def ca_chart(opts, release, upgrade=False, verbose=False): values_dir = opts['core']['dir_values'] repository = opts['core']['chart_repo'] ca_namespace = get_namespace(opts, ca=release) # PostgreSQL (Upgrades here are dangerous, deactivated by default) helm_install('stable', 'postgresql', '{}-pg'.format(release), ca_namespace, config_yaml='{dir}/postgres-ca/{name}-pg.yaml'.format( dir=values_dir, name=release), verbose=verbose) psql_secret = secret_read('{}-pg-postgresql'.format(release), ca_namespace, verbose=verbose) # Different key depending of PostgreSQL version psql_password = psql_secret.get( 'postgres-password') or psql_secret['postgresql-password'] env_vars = [('externalDatabase.password', psql_password)] # Fabric CA if not upgrade: helm_install(repository, 'hlf-ca', release, ca_namespace, config_yaml='{dir}/hlf-ca/{name}.yaml'.format( dir=values_dir, name=release), env_vars=env_vars, verbose=verbose) else: # TODO: Remove this try/catch once all CAs are updated try: preserve = (HelmPreserve('{}-hlf-ca'.format(release), 'CA_ADMIN', 'adminUsername'), HelmPreserve('{}-hlf-ca'.format(release), 'CA_PASSWORD', 'adminPassword')) helm_upgrade(repository, 'hlf-ca', release, ca_namespace, config_yaml='{dir}/hlf-ca/{name}.yaml'.format( dir=values_dir, name=release), env_vars=env_vars, preserve=preserve, verbose=verbose) except: preserve = (HelmPreserve('{}-hlf-ca--ca'.format(release), 'CA_ADMIN', 'adminUsername'), HelmPreserve('{}-hlf-ca--ca'.format(release), 'CA_PASSWORD', 'adminPassword')) helm_upgrade(repository, 'hlf-ca', release, ca_namespace, config_yaml='{dir}/hlf-ca/{name}.yaml'.format( dir=values_dir, name=release), env_vars=env_vars, preserve=preserve, verbose=verbose)
def test_peer_upgrade( self, mock_check_peer, mock_get_version, mock_helm_check, mock_helm_extra_vars, mock_helm_install, mock_helm_upgrade, mock_get_peers, ): OPTS = deepcopy(self.OPTS) OPTS["msps"]["BetaMSP"]["peers"]["nodes"] = {"peer0": {}} mock_get_version.side_effect = ["cdb-version", "peer-version"] mock_get_peers.side_effect = [["peer0"]] mock_helm_extra_vars.side_effect = [ "extra-vars-cdb-peer0", "extra-vars-peer0" ] setup_peer(OPTS, upgrade=True) mock_get_peers.assert_called_once_with(opts=OPTS, msp="BetaMSP") mock_helm_extra_vars.assert_has_calls([ call( version="cdb-version", config_yaml="./a_dir/BetaMSP/hlf-couchdb/cdb-peer0.yaml", preserve=( HelmPreserve( "peer-namespace", "cdb-peer0-hlf-couchdb", "COUCHDB_USERNAME", "couchdbUsername", ), HelmPreserve( "peer-namespace", "cdb-peer0-hlf-couchdb", "COUCHDB_PASSWORD", "couchdbPassword", ), ), ), call( version="peer-version", config_yaml="./a_dir/BetaMSP/hlf-peer/peer0.yaml", ), ]) mock_helm_install.assert_not_called() mock_helm_upgrade.assert_has_calls([ call( "a-repo", "hlf-couchdb", "cdb-peer0", extra_vars="extra-vars-cdb-peer0", ), call("a-repo", "hlf-peer", "peer0", extra_vars="extra-vars-peer0"), ]) mock_helm_check.assert_has_calls([ call("hlf-couchdb", "cdb-peer0", "peer-namespace"), call("hlf-peer", "peer0", "peer-namespace"), ]) mock_check_peer.assert_called_once_with("peer-namespace", "peer0")
def ca_chart(opts, release, upgrade=False): """Deploy CA Helm chart to K8S. Args: opts (dict): Nephos options dict. release (str): Name of the Helm Chart release. upgrade (bool): Do we upgrade the deployment? False by default. """ values_dir = opts["core"]["dir_values"] repository = opts["core"]["chart_repo"] ca_namespace = get_namespace(opts, ca=release) # PostgreSQL (Upgrades here are dangerous, deactivated by default) # Upgrading database is risky, so we disallow it by default if not upgrade: version = get_version(opts, "postgresql") config_yaml = f"{values_dir}/postgres-ca/{release}-pg.yaml" extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) helm_install("stable", "postgresql", f"{release}-pg", ca_namespace, extra_vars=extra_vars) helm_check("postgresql", f"{release}-pg", ca_namespace) psql_secret = secret_read(f"{release}-pg-postgresql", ca_namespace) # Different key depending of PostgreSQL version psql_password = (psql_secret.get("postgres-password") or psql_secret["postgresql-password"]) # Fabric CA version = get_version(opts, "hlf-ca") env_vars = [("externalDatabase.password", psql_password)] config_yaml = f"{values_dir}/hlf-ca/{release}.yaml" if not upgrade: extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml, env_vars=env_vars) helm_install(repository, "hlf-ca", release, ca_namespace, extra_vars=extra_vars) else: preserve = ( HelmPreserve(ca_namespace, f"{release}-hlf-ca--ca", "CA_ADMIN", "adminUsername"), HelmPreserve(ca_namespace, f"{release}-hlf-ca--ca", "CA_PASSWORD", "adminPassword"), ) extra_vars = helm_extra_vars( version=version, config_yaml=config_yaml, env_vars=env_vars, preserve=preserve, ) helm_upgrade(repository, "hlf-ca", release, extra_vars=extra_vars) helm_check("hlf-ca", release, ca_namespace)
def deploy_composer(opts, upgrade=False, verbose=False): """Deploy Hyperledger Composer on K8S. We use the hl-composer Helm chart as a basis to deploying Composer on K8S. Please note that Composer is unmaintained and may eventually be deprecated from this repository as we migrate to raw Fabric. Args: opts (dict): Nephos options dict. upgrade (bool): Do we upgrade the deployment? False by default. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) # Ensure BNA exists secret_from_file(secret=opts["composer"]["secret_bna"], namespace=peer_namespace, verbose=verbose) composer_connection(opts, verbose=verbose) # Start Composer version = get_version(opts, "hl-composer") config_yaml = "{dir}/hl-composer/{release}.yaml".format( dir=opts["core"]["dir_values"], release=opts["composer"]["name"]) if not upgrade: extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) helm_install( opts["core"]["chart_repo"], "hl-composer", opts["composer"]["name"], peer_namespace, extra_vars=extra_vars, verbose=verbose, ) else: preserve = (HelmPreserve( peer_namespace, "{}-hl-composer-rest".format(opts["composer"]["name"]), "COMPOSER_APIKEY", "rest.config.apiKey", ), ) extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml, preserve=preserve) helm_upgrade( opts["core"]["chart_repo"], "hl-composer", opts["composer"]["name"], extra_vars=extra_vars, verbose=verbose, ) helm_check("hl-composer", opts["composer"]["name"], peer_namespace, pod_num=3)
def test_ca_chart_upgrade( self, mock_get_version, mock_helm_check, mock_helm_extra_vars, mock_helm_install, mock_helm_upgrade, mock_secret_read, ): mock_secret_read.side_effect = [{"postgresql-password": "******"}] mock_get_version.side_effect = ["ca-version"] mock_helm_extra_vars.side_effect = ["extra-vars-ca"] ca_chart(self.OPTS, "a-release", upgrade=True) mock_get_version.assert_has_calls([call(self.OPTS, "hlf-ca")]) mock_helm_extra_vars.assert_called_once_with( version="ca-version", config_yaml="./some_dir/hlf-ca/a-release.yaml", env_vars=[("externalDatabase.password", "a_password")], preserve=( HelmPreserve("ca-namespace", "a-release-hlf-ca--ca", "CA_ADMIN", "adminUsername"), HelmPreserve( "ca-namespace", "a-release-hlf-ca--ca", "CA_PASSWORD", "adminPassword", ), ), ) mock_helm_install.assert_not_called() mock_helm_upgrade.assert_called_once_with("a_repo", "hlf-ca", "a-release", extra_vars="extra-vars-ca", verbose=False) mock_secret_read.assert_called_once_with("a-release-pg-postgresql", "ca-namespace", verbose=False) mock_helm_check.assert_has_calls( [call("hlf-ca", "a-release", "ca-namespace")])
