Create console/operator roles for OS Stack (#610)

* Create console/operator roles for OS Stack Signed-off-by: Matthew B White <whitemat@uk.ibm.com> * Cleanup dockerfile Signed-off-by: Matthew B White <whitemat@uk.ibm.com>
IBM-Blockchain · Jul 20, 2022 · e35f657 · e35f657
1 parent 5e6a909
commit e35f657
Show file tree

Hide file tree

Showing 70 changed files with 9,586 additions and 245 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 
 # In the first stage, install the common dependencies, and then set up the standard user.
 FROM registry.access.redhat.com/ubi8/ubi-minimal AS base
-RUN microdnf install python38 shadow-utils \
+RUN microdnf install python39 shadow-utils git \
     && groupadd -g 7051 ibp-user \
     && useradd -u 7051 -g ibp-user -G root -s /bin/bash ibp-user \
     && chgrp -R root /home/ibp-user /etc/passwd \
@@ -26,8 +26,12 @@ ADD . /tmp/collection
 RUN cd /tmp/collection \
     && ansible-galaxy collection build --output-path /tmp \
     && ansible-galaxy collection install /tmp/ibm-blockchain_platform-*.tar.gz \
+    && ansible-galaxy collection install kubernetes.core \
     && chgrp -R root /home/ibp-user/.ansible \
     && chmod -R g=u /home/ibp-user/.ansible
+RUN curl -sSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"  -o /tmp/kubectl \
+    && chmod +x /tmp/kubectl \
+    && mv /tmp/kubectl /home/ibp-user/.local/bin
 
 # In the third stage, build the Hyperledger Fabric binaries with HSM enabled (this is not the default).
 FROM base AS fabric
@@ -59,6 +63,7 @@ COPY --from=builder /home/ibp-user/.ansible /home/ibp-user/.ansible
 COPY --from=fabric /go/src/github.com/hyperledger/fabric/build/bin /opt/fabric/bin
 COPY --from=fabric /go/src/github.com/hyperledger/fabric/sampleconfig /opt/fabric/config
 COPY docker/docker-entrypoint.sh /
+RUN mkdir /home/ibp-user/.kube
 ENV FABRIC_CFG_PATH=/opt/fabric/config
 ENV PATH=/opt/fabric/bin:/home/ibp-user/.local/bin:$PATH
 USER 7051

diff --git a/README.md b/README.md
@@ -5,6 +5,17 @@ The IBM Blockchain Platform provides advanced tooling that allows you to quickly
 This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks.
 
 *Please Note* the main branch is now set to `2.0.0-beta`, the `release-1.2` branch is available. If you build a local copy of Ansible for production, please work from the `release-1.2` branch.
+
+## Beta support for Fabric Operator and Fabric Operations Console
+
+With the Open Source version of the [Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) and the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator), it is possible now to use the Ansible Playbooks previously targetted towards The IBM Blockchain Platform in a complete open source stack.
+
+This should be considered beta functionality at present, please do try it out, but would not advise production use cases at present. Both the Operator AND the Console must be installed.
+
+Currently the installation of the Operator and Console are available via Playbooks. Once installed Fabric resources can be managed with the existing Ansible modules.
+
+Please see the [README](./examples/opensource-stack/README.md) in the `opensource-stack` example for more information.
+
 ## Documentation
 
 Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/

diff --git a/examples/opensource-stack/01-operator-install.yml b/examples/opensource-stack/01-operator-install.yml
@@ -0,0 +1,13 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+- name: Deploy Opensource custom resource definitions and operator
+  hosts: localhost
+  vars_files:
+    - vars.yml
+  vars:
+    state: present
+    wait_timeout: 3600
+  roles:
+    - ibm.blockchain_platform.fabric_operator_crds
diff --git a/examples/opensource-stack/02-console-install.yml b/examples/opensource-stack/02-console-install.yml
@@ -0,0 +1,13 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+- name: Deploy Opensource Console
+  hosts: localhost
+  vars_files:
+    - vars.yml
+  vars:
+    state: present
+    wait_timeout: 3600
+  roles:
+    - ibm.blockchain_platform.fabric_console
diff --git a/examples/opensource-stack/README.md b/examples/opensource-stack/README.md
@@ -0,0 +1,54 @@
+# Open-source Fabric Stack
+
+The two playbooks in this example install the [Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) and the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator)
+
+## Usage
+
+As this function should be considered beta, it has not been published to Ansible Galaxy, or an image to DockerHub. Therefore please follow the installation instructions on installing from source.
+
+In brief,
+
+- Clone this repository
+- Use `poetry` to create a development shell `poetry shell`
+- Run these commands to build locally
+```
+    ansible-galaxy collection build -f
+    ansible-galaxy collection install $(ls -1 | grep ibm-blockchain_platform) -f
+```
+
+You can then run the playbooks as needed
+
+### Pre-requistie tools
+
+In addition you will need the `kubectl` and `git` installed.
+## Kubernetes Connection
+
+The playbooks assume that the kubectl context in the current shell is set to the cluster you wish to install to. NOTE that this has been initially tested using a KIND cluster (see the `sample-network` example in the [Fabric Operator](https://github.com/hyperledger-labs/fabric-operator) for creating a KIND instance)
+
+`vars.yml` contains the essential configuration for naming and initial identities.
+
+## Post-creation actions
+
+Once installed, you've the choice of using the Console to create Fabric resources.
+Alternatively you can use the other Ansible modules to create resources.
+
+It helps to create an API key rather than use the username/password.
+
+For example, assuming the naming as used in the example's `vars.yml` and a local KIND cluster.
+
+```
+    AUTH=$(curl -X POST https://fabricinfra-hlf-console-console.localho.st:443/ak/api/v2/permissions/keys -u admin:password -k -H 'Content-Type: application/json' -d '{"roles": ["writer", "manager"],"description": "newkey"}')
+    KEY=$(echo $AUTH | jq .api_key | tr -d '"')
+    SECRET=$(echo $AUTH | jq .api_secret | tr -d '"')
+
+    echo "Writing authentication file for Ansible based IBP (Software) network building"
+    cat << EOF > auth-vars.yml
+    api_key: $KEY
+    api_endpoint: http://fabricinfra-hlf-console-console.localho.st/
+    api_authtype: basic
+    api_secret: $SECRET
+    EOF
+
+```
+
+The `auth-vars.yml` can be included in any other playbooks or added in the `ansible-playbook` cli
diff --git a/examples/opensource-stack/vars.yml b/examples/opensource-stack/vars.yml
@@ -0,0 +1,23 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+---
+# The type of K8S cluster this is using
+target: kind
+arch: amd64
+
+# k8s namespace for the operator and console
+namespace: fabricinfra
+
+# Console name/domain
+console_name: hlf-console
+console_domain: localho.st
+
+#  default configuration for the console
+# password reset will be required on first login
+console_email: admin
+console_default_password: password
+
+# different k8s clusters will be shipped with differently named default storage providers
+# or none at all.  KIND for example has one called 'standard'
+console_storage_class: standard
diff --git a/justfile b/justfile
@@ -23,6 +23,9 @@ lint:
     shellcheck tutorial/*.sh
     yamllint .
 
+docker:
+    docker build -t fabric-ansible .
+
 # Build the documentation
 docs:
     #!/bin/bash

diff --git a/plugins/module_utils/certificate_authorities.py b/plugins/module_utils/certificate_authorities.py
@@ -108,7 +108,7 @@ def wait_for(self, timeout):
         for x in range(timeout):
             try:
                 url = urllib.parse.urljoin(self.operations_url, '/healthz')
-                response = open_url(url, None, None, method='GET', validate_certs=False)
+                response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all')
                 if response.code == 200:
                     healthz = json.load(response)
                     if healthz['status'] == 'OK':
@@ -158,7 +158,7 @@ def get_ca_chain(self):
 
     def _get_ca_chain(self):
         url = urllib.parse.urljoin(self.certificate_authority.api_url, f'/cainfo?ca={self.certificate_authority.ca_name}')
-        response = open_url(url, None, None, method='GET', validate_certs=False)
+        response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all')
         cainfo = json.load(response)
         return cainfo['result']['CAChain']
 
@@ -167,7 +167,7 @@ def get_tlsca_chain(self):
 
     def _get_tlsca_chain(self):
         url = urllib.parse.urljoin(self.certificate_authority.api_url, f'/cainfo?ca={self.certificate_authority.tlsca_name}')
-        response = open_url(url, None, None, method='GET', validate_certs=False)
+        response = open_url(url, None, None, method='GET', validate_certs=False, follow_redirects='all')
         cainfo = json.load(response)
         return cainfo['result']['CAChain']