Skip to content

Commit

Permalink
Add fabproxy removal example
Browse files Browse the repository at this point in the history
Signed-off-by: Chris Elder <[email protected]>
  • Loading branch information
Chris Elder authored and MuthuSundaravadivel committed Jun 3, 2024
1 parent 48fdc43 commit bb4b6c0
Show file tree
Hide file tree
Showing 19 changed files with 741 additions and 0 deletions.
37 changes: 37 additions & 0 deletions examples/fabproxy-removal/01-migrate-all-ca-addresses.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Renew the TLS Certificate for all Certificate Authorities and Associated Nodes
hosts: localhost
vars_files:
- common-vars.yml
tasks:
- name: Get the ALL Certificate Authorities
hyperledger.fabric_ansible_collection.certificate_authority_list_info:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
register: result

- name: Store the Certificate Authorities in a file
copy:
content: "{{ result.certificate_authorities | to_nice_json }}"
dest: "All_CAs.json"

- name: List Certificate Authorities
debug: "msg='Found Certificate Authority {{ certificate_authority.name}}'"
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"

- name: Update CA Metadata
include_tasks: tasks/01-update-ca-metadata.yml
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"
when: certificate_authority.imported == False
31 changes: 31 additions & 0 deletions examples/fabproxy-removal/02-update-associated-nodes.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Renew the TLS Certificate for all Certificate Authorities and Associated Nodes
hosts: localhost
vars_files:
- common-vars.yml
tasks:
- name: Get the ALL Certificate Authorities
hyperledger.fabric_ansible_collection.certificate_authority_list_info:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
register: result

- name: List Certificate Authorities
debug: "msg='Found Certificate Authority {{ certificate_authority.name}}'"
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"

- name: Renew TLS Certificates for Certificate Authorities
include_tasks: tasks/02-create-crypto-update.yml
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Renew the TLS Certificate for all Certificate Authorities and Associated Nodes
hosts: localhost
vars_files:
- common-vars.yml
tasks:
- name: Get the ALL Certificate Authorities
hyperledger.fabric_ansible_collection.certificate_authority_list_info:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
register: result

- name: List Certificate Authorities
debug: "msg='Found Certificate Authority {{ certificate_authority.name}}'"
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"

- name: Get Peers for the CA
include_tasks: tasks/03-get-all-nodes-for-ca.yml
loop: "{{ result.certificate_authorities }}"
loop_control:
loop_var: certificate_authority
label: "{{ certificate_authority.name }}"
85 changes: 85 additions & 0 deletions examples/fabproxy-removal/04-migrate-ordering-node-addresses.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Migrate Ordering Service Node
hosts: localhost
vars_files:
- common-vars.yml
- channels.yml
tasks:

- name: Reenroll Ordering Service Node "{{ ordering_service_node_name }}" TLS
hyperledger.fabric_ansible_collection.ordering_service_node_action:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
name: "{{ ordering_service_node_name }}"
action: 'reenroll'
type: 'tls_cert'
register: result

- name: Fail if the Certificate Authority did not accept the message
fail:
msg: result.response
when: not result.accepted

- name: Temporarily change Ordering Service Node "{{ ordering_service_node_name }}" to use the new URLs and record settings
hyperledger.fabric_ansible_collection.ordering_service_node_metadata:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ ordering_service_node_name }}"
preferred_url: "{{ preferred_url_os }}"
register: ordering_node_new_url

- name: Change Ordering Node "{{ ordering_service_node_name }}" to use the legacy URLs
hyperledger.fabric_ansible_collection.ordering_service_node_metadata:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ ordering_service_node_name }}"
preferred_url: "{{ preferred_url_legacy }}"
register: ordering_node_legacy_url

- name: Store the ordering service node to a file
copy:
content: "{{ ordering_node_new_url.ordering_service_node | to_nice_json }}"
dest: "{{ ordering_service_node_name }}.json"

- name: Remove the previous channels directory if it exists
ansible.builtin.file:
path: channels
state: absent

- name: Remove the previous completed channels
ansible.builtin.file:
path: completed_channels.txt
state: absent

- name: Update channels
include_tasks: tasks/04-update-channel.yml
loop: "{{ channel_names }}"
loop_control:
loop_var: channel_name

- name: Change Ordering Service Node "{{ ordering_service_node_name }}" to use the new URLs
hyperledger.fabric_ansible_collection.ordering_service_node_metadata:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ ordering_service_node_name }}"
preferred_url: "{{ preferred_url_os }}"
when: not (dry_run | bool)

- name: Warn if dry run
debug:
msg: Dry run, not signing or applying channel configuration update
when: (dry_run | bool)
35 changes: 35 additions & 0 deletions examples/fabproxy-removal/05-update_anchor_peers.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Update anchor peers
hosts: localhost
vars_files:
- common-vars.yml
- channels.yml
tasks:

- name: Create the local msp for all organizations
hyperledger.fabric_ansible_collection.membership_service_provider_local:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
operation: "create"

- name: Remove the previous channels directory if it exists
ansible.builtin.file:
path: channels_anchor
state: absent

- name: Remove the previous completed channels
ansible.builtin.file:
path: completed_channels.txt
state: absent

- name: Update channels
include_tasks: tasks/05-update-channel.yml
loop: "{{ channel_names }}"
loop_control:
loop_var: channel_name
5 changes: 5 additions & 0 deletions examples/fabproxy-removal/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Fabproxy Removal

This is a support project for removing Fabproxy from migrated instances from IBM Blockchain Platform Software as a Service.

