Migrate demo apps to Sovrin StagingNet
esune opened this issue · 10 comments
To promote interoperability and collaboration with the Hyperledger Indy community, we decide to migrate our demo applications from BCovrin Test to Sovrin StagingNet.
In general, registering the existing agents on StagingNet and switching them to point to the new ledger should be enough.
Notes:
- We need to deploy a new instance of vc-authn targeting Sovrin StagingNet. The existing instance will remain to support the apps still targeting BCovrin Test.
- All the configurations in the deployed instance of
vc-authn
will need to be applied for the apps to be able to use the OIDC authentication against the service.
- All the configurations in the deployed instance of
- Deployment configurations will need to be updated accordingly if any of the agent endpoints change.
Plan of Attack
prod
environments and services will initially be registered with Sovrin StagingNet and will eventually be registered with Sovrin MainNet once the services transition to full production mode.
The vc-authn-oidc
instances in the TrustOverIP environment(s) will be used to replace the single vc-authn-oidc
instance in devex-von-prod
.
Agent wallets can be reset, as all schemas and cred-defs will be reissued on the new ledger. Existing Seeds and DIDs will be retained.
Migrate exiting TrustOverIP services to Sovrin StagingNet
- Emiliano - Register
vc-authn-oidc
instances with Sovrin StagingNet- Dev
- Test
- Emiliano - Register
issuer-a2a
instances with Sovrin StagingNet- Dev
- Test
- There is no
issuer-a2a
instance inprod
. These are meant for development and testing purposes only.
Migrate the Essential Services Delivery Demo Apps to Sovrin StagingNet
Essential Services Delivery Demo instances will be configured to use the TrustOverIP vc-authn-oidc
instances.
-
ESD
dev
-> TrustOverIPdev
-
ESD
test
-> TrustOverIPtest
-
ESD
prod
-> TrustOverIPtest
; since the ESD demo apps will never be registered on Sovrin MainNet, where the TrustOverIPprod
environment will eventually be registered on Sovrin MainNet. -
Emiliano - Register the services with the TrustOverIP
vc-authn-oidc
instances. -
Emiliano - Update the authentication configurations for the issuers.
-
Emiliano - Update the
oidc-rp-provider-endpoint
setting for the visual verifier instances. -
Emiliano - Deploy the updated authentication configurations for the issuers.
-
Emiliano - Deploy the
oidc-rp-provider-endpoint
settings updates for the visual verifier instances. -
Emiliano - Register the agent instances with Sovrin StagingNet
-
bztwou-dev
- agent-esr1
- issuer-web-esr1
- agent-esr2
- issuer-web-esr2
- agent-healthbc
- issuer-web-healthbc
- agent-medlab
- issuer-web-medlab
- agent-openvp
- issuer-web-openvp
- visual-verifier-safe-entry
- visual-verifier-safe-entry-c19
-
bztwou-test
- agent-esr1
- issuer-web-esr1
- agent-esr2
- issuer-web-esr2
- agent-healthbc
- issuer-web-healthbc
- agent-medlab
- issuer-web-medlab
- agent-openvp
- issuer-web-openvp
- visual-verifier-safe-entry
- visual-verifier-safe-entry-c19
-
bztwou-prod
- agent-esr1
- issuer-web-esr1
- agent-esr2
- issuer-web-esr2
- agent-healthbc
- issuer-web-healthbc
- agent-medlab
- issuer-web-medlab
- agent-openvp
- issuer-web-openvp
- visual-verifier-safe-entry
- visual-verifier-safe-entry-c19
Migrate the Identity Kit Demo Agents to Sovrin StagingNet
Identity Kit Demo Agents instances will be configured to use the TrustOverIP vc-authn-oidc
instances.
-
IDK
devex-von-test
-> TrustOverIPtest
-
IDK
devex-von-prod
-> TrustOverIPtest
; since the IDK demos will never be registered on Sovrin MainNet, where the TrustOverIPprod
environment will eventually be registered on Sovrin MainNet. -
Emiliano - Update the associated KeyCloak configurations to point to the TrustOverIP
vc-authn-oidc
instance. -
Emiliano - Register the agent instances with Sovrin StagingNet
-
devex-von-test
- identity-kit-agent-bc
-
devex-von-prod
- identity-kit-agent-bc
Migrate the Email Verification Service and ConfBook Demo Apps to Sovrin StagingNet
-
Emiliano - Register the agent instances with Sovrin StagingNet
-
devex-von-image-tools
- email-verification-agent
- iiw-book-agent
In addition to the technical updates, a number of documents in a variety of repos will need to be updated to change the references from test.bcovrin...
to something appropriate for the new ledger being used.
We have a full set of vc-authn-oidc
instances (dev
, test
, prod
) in the TrustOverIP environments. Should we just migrate everything over to those? We could wire dev
and test
to Sovrin StagingNet, and when the time comes prod
to Sovrin MainNet.
@esune, Other than the dependency on a vc-authn-oidc
, the Essential Services Delivery instances are self contained; correct?
Wallets will need to be reset
@esune, Where are we currently hosting instances of vc-authn-oidc
, and what services are registered with each?
@WadeBarnes as discussed in person, we only have one instance of vc-authn-oidc
in devex-von-prod
. The idea will be to switch to using the instances in the ToIP namespaces and get rid of the old one.
A new PR has been opened with the changes required by the issuer services in to use the new vc-authn-controller
instances.
The settings for the visual-verifier
instances have been updated as well: a redeploy is required for changes to be effective.
All the proof-configurations have been posted to the appropriate vc-authn-controller
instances and so that they will be ready to go once the new issuer services are deployed.
Assumptions made:
- The issuer service URLs will remain unchanged
- The issuer service DIDs will remain unchanged
If any of the above is not true, additional tweaks will be required for the settings to match the environments and work correctly.
@esune, the above assumptions are correct.
All services successfully migrated to StagingNet
All environments have been tested.