-
Notifications
You must be signed in to change notification settings - Fork 687
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #254 from Azure-Samples/caleteet-secupdate
Caleteet secupdate
- Loading branch information
Showing
25 changed files
with
191 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# Migration of Azure Blockchain Workbench from ABS to another ledger | ||
|
||
With the deprecation of Azure Blockchain Service, users of the Azure Blockchain Workbench, that have chosen to use Azure Blockchain Service will need to adjust the RPC endpoint configured in ABW to ensure that post migration, the workflow and applications deployed with ABW will continue to function. Depending on the users desire for future ABW work, there are a few options. | ||
|
||
## Option 1 - Migration from Azure Blockchain Service (moderate) | ||
|
||
Migration from ABS to QBS or another Quorum stack is considered a supported scenario, however it will require some work of the user as the settings to reconfigure Azure Blockchain Workbench are internal to the service. The steps to perform this are: | ||
|
||
1. First, request the [export](https://docs.microsoft.com/en-us/azure/blockchain/service/migration-guide#export-data-from-azure-blockchain-service) of the blockchain data from the Azure Blockchain Service instance. Once the export is completed, the new instance of Quorum needs to be created and running. | ||
|
||
2. Next, open the Azure portal to the resource group containing the Azure Blockchain Workbench deployed resources. | ||
|
||
![Resource group view](media/resource-group.png) | ||
|
||
3. Click on the SQL database, there should be only one. | ||
|
||
![Sql database](media/sql.png) | ||
|
||
4. Click on Query Editor. | ||
|
||
![Query database](media/query.png) | ||
|
||
5. Enter you DB username / password that was used to deploy the resources initially. `NOTE: You may need to whitelist the Azure IP for access.` | ||
|
||
![SQL login](media/sqllogin.png) | ||
|
||
6. Run the following command to view the Connections to ledgers. `SELECT * FROM [dbo].[Connection]` | ||
|
||
![SQL Query run](media/queryrun.png) | ||
|
||
7. Now update the update the connection with the new RPC endpoint. `UPDATE [dbo].[Connection] SET EndPointURL = <your new rpc endpoint> WHERE Id = <id of connection>` | ||
|
||
![SQL update run](media/queryupdaterun.png) | ||
|
||
8. Now navigate back to the resource group and open the Azure Key Vault resource. | ||
|
||
![Azure Key Vault](media/keyvault.png) | ||
|
||
9. Add your AAD profile to the Access Policies. | ||
|
||
![Key vault access policy](media/accesspolicy.png) | ||
|
||
10. Select `SET, GET, LIST` under Secrets for access. | ||
|
||
![Key vault secret permissions](media/perms.png) | ||
|
||
11. Click Add and then Save. | ||
|
||
![Save secret policies](media/save.png) | ||
|
||
12. Click on Secrets. | ||
|
||
![Secrets](media/secrets.png) | ||
|
||
13. Click on `blockchainRpcConnectionString` secret. | ||
|
||
![Blockchain connection secret](media/secrets2.png) | ||
|
||
14. Click add new version. | ||
|
||
![Add new secret version](media/createSecretVersion.png) | ||
|
||
15. Paste the new RPC endpoint in the secret and save. | ||
|
||
16. Restart the VMSS nodes. | ||
|
||
![Restart VMSS](media/restart.png) | ||
|
||
## Option 2 - Creating a new Azure Blockchain Workbench instance, connecting to a migrated ABS instance (easy) | ||
|
||
Another option is to create a new instance of Azure Blockchain Workbench, connected to the migrated of Quorum either via QBS or manually. The steps to perform this are: | ||
|
||
1. First, request the export of the blockchain data from the Azure Blockchain Service instance. Once the export is completed, the new instance of Quorum needs to be created and running. | ||
|
||
2. Next, create a new instance of Azure Blockchain Workbench and in the advanced settings use the RPC endpoint of the Quorum node created in step 1. | ||
|
||
![Workbench custom rpc endpoint](media/workbench.png) | ||
|
||
``` | ||
The ability to attach an existing ABW instance to a new blockchain ledger is not supported | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
