Using the VMware Blockchain Orchestrator, you can deploy VMware Blockchain nodes on your os environment.
Prerequisites
Verify that your VMware Blockchain Orchestrator appliance is successfully deployed. See Prepare Your AWS Environment for Deployment.
Verify that you familiarize yourself with the VMware Blockchain Orchestrator descriptor files. See Configuring the Infrastructure Descriptor Parameters on AWS and Configuring the Deployment Descriptor Parameters on AWS.
Procedure
- Power on the VMware Blockchain Orchestrator appliance.
- SSH into the VMware Blockchain Orchestrator appliance.
- Enter the login credentials for the blockchain user account.
- Navigate to the /home/blockchain directory.
- List the contents of the /home/blockchain directory.
ls -l
Option Description /home/blockchain/orchestrator-runtime
Directory consists of all the docker-compose files and descriptor files.
You can run the VMware Blockchain Orchestrator script from this directory.
docker-compose-orchestrator-prereqs.yml
Runs the Docker configuration service and provisioning service containers.
The prerequisite service starts when the VM is powered on. The prerequisite service times out if the VM does not have connectivity when powered on and must be manually restarted.
docker-compose-orchestrator.yml
Runs the VMware Blockchain Orchestrator script to deploy VMware Blockchain nodes.
infrastructure-descriptor-v1.schema
Directory stores the infrastructure definitions of all the available parameters to manually configure to deploy VMware Blockchain nodes.
deployment-descriptor-v1.schema
Directory stores the deployment definitions of all the available parameters to manually configure to deploy VMware Blockchain nodes.
To configure the descriptor files and set the parameter values, you must create directories to store the descriptor files.
- Create a directory for the descriptor files.
See the sample directory structure.
Option Description /home/blockchain/descriptors
Directory stores the infrastructure and deployment descriptor JSON files.
VMware Blockchain Orchestrator uses the parameter values set in the infrastructure and deployment descriptor files during provisioning.
/home/blockchain/output
Directory stores the deployment details, such as IP address, Replica and Client node names, blockchain ID, and consortium ID.
INFRA_DESC_FILENAME=infrastructure_descriptor.json
File provides infrastructure details for deployment that VMware Blockchain Orchestrator uses to prescribe the parameters and connect to AWS.
DEPLOY_DESC_FILENAME=deployment_descriptor.json
File provides deployment details for Replica and Client nodes. If you deploy Full Copy Client nodes, the deployment details are included in this file.
For example, the file also consists of zone names, client group names, and IP addresses.
- Verify that the Docker containers are running.
cd ~blockchain/orchestrator-runtime docker ps -a
The Docker containers that are running appear.
blockchain@localhost [ ~ ]$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a20b7fbeacff athena-docker-local.artifactory.eng.vmware.com/persephone-configuration:0.0.0.2323 "java -Dspring.confi…" 2 minutes ago Up 2 minutes 0.0.0.0:9003->9003/tcp, 0.0.0.0:8000->9023/tcp orchestrator-runtime_config-service_1 10cdca6852d8 athena-docker-local.artifactory.eng.vmware.com/persephone-provisioning:0.0.0.2323 "java -Dspring.confi…" 2 minutes ago Up 2 minutes 8000/tcp, 0.0.0.0:9002->9002/tcp orchestrator-runtime_persephone-provisioning_1
- If the Docker containers are not running, then restart the Docker containers.
- Log into the VMware Blockchain Orchestrator appliance.
- Restart the system service, which in turn starts the Docker containers.
systemctl restart blockchain.service
- Create the infrastructure and deployment descriptor files in the descriptor directory.
VMware Blockchain Orchestrator uses the variables defined in these descriptor files to provision the VMware Blockchain nodes.
Sample infrastructure_descriptor.json file to deploy to AWS.
