Corporate Corda KYC Deployment Instructions
User Manual:
Open the PDF directly: View PDF .
Page Count: 13
Download | |
Open PDF In Browser | View PDF |
Corporate CordaKYC - Deployment Instructions About this page Key Contact: austin.moothart@r3.com Pre-requisites Creating an Azure Cloud Platform VM Setup an Azure VM Create a Resource Group Launch the VM Connect to your VM Configure Network Access Deploy Corda KYC to Azure Deployment Steps Log into your Azure VM: Download scripts to your VM Run Install Script Ensure the service is running Bootstrap the Corda KYC application Test Your Deployment Redeploy components of the KYC solution Uninstall and start over FAQs By the end of this walkthrough you will deploy the Corda KYC Application to Corda Testnet. Then you'll be able to use the Corda KYC Application (CorDapp) to interact with other "banks" and "customers". Corda Testnet allows CorDapps to interact with one another with well established identities in a peer to peer manner. This guide will take go through the steps to set up a virtual machine (VM) on the Azure Cloud Platform and then deploy the KYC application to this Azure VM. There are two different kinds of applications you can deploy: "bank" and "customer". This guide will allow you to deploy either or both roles. If you deploy both roles please so on separate VMs. Pre-requisites This is a highly technical guide so development experience is recommended. The Azure UI changes frequently so the screenshots may differ from what you see. There are many steps, please take care to follow all steps as skipping a step can result in confusing issues. If you need support please contact au stin.moothart@r3.com Ensure you have a registered Microsoft Azure account which can create virtual machines and you are logged on to the Azure portal: https ://portal.azure.com. Step 1 Creating an Azure Cloud Platform VM Setup an Azure VM Browse to https://portal.azure.com and log in with your Microsoft account. Create a Resource Group Create a resource group in the Azure portal https://portal.azure.com/#create/Microsoft.ResourceGroup The resource group will hold all of the services that you create in Azure. For more information see Microsoft's documentation: https://do cs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview For more information see Microsoft's documentation: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview Launch the VM Next we're going to create a basic Azure VM to host the Corda application. Click "Virtual Machines" in the left navigation and click "Add" to create a new VM. In this example we are going to use an Ubuntu server. Select "Ubuntu Server 18.04 LTS" and click "Create". Azure provides a wizard to walk through to configure your new VM Step 1 Basics: Required fields Name: this is the name of your VM in the Azure Portal. For example: "kyc-bank-q4" and "kyc-customer-q4" was used for R3 hosted Corda applications User name: the username for logging into the VM Authentication type: an SSH key or a password for your user. Recommendation: if you prefer simple access use a password. Choose the authentication you prefer, both SSH and password will work If you would like to use an SSH key (Mac/Linux) run this command: ssh-keygen -t rsa Follow the steps for key generation and ensure the keys are stored under ~/.ssh/ Resource group: choose the resource group we created earlier from the "Use existing" dropdown. Location: Select a cloud region geographically near to your location to host your VM. Click on OK. Step 2 Size: Choose the "D4S_V3 Standard" option and click "Select". The Corda KYC Can also run on "D2S_V3 Standard" if you'd like to run on lower compute VM instances. Step 3 Settings: Only one setting needs to change: "Select inbound public ports". Choose "SSH (22)" and "HTTP (80)" from the list as this is how we will log into the machine. There is a warning about exposing this port to the Internet which we will ignore because this is a temporary instance. Click "OK" Step 4: Your instance is now ready to create. Click Create and wait a few minutes for your instance to provision and start running. You can find your new VM by clicking on "Virtual Machines" in the left navigation again Connect to your VM Once your instance is running click on the "Connect" button and copy the ssh command. For example: ssh@ If you used an SSH key it will look like: ssh -i ~/.ssh/ @ Enter the ssh command into your terminal. At the prompt to continue connecting type yes. For password: then enter the password you configured earlier For SSH: enter the key's password if you set one Once logged you should see