epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-22 17:45:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[FAB-14485] Extend BYFN to opt inc cert authorities

Browse source 
Add a new "-a" option to byfn.sh that optionally deploys
certificate authorities (in Docker containers) for
organisation 1 and 2.

Change-Id: Ib58c46941aa6e8e58bac01aa3349e97d1f93b930
Signed-off-by: Simon Stone <sstone1@uk.ibm.com>
(cherry picked from commit 0c4141f2a1)
This commit is contained in:
Simon Stone 2019-03-05 11:48:43 +00:00
parent 5d0bfb9989
commit 3a1d29ce93
7 changed files with 165 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
first-network/byfn.sh
View file

@ -35,7 +35,7 @@ export VERBOSE=false
# Print the usage message # Print the usage message
function printHelp() { function printHelp() {
echo "Usage: " echo "Usage: "
echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-v]" echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-a] [-v]"
echo " <mode> - one of 'up', 'down', 'restart', 'generate' or 'upgrade'" echo " <mode> - one of 'up', 'down', 'restart', 'generate' or 'upgrade'"
echo " - 'up' - bring up the network with docker-compose up" echo " - 'up' - bring up the network with docker-compose up"
echo " - 'down' - clear the network with docker-compose down" echo " - 'down' - clear the network with docker-compose down"
@ -50,6 +50,7 @@ function printHelp() {
echo " -l <language> - the chaincode language: golang (default) or node" echo " -l <language> - the chaincode language: golang (default) or node"
echo " -o <consensus-type> - the consensus-type of the ordering service: solo (default), kafka, or etcdraft" echo " -o <consensus-type> - the consensus-type of the ordering service: solo (default), kafka, or etcdraft"
echo " -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")" echo " -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")"
echo " -a - launch certificate authorities (no certificate authorities are launched by default)"
echo " -v - verbose mode" echo " -v - verbose mode"
echo " byfn.sh -h (print this message)" echo " byfn.sh -h (print this message)"
echo echo
@ -156,29 +157,22 @@ function networkUp() {
replacePrivateKey replacePrivateKey
generateChannelArtifacts generateChannelArtifacts
fi fi
COMPOSE_FILES="-f ${COMPOSE_FILE}"
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
fi
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
fi
if [ "${IF_COUCHDB}" == "couchdb" ]; then if [ "${IF_COUCHDB}" == "couchdb" ]; then
if [ "$CONSENSUS_TYPE" == "kafka" ]; then COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
fi fi
else IMAGE_TAG=$IMAGETAG docker-compose ${COMPOSE_FILES} up -d 2>&1
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA up -d 2>&1
docker ps -a docker ps -a
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 up -d 2>&1
docker ps -a
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE up -d 2>&1
docker ps -a
fi
fi
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR !!!! Unable to start network" echo "ERROR !!!! Unable to start network"
exit 1 exit 1
@ -197,7 +191,7 @@ function networkUp() {
fi fi
# now run the end to end script # now run the end to end script
docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE $NO_CHAINCODE
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR !!!! Test failed" echo "ERROR !!!! Test failed"
exit 1 exit 1
@ -221,22 +215,19 @@ function upgradeNetwork() {
mkdir -p $LEDGERS_BACKUP mkdir -p $LEDGERS_BACKUP
export IMAGE_TAG=$IMAGETAG export IMAGE_TAG=$IMAGETAG
COMPOSE_FILES="-f ${COMPOSE_FILE}"
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
fi
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
fi
if [ "${IF_COUCHDB}" == "couchdb" ]; then if [ "${IF_COUCHDB}" == "couchdb" ]; then
if [ "$CONSENSUS_TYPE" == "kafka" ]; then COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH"
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH"
else
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH"
fi
else
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA"
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2"
else
COMPOSE_FILES="-f $COMPOSE_FILE"
fi
fi fi
# removing the cli container # removing the cli container
@ -283,7 +274,7 @@ function upgradeNetwork() {
function networkDown() { function networkDown() {
# stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3 # stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3
# stop kafka and zookeeper containers in case we're running with kafka consensus-type # stop kafka and zookeeper containers in case we're running with kafka consensus-type
docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_CA -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans
# Don't remove the generated artifacts -- note, the ledgers are always removed # Don't remove the generated artifacts -- note, the ledgers are always removed
if [ "$MODE" != "restart" ]; then if [ "$MODE" != "restart" ]; then
@ -508,6 +499,8 @@ COMPOSE_FILE_ORG3=docker-compose-org3.yaml
COMPOSE_FILE_KAFKA=docker-compose-kafka.yaml COMPOSE_FILE_KAFKA=docker-compose-kafka.yaml
# two additional etcd/raft orderers # two additional etcd/raft orderers
COMPOSE_FILE_RAFT2=docker-compose-etcdraft2.yaml COMPOSE_FILE_RAFT2=docker-compose-etcdraft2.yaml
# certificate authorities compose file
COMPOSE_FILE_CA=docker-compose-ca.yaml
# #
# use golang as the default language for chaincode # use golang as the default language for chaincode
LANGUAGE=golang LANGUAGE=golang
@ -537,7 +530,7 @@ else
exit 1 exit 1
fi fi
while getopts "h?c:t:d:f:s:l:i:o:v" opt; do while getopts "h?c:t:d:f:s:l:i:o:av" opt; do
case "$opt" in case "$opt" in
h | \?) h | \?)
printHelp printHelp
@ -567,6 +560,9 @@ while getopts "h?c:t:d:f:s:l:i:o:v" opt; do
o) o)
CONSENSUS_TYPE=$OPTARG CONSENSUS_TYPE=$OPTARG
;; ;;
a)
CERTIFICATE_AUTHORITIES=true
;;
v) v)
VERBOSE=true VERBOSE=true
;; ;;

