create namespace carrier-quo
# Create the roottoken secret
kubectl -n carrier-quo create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
# Install secondary genesis node
helm install genesis ./quorum-genesis --namespace carrier-quo --values ./values/proxy-and-vault/genesis-sec.yaml
# Install secondary member node
helm install carrier ./quorum-node --namespace carrier-quo --values ./values/proxy-and-vault/txnode-sec.yaml --set global.proxy.p2p=15016
```

## `API call`

Once your services are deployed, they can be accessed using the domain name provided in your `global.proxy.externalUrlSuffix`.

1. **Retrieve the Source Host for Your Node**

Run the following command to get the mapping for your node:

```bash
kubectl get mapping --namespace supplychain-quo
```

From the output, copy the source host for your node.

2. **Make HTTP RPC API Calls**

You can interact with your node using HTTP RPC API calls. Here's an example of how to do it:

```bash
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' http://<source-host>
```

Replace `<source-host>` with the source host you copied earlier.

3. **Verify the Node Syncing Status**

If the node running the JSON-RPC service is syncing correctly, the previous command should return the following:

```json
{
"jsonrpc" : "2.0",
"id" : 1,
"result" : "0x64"
}
```

This confirms that your node is syncing as expected.

## `Managing IBFT Validators Deployment`

To deploy the proposed validator chart for IBFT, you first need to set up the Quorum DLT network. Below are the steps you can follow:

1. **Deploy Quorum DLT Network**:
You have two options for deploying the Quorum DLT network:

- **With Vault and Proxy**
- **Without Vault and Proxy**

Choose the appropriate method based on your requirements.

2. **Install Validator Chart**:
Utilize Helm for installing the validator chart. Ensure to adjust values accordingly:

```bash
helm install validator-5 ./quorum-propose-validator --namespace supplychain-quo --values quorum-propose-validator/values.yaml
```

This chart facilitates the addition or removal of validators through majority voting.

3. **Verify Validator Status**:
Confirm the validator status by executing:

```bash
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"istanbul_getValidators","params":["latest"],"id":1}' http://<SOURCE-HOST>
```

This command retrieves the current list of validators for the latest block.

Replace `<SOURCE-HOST>` with the appropriate host address.


## `Clean-up`

To clean up, simply uninstall the Helm releases. It's important to uninstall the genesis Helm chart at the end to prevent any cleanup failure.

```bash
helm uninstall --namespace supplychain-quo validator-1
helm uninstall --namespace supplychain-quo validator-2
helm uninstall --namespace supplychain-quo validator-3
helm uninstall --namespace supplychain-quo validator-4
helm uninstall --namespace supplychain-quo validator-5
helm uninstall --namespace supplychain-quo supplychain
helm uninstall --namespace supplychain-quo genesis
helm uninstall --namespace carrier-quo carrier
helm uninstall --namespace carrier-quo genesis
This folder contains helm charts which are used by the ansible playbooks for the deployment of the Quorum components. Each chart folder contain a folder for templates, chart file and the corresponding value file.

## Example Folder Structure ###
```
/quorum-member-node
|-- templates
| |-- _helpers.tpl
| |-- configmap.yaml
| |-- deployment.yaml
| |-- ingress.yaml
| |-- service.yaml
|-- Chart.yaml
|-- values.yaml
```
22 changes: 0 additions & 22 deletions platforms/quorum/charts/quorum-genesis/Chart.yaml
View file

This file was deleted.

Loading

0 comments on commit f2ece9f

Please sign in to comment.