Prerequisites:
Vault is deployed and vault credentials are stored as secret in AWS secrets manager
The openIDL applications use vault integration as wallet
...
implementation to access
...
identities who transact on the HLF application channels.
AWS apps IAM user credentials are stored as a secret in AWS secrets manager
AWS apps user is used by the openIDL application. For example, to pull the vault access credentials from AWS secrets manager.
The AWS apps user access key and secret key are available in the terraform state.
To create new AWS secret, go to AWS secrets manager and create a secret of type Other with name "{{ env_id }}-apps-user", where the "{{env_id}}" is the value as configured in the private git config file.
The secret should be stored as json:
Code Block { "access_id":"ACCESS ID", "secret_key":"SECRET KEY" }
Cognito user pool and app integration access are configured in AWS Cognito
Cognito is used as User Management component in the openIDL applications. The deployment scripts pull the conginto access from AWS and deploy a cognito secret with the information to the application k8s cluster
AWX openIDL application deployment playbooks
The openIDL application deployment is a multi-step process broken down into different ansible playbooks (roles).
The steps:
AWX Job Template | Notes |
---|---|
<env_id>-<org_id>-deploy-app-identities | Register and enroll application identities that are used to transact on the HLF channels |
<env_id>-<org_id>-deploy-app-ingress | Deploy k8s ingress controller for the openidl applications k8s cluster |
<env_id>-<org_id>-deploy-mongodb | openIDL applications technical database (i.e. store the processed HLF channel block number) |
<env_id>-<org_id>- |
dns- |
config- |
apps | Creates and routes the DNS entries for the openIDL applications |
<env_id>-<org_id>-deploy-app-config | Templates the application configuration, deploys the configurations as secrets in the application k8s cluster |
<env_id>-<org_id>-deploy-app | Deploy the openIDL applications |
Info |
---|
In case of application configuration changes, the deploy-app-config job should be run in order to regenerate the configuration changes and re-create the k8s secret that contains the new configuration. The openIDL application containers may need to be manually restarted in case k8s doesn’t reboot them automatically in order for the new configuration to be injected in the runtime of the applications |
...
Info |
---|
After a successful deployment, the openIDL applications can be accessed at: |
Analytics node carrier data extraction
The analytics openIDL application uploads the carrier-extracted data to an AWS s3 bucket on the data call maturity date. Therefore it is essential to create an s3 bucket with the following name:
...