bcgov/von

Migrate demo apps to Sovrin StagingNet

esune opened this issue · 10 comments

esune commented

To promote interoperability and collaboration with the Hyperledger Indy community, we decide to migrate our demo applications from BCovrin Test to Sovrin StagingNet.

In general, registering the existing agents on StagingNet and switching them to point to the new ledger should be enough.

Notes:

  • We need to deploy a new instance of vc-authn targeting Sovrin StagingNet. The existing instance will remain to support the apps still targeting BCovrin Test.
    • All the configurations in the deployed instance of vc-authn will need to be applied for the apps to be able to use the OIDC authentication against the service.
  • Deployment configurations will need to be updated accordingly if any of the agent endpoints change.

Plan of Attack

prod environments and services will initially be registered with Sovrin StagingNet and will eventually be registered with Sovrin MainNet once the services transition to full production mode.

The vc-authn-oidc instances in the TrustOverIP environment(s) will be used to replace the single vc-authn-oidc instance in devex-von-prod.

Agent wallets can be reset, as all schemas and cred-defs will be reissued on the new ledger. Existing Seeds and DIDs will be retained.

Migrate exiting TrustOverIP services to Sovrin StagingNet

  • Emiliano - Register vc-authn-oidc instances with Sovrin StagingNet
    • Dev
    • Test
  • Emiliano - Register issuer-a2a instances with Sovrin StagingNet
    • Dev
    • Test
    • There is no issuer-a2a instance in prod. These are meant for development and testing purposes only.

Migrate the Essential Services Delivery Demo Apps to Sovrin StagingNet

Essential Services Delivery Demo instances will be configured to use the TrustOverIP vc-authn-oidc instances.

  • ESD dev -> TrustOverIP dev

  • ESD test -> TrustOverIP test

  • ESD prod -> TrustOverIP test; since the ESD demo apps will never be registered on Sovrin MainNet, where the TrustOverIP prod environment will eventually be registered on Sovrin MainNet.

  • Emiliano - Register the services with the TrustOverIP vc-authn-oidc instances.

  • Emiliano - Update the authentication configurations for the issuers.

  • Emiliano - Update the oidc-rp-provider-endpoint setting for the visual verifier instances.

  • Emiliano - Deploy the updated authentication configurations for the issuers.

  • Emiliano - Deploy the oidc-rp-provider-endpoint settings updates for the visual verifier instances.

  • Emiliano - Register the agent instances with Sovrin StagingNet

  • bztwou-dev

    • agent-esr1
    • issuer-web-esr1
    • agent-esr2
    • issuer-web-esr2
    • agent-healthbc
    • issuer-web-healthbc
    • agent-medlab
    • issuer-web-medlab
    • agent-openvp
    • issuer-web-openvp
    • visual-verifier-safe-entry
    • visual-verifier-safe-entry-c19
  • bztwou-test

    • agent-esr1
    • issuer-web-esr1
    • agent-esr2
    • issuer-web-esr2
    • agent-healthbc
    • issuer-web-healthbc
    • agent-medlab
    • issuer-web-medlab
    • agent-openvp
    • issuer-web-openvp
    • visual-verifier-safe-entry
    • visual-verifier-safe-entry-c19
  • bztwou-prod

    • agent-esr1
    • issuer-web-esr1
    • agent-esr2
    • issuer-web-esr2
    • agent-healthbc
    • issuer-web-healthbc
    • agent-medlab
    • issuer-web-medlab
    • agent-openvp
    • issuer-web-openvp
    • visual-verifier-safe-entry
    • visual-verifier-safe-entry-c19

Migrate the Identity Kit Demo Agents to Sovrin StagingNet

Identity Kit Demo Agents instances will be configured to use the TrustOverIP vc-authn-oidc instances.

  • IDK devex-von-test -> TrustOverIP test

  • IDK devex-von-prod -> TrustOverIP test; since the IDK demos will never be registered on Sovrin MainNet, where the TrustOverIP prod environment will eventually be registered on Sovrin MainNet.

  • Emiliano - Update the associated KeyCloak configurations to point to the TrustOverIP vc-authn-oidc instance.

  • Emiliano - Register the agent instances with Sovrin StagingNet

  • devex-von-test

    • identity-kit-agent-bc
  • devex-von-prod

    • identity-kit-agent-bc

Migrate the Email Verification Service and ConfBook Demo Apps to Sovrin StagingNet

  • Emiliano - Register the agent instances with Sovrin StagingNet

  • devex-von-image-tools

    • email-verification-agent
    • iiw-book-agent

In addition to the technical updates, a number of documents in a variety of repos will need to be updated to change the references from test.bcovrin... to something appropriate for the new ledger being used.

We have a full set of vc-authn-oidc instances (dev, test, prod) in the TrustOverIP environments. Should we just migrate everything over to those? We could wire dev and test to Sovrin StagingNet, and when the time comes prod to Sovrin MainNet.

@esune, Other than the dependency on a vc-authn-oidc, the Essential Services Delivery instances are self contained; correct?

Wallets will need to be reset

@esune, Where are we currently hosting instances of vc-authn-oidc, and what services are registered with each?

esune commented

@WadeBarnes as discussed in person, we only have one instance of vc-authn-oidc in devex-von-prod. The idea will be to switch to using the instances in the ToIP namespaces and get rid of the old one.

esune commented

A new PR has been opened with the changes required by the issuer services in to use the new vc-authn-controller instances.

The settings for the visual-verifier instances have been updated as well: a redeploy is required for changes to be effective.

All the proof-configurations have been posted to the appropriate vc-authn-controller instances and so that they will be ready to go once the new issuer services are deployed.

Assumptions made:

  • The issuer service URLs will remain unchanged
  • The issuer service DIDs will remain unchanged

If any of the above is not true, additional tweaks will be required for the settings to match the environments and work correctly.

@esune, the above assumptions are correct.

esune commented

All services successfully migrated to StagingNet

All environments have been tested.