[r3-corda-ent] enable platform deployment via ansible-server

platforms/network-schema.json

@@ -970,54 +970,16 @@
       "type": "object",
       "properties": {
         "keystore": {
-          "type": "object",
-          "properties": {
-            "keystore": {
-              "type": "string"
-            },
-            "idman": {
-              "type": "string"
-            },
-            "networkmap": {
-              "type": "string"
-            },
-            "subordinateca": {
-              "type": "string"
-            },
-            "rootca": {
-              "type": "string"
-            },
-            "tlscrlsigner": {
-              "type": "string"
-            }
-          },
+          "type": "string",
           "required": [
-            "keystore",
-            "idman",
-            "networkmap",
-            "subordinateca",
-            "rootca",
-            "tlscrlsigner"
+            "keystore"
           ],
           "additionalProperties": false
         },
         "truststore": {
-          "type": "object",
-          "properties": {
-            "truststore": {
-              "type": "string"
-            },
-            "rootca": {
-              "type": "string"
-            },
-            "ssl": {
-              "type": "string"
-            }
-          },
+          "type": "string",
           "required": [
-            "truststore",
-            "rootca",
-            "ssl"
+            "truststore"
           ],
           "additionalProperties": false
         },
@@ -1052,8 +1014,7 @@
       },
       "required": [
         "keystore",
-        "truststore",
-        "ssl"
+        "truststore"
       ],
       "additionalProperties": false
     },

platforms/r3-corda-ent/charts/README.md

@@ -99,11 +99,10 @@ helm install notary ./enterprise-node --namespace supplychain-ent --values ./val
 
 # Install cenm services : Networkmap service
 helm install networkmap ./cenm-networkmap --namespace supplychain-ent --values ./values/proxy-and-vault/cenm.yaml
-
 ```
 
-### To setup another node in a different namespace
 
+### To setup another node in a different namespace
 ```bash
 kubectl create namespace manufacturer-ent # if the namespace does not exist already
 # Create the roottoken secret

platforms/r3-corda-ent/charts/cenm-networkmap/templates/service.yaml

@@ -47,7 +47,7 @@ kind: Host
 metadata:
   name: {{ .Release.Name }}-nms
 spec:
-  hostname: cenm-nms.{{ .Values.global.proxy.externalUrlSuffix }}
+  hostname: {{ .Values.cenm.prefix }}-nms.{{ .Values.global.proxy.externalUrlSuffix }}
   acmeProvider:
     authority: none
   requestPolicy:
@@ -64,7 +64,7 @@ metadata:
   name: {{ .Release.Name }}-mapping
   namespace: {{ .Release.Namespace }}
 spec:
-  host: cenm-nms.{{ .Values.global.proxy.externalUrlSuffix }}
+  host: {{ .Values.cenm.prefix }}-nms.{{ .Values.global.proxy.externalUrlSuffix }}
   prefix: /
   service: {{ include "networkmap.name" . }}.{{ .Release.Namespace }}:{{ .Values.global.cenm.networkmap.port }}
 {{- end }}

platforms/r3-corda-ent/configuration/deploy-network.yaml

@@ -20,98 +20,103 @@
       path: "./build"
       state: absent
 
-  # create namespace, service account and clusterrolebinding
-  - name: "Create namespace, service accounts and clusterrolebinding"
-    include_role: 
-      name: create/namespace_serviceaccount
+  # Create namespaces for organizations
+  - name: "Create namespace"
+    include_role:
+      name: create/namespace
+    vars:
+      component_name: "{{ org.name | lower }}-ent"
+      component_type_name: "{{ org.type | lower }}"
+      kubernetes: "{{ org.k8s }}"
+      release_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org.name | lower }}"
+    loop: "{{ network['organizations'] }}"
+    loop_control:
+      loop_var: org
+
+  # Create necessary Kubernetes secrets for each organization
+  - name: "Create k8s secrets"
+    include_role:
+      name: create/secrets
     vars:
       component_ns: "{{ org.name | lower }}-ent"
-      organisation: "{{ org.name | lower }}"
       kubernetes: "{{ org.k8s }}"
-      gitops: "{{ org.gitops }}"
+      vault: "{{ org.vault }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
       loop_var: org
 
