bug(quorum): refactor quorum ansible codebase

This PR will allow us to deploy Quorum DLT platform via Ansible. Changes made: - Enabled multi-organization deployment. - To support a multi-organization network, the codebase is designed in such a way that the first organization is responsible for creating the static node JSON file, and each subsequent organization copies the file from the immediately preceding organization. This ensures that the most recently deployed organization will have the addresses of all the nodes from the previously deployed organizations. - Added validation code to stop deployment if a user does not define a minimum of 4 validators. The first four validators must be named in the following order: validator-0, validator-1, validator-2, validator-3. Note: Beyond the initial four, custom names can be defined as needed. - Added the latest image, version 24.4.1, for the quorum nodes. fixes #2614 Signed-off-by: saurabhkumarkardam <[email protected]>
hyperledger · Aug 16, 2024 · c5c64f6 · c5c64f6
1 parent aadc974
commit c5c64f6
Show file tree

Hide file tree

Showing 27 changed files with 311 additions and 233 deletions.
diff --git a/platforms/network-schema.json b/platforms/network-schema.json
@@ -267,7 +267,8 @@
                 "type": "string",
                 "enum": [
                   "21.4.2",
-                  "23.4.0"
+                  "23.4.0",
+                  "24.4.1"
                 ]
               },
               "env": {

diff --git a/platforms/quorum/charts/quorum-genesis/Chart.yaml b/platforms/quorum/charts/quorum-genesis/Chart.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: v2
 name: quorum-genesis
 description: "Quorum: This Helm chart deploys genesis."
 type: application

diff --git a/platforms/quorum/charts/quorum-node/requirements.yaml b/platforms/quorum/charts/quorum-node/requirements.yaml
@@ -10,12 +10,12 @@ dependencies:
     repository: "file://../quorum-tessera-node"
     tags:
       - tessera
-    version: ~1.0.0
+    version: ~1.1.0
     condition: tessera.enabled
   - name: quorum-tls-gen
     alias: tls
     repository: "file://../quorum-tlscert-gen"
     tags:
       - bevel
-    version: ~1.0.0
+    version: ~1.1.0
     condition: tls.enabled
diff --git a/platforms/quorum/charts/quorum-node/values.yaml b/platforms/quorum/charts/quorum-node/values.yaml
@@ -98,7 +98,8 @@ node:
 image:
   quorum:
     repository: quorumengineering/quorum
-    tag: 22.7.1
+    # latest is equivalent to 24.4.1
+    tag: latest    # latest | 22.7.1
   hooks:
     repository: ghcr.io/hyperledger/bevel-k8s-hooks
     tag: qgt-0.2.12

diff --git a/platforms/quorum/configuration/cleanup.yaml b/platforms/quorum/configuration/cleanup.yaml
@@ -27,11 +27,10 @@
         kubernetes: "{{ item.k8s }}"
       loop: "{{ network['organizations'] }}"
 
-    # Delete build directory
-    - name: Remove build directory
-      file:
-        path: "./build"
-        state: absent
+    # Clean up helpers directory
+    - name: "Clean up helpers directory"
+      include_role:
+        name: delete/local_directories
 
   #These variables can be overriden from the command line
   vars:

