You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Prerequisites:

  • Vault is deployed and vault credentials are stored as secret in AWS secrets manager

The openIDL applications use vault integration as wallet implemention to access identites who transact on the HLF application channels.

  • AWS apps IAM user credentials are stored as a secret in AWS secrets manager

AWS apps user is used by the openIDL application. For example, to pull the vault access credentials from AWS secrets manager.

  • Cognito user pool and app integration access are configured in AWS Cognito

Cognito is used as User Management component in the openIDL applications. The deployment scripts pull the conginto access from AWS and deploy a cognito secret with the information to the application k8s cluster


AWX openIDL application deployment playbooks

The openIDL application deployment is a multi-step process broken down into different ansible playbooks (roles). 

The steps:

AWX Job Template

Notes

<env_id>-<org_id>-deploy-app-identities

Register and enroll application identities that are used to transact on the HLF channels

<env_id>-<org_id>-deploy-app-ingress

Deploy k8s ingress controller for the openidl applications k8s cluster

<env_id>-<org_id>-deploy-mongodb

openIDL applications technical database (i.e. store the processed HLF channel block number)

<env_id>-<org_id>-deploy-app-dns

Creates and routes the DNS entries for the openIDL applications

<env_id>-<org_id>-deploy-app-config

Templates the application configuration, deploys the configurations as secrets in the application k8s cluster

<env_id>-<org_id>-deploy-app

Deploy the openIDL applications


In case of application configuration changes, the deploy-app-config job should be run in order to regenerate the configuration changes and re-create the k8s secret that contains the new configuration.

The openIDL application containers may need to be manually restarted in case k8s doesn’t reboot them automatically in order for the new configuration to be injected in the runtime of the applications

After a successful deployment, the openIDL applications can be accessed at:

https://openidl.app.{{main_domain}}

Analytics node carrier data extraction

The analytics openIDL application uploads the carrier-extracted data to an AWS s3 bucket on the data call maturity date. Therefore it is essential to create an s3 bucket with the following name:

{{ org_id }}-{{ env_id }}-openidl-hdsdatastore




  • No labels