Deploy VMware Blockchain Nodes Using VMware Blockchain Orchestrator on AWS

Using the VMware Blockchain Orchestrator, you can deploy VMware Blockchain nodes on your os environment.

Prerequisites

Verify that your VMware Blockchain Orchestrator appliance is successfully deployed. See Prepare Your AWS Environment for Deployment.
Verify that you familiarize yourself with the VMware Blockchain Orchestrator descriptor files. See Configuring the Infrastructure Descriptor Parameters on AWS and Configuring the Deployment Descriptor Parameters on AWS.

Procedure

Power on the VMware Blockchain Orchestrator appliance.
SSH into the VMware Blockchain Orchestrator appliance.
Enter the login credentials for the blockchain user account.
Navigate to the /home/blockchain directory.

List the contents of the /home/blockchain directory.

ls -l

Option	Description
/home/blockchain/orchestrator-runtime	Directory consists of all the docker-compose files and descriptor files. You can run the VMware Blockchain Orchestrator script from this directory.
docker-compose-orchestrator-prereqs.yml	Runs the Docker configuration service and provisioning service containers. The prerequisite service starts when the VM is powered on. The prerequisite service times out if the VM does not have connectivity when powered on and must be manually restarted.
docker-compose-orchestrator.yml	Runs the VMware Blockchain Orchestrator script to deploy VMware Blockchain nodes.
infrastructure-descriptor-v1.schema	Directory stores the infrastructure definitions of all the available parameters to manually configure to deploy VMware Blockchain nodes.
deployment-descriptor-v1.schema	Directory stores the deployment definitions of all the available parameters to manually configure to deploy VMware Blockchain nodes.

To configure the descriptor files and set the parameter values, you must create directories to store the descriptor files.

Create a directory for the descriptor files.

See the sample directory structure.

Option	Description
/home/blockchain/descriptors	Directory stores the infrastructure and deployment descriptor JSON files. VMware Blockchain Orchestrator uses the parameter values set in the infrastructure and deployment descriptor files during provisioning.
/home/blockchain/output	Directory stores the deployment details, such as IP address, Replica and Client node names, blockchain ID, and consortium ID.
INFRA_DESC_FILENAME=infrastructure_descriptor.json	File provides infrastructure details for deployment that VMware Blockchain Orchestrator uses to prescribe the parameters and connect to AWS.
DEPLOY_DESC_FILENAME=deployment_descriptor.json	File provides deployment details for Replica and Client nodes. If you deploy Full Copy Client nodes, the deployment details are included in this file. For example, the file also consists of zone names, client group names, and IP addresses.

Verify that the Docker containers are running.

cd ~blockchain/orchestrator-runtime
docker ps -a

The Docker containers that are running appear.

blockchain@localhost [ ~ ]$ docker ps -a
CONTAINER ID        IMAGE                                                                                COMMAND                  CREATED             STATUS              PORTS                                            NAMES
a20b7fbeacff        athena-docker-local.artifactory.eng.vmware.com/persephone-configuration:0.0.0.2323   "java -Dspring.confi…"   2 minutes ago       Up 2 minutes        0.0.0.0:9003->9003/tcp, 0.0.0.0:8000->9023/tcp   orchestrator-runtime_config-service_1
10cdca6852d8        athena-docker-local.artifactory.eng.vmware.com/persephone-provisioning:0.0.0.2323    "java -Dspring.confi…"   2 minutes ago       Up 2 minutes        8000/tcp, 0.0.0.0:9002->9002/tcp                 orchestrator-runtime_persephone-provisioning_1

If the Docker containers are not running, then restart the Docker containers.
1. Log into the VMware Blockchain Orchestrator appliance.
2. Restart the system service, which in turn starts the Docker containers.
```
systemctl restart blockchain.service
```

Create the infrastructure and deployment descriptor files in the descriptor directory.

VMware Blockchain Orchestrator uses the variables defined in these descriptor files to provision the VMware Blockchain nodes.

Sample infrastructure_descriptor.json file to deploy to AWS.