diff --git a/platforms/quorum/configuration/deploy-network.yaml b/platforms/quorum/configuration/deploy-network.yaml
@@ -4,13 +4,15 @@
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
+##############################################################################################
 # This playbook deploys a DLT network on existing Kubernetes clusters
 # The Kubernetes clusters should already be created and the infomation to connect to the
 #  clusters be updated in the network.yaml file that is used as an input to this playbook
 ###########################################################################################
 # To Run this playbook from this directory, use the following command (network.yaml also in this directory)
 #  ansible-playbook deploy-network.yaml -e "@./network.yaml"
 ############################################################################################
+
 # Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml
 - hosts: ansible_provisioners
   gather_facts: no
@@ -21,7 +23,12 @@
     file:
       path: "./build"
       state: absent
-
+
+  # Validate input network.yaml
+  - name: "Validating network.yaml"
+    include_role:
+      name: check/validation
+
   # create namespace
   - name: "Create namespace"
     include_role:
@@ -46,63 +53,35 @@
       loop_var: org
     when: 
     - org.org_status is not defined or org.org_status == 'new'
-
-  # Execute primary genesis for the first organization
-  - name: "Setup primary genesis with first org as Validators"
-    include_role:
-      name: setup/genesis/primary
-    vars:
-      build_path: "./build"
-      org: "{{ network['organizations'] | first }}"
-      name: "{{ org.name | lower }}"
-      component_ns: "{{ org.name | lower }}-quo"
-      kubernetes: "{{ org.k8s }}"
-      vault: "{{ org.vault }}"
-      gitops: "{{ org.gitops }}"
-      charts_dir: "{{ org.gitops.chart_source }}"
-      values_dir: "./build/{{ component_ns }}"
-    when: 
-      - not (add_new_org | bool)
-
-  # # This role deploy validator nodes
-  - name: "Deploy validator nodes"
+
+  # Install primary Genesis
+  - name: "Install primary Genesis"
     include_role:
-      name: create/validator_node
+      name: setup/genesis/primary_genesis
     vars:
-      build_path: "./build"
-      org: "{{ network['organizations'] | first }}"
-      name: "{{ org.name | lower }}"
-      component_ns: "{{ org.name | lower }}-quo"
-      kubernetes: "{{ org.k8s }}"
-      vault: "{{ org.vault }}"
-      gitops: "{{ org.gitops }}"
-      charts_dir: "{{ org.gitops.chart_source }}"
-      values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ component_ns }}"
-    when: 
-    - org.org_status is not defined or org.org_status == 'new'
-
-  # Deploy member nodes
-  - name: "Deploy member nodes with tessera transaction manager"
+      validator_count: "{{ total_validators | int }}"
+
+  # Deploy nodes
+  - name: "Deploy nodes"
     include_role:
-      name: create/member_node
+      name: setup/nodes
     vars:
-      build_path: "./build"
+      org_name: "{{ org.name | lower }}"
+      component_ns: "{{ org_name }}-quo"
+      validators: "{{ org.services.validators }}"
+      members: "{{ org.services.peers }}"
+      cloud_provider: "{{ org.cloud_provider | lower }}"
       kubernetes: "{{ org.k8s }}"
-      name: "{{ org.name | lower }}"
-      firstorg: "{{ network['organizations'] | first }}"
-      consensus: "{{ network.config.consensus }}"
-      component_ns: "{{ org.name | lower }}-quo"
       vault: "{{ org.vault }}"
       gitops: "{{ org.gitops }}"
       charts_dir: "{{ org.gitops.chart_source }}"
-      values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ component_ns }}"
-      geth_data: "{{ network.config.bootnode | default('null') }}"
+      values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org_name }}"
+      current_org_index: "{{ org_index }}"
     loop: "{{ network['organizations'] }}"
     loop_control:
       loop_var: org
-    when: 
-      - org.org_status is not defined or org.org_status == 'new'
-
+      index_var: org_index
+
   #These variables can be overriden from the command line
   vars:
     install_os: "linux"           # Default to linux OS