-  # Create Storageclass that will be used for this deployment
-  - name: Create Storage Class
+  # # Setup Init
+  - name: "Setup Init"
     include_role:
-      name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+      name: setup/init
     vars:
       org_name: "{{ org.name | lower }}"
-      sc_name: "{{ org_name }}-bevel-storageclass"
-      region: "{{ org.k8s.region | default('eu-west-1') }}"
+      component_name: "{{ org_name }}-init"
+      component_ns: "{{ org_name }}-ent"
+      kubernetes: "{{ org.k8s }}"
+      vault: "{{ org.vault }}"
+      values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
+      charts_dir: "{{ org.gitops.chart_source }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
       loop_var: org
 
-  # Setup CENM services for the network
+  # Setup CENM
   - name: "Setup cenm"   
     include_role: 
       name: "setup/cenm"
     vars:
-      services: "{{ org.services }}"
-      organisation: "{{ org.name | lower }}"
-      name: "{{ org.name | lower }}"
-      sc_name: "{{ name }}-bevel-storageclass"
-      component_ns: "{{ org.name | lower }}-ent"
+      org: "{{ network['organizations'] | first }}"
+      org_name: "{{ org.name | lower }}"
+      org_services: "{{ org.services }}"
+      component_name: "{{ org_name }}-cenm"
+      component_ns: "{{ org_name }}-ent"
       kubernetes: "{{ org.k8s }}"
       vault: "{{ org.vault }}"
-      gitops: "{{ org.gitops }}"
-      policy_type: "r3-corda-ent"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: org
-    when: org.type == 'cenm'
-
-  # Wait for cenm services to respond  
-  - name: Check that CENM uri are reachable
-    uri:
-      url: "{{ item.uri }}/status"
-      validate_certs: no
-    register: this
-    until: this.status == 200
-    loop: "{{ network['network_services'] }}"
-    retries: "{{ network.env.retry_count}}"
-    delay: 50
+      external_url_suffix: "{{ org.external_url_suffix }}"
+      charts_dir: "{{ org.gitops.chart_source }}"
+      values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}/build"
 
-  # Setup Corda Node services for the network
-  - name: Setup Corda Node services
+  # Deploy notaries
+  - name: Deploy notary service
     include_role:
-      name: setup/node
+      name: setup/notary
     vars:
-      services: "{{ org.services }}"
-      organisation: "{{ org.name | lower }}"
-      name: "{{ org.name | lower }}"
-      sc_name: "{{ name }}-bevel-storageclass"
-      component_ns: "{{ org.name | lower }}-ent"
+      org_name: "{{ org.name | lower }}"
+      component_name: "{{ org_name }}-notary"
+      component_ns: "{{ org_name }}-ent"
+      cloud_provider: "{{ org.cloud_provider }}"
+      external_url_suffix: "{{ org.external_url_suffix }}"
+      node: "{{ org.services.notaries }}"
       kubernetes: "{{ org.k8s }}"
       vault: "{{ org.vault }}"
       gitops: "{{ org.gitops }}"
-      policy_type: "r3-corda-ent"
+      charts_dir: "{{ org.gitops.chart_source }}"
+      values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
       loop_var: org
-    when: org.type == 'node'
+    when: 
+      - org.services.notaries is defined
 
-  # Setup Additional Notary services for the network
-  - name: Setup Additional Notary services
-    include_role:
-      name: setup/notary
+  # Setup NETWORK_MAP
+  - name: "Setup network_map"   
+    include_role: 
+      name: "setup/network_map"
     vars:
-      services: "{{ org.services }}"
-      organisation: "{{ org.name | lower }}"
-      name: "{{ org.name | lower }}"
-      sc_name: "{{ name }}-bevel-storageclass"
-      component_ns: "{{ org.name | lower }}-ent"
+      org: "{{ network['organizations'] | first }}"
+      org_name: "{{ org.name | lower }}"
+      cloud_provider: "{{ org.cloud_provider | lower }}"
+      org_services: "{{ org.services }}"
+      component_name: "{{ org_name }}-nm"
+      component_ns: "{{ org_name }}-ent"
       kubernetes: "{{ org.k8s }}"
       vault: "{{ org.vault }}"
       gitops: "{{ org.gitops }}"
-      policy_type: "r3-corda-ent"
-    loop: "{{ network['organizations'] }}"
-    loop_control:
-      loop_var: org
-    when: org.type == 'notary'
+      external_url_suffix: "{{ org.external_url_suffix }}"
+      charts_dir: "{{ org.gitops.chart_source }}"
+      values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.release_dir }}/{{ org_name }}"
+
 