a terminal that looks like this: Success! Hang onto this session, we'll come back to it shortly. Configure Network Access Because this VM is on the public internet access is closed by default so we need to configure access. Open application ports Back in the Azure portal for your VM click on networking: Click on add inbound port rule Add 1 rules with all required ports with any name and any priority: Port range: 8080,8282,10002-10004,10103,1416 Name: kyc Public Azure DNS We're going to Azure's DNS service for simplicity. You can configure this from the VM overview screen by clicking "configure" under "DNS name". Provide a host name you'd like to use. Examples for this project include: kyc-bank-q4 => http://kyc-bank-q4.eastus2.cloudapp.azure.com kyc-customer-q4 => http://kyc-customer-q4.eastus2.cloudapp.azure.com Note: please use a different host name than our examples. Congratulations! You've successfully deployed and configured an Azure VM. Once you're ready, move onto "Deploy Corda KYC to Azure" below. Step 2 Deploy Corda KYC to Azure In this next section we'll deploy Corda KYC to your Azure VM from pre-built Docker containers. The deployment process is scripted, we'll walk through each step of the scripted deployment process. Bank vs Customer role You will see references to "bank" and "customer" in the documentation. Each time you see this you should use the role that you're trying to deploy and not necessarily what you see in documentation. Deployment Steps 1. 2. 3. 4. 5. 6. Log into your Azure VM Upload scripts to your VM Run install script Ensure the service is running Bootstrap your KYC Cordapp Test your deployment Log into your Azure VM: SSH into your instance using the same command from the Azure deployment guide: ssh @ OR ssh -i ~/.ssh/ @ Introduction to SSH SSH allows you to remotely log into a computer with a command line. Windows: Many engineers like using Putty to connect to remote machines: https://www.putty.org/ Mac: Using terminal you should have access to the command "ssh" which you can use to run the above command. NOTE: many trial participants encounter connectivity issues reaching their Azure VMs. Please check any firewall restrictions your company has in place as these commonly block access. Download scripts to your VM There is one script for deployment and sample customer data provided to help you run the Corda KYC trial. These are available on basecamp: wget -O cordapp-trial.sh https://public.3.basecamp.com/p/kPKebNKpnkC2MBrEZDLJuPmu/upload/download/cordapp-trial sudo chmod a+x cordapp-trial.sh The trial script has 3 options: install, uninstall and bootstrap. 1. --install => Deploys Corda KYC 2. --uninstall => Remove Corda KYC 3. --bootstrap => Loads starting data for the KYC use case and joins the trial business network If you're deploying a customer node then download the data R3 posted for you company from Basecamp: https://3.basecamp.com/4051272/ buckets/9293063/vaults/1384658891 wget -O /tmp/corda/customerData.json Customer data download link The link for the public url will be in the notes of the file that is hosted on basecamp. For example: The customer data is available at /tmp/corda/customerData.json => Data for your fake company in the trial. Testnet Identity Please ensure the R3 team has approved and configured your testnet account prior to proceeding. Run Install Script The first command to run is "./cordapp-trial.sh --install". From your ssh session run this script and answer the 5 questions which are asked. Ensure to provide accurate answers or the deployment may fail. The following are example answers from a successful customer deployment: Which KYC role would you like to deploy? (attester/bank/customer/datastore) customer Enter the Azure Host Name for your Azure VM .eastus2.cloudapp.azure.com Enter a one time access key from Corda Testnet (see below for one time key instructions) 73f14f04-cb4b-4323-930f-c8cd27516daa What country will be on your X500 directory? US What locality will be on your X500 directory? New York One time Access Key Retrieve your one time key by logging into https://testnet.corda.network/platform Once logged in, copy the text in the "Copy this script to your terminal" box. We only need the UUID at this time. You do not need to press the "Copy" button. Paste this UUID into the build script in your Azure terminal. Wait The script takes several minutes to run as all the components are downloaded and installed. Once completed check the logs to see if there were any errors. If so, resolve them and try again (see uninstall) or contact R3 to get support. Ensure the service is running The