diff --git a/platforms/quorum/configuration/roles/check/validation/tasks/count_validators.yaml b/platforms/quorum/configuration/roles/check/validation/tasks/count_validators.yaml
@@ -0,0 +1,14 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Counting the number of validator nodes
+- name: "Count validator nodes"
+  set_fact:
+    total_validators: "{{ total_validators | int + 1 }}"
+  loop: "{{ validators }}"
+  loop_control:
+    loop_var: validator
+  when: validator is defined
diff --git a/platforms/quorum/configuration/roles/check/validation/tasks/main.yaml b/platforms/quorum/configuration/roles/check/validation/tasks/main.yaml
@@ -0,0 +1,26 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Set initial counter for validators
+- name: Set initial validator count
+  set_fact:
+    total_validators: 0
+
+# Count Validato nodes in the first organization
+- name: Count Validato nodes in the first organization
+  include_tasks: count_validators.yaml
+  vars:
+    org: "{{ network['organizations'] | first }}"
+    validators: "{{ org.services.validators }}"
+
+# Fail if total validators are less than 4
+- name: Fail if total validators are less than 4
+  fail:
+    msg: |
+      The first organization, {{ (network['organizations'] | first).name }}, must have at least 4 validators.
+      The first four validators must be named in the following order: validator-0, validator-1, validator-2, validator-3.
+      Note: Beyond the initial four, custom names can be defined as needed.
+  when: (total_validators | int) < 4
diff --git a/...helm_component/templates/memberquorum.tpl → ...elm_component/templates/member_quorum.tpl b/...helm_component/templates/memberquorum.tpl → ...elm_component/templates/member_quorum.tpl
@@ -25,15 +25,15 @@ spec:
         type: {{ vault.type | default("hashicorp") }}
         network: quorum
         address: {{ vault.url }}
-        secretPrefix: "data/{{ network.env.type }}{{ name }}"
+        secretPrefix: "data/{{ network.env.type }}{{ org_name }}"
         secretEngine: {{ vault.secret_path | default("secretsv2") }}
         role: vault-role
-        authPath: {{ network.env.type }}{{ name }}
+        authPath: {{ network.env.type }}{{ org_name }}
       proxy:
         provider: ambassador
         externalUrlSuffix: {{ org.external_url_suffix }}
-        p2p: {{ peer.p2p.ambassador }}
-        tmport: {{ peer.tm_nodeport.ambassador | default(443) }}
+        p2p: {{ member.p2p.ambassador }}
+        tmport: {{ member.tm_nodeport.ambassador | default(443) }}
     storage:
       size: "2Gi"
     tessera:

diff --git a/...m_component/templates/validatorquorum.tpl → ..._component/templates/validator_quorum.tpl b/...m_component/templates/validatorquorum.tpl → ..._component/templates/validator_quorum.tpl
@@ -23,13 +23,17 @@ spec:
         cloudNativeServices: false
       vault:
         address: {{ vault.url }}
-        secretPrefix: data/{{ network.env.type }}{{ name }}
+        secretPrefix: data/{{ network.env.type }}{{ org_name }}
         network: quorum
         role: vault-role
-        authPath: {{ network.env.type }}{{ name }}
+        authPath: {{ network.env.type }}{{ org_name }}
         type: {{ vault.type | default("hashicorp") }}
         secretEngine: {{ vault.secret_path | default("secretsv2") }}
       proxy:
         provider: "ambassador"
         externalUrlSuffix: {{ org.external_url_suffix }}
-        p2p: {{ peer.p2p.ambassador }}
+        p2p: {{ validator.p2p.ambassador }}
+    tessera:
+      enabled: false
+    tls:
+      enabled: false
diff --git a/platforms/quorum/configuration/roles/create/helm_component/vars/main.yaml b/platforms/quorum/configuration/roles/create/helm_component/vars/main.yaml
@@ -7,8 +7,8 @@
 helm_templates:
   quorum_tessera: tessera.tpl
   quorum: quorum.tpl
-  validatorquorum: validatorquorum.tpl
-  memberquorum: memberquorum.tpl
+  validator_quorum: validator_quorum.tpl
+  member_quorum: member_quorum.tpl
   crypto_tessera: crypto_tessera.tpl
   crypto_ibft_job: crypto_ibft_job.tpl
   certs-ambassador-quorum: certs-ambassador-quorum.tpl