   # These variables can be overriden from the command line
   vars:

platforms/r3-corda-ent/configuration/roles/create/k8_component/tasks/main.yaml

@@ -13,29 +13,18 @@
 ################################################################################################
 
 ---
-# Create and/or check if the target directory exists
-- name: Ensures {{ release_dir }}/{{ component_name }} dir exists
-  file:
-    path: "{{ release_dir }}/{{ component_name }}"
-    state: directory
+# Ensure that the directory exists for each entity, if not, it creates them
+- name: Ensure {{ component_type_name }} dir exists
+  include_role: 
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory"
+  vars:
+    path: "{{ release_dir }}/{{ component_type_name }}"
 
-# Create deployment file from a template
-- name: Create {{ component_type }} file for {{ component_name }}
+# Create the value file for the k8 components
+- name: "Create {{ component_type }} file for {{ component_type_name }}"
   template:
-    src: "{{ dlt_templates[component_type] }}"
+    src: "{{ k8_templates[type] | default('default.tpl') }}"
     dest: "{{ values_file }}"
   vars:
-    values_file: "{{ release_dir }}/{{ component_name }}/{{ component_type }}.yaml"
-
-################################################################################################
-# Test the value file for syntax errors/ missing values
-# This is done by calling the helm_lint role and passing the value file parameter
-# When a new k8_component is added, changes should be made in helm_lint role as well
-- name: Helm lint
-  include_role: 
-    name: "{{ playbook_dir }}/../../shared/configuration/roles/helm_lint"
-  vars:
-    helmtemplate_type: "{{ component_type }}"
-    chart_path: "{{ charts_dir }}"
-    value_file: "{{ release_dir }}/{{ component_name }}/{{ helmtemplate_type }}.yaml"
-  when: helm_lint=="true"
+    values_file: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
+    type: "{{ component_type }}"

platforms/r3-corda-ent/configuration/roles/create/k8_component/vars/main.yaml

@@ -4,7 +4,7 @@
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
-dlt_templates:
+k8_templates:
   namespace: namespace.tpl
   reviewer_rbac: reviewer_rbac.tpl
   vault-reviewer: reviewer.tpl

platforms/r3-corda-ent/configuration/roles/create/namespace/tasks/main.yaml

@@ -0,0 +1,39 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates value files for namespaces of organizations
+#############################################################################################
+
+# Check if namespace created
+- name: Check namespace is created
+  include_role:
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
+  vars:
+    component_type: "Namespace"
+    type: "no_retry"
+
+# Assign the result of check namespace task to a local variable
+- name: "Set Variable"
+  set_fact:
+    get_namespace: "{{ result }}"
+
+# Create the value file of Namespace for Organizations
+- name: Create namespaces
+  include_role:
+    name: create/k8_component
+  vars:    
+    component_type: "namespace"    
+  when: get_namespace.resources|length == 0
+
+# Git Push : Push the above generated files to git directory 
+- name: Git Push
+  include_role: 
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
+  vars:
+    GIT_DIR: "{{ playbook_dir }}/../../../"
+    gitops: "{{ org.gitops }}"
+    msg: "[ci skip] Pushing deployment files for namespace"

platforms/r3-corda-ent/configuration/roles/create/secrets/tasks/main.yaml

@@ -0,0 +1,32 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Wait for namespace to be created by flux
+- name: "Wait for the namespace {{ component_ns }} to be created"
+  include_role:
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
+  vars:
+    component_type: "Namespace"
+    component_name: "{{ component_ns }}"
+    type: "retry"
+
+# Create the vault roottoken secret
+- name: "Create vault token secret"
+  include_role:
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+  vars: 
+    namespace: "{{ component_ns }}"    
+    check: "token_secret"
+
+# Create the docker pull credentials for image registry
+- name: "Create docker credentials secret"
+  include_role:
+    name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+  vars: 
+    namespace: "{{ component_ns }}"    
+    check: "docker_credentials"
+  when: 
+  - network.docker.username is defined