def test_peer_upgrade(self, mock_check_peer, mock_helm_install, mock_helm_upgrade): OPTS = deepcopy(self.OPTS) OPTS["peers"]["names"] = ["peer0"] setup_peer(OPTS, upgrade=True) mock_helm_install.assert_not_called() mock_helm_upgrade.assert_has_calls([ call( "a-repo", "hlf-couchdb", "cdb-peer0", "peer-namespace", config_yaml="./a_dir/hlf-couchdb/cdb-peer0.yaml", preserve=( HelmPreserve( "cdb-peer0-hlf-couchdb", "COUCHDB_USERNAME", "couchdbUsername", ), HelmPreserve( "cdb-peer0-hlf-couchdb", "COUCHDB_PASSWORD", "couchdbPassword", ), ), verbose=False, ), call( "a-repo", "hlf-peer", "peer0", "peer-namespace", config_yaml="./a_dir/hlf-peer/peer0.yaml", verbose=False, ), ]) mock_check_peer.assert_called_once_with("peer-namespace", "peer0", verbose=False)
def test_deploy_composer_upgrade( self, mock_composer_connection, mock_get_version, mock_helm_check, mock_helm_extra_vars, mock_helm_install, mock_helm_upgrade, mock_input_files, mock_secret_create, ): mock_get_version.side_effect = ["hlc-version"] mock_helm_extra_vars.side_effect = ["extra-vars"] mock_input_files.side_effect = [{"key": "data"}] deploy_composer(self.OPTS, upgrade=True, verbose=True) mock_input_files.assert_called_once_with((None, ), clean_key=True) mock_secret_create.assert_called_once_with({"key": "data"}, "bna-secret", "peer-namespace") mock_composer_connection.assert_called_once_with(self.OPTS, verbose=True) mock_get_version.assert_has_calls([call(self.OPTS, "hl-composer")]) mock_helm_extra_vars.assert_called_once_with( version="hlc-version", config_yaml="./a_dir/hl-composer/hlc.yaml", preserve=(HelmPreserve( "peer-namespace", "hlc-hl-composer-rest", "COMPOSER_APIKEY", "rest.config.apiKey", ), ), ) mock_helm_install.assert_not_called() mock_helm_upgrade.assert_called_once_with("a-repo", "hl-composer", "hlc", extra_vars="extra-vars") mock_helm_check.assert_called_once_with("hl-composer", "hlc", "peer-namespace", pod_num=3)
def test_deploy_composer_upgrade( self, mock_composer_connection, mock_helm_install, mock_helm_upgrade, mock_secret_from_file, ): deploy_composer(self.OPTS, upgrade=True, verbose=True) mock_secret_from_file.assert_called_once_with( secret="bna-secret", namespace="peer-namespace", verbose=True) mock_composer_connection.assert_called_once_with(self.OPTS, verbose=True) mock_helm_install.assert_not_called() mock_helm_upgrade.assert_called_once_with( "a-repo", "hl-composer", "hlc", "peer-namespace", pod_num=3, config_yaml="./a_dir/hl-composer/hlc.yaml", preserve=(HelmPreserve("hlc-hl-composer-rest", "COMPOSER_APIKEY", "rest.config.apiKey"), ), verbose=True, )
def ca_chart(opts, release, upgrade=False, verbose=False): """Deploy CA Helm chart to K8S. Args: opts (dict): Nephos options dict. release (str): Name of the Helm Chart release. upgrade (bool): Do we upgrade the deployment? False by default. verbose (bool): Verbosity. False by default. """ values_dir = opts["core"]["dir_values"] repository = opts["core"]["chart_repo"] ca_namespace = get_namespace(opts, ca=release) # PostgreSQL (Upgrades here are dangerous, deactivated by default) helm_install( "stable", "postgresql", "{}-pg".format(release), ca_namespace, config_yaml="{dir}/postgres-ca/{name}-pg.yaml".format(dir=values_dir, name=release), verbose=verbose, ) psql_secret = secret_read("{}-pg-postgresql".format(release), ca_namespace, verbose=verbose) # Different key depending of PostgreSQL version psql_password = (psql_secret.get("postgres-password") or psql_secret["postgresql-password"]) env_vars = [("externalDatabase.password", psql_password)] # Fabric CA if not upgrade: helm_install( repository, "hlf-ca", release, ca_namespace, config_yaml="{dir}/hlf-ca/{name}.yaml".format(dir=values_dir, name=release), env_vars=env_vars, verbose=verbose, ) else: # TODO: Remove this try/catch once all CAs are updated try: preserve = ( HelmPreserve("{}-hlf-ca".format(release), "CA_ADMIN", "adminUsername"), HelmPreserve("{}-hlf-ca".format(release), "CA_PASSWORD", "adminPassword"), ) helm_upgrade( repository, "hlf-ca", release, ca_namespace, config_yaml="{dir}/hlf-ca/{name}.yaml".format(dir=values_dir, name=release), env_vars=env_vars, preserve=preserve, verbose=verbose, ) except: preserve = ( HelmPreserve("{}-hlf-ca--ca".format(release), "CA_ADMIN", "adminUsername"), HelmPreserve("{}-hlf-ca--ca".format(release), "CA_PASSWORD", "adminPassword"), ) helm_upgrade( repository, "hlf-ca", release, ca_namespace, config_yaml="{dir}/hlf-ca/{name}.yaml".format(dir=values_dir, name=release), env_vars=env_vars, preserve=preserve, verbose=verbose, )