15
first-network/connection-org1.json
View file

@ -17,6 +17,9 @@
"peers": [ "peers": [
"peer0.org1.example.com", "peer0.org1.example.com",
"peer1.org1.example.com" "peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
] ]
} }
}, },
@ -39,5 +42,17 @@
"ssl-target-name-override": "peer1.org1.example.com" "ssl-target-name-override": "peer1.org1.example.com"
} }
} }
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
} }
} }

10
first-network/connection-org1.yaml
View file

@ -13,6 +13,8 @@ organizations:
peers: peers:
- peer0.org1.example.com - peer0.org1.example.com
- peer1.org1.example.com - peer1.org1.example.com
certificateAuthorities:
- ca.org1.example.com
peers: peers:
peer0.org1.example.com: peer0.org1.example.com:
url: grpcs://localhost:7051 url: grpcs://localhost:7051
@ -26,3 +28,11 @@ peers:
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
grpcOptions: grpcOptions:
ssl-target-name-override: peer1.org1.example.com ssl-target-name-override: peer1.org1.example.com
certificateAuthorities:
ca.org1.example.com:
url: https://localhost:7054
caName: ca-org1
tlsCACerts:
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
httpOptions:
verify: false

15
first-network/connection-org2.json
View file

@ -17,6 +17,9 @@
"peers": [ "peers": [
"peer0.org2.example.com", "peer0.org2.example.com",
"peer1.org2.example.com" "peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
] ]
} }
}, },
@ -39,5 +42,17 @@
"ssl-target-name-override": "peer1.org2.example.com" "ssl-target-name-override": "peer1.org2.example.com"
} }
} }
},
"certificateAuthorities": {
"ca.org2.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org2",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
} }
} }

10
first-network/connection-org2.yaml
View file

@ -13,6 +13,8 @@ organizations:
peers: peers:
- peer0.org2.example.com - peer0.org2.example.com
- peer1.org2.example.com - peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
peers: peers:
peer0.org2.example.com: peer0.org2.example.com:
url: grpcs://localhost:9051 url: grpcs://localhost:9051
@ -26,3 +28,11 @@ peers:
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
grpcOptions: grpcOptions:
ssl-target-name-override: peer1.org2.example.com ssl-target-name-override: peer1.org2.example.com
certificateAuthorities:
ca.org2.example.com:
url: https://localhost:8054
caName: ca-org2
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
httpOptions:
verify: false

46
first-network/docker-compose-ca.yaml Normal file
View file

@ -0,0 +1,46 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
byfn:
services:
ca0:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg1
networks:
- byfn
ca1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:8054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg2
networks:
- byfn

8
scripts/Jenkins_Scripts/byfn_eyfn.sh
View file

@ -80,3 +80,11 @@ fi
echo y | ./eyfn.sh -m up -l node -t 60 echo y | ./eyfn.sh -m up -l node -t 60
copy_logs $? default-channel-node copy_logs $? default-channel-node
echo y | ./eyfn.sh -m down echo y | ./eyfn.sh -m down
echo
echo "############### BYFN WITH CA TEST ################"
echo "##################################################"
echo y | ./byfn.sh -m up -a
copy_logs $? default-channel-ca
echo y | ./byfn.sh -m down -a
echo