Many techniques and processes can be adapted for normal ongoing maintenance processes.
7 changes: 7 additions & 0 deletions examples/fabproxy-removal/channels.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
channel_names:
- testchainid
- channel1
16 changes: 16 additions & 0 deletions examples/fabproxy-removal/common-vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
api_endpoint: https://ibp-console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
preferred_url_os: "os"
preferred_url_legacy: "legacy"
ordering_service_name: "Orderer"
ordering_service_node_name: "Orderer_1"
ordering_service_admin_identity: "Orderer MSP Admin_identity.json"
ordering_service_msp_id: osmsp
dry_run: false
wait_timeout: 600
20 changes: 20 additions & 0 deletions examples/fabproxy-removal/tasks/01-renew-ca-tls.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Renew the TLS Certificate for the Certificate Authority "{{ certificate_authority.name }}"
hyperledger.fabric_ansible_collection.certificate_authority_action:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ certificate_authority.name }}"
action: 'renew'
register: result
when: certificate_authority.imported == False

- name: Fail if the Certificate Authority "{{ certificate_authority.name }}" did not accept the message
fail:
msg: result.response
when: not result.accepted
28 changes: 28 additions & 0 deletions examples/fabproxy-removal/tasks/01-update-ca-metadata.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Update the Certificate Authority metadata for "{{ certificate_authority.name }}"
hyperledger.fabric_ansible_collection.certificate_authority_metadata:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ certificate_authority.name }}"
preferred_url: "{{ preferred_url_os }}"
register: update_result

- name: Fail if the Certificate Authority "{{ certificate_authority.name }}" was not updated
fail:
msg: "Certificate Authority {{ certificate_authority.name }} was not updated"
when: not update_result.changed

- name: Write the updated certficate authority "{{ certificate_authority.name }}" to a file
copy:
content: "{{ update_result.certificate_authority | to_nice_json }}"
dest: "updated_certficat_authority.json"

- name: Renew TLS Certificates for Certificate Authorities
include_tasks: tasks/01-renew-ca-tls.yml
when: certificate_authority.imported == False
66 changes: 66 additions & 0 deletions examples/fabproxy-removal/tasks/02-create-crypto-update.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#
# SPDX-License-Identifier: Apache-2.0
#
---
- name: Get the Certificate Authority
hyperledger.fabric_ansible_collection.certificate_authority_info:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
name: "{{ certificate_authority.name }}"
register: result

- name: Configure the crypto update
set_fact:
crypto:
enrollment:
ca:
host: "{{ result.certificate_authority.api_url | urlsplit('hostname') }}"
port: "{{ result.certificate_authority.api_url | urlsplit('port') }}"
tls_cert: "{{ result.certificate_authority.msp.component.tls_cert }}"
tlsca:
host: "{{ result.certificate_authority.api_url | urlsplit('hostname') }}"
port: "{{ result.certificate_authority.api_url | urlsplit('port') }}"
tls_cert: "{{result.certificate_authority.msp.component.tls_cert}}"

- name: Get the Nodes associated with the Certificate Authority "{{ certificate_authority.name }}"
hyperledger.fabric_ansible_collection.certificate_authority_associated_nodes:
api_endpoint: "{{ api_endpoint }}"
api_authtype: "{{ api_authtype }}"
api_key: "{{ api_key }}"
api_secret: "{{ api_secret | default(omit) }}"
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
certificate_authority: "{{ certificate_authority.name }}"
register: nodes

- name: List the Ordering Nodes
debug: "msg='Found Ordering Node {{ ordering_service_node.name}}'"
loop: "{{ nodes.ordering_service_nodes }}"
loop_control:
loop_var: ordering_service_node
label: "{{ ordering_service_node.name }}"

- name: Update Ordering Nodes associated with "{{ certificate_authority.name }}"
include_tasks: tasks/02-update-ordering-node.yml
loop: "{{ nodes.ordering_service_nodes }}"
loop_control:
loop_var: ordering_service_node
label: "{{ ordering_service_node.name }}"
when: ordering_service_node.imported == False

- name: List the Peers
debug: "msg='Found Peer {{ peer.name}}'"
loop: "{{ nodes.peers }}"
loop_control:
loop_var: peer
label: "{{ peer.name }}"

- name: Update Peers associated with "{{ certificate_authority.name }}"
include_tasks: tasks/02-update-peer.yml
loop: "{{ nodes.peers }}"
loop_control:
loop_var: peer
label: "{{ peer.name }}"
when: peer.imported == False
Loading

0 comments on commit bb4b6c0

Please sign in to comment.