From b2d6dc6cfdc1b40ca0bb9e1ad161fc548749464c Mon Sep 17 00:00:00 2001 From: "sownak.roy" Date: Wed, 19 Jul 2023 14:21:59 +0000 Subject: [PATCH] [ci-skip] Fix binary download and error in vault management chart Signed-off-by: sownak.roy --- .../configuration/add-validator.yaml | 60 +-- .../configuration/cleanup.yaml | 14 +- .../configuration/deploy-network.yaml | 71 ++- .../configuration/generate-crypto.yaml | 72 +-- .../create/certificates/ambassador/Readme.md | 4 +- .../certificates/ambassador/tasks/main.yaml | 4 +- .../ambassador/tasks/nested_main.yaml | 16 +- .../roles/create/crypto/node/tasks/main.yaml | 8 +- .../roles/create/genesis/tasks/main.yaml | 49 +++ .../create/validator_node/tasks/main.yaml | 18 +- .../samples/network-besu-v22.yaml | 409 ------------------ .../configuration/samples/network-besu.yaml | 9 +- .../roles/setup/ambassador/tasks/main.yaml | 1 - .../setup/vault_kubernetes/tasks/main.yaml | 2 + 14 files changed, 190 insertions(+), 547 deletions(-) delete mode 100644 platforms/hyperledger-besu/configuration/samples/network-besu-v22.yaml diff --git a/platforms/hyperledger-besu/configuration/add-validator.yaml b/platforms/hyperledger-besu/configuration/add-validator.yaml index e983f456304..8d7eff9d5e9 100644 --- a/platforms/hyperledger-besu/configuration/add-validator.yaml +++ b/platforms/hyperledger-besu/configuration/add-validator.yaml @@ -29,13 +29,13 @@ include_role: name: create/namespace vars: - component_ns: "{{ organizationItem.name | lower }}-bes" - organisation: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - gitops: "{{ organizationItem.gitops }}" + component_ns: "{{ org.name | lower }}-bes" + organisation: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + gitops: "{{ org.gitops }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org when: add_new_org == 'true' # Create Storageclass @@ -43,13 +43,13 @@ include_role: name: create/storageclass vars: - storageclass_name: "{{ organizationItem.cloud_provider }}storageclass" - git_dir: "{{ organizationItem.gitops.release_dir }}" - org: "{{ organizationItem }}" - kubernetes: "{{ organizationItem.k8s }}" + storageclass_name: "{{ org.cloud_provider }}storageclass" + git_dir: "{{ org.gitops.release_dir }}" + org: "{{ org }}" + kubernetes: "{{ org.k8s }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org when: add_new_org == 'true' # Create Vault scrit as configmap for Vault CURD operations @@ -57,10 +57,10 @@ include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault-script" vars: - component_ns: "{{ organizationItem.name | lower }}-bes" + component_ns: "{{ org.name | lower }}-bes" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org when: add_new_org == 'true' # Setup Vault-Kubernetes accesses and Regcred for docker registry @@ -69,18 +69,18 @@ name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault_kubernetes" vars: policy_type: "besu" - name: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}-vaultk8s-job" - component_auth: "besu{{ organizationItem.name | lower }}" + name: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}-vaultk8s-job" + component_auth: "besu{{ org.name | lower }}" component_type: "organization" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - gitops: "{{ organizationItem.gitops }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + gitops: "{{ org.gitops }}" reset_path: "platforms/hyperledger-besu/configuration" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org when: add_new_org == 'true' # Installs cert-manager @@ -103,18 +103,18 @@ vars: root_subject: "{{ network.config.subject }}" cert_subject: "{{ network.config.subject | regex_replace(',', '/') }}" - services: "{{ organizationItem.services }}" - organisation: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - gitops: "{{ organizationItem.gitops }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + services: "{{ org.services }}" + organisation: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + gitops: "{{ org.gitops }}" + charts_dir: "{{ org.gitops.chart_source }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations']}}" loop_control: - loop_var: organizationItem + loop_var: org # This role generates the admin PPK for permissioning - name: Generate admin key for permissioning diff --git a/platforms/hyperledger-besu/configuration/cleanup.yaml b/platforms/hyperledger-besu/configuration/cleanup.yaml index befc0a912d6..8df379fdc39 100644 --- a/platforms/hyperledger-besu/configuration/cleanup.yaml +++ b/platforms/hyperledger-besu/configuration/cleanup.yaml @@ -32,17 +32,17 @@ include_role: name: delete/certificates/ambassador vars: - services: "{{ organizationItem.services }}" - kubernetes: "{{ organizationItem.k8s }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}" - organization: "{{ organizationItem.name | lower }}" + services: "{{ org.services }}" + kubernetes: "{{ org.k8s }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}" + organization: "{{ org.name | lower }}" loop: "{{ network['organizations']}}" loop_control: - loop_var: organizationItem + loop_var: org when: - network.type == "besu" - - (organizationItem.issuer is defined) and (organizationItem.issuer | lower == "letsencrypt") + - (org.issuer is defined) and (org.issuer | lower == "letsencrypt") # delete build directory - name: Remove build directory diff --git a/platforms/hyperledger-besu/configuration/deploy-network.yaml b/platforms/hyperledger-besu/configuration/deploy-network.yaml index 44613903345..26e6b66764a 100644 --- a/platforms/hyperledger-besu/configuration/deploy-network.yaml +++ b/platforms/hyperledger-besu/configuration/deploy-network.yaml @@ -27,20 +27,19 @@ include_role: name: create/namespace vars: - component_ns: "{{ organizationItem.name | lower }}-bes" - organisation: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - gitops: "{{ organizationItem.gitops }}" + component_ns: "{{ org.name | lower }}-bes" + organisation: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + gitops: "{{ org.gitops }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Create Storageclass - name: Create Storage Class include_role: name: create/storageclass vars: - org: "{{ org }}" org_name: "{{ org.name | lower }}" cloudProvider: "{{ org.cloud_provider | lower }}" sc_name: "{{ org_name }}-{{ cloudProvider }}-storageclass" @@ -58,11 +57,11 @@ include_role: name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault-script" vars: - component_ns: "{{ organizationItem.name | lower }}-bes" - kubernetes: "{{ organizationItem.k8s }}" + component_ns: "{{ org.name | lower }}-bes" + kubernetes: "{{ org.k8s }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Setup Vault-Kubernetes accesses and Regcred for docker registry - name: "Setup vault" @@ -70,18 +69,18 @@ name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault_kubernetes" vars: policy_type: "besu" - name: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}-bes" - component_auth: "besu{{ organizationItem.name | lower }}" - component_type: "{{ organizationItem.type | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - gitops: "{{ organizationItem.gitops }}" + name: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}-bes" + component_auth: "besu{{ org.name | lower }}" + component_type: "{{ org.type | lower }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + gitops: "{{ org.gitops }}" reset_path: "platforms/hyperledger-besu/configuration" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Generate Ambassador certificate for nodes. These certificates are used for Orion TLS as well - name: "Create ambassador certificates for Nodes" @@ -90,18 +89,18 @@ vars: root_subject: "{{ network.config.subject }}" cert_subject: "{{ network.config.subject | regex_replace(',', '/') }}" - services: "{{ organizationItem.services }}" - organisation: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - gitops: "{{ organizationItem.gitops }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + services: "{{ org.services }}" + organisation: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + charts_dir: "{{ org.gitops.chart_source }}" + gitops: "{{ org.gitops }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations']}}" loop_control: - loop_var: organizationItem + loop_var: org # This role generates key pair and nodeaddress for all orgs of the network - name: "Generate crypto for the network nodes" @@ -109,16 +108,16 @@ name: create/crypto/node vars: build_path: "{{ playbook_dir }}/build" - organisation: "{{ organizationItem.name | lower }}" - organisation_ns: "{{ organizationItem.name | lower }}-bes" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - gitops: "{{ organizationItem.gitops }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + organisation: "{{ org.name | lower }}" + organisation_ns: "{{ org.name | lower }}-bes" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + charts_dir: "{{ org.gitops.chart_source }}" + gitops: "{{ org.gitops }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # This role generates the genesis.json - name: "Generate genesis file" diff --git a/platforms/hyperledger-besu/configuration/generate-crypto.yaml b/platforms/hyperledger-besu/configuration/generate-crypto.yaml index 9e1f3324647..2e33d08a950 100644 --- a/platforms/hyperledger-besu/configuration/generate-crypto.yaml +++ b/platforms/hyperledger-besu/configuration/generate-crypto.yaml @@ -19,26 +19,26 @@ include_role: name: create/namespace vars: - component_ns: "{{ organizationItem.name | lower }}-bes" - organisation: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - gitops: "{{ organizationItem.gitops }}" + component_ns: "{{ org.name | lower }}-bes" + organisation: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + gitops: "{{ org.gitops }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Create Storageclass - name: Create Storage Class include_role: name: create/storageclass vars: - storageclass_name: "{{ organizationItem.cloud_provider }}storageclass" - git_dir: "{{ organizationItem.gitops.release_dir }}" - org: "{{ organizationItem }}" - kubernetes: "{{ organizationItem.k8s }}" + storageclass_name: "{{ org.cloud_provider }}storageclass" + git_dir: "{{ org.gitops.release_dir }}" + org: "{{ org }}" + kubernetes: "{{ org.k8s }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Setup Vault-Kubernetes accesses and Regcred for docker registry - name: "Setup vault" @@ -46,18 +46,18 @@ name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/vault_kubernetes" vars: policy_type: "besu" - name: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}-vaultk8s-job" - component_auth: "besu{{ organizationItem.name | lower }}" + name: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}-vaultk8s-job" + component_auth: "besu{{ org.name | lower }}" component_type: "organization" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - gitops: "{{ organizationItem.gitops }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + gitops: "{{ org.gitops }}" reset_path: "platforms/hyperledger-besu/configuration" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem + loop_var: org # Generate Ambassador certificate for nodes. These certificates are used for Orion TLS as well - name: "Create ambassador certificates for Nodes" @@ -66,18 +66,18 @@ vars: root_subject: "{{ network.config.subject }}" cert_subject: "{{ network.config.subject | regex_replace(',', '/') }}" - services: "{{ organizationItem.services }}" - organisation: "{{ organizationItem.name | lower }}" - component_ns: "{{ organizationItem.name | lower }}-bes" - component_name: "{{ organizationItem.name | lower }}" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - gitops: "{{ organizationItem.gitops }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + services: "{{ org.services }}" + organisation: "{{ org.name | lower }}" + component_ns: "{{ org.name | lower }}-bes" + component_name: "{{ org.name | lower }}" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + charts_dir: "{{ org.gitops.chart_source }}" + gitops: "{{ org.gitops }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations']}}" loop_control: - loop_var: organizationItem + loop_var: org # This role generates key pair and nodeaddress for all orgs of the network - name: "Generate crypto for the network nodes" @@ -85,16 +85,16 @@ name: create/crypto/node vars: build_path: "{{ playbook_dir }}/build" - organisation: "{{ organizationItem.name | lower }}" - organisation_ns: "{{ organizationItem.name | lower }}-bes" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - gitops: "{{ organizationItem.gitops }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + organisation: "{{ org.name | lower }}" + organisation_ns: "{{ org.name | lower }}-bes" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + charts_dir: "{{ org.gitops.chart_source }}" + gitops: "{{ org.gitops }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations']}}" loop_control: - loop_var: organizationItem + loop_var: org # This role generates the crypto materials for orion tm - name: "Generate crypto for the Orion transaction manager" diff --git a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/Readme.md b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/Readme.md index 4950cd2117c..03fc3f2b08c 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/Readme.md +++ b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/Readme.md @@ -54,9 +54,9 @@ This task pushes the above generated value files to git repo. #### 4. Create the Ambassador credentials This task creates the Ambassador TLS credentials ##### Input Variables - *namespace: "Namespace of org , Format: {{ organizationItem.name | lower }}-bes" + *namespace: "Namespace of org , Format: {{ org.name | lower }}-bes" *vault: "Vault Details" - *kubernetes: "{{ organizationItem.k8s }}" + *kubernetes: "{{ org.k8s }}" **include_role**: It includes the name of intermediatory role which is required for creating the secrets, here `k8s_secrets`. #### Note: diff --git a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/main.yaml index db399fbd498..c9643094597 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/main.yaml @@ -84,7 +84,7 @@ shell: | KUBECONFIG={{ kubernetes.config_file }} helm upgrade --install letsencrypt-clusterissuer --set namespace="{{ component_ns }}" --set email="{{ gitops.email }}" {{ playbook_dir }}/../../../platforms/shared/charts/letsencrypt-issuer when: - - (organizationItem.issuer is defined) and (organizationItem.issuer|lower == "letsencrypt") + - (org.issuer is defined) and (org.issuer|lower == "letsencrypt") # Checks if ClusterIssuer is up and ready - name: check for an existing ClusterIssuer and wait for it to be ready @@ -97,7 +97,7 @@ delay: 20 until: cissuer.resources[0].status.conditions[0].status|lower == "true" when: - - (organizationItem.issuer is defined) and (organizationItem.issuer|lower == "letsencrypt") + - (org.issuer is defined) and (org.issuer|lower == "letsencrypt") - name: Create Ambassador certificates include_tasks: nested_main.yaml diff --git a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/nested_main.yaml b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/nested_main.yaml index fe47c863268..e3e0c6875ee 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/nested_main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/certificates/ambassador/tasks/nested_main.yaml @@ -18,9 +18,9 @@ # Creates TLS certificate - name: Create TLS certificate shell: | - KUBECONFIG={{ kubernetes.config_file }} helm upgrade --install "letsencrypt-cert-{{node_name}}" --set nodename="{{ node_name }}" --set namespace="{{ component_ns }}" --set externalurlsuffix="{{ organizationItem.external_url_suffix }}" {{ playbook_dir }}/../../../platforms/shared/charts/letsencrypt-cert + KUBECONFIG={{ kubernetes.config_file }} helm upgrade --install "letsencrypt-cert-{{node_name}}" --set nodename="{{ node_name }}" --set namespace="{{ component_ns }}" --set externalurlsuffix="{{ org.external_url_suffix }}" {{ playbook_dir }}/../../../platforms/shared/charts/letsencrypt-cert when: - - (organizationItem.issuer is defined) and (organizationItem.issuer|lower == "letsencrypt") + - (org.issuer is defined) and (org.issuer|lower == "letsencrypt") # Create ambassador certs helmrelease file - name: "Create ambassador certs helmrelease file" @@ -30,11 +30,11 @@ type: "ambassador_besu" component_name: "{{ node_name }}-ambassador-job" name: "{{ node_name }}" - external_url_suffix: "{{ organizationItem.external_url_suffix }}" + external_url_suffix: "{{ org.external_url_suffix }}" tm_clientport: "{{ node.tm_clientport.port | default('8888') }}" tls_enabled: "{{ network.config.tm_tls }}" when: - - (organizationItem.issuer is undefined) or (organizationItem.issuer|lower == "default") + - (org.issuer is undefined) or (org.issuer|lower == "default") # push the created deployment files to repository - name: "Push the created deployment files to repository" @@ -54,7 +54,7 @@ component_type: Job namespace: "{{ component_ns }}" when: - - (organizationItem.issuer is undefined) or (organizationItem.issuer|lower == "default") + - (org.issuer is undefined) or (org.issuer|lower == "default") # This task creates the Ambassador TLS credentials - name: "Create the Ambassador credentials" @@ -62,8 +62,8 @@ name: create/k8s_secrets vars: namespace: "{{ component_ns }}" - vault: "{{ organizationItem.vault }}" - kubernetes: "{{ organizationItem.k8s }}" + vault: "{{ org.vault }}" + kubernetes: "{{ org.k8s }}" check: "ambassador_creds" when: - - (organizationItem.issuer is undefined) or (organizationItem.issuer|lower == "default") + - (org.issuer is undefined) or (org.issuer|lower == "default") diff --git a/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml index c63736afaf9..a6e81369934 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/crypto/node/tasks/main.yaml @@ -21,7 +21,7 @@ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" vars: GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ organizationItem.gitops }}" + gitops: "{{ org.gitops }}" GIT_RESET_PATH: "platforms/hyperledger-besu/configuration" msg: "[ci skip] Delete previous node key mgmt files" @@ -40,7 +40,7 @@ - name: Fetching all nodes of the organisation set_fact: node_list={{ node_list | default([]) + [ {'name':peer.name} ] }} - loop: "{{ organizationItem.services.peers is defined | ternary(organizationItem.services.peers, organizationItem.services.validators) }}" + loop: "{{ org.services.peers is defined | ternary(org.services.peers, org.services.validators) }}" loop_control: loop_var: peer @@ -49,7 +49,7 @@ include_role: name: create/helm_component vars: - name: "{{ organizationItem.name | lower }}" + name: "{{ org.name | lower }}" component_name: "{{ name }}-node-key-mgmt" component_ns: "{{ name }}-bes" type: "node_key_mgmt" @@ -60,6 +60,6 @@ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push" vars: GIT_DIR: "{{ playbook_dir }}/../../../" - gitops: "{{ organizationItem.gitops }}" + gitops: "{{ org.gitops }}" GIT_RESET_PATH: "platforms/hyperledger-besu/configuration" msg: "[ci skip] Pushing node key mgmt files" diff --git a/platforms/hyperledger-besu/configuration/roles/create/genesis/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/genesis/tasks/main.yaml index 45fddaeb789..28bc0fb56d2 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/genesis/tasks/main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/genesis/tasks/main.yaml @@ -85,6 +85,55 @@ when: - item[1].type == "validator" +# This task creates the bin directory, if it doesn't exist, for storing the besu binary +- name: Create bin directory + file: + path: "{{ bin_install_dir }}/besu/besu-{{ network.version }}" + state: directory + +# Check if besu binary already exists +- name: check besu binary + stat: + path: "{{ bin_install_dir }}/besu/besu-{{ network.version }}/besu" + register: besu_stat_result + +# Create a temporary directory to download and extract besu tar +- name: register temporary directory + tempfile: + state: directory + register: tmp_directory + when: besu_stat_result.stat.exists == False + +# This task fetches the besu tar file from the mentioned URL +- name: "Getting the besu binary tar" + get_url: + url: https://hyperledger.jfrog.io/artifactory/besu-binaries/besu/{{ network.version }}/besu-{{ network.version }}.zip + dest: "{{ tmp_directory.path }}" + when: besu_stat_result.stat.exists == False + +# This task unzips the above downloaded tar file +- name: "Unziping the downloaded file" + unarchive: + src: "{{ tmp_directory.path }}/besu-{{ network.version }}.zip" + dest: "{{ tmp_directory.path }}" + when: besu_stat_result.stat.exists == False + +# This task extracts the besu binary and place it at appropriate path +- name: "Moving the besu from the extracted folder and place in it path" + copy: + src: "{{ tmp_directory.path }}/besu-{{ network.version }}/bin/besu" + dest: "{{ bin_install_dir }}/besu/besu-{{ network.version }}" + mode: 0755 + when: besu_stat_result.stat.exists == False + +# This task extracts the supporting besu.bat and place it at appropriate path +- name: "Moving the besu dependencies from the extracted folder and place in it path" + copy: + src: "{{ tmp_directory.path }}/besu-{{ network.version }}/lib" + dest: "{{ bin_install_dir }}/besu" + mode: 0755 + when: besu_stat_result.stat.exists == False + # This task generates the extraData field for and adds to the genenis - name: Generate extraData include_tasks: generate_extraData.yaml diff --git a/platforms/hyperledger-besu/configuration/roles/create/validator_node/tasks/main.yaml b/platforms/hyperledger-besu/configuration/roles/create/validator_node/tasks/main.yaml index 1044c13f87b..fd23141c2c8 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/validator_node/tasks/main.yaml +++ b/platforms/hyperledger-besu/configuration/roles/create/validator_node/tasks/main.yaml @@ -27,17 +27,17 @@ name: create/crypto/node vars: build_path: "{{ playbook_dir }}/build" - organisation: "{{ organizationItem.name | lower }}" - organisation_ns: "{{ organizationItem.name | lower }}-bes" - kubernetes: "{{ organizationItem.k8s }}" - vault: "{{ organizationItem.vault }}" - charts_dir: "{{ organizationItem.gitops.chart_source }}" - gitops: "{{ organizationItem.gitops }}" - values_dir: "{{ playbook_dir }}/../../../{{organizationItem.gitops.release_dir}}/{{ organizationItem.name | lower }}" + organisation: "{{ org.name | lower }}" + organisation_ns: "{{ org.name | lower }}-bes" + kubernetes: "{{ org.k8s }}" + vault: "{{ org.vault }}" + charts_dir: "{{ org.gitops.chart_source }}" + gitops: "{{ org.gitops }}" + values_dir: "{{ playbook_dir }}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}" loop: "{{ network['organizations'] }}" loop_control: - loop_var: organizationItem - when: organizationItem.type == 'validator' + loop_var: org + when: org.type == 'validator' # This task fetch (org,node) pairs for the newest validators in the network - name: Fetching data of validator nodes in the network from network.yaml diff --git a/platforms/hyperledger-besu/configuration/samples/network-besu-v22.yaml b/platforms/hyperledger-besu/configuration/samples/network-besu-v22.yaml deleted file mode 100644 index f7823096131..00000000000 --- a/platforms/hyperledger-besu/configuration/samples/network-besu-v22.yaml +++ /dev/null @@ -1,409 +0,0 @@ -############################################################################################## -# Copyright Accenture. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -############################################################################################## - ---- -# yaml-language-server: $schema=../../../../platforms/network-schema.json -# This is a sample configuration file for Hyperledger Besu network which has 4 nodes. -# All text values are case-sensitive -network: - # Network level configuration specifies the attributes required for each organization - # to join an existing network. - type: besu - version: 22.10.2 #this is the version of Besu docker image that will be deployed. - - #Environment section for Kubernetes setup - env: - type: "env-type" # tag for the environment. Important to run multiple flux on single cluster - proxy: ambassador # value can be 'ambassador' or 'none' as 'haproxy' has not been implemented for Besu - # These ports are enabled per cluster, so if you have multiple clusters you do not need so many ports - # This sample uses a single cluster, so we have to open 3 ports for each Node. These ports are again specified for each organization below - ambassadorPorts: # Any additional Ambassador ports can be given here, this is valid only if proxy='ambassador' - portRange: # For a range of ports - from: 15010 - to: 15052 - # ports: 15020,15021 # For specific ports - loadBalancerSourceRanges: # (Optional) Default value is '0.0.0.0/0', this value can be changed to any other IP adres or list (comma-separated without spaces) of IP adresses, this is valid only if proxy='ambassador' - retry_count: 20 # Retry count for the checks on Kubernetes cluster - external_dns: enabled # Should be enabled if using external-dns for automatic route configuration - - # Docker registry details where images are stored. This will be used to create k8s secrets - # Please ensure all required images are built and stored in this registry. - # Do not check-in docker_password. - docker: - url: "ghcr.io/hyperledger" - username: "docker_username" - password: "docker_password" - - # Following are the configurations for the common Besu network - config: - consensus: "ibft" # Options are "ibft", "qbft", "ethash" and "clique". - ## Certificate subject for the root CA of the network. - # This is for development usage only where we create self-signed certificates and the truststores are generated automatically. - # Production systems should generate proper certificates and configure truststores accordingly. - subject: "CN=DLT Root CA,OU=DLT,O=DLT,L=London,C=GB" - transaction_manager: "tessera" # Transaction manager can be "tessera" or "orion"; 21.x.x features are same for both - # This is the version of transaction_manager docker image that will be deployed - tm_version: "21.7.3" - # TLS can be True or False for the transaction manager - tm_tls: True - # Tls trust value - tm_trust: "tofu" # Options are: "ca-or-tofu", "ca", "tofu" - ## File location for saving the genesis file should be provided. - genesis: "/home/user/bevel/build/besu_genesis" # Location where genesis file will be saved - # Add public key of accounts without 0x which will have 90000 ETH at genesis. Accounts created on external system like Metamask - accounts: - - "75a3505cd50Cfc418e59458d0E23c8bd9f6B52a0" - - "e668554c28e81535B8679ff9de128203Fdedc212" - ## At least one Transaction Manager nodes public addresses should be provided. - # - "https://node.test.besu.blockchaincloudpoc-develop.com:15022" for orion - # - "https://node.test.besu.blockchaincloudpoc-develop.com" for tessera - # The above domain name is formed by the (http or https)://(peer.name).(org.external_url_suffix):(ambassador tm_nodeport) - tm_nodes: - - "https://carrier.test.besu.blockchaincloudpoc-develop.com" - - # Allows specification of one or many organizations that will be connecting to a network. - organizations: - # Specification for the 1st organization. Each organization should map to a VPC and a separate k8s cluster for production deployments - - organization: - name: supplychain - type: validator - # Provide the url suffix that will be added in DNS recordset. Must be different for different clusters - external_url_suffix: test.besu.blockchaincloudpoc.com - #Providing issuer as letsencrypt would create tls certificate using letsencrypt CA, - #This is Optional, if no value or default is provided, self signed certificates will be created - issuer: default - - cloud_provider: aws # Options: aws, azure, gcp - aws: - access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws - secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws - region: "aws_region" # AWS Region where cluster and EIPs are created - # Kubernetes cluster deployment variables. The config file path and name has to be provided in case - # the cluster has already been created. - k8s: - context: "cluster_context" - config_file: "cluster_config" - # Hashicorp Vault server address and root-token. Vault should be unsealed. - # Do not check-in root_token - vault: - url: "vault_addr" - root_token: "vault_root_token" - secret_path: "secretsv2" - # Git Repo details which will be used by GitOps/Flux. - # Do not check-in git_access_token - gitops: - git_protocol: "https" # Option for git over https or ssh - git_url: "https://github.com//bevel.git" # Gitops https or ssh url for flux value files - branch: "develop" # Git branch where release is being made - release_dir: "platforms/hyperledger-besu/releases/dev" # Relative Path in the Git repo for flux sync per environment. - chart_source: "platforms/hyperledger-besu/charts" # Relative Path where the Helm charts are stored in Git repo - git_repo: "github.com//bevel.git" # Gitops git repository URL for git push - username: "git_username" # Git Service user who has rights to check-in in all branches - password: "git_access_token" # Git Server user password/token (Optional for ssh; Required for https) - email: "git@email.com" # Email to use in git config - private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) - # As this is the validator org, it is hosting a few validators as services - services: - validators: - - validator: - name: validator1 - bootnode: true # true if the validator node is used also a bootnode for the network - cactus_connector: enabled # set to enabled to create a cactus connector for Besu - p2p: - port: 30303 - ambassador: 15010 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15011 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - - validator: - name: validator2 - bootnode: true # true if the validator node is used also a bootnode for the network - cactus_connector: disabled # set to enabled to create a cactus connector for Besu - p2p: - port: 30303 - ambassador: 15012 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15013 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - - validator: - name: validator3 - bootnode: false # true if the validator node is used also a bootnode for the network - p2p: - port: 30303 - ambassador: 15014 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15015 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - - validator: - name: validator4 - bootnode: false # true if the validator node is used also a bootnode for the network - p2p: - port: 30303 - ambassador: 15016 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15017 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - - - organization: - name: carrier - type: member - # Provide the url suffix that will be added in DNS recordset. Must be different for different clusters - external_url_suffix: test.besu.blockchaincloudpoc.com - #Providing issuer as letsencrypt would create tls certificate using letsencrypt CA, - #This is Optional, if no value or default is provided, self signed certificates will be created - issuer: default - - cloud_provider: aws # Options: aws, azure, gcp - aws: - access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws - secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws - region: "aws_region" # AWS Region where cluster and EIPs are created - # Kubernetes cluster deployment variables. The config file path and name has to be provided in case - # the cluster has already been created. - k8s: - context: "cluster_context" - config_file: "cluster_config" - # Hashicorp Vault server address and root-token. Vault should be unsealed. - # Do not check-in root_token - vault: - url: "vault_addr" - root_token: "vault_root_token" - secret_path: "secretsv2" - # Git Repo details which will be used by GitOps/Flux. - # Do not check-in git_access_token - gitops: - git_protocol: "https" # Option for git over https or ssh - git_url: "https://github.com//bevel.git" # Gitops https or ssh url for flux value files - branch: "develop" # Git branch where release is being made - release_dir: "platforms/hyperledger-besu/releases/dev" # Relative Path in the Git repo for flux sync per environment. - chart_source: "platforms/hyperledger-besu/charts" # Relative Path where the Helm charts are stored in Git repo - git_repo: "github.com//bevel.git" # Gitops git repository URL for git push - username: "git_username" # Git Service user who has rights to check-in in all branches - password: "git_access_token" # Git Server user password/token (Optional for ssh; Required for https) - email: "git@email.com" # Email to use in git config - private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) - # The participating nodes are named as peers - services: - peers: - - peer: - name: carrier - subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB" # This is the node subject. L=lat/long is mandatory for supplychain sample app - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: true # Sets Besu node to lock or unlock mode. Can be true or false - cactus_connector: disabled # set to enabled to create a cactus connector for Besu - p2p: - port: 30303 - ambassador: 15020 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15021 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - db: - port: 3306 # Only applicable for tessra where mysql db is used - tm_nodeport: - port: 443 # use port: 15022 when transaction_manager = "orion" - ambassador: 443 # use ambassador: 15022 when transaction_manager = "orion" - tm_clientport: - port: 8888 - - # Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster - - organization: - name: manufacturer - type: member - # Provide the url suffix that will be added in DNS recordset. Must be different for different clusters - external_url_suffix: test.besu.blockchaincloudpoc.com - #Providing issuer as letsencrypt would create tls certificate using letsencrypt CA, - #This is Optional, if no value or default is provided, self signed certificates will be created - issuer: default - - cloud_provider: aws # Options: aws, azure, gcp - aws: - access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws - secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws - region: "aws_region" # AWS Region where cluster and EIPs are created - # Kubernetes cluster deployment variables. The config file path and name has to be provided in case - # the cluster has already been created. - k8s: - context: "cluster_context" - config_file: "cluster_config" - # Hashicorp Vault server address and root-token. Vault should be unsealed. - # Do not check-in root_token - vault: - url: "vault_addr" - root_token: "vault_root_token" - secret_path: "secretsv2" - # Git Repo details which will be used by GitOps/Flux. - # Do not check-in git_access_token - gitops: - git_protocol: "https" # Option for git over https or ssh - git_url: "https://github.com//bevel.git" # Gitops https or ssh url for flux value files - branch: "develop" # Git branch where release is being made - release_dir: "platforms/hyperledger-besu/releases/dev" # Relative Path in the Git repo for flux sync per environment. - chart_source: "platforms/hyperledger-besu/charts" # Relative Path where the Helm charts are stored in Git repo - git_repo: "github.com//bevel.git" # Gitops git repository URL for git push - username: "git_username" # Git Service user who has rights to check-in in all branches - password: "git_access_token" # Git Server user password/token (Optional for ssh; Required for https) - email: "git@email.com" # Email to use in git config - private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) - - # The participating nodes are named as peers - services: - peers: - - peer: - name: manufacturer - subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH" # This is the node identity. L=lat/long is mandatory for supplychain sample app - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: true # Sets Besu node to lock or unlock mode. Can be true or false - cactus_connector: disabled # set to enabled to create a cactus connector for Besu - p2p: - port: 30303 - ambassador: 15030 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15031 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - db: - port: 3306 # Only applicable for tessra where mysql db is used - tm_nodeport: - port: 443 # use port: 15032 when transaction_manager = "orion" - ambassador: 443 # use ambassador: 15032 when transaction_manager = "orion" - tm_clientport: - port: 8888 - - - organization: - name: store - type: member - # Provide the url suffix that will be added in DNS recordset. Must be different for different clusters - external_url_suffix: test.besu.blockchaincloudpoc.com - #Providing issuer as letsencrypt would create tls certificate using letsencrypt CA, - #This is Optional, if no value or default is provided, self signed certificates will be created - issuer: default - - cloud_provider: aws # Options: aws, azure, gcp - aws: - access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws - secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws - region: "aws_region" # AWS Region where cluster and EIPs are created - # Kubernetes cluster deployment variables. The config file path and name has to be provided in case - # the cluster has already been created. - k8s: - context: "cluster_context" - config_file: "cluster_config" - # Hashicorp Vault server address and root-token. Vault should be unsealed. - # Do not check-in root_token - vault: - url: "vault_addr" - root_token: "vault_root_token" - secret_path: "secretsv2" - # Git Repo details which will be used by GitOps/Flux. - # Do not check-in git_access_token - gitops: - git_protocol: "https" # Option for git over https or ssh - git_url: "https://github.com//bevel.git" # Gitops https or ssh url for flux value files - branch: "develop" # Git branch where release is being made - release_dir: "platforms/hyperledger-besu/releases/dev" # Relative Path in the Git repo for flux sync per environment. - chart_source: "platforms/hyperledger-besu/charts" # Relative Path where the Helm charts are stored in Git repo - git_repo: "github.com//bevel.git" # Gitops git repository URL for git push - username: "git_username" # Git Service user who has rights to check-in in all branches - password: "git_access_token" # Git Server user password/token (Optional for ssh; Required for https) - email: "git@email.com" # Email to use in git config - private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) - - services: - peers: - - peer: - name: store - subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US" # This is the node identity. L=lat/long is mandatory for supplychain sample app - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: true # Sets Besu node to lock or unlock mode. Can be true or false - cactus_connector: disabled # set to enabled to create a cactus connector for Besu - p2p: - port: 30303 - ambassador: 15040 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15041 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - db: - port: 3306 # Only applicable for tessra where mysql db is used - tm_nodeport: - port: 443 # use port: 15042 when transaction_manager = "orion" - ambassador: 443 # use ambassador: 15042 when transaction_manager = "orion" - tm_clientport: - port: 8888 - - - organization: - name: warehouse - type: member - # Provide the url suffix that will be added in DNS recordset. Must be different for different clusters - external_url_suffix: test.besu.blockchaincloudpoc.com - #Providing issuer as letsencrypt would create tls certificate using letsencrypt CA, - #This is Optional, if no value or default is provided, self signed certificates will be created - issuer: default - - cloud_provider: aws # Options: aws, azure, gcp - aws: - access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws - secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws - region: "aws_region" # AWS Region where cluster and EIPs are created - # Kubernetes cluster deployment variables. The config file path and name has to be provided in case - # the cluster has already been created. - k8s: - context: "cluster_context" - config_file: "cluster_config" - # Hashicorp Vault server address and root-token. Vault