# Migration from ABS to Quorum Standalone for Logic Apps using Ethereum | ||
|
||
With the deprecation of Azure Blockchain Service, users of the Ethereum connectors for Logics App will need to adjust the connection used by the Logic App to use the updated ledger RPC endpoint. Listed below are the steps to modify existing Logic Apps. | ||
|
||
## Connection Manager | ||
|
||
The Logic App connectors for Ethereum require an account that will perform the transaction with the Ethereum endpoint, so in addition to the new endpoint, an account will be required. There are a few options here. | ||
|
||
- Member Account - If the Logic App connection was setup to use the member account with ABS, the user will need to provide the password that was used when the transaction node in Azure Blockchain Service was provisioned. | ||
|
||
- Private Key - If the Logic App used the Private Key option for the account when setup, the user can simply provide the same Private Key for the update. | ||
|
||
- Account Unknown - If the Logic App was provisioned with either the Member Account or Private Key and the user does not have the password or key, a new keyfile can be generated and used. | ||
|
||
### Member Account | ||
|
||
For the member account: | ||
|
||
1. Open the Logic App Designer | ||
|
||
![Logic App Designer](media/designer.png) | ||
|
||
2. Expand the Ethereum section | ||
|
||
![Ethereum Logic App Section](media/ethereum.png) | ||
|
||
3. Click Change connection. | ||
|
||
![Change Ethereum connection](media/connection.png) | ||
|
||
4. Click Add new button | ||
|
||
![Add new connection](media/addnew.png) | ||
|
||
5. Provide a new name for the connection, the new Ethereum endpoint, the account address, and the account password. | ||
|
||
![Add connection details](media/addconnectiondetails.png) | ||
|
||
``` | ||
NOTE: The account address here will be the same account address that was available in Azure Blockchain Service. The migration of ABS to QBS brings these accounts over to the new infrastructure, with only the password required to unlock the account provided by the user. | ||
``` | ||
|
||
### Private Key | ||
|
||
For the private key: | ||
|
||
1. Open the Logic App Designer | ||
|
||
![Logic App Designer](media/designer.png) | ||
|
||
2. Expand the Ethereum section | ||
|
||
![Ethereum Logic App Section](media/ethereum.png) | ||
|
||
3. Click Change connection. | ||
|
||
![Change Ethereum connection](media/connection.png) | ||
|
||
4. Click Add new button | ||
|
||
![Add new connection](media/addnew.png) | ||
|
||
5. Provide a new name for the connection, the new Ethereum endpoint, and the private key. | ||
|
||
![Add connection details](media/addconnectiondetails-pk.png) | ||
|
||
``` | ||
NOTE: The private key used here will be a valid private key for a key pair generated for use with Ethereum. | ||
``` | ||
|
||
### Account Unknown | ||
|
||
If the account is unknown, a new keyfile will need to be created and added to the node. | ||
|
||
1. Generate a new keyfile | ||
|
||
a. To generate a new keyfile, the geth client can be used. This can be downloaded [here](https://geth.ethereum.org/downloads/). | ||
|
||
b. After downloading the geth client, create a new keyfile by running the following: | ||
|
||
``` | ||
./geth account new --datadir / | ||
|
||
NOTE: This will prompt for a password used to encrypt the private key and will provide the address and location of the key file. | ||
``` | ||
|
||
![Key Generation completion](media/newkey.png) | ||
|
||
2. Add the keyfile to the VM node that will be used for the transaction. | ||
|
||
3. Open the Logic App Designer | ||
|
||
![Logic App Designer](media/designer.png) | ||
|
||
4. Expand the Ethereum section | ||
|
||
![Change Ethereum connection](media/connection.png) | ||
|
||
5. Click Change connection. | ||
|
||
![Change Ethereum connection](media/connection.png) | ||
|
||
6. Click Add new button | ||
|
||
![Add new connection](media/addnew.png) | ||
|
||
7. Provide a new name for the connection, the new Ethereum endpoint, the account address, and the account password. | ||
|
||
![Add connection details](media/addconnectiondetails.png) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.