{
    "organization": {
        "damlSdkVersion": "2.4.0",
        "blockchainVersion": "1.8.0.0.53"
      },
    "zones": [
        {
            "name": "zone-A",
            "region": "us-east-1",
            "credentials": 
         {
    "accessKeyId": "<access-key-id>",
    "secretAccessKey": "<secret-access-key>",
    "sessionToken" : "<session-token>"
        },   
            "network": {
                "subnetId": "subnet-02bd7fc869499e90a",
                "securityGroupIds": [
                    "sg-00f7cbfdca902d1ff"
                ]
            },
            "containerRegistry": {
                "url": "https://vmwaresaas.jfrog.io",
                "userName": "vmbc-token",
		"password": "<password>"

            },
            "wavefront": {
                "url": "https://vmware.wavefront.com/api/",
                "token": "90e3b381-6779-41ce-9f4f-d08a9d72d68b"
            },
               "logManagement": [
                {
                    "type": "AWS_CLOUDWATCH",
                    "cloudwatchLogConfig": {
                        "region": "us-east-1",
                        "logGroupName": "castor-group",
                        "logStreamName": "castor-stream"
                    }
                }
            ]
        }
    ]
}

Validate your infrastructure descriptor file semantics against the infrastructure-descriptor-v1.schema.
Validate your deployment descriptor file semantics against the deployment-descriptor-v1.schema.

Validate that the credentials, network name, and folder name are correctly populated to avoid errors.

ORCHESTRATOR_DESCRIPTORS_DIR=/home/blockchain/descriptors  
INFRA_DESC_FILENAME=infrastructure_descriptor.json 
DEPLOY_DESC_FILENAME=deployment_descriptor.json 
ORCHESTRATOR_OUTPUT_DIR=/home/blockchain/output 
ORCHESTRATOR_DEPLOYMENT_TYPE=VALIDATE 
docker-compose -f docker-compose-orchestrator.yml up

Encrypt and redirect the infrastructure and the deployment descriptor files for added security.
1. Encrypt the infrastructure_descriptor.json file.
```
$HOME/descriptors > ansible-vault encrypt infrastructure_descriptor.json
New Vault password:
Confirm New Vault password:
Encryption successful
```
2. Encrypt the deployment_descriptor.json file.
```
$HOME/descriptors > ansible-vault encrypt deployment_descriptor.json
New Vault password:
Confirm New Vault password:
Encryption successful
```
3. Configure the two environment variable values.
  - ORCHESTRATOR_OUTPUT_DIR - The output directory where the output file is written.
  - ORCHESTRATOR_DEPLOYMENT_TYPE - Set deployment type to PROVISION.
4. Run the secure-orchestrator.sh script from the orchestrator_runtime directory.
```
ORCHESTRATOR_OUTPUT_DIR=$HOME/output 
ORCHESTRATOR_DEPLOYMENT_TYPE=PROVISION 
./secure-orchestrator.sh
```
  The script creates temporary files.
  - /dev/shm/orchestrator-awsIGoa0JA/infra_descriptor
  - /dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor
5. Redirect the decrypted infrastructure_descriptor.json to the infrastructure_descriptor file location.
  Use the vault password used to encrypt the infrastructure_descriptor.json file.
```
ansible-vault view $HOME/descriptors/infrastructure_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/infra_descriptor
```
6. Redirect the decrypted deployment_descriptor.json to the deployment_descriptor file location.
  Use the vault password used to encrypt the deployment_descriptor.json file.
```
ansible-vault view $HOME/descriptors/deployment_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor
```
  After the script completes running, the temporary files are deleted.
7. (Optional) If the script fails or the secure_orchestrator.sh script is terminated, delete the temporary folder under the /dev/shm/orchestrator-* directory.

Run the VMware Blockchain Orchestrator deployment script.

ORCHESTRATOR_DESCRIPTORS_DIR=/home/blockchain/descriptors 
INFRA_DESC_FILENAME=infrastructure_descriptor.json 
DEPLOY_DESC_FILENAME=deployment_descriptor.json 
ORCHESTRATOR_OUTPUT_DIR=/home/blockchain/output 
docker-compose -f docker-compose-orchestrator.yml up

(Optional) If you have enabled the pullMetricsEndpoint parameter, you can run the command and retrieve the monitoring metrics data.

# If using username/password use http
curl -i -u '<username>:<password>' http://<VM-IP>:9273/metrics
# If using TLS use https
curl -i -l -u '<username>:<password>' https://<VM-IP>:9273/metrics -k

Results

After a successful deployment, the VMware Blockchain Orchestrator creates and saves the deployment results in the /home/blockchain/output directory.

Note:

If your deployment fails, identify the error and fix it before redeploying the VMware Blockchain nodes.

What to do next

Verify that the Replica node includes all the parameter values set in the deployment descriptor. See Validate a Replica Node in VMware Blockchain Orchestrator on AWS.