def setup_peer(opts, upgrade=False): """Setup Peer on K8S. Args: opts (dict): Nephos options dict. upgrade (bool): Do we upgrade the deployment? False by default. """ for msp in get_msps(opts=opts): peer_namespace = get_namespace(opts, msp=msp) for release in get_peers(opts=opts, msp=msp): # Deploy the CouchDB instances version = get_version(opts, "hlf-couchdb") config_yaml = ( f'{opts["core"]["dir_values"]}/{msp}/hlf-couchdb/cdb-{release}.yaml' ) if not upgrade: extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) helm_install( opts["core"]["chart_repo"], "hlf-couchdb", f"cdb-{release}", peer_namespace, extra_vars=extra_vars, ) else: preserve = ( HelmPreserve( peer_namespace, f"cdb-{release}-hlf-couchdb", "COUCHDB_USERNAME", "couchdbUsername", ), HelmPreserve( peer_namespace, f"cdb-{release}-hlf-couchdb", "COUCHDB_PASSWORD", "couchdbPassword", ), ) extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml, preserve=preserve) helm_upgrade( opts["core"]["chart_repo"], "hlf-couchdb", f"cdb-{release}", extra_vars=extra_vars, ) helm_check("hlf-couchdb", f"cdb-{release}", peer_namespace) # Deploy the HL-Peer charts version = get_version(opts, "hlf-peer") config_yaml = f"{opts['core']['dir_values']}/{msp}/hlf-peer/{release}.yaml" extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) if not upgrade: helm_install( opts["core"]["chart_repo"], "hlf-peer", release, peer_namespace, extra_vars=extra_vars, ) else: helm_upgrade( opts["core"]["chart_repo"], "hlf-peer", release, extra_vars=extra_vars, ) helm_check("hlf-peer", release, peer_namespace) # Check that peer is running check_peer(peer_namespace, release)
def setup_peer(opts, upgrade=False, verbose=False): """Setup Peer on K8S. Args: opts (dict): Nephos options dict. upgrade (bool): Do we upgrade the deployment? False by default. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) for release in opts["peers"]["names"]: # Deploy the CouchDB instances version = get_version(opts, "hlf-couchdb") config_yaml = "{dir}/hlf-couchdb/cdb-{name}.yaml".format( dir=opts["core"]["dir_values"], name=release) if not upgrade: extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) helm_install( opts["core"]["chart_repo"], "hlf-couchdb", "cdb-{}".format(release), peer_namespace, extra_vars=extra_vars, verbose=verbose, ) else: preserve = ( HelmPreserve( peer_namespace, "cdb-{}-hlf-couchdb".format(release), "COUCHDB_USERNAME", "couchdbUsername", ), HelmPreserve( peer_namespace, "cdb-{}-hlf-couchdb".format(release), "COUCHDB_PASSWORD", "couchdbPassword", ), ) extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml, preserve=preserve) helm_upgrade( opts["core"]["chart_repo"], "hlf-couchdb", "cdb-{}".format(release), extra_vars=extra_vars, verbose=verbose, ) helm_check("hlf-couchdb", "cdb-{}".format(release), peer_namespace) # Deploy the HL-Peer charts version = get_version(opts, "hlf-peer") config_yaml = "{dir}/hlf-peer/{name}.yaml".format( dir=opts["core"]["dir_values"], name=release) extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) if not upgrade: helm_install( opts["core"]["chart_repo"], "hlf-peer", release, peer_namespace, extra_vars=extra_vars, verbose=verbose, ) else: helm_upgrade( opts["core"]["chart_repo"], "hlf-peer", release, extra_vars=extra_vars, verbose=verbose, ) helm_check("hlf-peer", release, peer_namespace) # Check that peer is running check_peer(peer_namespace, release, verbose=verbose)