Comments (10)
I've asked @ianco to do the 0.7.3-rc0 update and the adding of the multi-ledger support per #109 . He might need to ask you questions, @esune about this. Once that is in place, I'm guessing it is easy to add the configuration for a new instance -- although it will be a little more fun to go through the deployment process...
from essential-services-delivery.
@wadeking98 -- please start this when you can, beginning with some guidance from @esune and @WadeBarnes.
Not even sure I have created this issue in the right repo -- so we might have to move it.
@jljordan42 -- heads up on this work.
from essential-services-delivery.
@wadeking98 -- please start this when you can, beginning with some guidance from @esune and @WadeBarnes.
Not even sure I have created this issue in the right repo -- so we might have to move it.
@jljordan42 -- heads up on this work.
The configurations for unverified person are in https://github.com/bcgov/essential-services-delivery (openvp
profile).
from essential-services-delivery.
@esune - do those configurations include the ledger being used or is that somewhere else? Can you point out where that is controlled? We'll need to adjust to support multi-ledgers as now implemented in ACA-Py, including defining the proof request to accept credentials from multiple schema or multiple cred defs.
Should this issue be moved to the https://github.com/bcgov/essential-services-delivery repo? Are there any changes needed here that will have to be made to deploy the new issuer instance?
from essential-services-delivery.
@esune - do those configurations include the ledger being used or is that somewhere else? Can you point out where that is controlled? We'll need to adjust to support multi-ledgers as now implemented in ACA-Py, including defining the proof request to accept credentials from multiple schema or multiple cred defs.
Should this issue be moved to the https://github.com/bcgov/essential-services-delivery repo? Are there any changes needed here that will have to be made to deploy the new issuer instance?
I would move it to essential-services-delivery
for consistency, since the "original" unverified person service configurations are there.
The ledger is inferred by the Genesis URL
parameter used to configure the agent, I do not know how this has changed for multi-ledger so I might need to get a quick update on that in order to provide input.
from essential-services-delivery.
As a recap of the conversation I had with @ianco on how to proceed to deploy a new issuer attached to the CANdy network.
- Make a copy of the openvp profile to something like
settings.openvp-candy.sh
- Make copies of all of the
*.openvp.*.param
files in agent, api and issuer-web, renaming them to use the same profile name chosen at step 1 (e.g.:openvp-candy
) - Update the
GENESIS_FILE_URL
parameter (example) to point to CANdy and setAGENT_READ_ONLY_LEDGER
(example) to `true: this will start the agent in read-only mode the first time, allowing it to create a did/verkey pair - Communicate the generated did/verkey to @WadeBarnes to be registered as Endorser on CANdy, then set
AGENT_READ_ONLY_LEDGER
to false and restart it. Theapi
service will need to be restarted as well, as it needs an agent with write capabilities to write schema/creddef to the ledger.
This should cover creating a new issuer. Make sure that the configuration files in the config
folder for api
and issuer-web
are duplicated for the new profile as well, and tweaked as necessary (e.g.: to account for the new URL names, everything follows the same naming convention as the profile so it should be relatively easy to search and carefully replace values).
As a bonus step, the agent build configuration can be updated to use the newer aca-py image (see here).
Let me know if I missed something or something else is required and I'll make some time to help! 😉
from essential-services-delivery.
A second bonus step is to add the multi-ledger functionality, so that the verifier parts of these can use multiple ledgers, and the issuer part uses one specific ledger from the list. And documentation about that...
Thanks!
from essential-services-delivery.
- Update the
GENESIS_FILE_URL
parameter (example) to point to CANdy and setAGENT_READ_ONLY_LEDGER
(example) to `true: this will start the agent in read-only mode the first time, allowing it to create a did/verkey pair- Communicate the generated did/verkey to @WadeBarnes to be registered as Endorser on CANdy, then set
AGENT_READ_ONLY_LEDGER
to false and restart it. Theapi
service will need to be restarted as well, as it needs an agent with write capabilities to write schema/creddef to the ledger.
@esune It looks like the agents start with a seed INDY_WALLET_SEED
, so don't we just provide the seed via openshift secret and then we don't have to go through the "two-step" with starting/restarting the agent?
from essential-services-delivery.
- Update the
GENESIS_FILE_URL
parameter (example) to point to CANdy and setAGENT_READ_ONLY_LEDGER
(example) to `true: this will start the agent in read-only mode the first time, allowing it to create a did/verkey pair- Communicate the generated did/verkey to @WadeBarnes to be registered as Endorser on CANdy, then set
AGENT_READ_ONLY_LEDGER
to false and restart it. Theapi
service will need to be restarted as well, as it needs an agent with write capabilities to write schema/creddef to the ledger.@esune It looks like the agents start with a seed
INDY_WALLET_SEED
, so don't we just provide the seed via openshift secret and then we don't have to go through the "two-step" with starting/restarting the agent?
Yep, that is correct. The first start, however, needs to be in read-only mode otherwise the agent won't be able to start-up correctly without the DID being registered on the ledger.
from essential-services-delivery.
The new issuers have been deployed:
Full list of environments:
dev: https://openvp-candy-issuer-dev.apps.silver.devops.gov.bc.ca/
test: https://openvp-candy-issuer-test.apps.silver.devops.gov.bc.ca/
prod: https://openvp-candy-dev.vonx.io/
The first credential to be issued from the CANdy Dev network:
from essential-services-delivery.
Related Issues (17)
- Update vc-authn URLs with OCP4 ones
- It's Been a While Since This Repository has Been Updated
- Update essential services delivery instances to use ACA-Py 0.7.3(-rc0 or not) and two ledgers HOT 7
- It's Been a While Since This Repository has Been Updated HOT 1
- Migrate OpenVP-CANdy services to use the BC Endorser Service HOT 3
- Update Unverified Person Credential references
- It's Been a While Since This Repository has Been Updated
- Issuer agent instances being heavily throttled in Demo Apps (a99fd4) environments
- Add missing topics HOT 1
- Update deployment configurations to match new IssuerKit HOT 1
- Add project lifecycle badge
- Deploy a sequence of Issuers and a Verifier for the ISED Business Banking Initiative Flow HOT 2
- Review resource limits HOT 1
- Update Visual Verifier deployment configurations HOT 2
- Add optional help text to isuer configurations
- Deploy services to prod HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from essential-services-delivery.