should be unsealed. - # Do not check-in root_token - vault: - url: "vault_addr" - root_token: "vault_root_token" - secret_path: "secretsv2" - # Git Repo details which will be used by GitOps/Flux. - # Do not check-in git_access_token - gitops: - git_protocol: "https" # Option for git over https or ssh - git_url: "https://github.com//bevel.git" # Gitops https or ssh url for flux value files - branch: "develop" # Git branch where release is being made - release_dir: "platforms/hyperledger-besu/releases/dev" # Relative Path in the Git repo for flux sync per environment. - chart_source: "platforms/hyperledger-besu/charts" # Relative Path where the Helm charts are stored in Git repo - git_repo: "github.com//bevel.git" # Gitops git repository URL for git push - username: "git_username" # Git Service user who has rights to check-in in all branches - password: "git_access_token" # Git Server user password/token (Optional for ssh; Required for https) - email: "git@email.com" # Email to use in git config - private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo (Optional for https; Required for ssh) - - services: - peers: - - peer: - name: warehouse - subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US" # This is the node identity. L=lat/long is mandatory for supplychain sample app - geth_passphrase: "12345" # Passphrase to be used to generate geth account - lock: true # Sets Besu node to lock or unlock mode. Can be true or false - p2p: - port: 30303 - ambassador: 15050 #Port exposed on ambassador service (use one port per org if using single cluster) - rpc: - port: 8545 - ambassador: 15051 #Port exposed on ambassador service (use one port per org if using single cluster) - ws: - port: 8546 - db: - port: 3306 # Only applicable for tessra where mysql db is used - tm_nodeport: - port: 443 # use port: 15052 when transaction_manager = "orion" - ambassador: 443 # use ambassador: 15052 when transaction_manager = "orion" - tm_clientport: - port: 8888 diff --git a/platforms/hyperledger-besu/configuration/samples/network-besu.yaml b/platforms/hyperledger-besu/configuration/samples/network-besu.yaml index 84bb8a412a6..fbc3e6811e5 100644 --- a/platforms/hyperledger-besu/configuration/samples/network-besu.yaml +++ b/platforms/hyperledger-besu/configuration/samples/network-besu.yaml @@ -12,7 +12,7 @@ network: # Network level configuration specifies the attributes required for each organization # to join an existing network. type: besu - version: 21.10.6 #this is the version of Besu docker image that will be deployed. + version: 22.10.2 # Supported Besu versions are 21.1.1, 21.10.6, 22.10.2 # onchain permissioning - ref https://besu.hyperledger.org/en/stable/private-networks/tutorials/permissioning/onchain permissioning: enabled: false @@ -37,8 +37,8 @@ network: component: besu pvc: {} deployment: - owner: bevel - component: besu + owner: bevel + component: besu # Docker registry details where images are stored. This will be used to create k8s secrets # Please ensure all required images are built and stored in this registry. @@ -137,6 +137,7 @@ network: - validator: name: validator2 bootnode: true # true if the validator node is used also a bootnode for the network + cactus_connector: disabled # set to enabled to create a cactus connector for Besu p2p: port: 30303 ambassador: 15012 #Port exposed on ambassador service (use one port per org if using single cluster) @@ -282,6 +283,7 @@ network: subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH" # This is the node identity. L=lat/long is mandatory for supplychain sample app geth_passphrase: "12345" # Passphrase to be used to generate geth account lock: true # Sets Besu node to lock or unlock mode. Can be true or false + cactus_connector: disabled # set to enabled to create a cactus connector for Besu p2p: port: 30303 ambassador: 15030 #Port exposed on ambassador service (use one port per org if using single cluster) @@ -344,6 +346,7 @@ network: subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US" # This is the node identity. L=lat/long is mandatory for supplychain sample app geth_passphrase: "12345" # Passphrase to be used to generate geth account lock: true # Sets Besu node to lock or unlock mode. Can be true or false + cactus_connector: disabled # set to enabled to create a cactus connector for Besu p2p: port: 30303 ambassador: 15040 #Port exposed on ambassador service (use one port per org if using single cluster) diff --git a/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml b/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml index fbdbcf5faa8..987c979593e 100644 --- a/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml +++ b/platforms/shared/configuration/roles/setup/ambassador/tasks/main.yaml @@ -269,7 +269,6 @@ - (network.type == 'indy' and allocation_ips.stdout is defined) or network.type != 'indy' - network.env.external_dns is defined - network.env.external_dns == 'enabled' - - not ambassador_installed or not ports_found tags: - ambassador - molecule-idempotence-notest diff --git a/platforms/shared/configuration/roles/setup/vault_kubernetes/tasks/main.yaml b/platforms/shared/configuration/roles/setup/vault_kubernetes/tasks/main.yaml index 2a2e7332d63..34a0d9d4ef4 100644 --- a/platforms/shared/configuration/roles/setup/vault_kubernetes/tasks/main.yaml +++ b/platforms/shared/configuration/roles/setup/vault_kubernetes/tasks/main.yaml @@ -119,6 +119,8 @@ create_serviceAccount: "{{ check_serviceAccount }}" create_clusterRoleBinding: "{{ check_clusterRoleBinding }}" values_dir: "{{playbook_dir}}/../../../{{gitops.release_dir}}/{{ name }}" + when: + - check_serviceAccount or check_clusterRoleBinding #Git Push : Pushes the above generated files to git directory - name: Git Push