Versions Compared

Old Version 3

changes.mady.by.user Tsvetan Georgiev

Saved on

compared with

New Version 4

changes.mady.by.user Tsvetan Georgiev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following parameters must be configured (the rest can stay as is):

# Organization ID / HLF MSP ID / Organization name. This is the org setting used to provision the cloud resources

# Example: carr1

org_id: ""


# Environment ID is usually a combination of the org_id and the env used to provision the cloud resources

# Example: carr1-test

env_id: ""


# The AWS account number

aws_account_number: ""


# The AWS region of the deployment

# Example: us-east-2

region:


# The opneIDL application type: analytics or carrier

# Example: carrier

application_node_type: "carrier"


The openIDL ansible playbooks use the fabric operator ansible collection that is imported from the private git repository.

...

Create new inventory in AWX named with the org name. Add host using the azure bastion machine address. Add a group named ansible_provisioners. Add the bastion host to the group.


Credentials

Credential

Description

Type Definition in AWX

 aws-cli

The AWS credential is used to access AWS APIs. The IAM user should have access to the used k8s cluster.

The user is used by the playbooks to perform the deployment and setup actions.


Input Configuration Section:
Code Block
fields:
  - id: aws_access_key
    type: string
    label: aws_access_key
    secret: true
    help_text: AWS IAM user access key for aws
  - id: aws_secret_key
    type: string
    label: aws_secret_key
    secret: true
    help_text: AWS IAM user secret key for aws
  - id: aws_external_id
    type: string
    label: aws_external_id
  - id: aws_assume_role_arn
    type: string
    label: AWS IAM user role to assume
required:
  - aws.access_key
  - aws.secret_key
  - aws.external_id
  - aws.assume_role_arn


Injector Configuration Section:


Code Block
extra_vars:
  aws_access_key: '{{ aws_access_key }}'
  aws_secret_key: '{{ aws_secret_key }}'
  aws_external_id: '{{ aws_external_id }}'
  aws_assume_role_arn: '{{ aws_assume_role_arn }}'

git-config

Git credentials for access to the private git repository where the configuration file is available.

The ansible playbooks will use the credential to pull configuration from the private repository

Input Configuration Section:


Code Block
fields:
  - id: sshkey
    type: string
    label: Base64 encoded deploy private key string
    secret: true
  - id: repourl
    type: string
    label: GIT repo URL
  - id: repobranch
    type: string
    label: Git repo branch


Injector Configuration Section:

Code Block
extra_vars:
  ssh_key: '{{ sshkey }}'
  git_configs_repo_url: '{{ repourl }}'
  git_configs_repo_branch: '{{ repobranch }}'

bastion

Bastion Machine SSH credential.

The machine is used as a remote agent for the ansible playbooks. It is the entry point (gateway) to access the AWS K8S cluster in order to setup and deploy the carrier HDS connector service container.


Machine - an existing standard credential in AWX

hds-access

Access information for application HDS DB.

This credential is injected by the playbooks to configure the openIDL applications for access to the local carrier HDS database. The connection to the HDS DB will be established by the carrier HDS connector service at runtime

Input Configuration Section:

Code Block
fields:
  - id: hds_host
    type: string
    label: HDS host
    help_text: HDS host address
  - id: hds_port
    type: string
    label: hds_port
    help_text: HDS port
  - id: hds_username
    type: string
    label: hds_username
    secret: true
  - id: hds_password
    type: string
    label: hds_password
    secret: true
  - id: hds_dbname
    type: string
    label: hds_dbname
required:
  - hds_host
  - hds_port
  - hds_username
  - hds_password
  - hds_dbname


Injector Configuration Section:

Code Block
extra_vars:
  hds_host: '{{ hds_host }}'
  hds_port: '{{ hds_port }}'
  hds_dbname: '{{ hds_dbname }}'
  hds_password: '{{ hds_password }}'
  hds_username: '{{ hds_username }}'

vault-access

The Hashicorp vault is used to store securely the certs and private keys of the users that can access the HLF network by connecting to the HLF peer of the carrier.

Those users are used by the carrier HDS connector service to connect and transact securely on the openIDL network by connecting to the carrier peer.

The vault access credential contains the access information and credentials that is used to connect to the Hashicorp vault to fetch the HLF user credentials.

The vendor of the carrier Node As a Service will provide the credential to the carrier. The credential is a base64 encoded json file.

Input Configuration Section:

Code Block
fields:
  - id: vault_config_encoded
    type: string
    label: vault_config_encoded
    help_text: Vault endpoint and access credentials


Injector Configuration Section:

Code Block
extra_vars:
  vault_config_encoded: '{{ vault_config_encoded }}'

fabric-console

Fabric Operator Console access default user/password.

Used by the playbooks to inject default user and password for the fabric console deployment. Make sure the generate a strong password as it will secure properly the access to the node HLF managed.

The playbooks also use this credential to connect to the console for the purpose of performing operations on the HLF nodes.

Take note of that credential as the provided user and password will be required to log in to the fabric operator console.


Input Configuration Section:

Code Block
fields:
  - id: console_username
    type: string
    label: console_username
    help_text: Fabric Operator Console Username
  - id: console_password
    type: string
    label: console_password
    secret: true
    help_text: Fabric Operator Console Password
required:
  - console_username
  - console_password


Injector Configuration Section:

Code Block
extra_vars:
  console_password: '{{ console_password }}'
  console_username: '{{ console_username }}'


Ansible Playbooks

Playbook

Template Name

Credentials

Description

ansible/environment-setup.yaml

environment-setup

bastion

git-config

Installs a few open-source libraries required for ansible playbook runs (i.e. AWS CLI, JQ, etc)

ansible/deploy-mongodb-k8s-native.yml

aws-deploy-mongodb

aws-cli

bastion

git-config-azure

Installs MongoDB on the k8s cluster. The mongo DB access is stored as k8s secret that is later shared with the HDS connector service container.

ansible/deploy-openidl-app-config-k8s-native.yaml

aws-deploy-carrier-config

aws-cli

bastion

fabric-console

hds-access

vault-access

git-config


Creates a k8s secret with all configurations needed by the HDS connector service. The created secret content is later injected in the HDS connector service container

ansible/deploy-openidl-app-carrier-k8s-native.yaml

aws-carrier-app-deploy

aws-cli

bastion

git-config

Deploys the HDS container service container using the openIDL helm chart

Deployment on Azure K8s cluster