diff --git a/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml b/platforms/quorum/configuration/roles/create/member_node/tasks/main.yaml
@@ -4,31 +4,12 @@
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
-# Execute only for members
-- name: Perform secondary genesis
-  include_role:
-    name: setup/genesis/secondary
-  vars:
-    values_dir: "./build/{{ component_ns }}"
-  when: org.type == 'member'
-
-# Get the Genesis and staticnodes
-- name: Get genesis and staticnodes
-  include_role: 
-    name: get/genesis
-  when: org.type == 'member' and org.services.peers is defined
-
-# Creates the Quorum node value files for each node of organization
-- name: Create value file for Quorum node
+# Create value file for member node
+- name: Create value file for member node
   include_role:
     name: create/helm_component
   vars:
-    component_name: "{{ peer.name }}"
-    type: "memberquorum"
-  loop: "{{ org.services.peers }}"
-  loop_control:
-    loop_var: peer
-  when: org.services.peers is defined
+    type: "member_quorum"
 
 # Pushes the above generated files to git directory 
 - name: Git Push
@@ -37,17 +18,13 @@
   vars:
     GIT_DIR: "{{ playbook_dir }}/../../../"
     msg: "[ci skip] Pushing Member node files"
-  when: org.services.peers is defined
 
 # Wait for the last Member to be running
 - name: "Wait for the last member to run"
   include_role:
     name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
   vars:
-    member: "{{ org.services.peers | last }}"
     label_selectors:
-      - app.kubernetes.io/release = {{ member.name | lower }}
+      - app.kubernetes.io/release = {{ component_name }}
     component_type: "Pod"
-    component_name: "{{ member.name | lower }}"
     namespace: "{{ component_ns }}"
-  when: org.services.peers is defined
diff --git a/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml b/platforms/quorum/configuration/roles/create/validator_node/tasks/main.yaml
@@ -1,44 +1,24 @@
-##############################################################################################
-#  Copyright Accenture. All Rights Reserved.
-#
-#  SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-# This task creates helm release file for each validator node of organization
-- name: Create helm release file for each validator node of organization
+# Create value file for validator node
+- name: Create value file for validator node
   include_role:
     name: create/helm_component
   vars:
-    component_name: "{{ peer.name }}"
-    type: "validatorquorum"
-  loop: "{{ org.services.validators }}"
-  loop_control:
-    loop_var: peer
-  when: org.services.validators is defined
+    type: "validator_quorum"
 
 # Git Push : Pushes the above generated files to git 
 - name: Git Push
   include_role: 
     name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
   vars:
     GIT_DIR: "{{ playbook_dir }}/../../../"
-    msg: "[ci skip] Pushing Validator files"
-  when: org.services.validators is defined
+    msg: "[ci skip] Pushing Validator Helm release file"
 
 # Wait for the last validator to be running
 - name: "Wait for the last validator to run"
   include_role:
     name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
   vars:
-    validator: "{{ org.services.validators | last }}"
     label_selectors:
-      - app.kubernetes.io/release = {{ validator.name | lower }}
+      - app.kubernetes.io/release = {{ component_name }}
     component_type: "Pod"
     namespace: "{{ component_ns }}"
-  when: org.services.validators is defined
-
-# Get the Genesis and staticnodes
-- name: Get genesis and staticnodes
-  include_role: 
-    name: get/genesis
-  when: org.services.validators is defined
diff --git a/platforms/quorum/configuration/roles/delete/local_directories/tasks/main.yaml b/platforms/quorum/configuration/roles/delete/local_directories/tasks/main.yaml
@@ -0,0 +1,25 @@
+##############################################################################################
+#  Copyright Accenture. All Rights Reserved.
+#
+#  SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Find and delete .json files in platforms/quorum/charts/quorum-genesis/files directory
+- name: "Find .json files in quorum-genesis files directory"
+  find:
+    paths: "{{ playbook_dir }}/../../quorum/charts/quorum-genesis/files"
+    patterns: "*.json"
+  register: genesis_and_static_node
+
+# Delete .json files in quorum-genesis files directory
+- name: "Delete .json files in quorum-genesis files directory"
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ genesis_and_static_node.files }}"
+
+# Delete the build directory in platforms/quorum/configuration
+- name: "Remove build directory from configuration"
+  file:
+    path: "{{ playbook_dir }}/../../quorum/configuration/build"
+    state: absent