Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document impact of multi-ledger on TAA acceptance #1778

Merged
merged 1 commit into from
May 19, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions Multiledger.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ More background information including problem statement, design (algorithm) and
- [Read Requests](#read-requests)
- [For checking ledger in parallel](#for-checking-ledger-in-parallel)
- [Write Requests](#write-requests)
- [A Special Warning for TAA Acceptance](#a-special-warning-for-taa-acceptance)
- [Impact on other ACA-Py function](#impact-on-other-aca-py-function)

## Usage
Expand Down Expand Up @@ -104,6 +105,25 @@ If multiple ledgers are configured then `IndyLedgerRequestsExecutor` service ext

On startup, the first configured applicable ledger is assigned as the `write_ledger` [`BaseLedger`], the selection is dependant on the order (top-down) and whether it is `production` or `non_production`. For instance, considering this [example configuration](#example-config-file), ledger `bcorvinTest` will be set as `write_ledger` as it is the topmost `production` ledger. If no `production` ledgers are included in configuration then the topmost `non_production` ledger is selected.

## A Special Warning for TAA Acceptance

When you run in multi-ledger mode, ACA-Py will use the `pool-name` (or `id`) specified in the ledger configuration file for each ledger.

(When running in single-ledger mode, ACA-Py uses `default` as the ledger name.)

If you are running against a ledger in `write` mode, and the ledger requires you to accept a Transaction Author Agreement (TAA), ACA-Py stores the TAA acceptance
status in the wallet in a non-secrets record, using the ledger's `pool_name` as a key.

This means that if you are upgrading from single-ledger to multi-ledger mode, you will need to *either*:

- set the `id` for your writable ledger to `default` (in your `ledgers.yaml` file)

*or*:

- re-accept the TAA once you restart your ACA-Py in multi-ledger mode

Once you re-start ACA-Py, you can check the `GET /ledger/taa` endpoint to verify your TAA acceptance status.

## Impact on other ACA-Py function

There should be no impact/change in functionality to any ACA-Py protocols.
Expand Down
62 changes: 62 additions & 0 deletions demo/docker/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Sample docker-compose to start a local aca-py in multi-ledger mode
# To start aca-py and the postgres database, just run `docker-compose up`
# To shut down the services run `docker-compose rm` - this will retain the postgres database, so you can change aca-py startup parameters
# and restart the docker containers without losing your wallet data
# If you want to delete your wallet data just run `docker volume ls -q | xargs docker volume rm`
version: "3"
services:
vcr-agent:
image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.3
ports:
- 8010:8010
depends_on:
- wallet-db
entrypoint: /bin/bash
command: [
"-c",
"sleep 5; \
aca-py start \
--auto-provision \
--inbound-transport http '0.0.0.0' 8001 \
--endpoint 'http://host.docker.internal:8001' \
--outbound-transport http \
--genesis-transactions-list 'ledgers.yaml'
--auto-accept-invites \
--auto-accept-requests \
--auto-ping-connection \
--auto-respond-messages \
--auto-respond-credential-proposal \
--auto-respond-credential-offer \
--auto-respond-credential-request \
--auto-verify-presentation \
--wallet-type 'indy' \
--wallet-name 'acapy_agent_wallet' \
--wallet-key 'key' \
--wallet-storage-type 'postgres_storage' \
--wallet-storage-config '{\"url\":\"wallet-db:5432\",\"max_connections\":5}' \
--wallet-storage-creds '{\"account\":\"DB_USER\",\"password\":\"DB_PASSWORD\",\"admin_account\":\"postgres\",\"admin_password\":\"mysecretpassword\"}' \
--admin '0.0.0.0' 8010 \
--admin-insecure-mode \
--label 'tester_agent' \
--log-level 'info' ",
]
volumes:
- ./ledgers.yaml:/home/indy/ledgers.yaml

# note - if you want to start aca-py in single-ledger mode, replace the `--genesis-transactions-list` parameter above with:
# --genesis-url 'https://raw.githubusercontent.com/sovrin-foundation/sovrin/master/sovrin/pool_transactions_sandbox_genesis' \

wallet-db:
image: vcr-postgresql
environment:
- POSTGRESQL_USER=DB_USER
- POSTGRESQL_PASSWORD=DB_PASSWORD
- POSTGRESQL_DATABASE=DB_USER
- POSTGRESQL_ADMIN_PASSWORD=mysecretpassword
ports:
- 5433:5432
volumes:
- wallet-db-data:/var/lib/pgsql/data

volumes:
wallet-db-data:
16 changes: 16 additions & 0 deletions demo/docker/ledgers.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# the `id` is used as the `pool_name` in aca-py
# note that if you are upgrading from single- to multi-ledger, you need to *either*:
# - set the `id` of your `is_write: true` ledger to `default` (the `pool_name` used in single-ledger mode)
# *or*:
# - re-accept the TAA once you start aca-py in multi-ledger mode
# (the TAA acceptance is stored in a wallet record keyed on the `pool_name`)
- id: SOVRINSandbox
is_production: true
is_write: true
genesis_url: 'https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis'
- id: BCovrinTest
is_production: true
genesis_url: 'http://test.bcovrin.vonx.io/genesis'
- id: CANdyDev
is_production: true
genesis_url: 'https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/dev/pool_transactions_genesis'