{ "organization": { "damlSdkVersion": "2.4.0", "blockchainVersion": "1.8.0.0.53" }, "zones": [ { "name": "zone-A", "region": "us-east-1", "credentials": { "accessKeyId": "<access-key-id>", "secretAccessKey": "<secret-access-key>", "sessionToken" : "<session-token>" }, "network": { "subnetId": "subnet-02bd7fc869499e90a", "securityGroupIds": [ "sg-00f7cbfdca902d1ff" ] }, "containerRegistry": { "url": "https://vmwaresaas.jfrog.io", "userName": "vmbc-token", "password": "<password>" }, "wavefront": { "url": "https://vmware.wavefront.com/api/", "token": "90e3b381-6779-41ce-9f4f-d08a9d72d68b" }, "logManagement": [ { "type": "AWS_CLOUDWATCH", "cloudwatchLogConfig": { "region": "us-east-1", "logGroupName": "castor-group", "logStreamName": "castor-stream" } } ] } ] }
- Validate your infrastructure descriptor file semantics against the infrastructure-descriptor-v1.schema.
- Validate your deployment descriptor file semantics against the deployment-descriptor-v1.schema.
- Validate that the credentials, network name, and folder name are correctly populated to avoid errors.
ORCHESTRATOR_DESCRIPTORS_DIR=/home/blockchain/descriptors INFRA_DESC_FILENAME=infrastructure_descriptor.json DEPLOY_DESC_FILENAME=deployment_descriptor.json ORCHESTRATOR_OUTPUT_DIR=/home/blockchain/output ORCHESTRATOR_DEPLOYMENT_TYPE=VALIDATE docker-compose -f docker-compose-orchestrator.yml up
- Encrypt and redirect the infrastructure and the deployment descriptor files for added security.
- Encrypt the infrastructure_descriptor.json file.
$HOME/descriptors > ansible-vault encrypt infrastructure_descriptor.json New Vault password: Confirm New Vault password: Encryption successful
- Encrypt the deployment_descriptor.json file.
$HOME/descriptors > ansible-vault encrypt deployment_descriptor.json New Vault password: Confirm New Vault password: Encryption successful
- Configure the two environment variable values.
ORCHESTRATOR_OUTPUT_DIR - The output directory where the output file is written.
ORCHESTRATOR_DEPLOYMENT_TYPE - Set deployment type to PROVISION.
- Run the secure-orchestrator.sh script from the orchestrator_runtime directory.
ORCHESTRATOR_OUTPUT_DIR=$HOME/output ORCHESTRATOR_DEPLOYMENT_TYPE=PROVISION ./secure-orchestrator.sh
The script creates temporary files.
/dev/shm/orchestrator-awsIGoa0JA/infra_descriptor
/dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor
- Redirect the decrypted infrastructure_descriptor.json to the infrastructure_descriptor file location.
Use the vault password used to encrypt the infrastructure_descriptor.json file.
ansible-vault view $HOME/descriptors/infrastructure_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/infra_descriptor
- Redirect the decrypted deployment_descriptor.json to the deployment_descriptor file location.
Use the vault password used to encrypt the deployment_descriptor.json file.
ansible-vault view $HOME/descriptors/deployment_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor
After the script completes running, the temporary files are deleted.
- (Optional) If the script fails or the secure_orchestrator.sh script is terminated, delete the temporary folder under the /dev/shm/orchestrator-* directory.
- Encrypt the infrastructure_descriptor.json file.
- Run the VMware Blockchain Orchestrator deployment script.
ORCHESTRATOR_DESCRIPTORS_DIR=/home/blockchain/descriptors INFRA_DESC_FILENAME=infrastructure_descriptor.json DEPLOY_DESC_FILENAME=deployment_descriptor.json ORCHESTRATOR_OUTPUT_DIR=/home/blockchain/output docker-compose -f docker-compose-orchestrator.yml up
- (Optional) If you have enabled the pullMetricsEndpoint parameter, you can run the command and retrieve the monitoring metrics data.
# If using username/password use http curl -i -u '<username>:<password>' http://<VM-IP>:9273/metrics # If using TLS use https curl -i -l -u '<username>:<password>' https://<VM-IP>:9273/metrics -k
Results
After a successful deployment, the VMware Blockchain Orchestrator creates and saves the deployment results in the /home/blockchain/output directory.
If your deployment fails, identify the error and fix it before redeploying the VMware Blockchain nodes.
What to do next
Verify that the Replica node includes all the parameter values set in the deployment descriptor. See Validate a Replica Node in VMware Blockchain Orchestrator on AWS.