services take about 60 seconds to start up. You can check on their status by using: sudo docker ps -a The running services should look like this. Check the status and make sure no container has "exited". Debug commands Tail the logs: sudo docker logs -f customer_cordapp sudo docker logs -f customer_service sudo docker logs -f customer_ui Restart a Docker container sudo docker restart customer_cordapp sudo docker restart customer_bank sudo docker restart customer_ui Log into a Docker container sudo docker exec -it customer_cordapp bash Note: logs are available in /opt/corda/logs sudo docker exec -it customer_service bash sudo docker exec -it customer_ui bash Bootstrap the Corda KYC application The last step is to load the initial KYC data into your node with a process called "bootstrapping". You can do this by running the cordapp-trial script with a flag --bootstrap, provided by R3. Both banks and customers will set the KYC fields and join the KYC Trial Business Network. There will be 3 questions. Ensure the answers are accurate or the bootstrapping process may fail. The following are example answers from a successful bootstrap: Which KYC role would you like to bootstrap? (attester/bank/customer/datastore) customer What host name is your cordapp hosted at? kyc-customer-q4.eastus2.cloudapp.azure.com Which alternative name on the network do you want to use? (Please note name will be visible to others) Primary Customer KYC Q4 Trial The response should look similar to: [ "KycFieldMaster Transaction id 002965ED572E17782DABB87FA4E0F56C197D801FDA49A499661C89FE21D823CD committed to ledger.", "KycGroupMaster Transaction id 431FB8DEA585A374CDB454ED68F2BAAFA2E39CDA77D8D6637D6A296FA39EF424 committed to ledger." ] [ "KycFieldMaster Transaction id 8FC5AE3E51BA3374A0BF234BFC56D6E021F50C8E91A7E3057F1FC1BFC73E278A committed to ledger.", "KycGroupMaster Transaction id F8B9726F8CFA80044606AF88B06891D620BE40B710A9A1FE1C93B0DF02F85B01 committed to ledger." ] Transaction ids [`CreateProfile: 7887E8F13CB95DF374E65C021C9CF794E8D8083072B7CEE0DF894A56084820D7`, `DocumentUpload: 2D8CC04A1C584295D9F3FD872E8BCB6E9F8736404C32A924010E6AA33C6B95C1`, `HeadlineInfo: 3A383BB1F4B142B8958268539A5822D20A512598019A8F07EBDF53E04EC33951`] committed to ledger. Default attestation complete with transaction Id: E1B69C38B0054D91BF60A71AFD0CCF6DC36AB0793A6ED77C9AF52A98FC29E6A4 Customer Bootstrapping - Extra Response There is an additional step with customers to upload sample customer data. Ensure that the bootstrap script also output information like the one below: Transaction ids [`CreateProfile: 545D004992035DAB188682F4B78F5E908DCA880BC158BFC75BA6BAB6F3003FFB`, `DocumentUpload: AA2BB17D7D6A12D6C43F2BA53A9F2656559425F2C55A13D2C543EC9C5F1D63F2`, `HeadlineInfo: 8AB2BA532E6C1C6A2EFAF678493A33FF8B47C76328015235DC543BFC8DE35F38`] committed to ledger. Default attestation complete with transaction Id: 6AF90D361C310E54C20A52BDC355DED7AD7D0168193265F24124B6C21BAF34B5 Test Your Deployment You're done! Last step of your deployment, navigate to the newly running services on Azure to see the deployed KYC application: {your url}.{your region}.cloudapp.azure.com => KYC UI {your url}.{your region}.cloudapp.azure.com:10004 => Cordapp basic UI Default login credentials Default login to Bank username: b1 password: b1 Default login to Customer username: c1 password: c1 Redeploy components of the KYC solution In the event that something breaks or you need to update the application you can run the script for the service you want to redeploy. Not yet implemented. If you redeploy the cordapp make sure to run bootstrap again to reload both KYC, customer and default attester info. Uninstall and start over If at any point you are concerned something broke and you can't make forward progress you can uninstall and start over. Run "uninstall.sh" and specify which role you are uninstalling. The script will take a moment and you will see output similar to the following: Uninstall Clears Data By uninstalling your Corda KYC application this will clear all your data. You will need to rejoin the network and go through the KYC process again. FAQs How do I get another one time key for a Testnet deployment? Refresh https://testnet.corda.network/platform and copy the new key that shows up. Why isn't my cordapp showing up in Testnet? New nodes can take up to 10 minutes to appear in the network map list.
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No Modify Date : 2018:12:10 00:15:56Z Create Date : 2018:12:10 00:15:56Z Producer : iText 2.1.7 by 1T3XT Page Mode : UseOutlines Page Count : 13EXIF Metadata provided by EXIF.tools