Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisites:

  • Vault is deployed and vault credentials are stored as secret in AWS secrets manager

The openIDL applications use vault integration as wallet implementation to access identities who transact on the HLF application channels.

  • AWS apps IAM user credentials are stored as a secret in AWS secrets manager

AWS apps user is used by the openIDL application. For example, to pull the vault access credentials from AWS secrets manager.

The AWS apps user access key and secret key are available in the terraform state.

To create new AWS secret, go to AWS secrets manager and create a secret of type Other with name "{{ env_id }}-apps-user", where the "{{env_id}}" is the value as configured in the private git config file.

The secret should be stored as json:

Code Block
{
    "access_id":"ACCESS ID",
    "secret_key":"SECRET KEY"
} 


  • Cognito user pool and app integration access are configured in AWS Cognito

Cognito is used as User Management component in the openIDL applications. The deployment scripts pull the conginto access from AWS and deploy a cognito secret with the information to the application k8s cluster


AWX openIDL application deployment playbooks

The openIDL application deployment is a multi-step process broken down into different ansible playbooks (roles). 

The steps:

AWX Job Template

Notes

<env_id>-<org_id>-deploy-app-identities

Register and enroll application identities that are used to transact on the HLF channels

<env_id>-<org_id>-deploy-app-ingress

Deploy k8s ingress controller for the openidl applications k8s cluster

<env_id>-<org_id>-deploy-mongodb

openIDL applications technical database (i.e. store the processed HLF channel block number)

<env_id>-<org_id>-dns-config-apps

Creates and routes the DNS entries for the openIDL applications

<env_id>-<org_id>-deploy-app-config

Templates the application configuration, deploys the configurations as secrets in the application k8s cluster

<env_id>-<org_id>-deploy-app

Deploy the openIDL applications



Info

In case of application configuration changes, the deploy-app-config job should be run in order to regenerate the configuration changes and re-create the k8s secret that contains the new configuration.

The openIDL application containers may need to be manually restarted in case k8s doesn’t reboot them automatically in order for the new configuration to be injected in the runtime of the applications


Info

After a successful deployment, the openIDL applications can be accessed at:

https://openidl.app.{{main_domain}}


Analytics node carrier data extraction

The analytics openIDL application uploads the carrier-extracted data to an AWS s3 bucket on the data call maturity date. Therefore it is essential to create an s3 bucket with the following name:

Code Block
{{ org_id }}-{{ env_id }}-openidl-hdsdatastore