epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 15:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not weep for the KIND prototype. The [new one](test-network-k8s) is much better. (#503)

Browse source 
"Farewell! thou art too dear for my possessing,
And like enough thou knowst thy estimate.
The Charter of thy worth gives thee releasing;
My bonds in thee are all determinate.
For how do I hold thee but by thy granting,
And for that riches where is my deserving?
The cause of this fair gift in me is wanting,
And so my patent back again is swerving.
Thy self thou gav'st, thy own worth then not knowing,
Or me, to whom thou gav'st it, else mistaking,
So thy great gift, upon misprision growing,
Comes home again, on better judgement making.
   Thus have I had thee as a dream doth flatter:
   In sleep a king, but waking no such matter."

  - bill

Signed-off-by: Josh Kneubuhl <jkneubuh@us.ibm.com>
This commit is contained in:
jkneubuh 2021-10-07 14:08:22 -04:00 committed by GitHub
parent 30fb81a341
commit 576b2e74c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
34 changed files with 7 additions and 3031 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -15,6 +15,13 @@ Organization peers and an ordering service node. You can use it on your local ma
You can also use it to deploy and test your own Fabric chaincodes and applications. To get started, see
the [test network tutorial](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html).
The [Kubernetes Test Network](test-network-k8s) sample builds upon the Compose network, constructing a Fabric
network with peer, orderer, and CA infrastructure nodes running on Kubernetes. In addition to providing a sample
Kubernetes guide, the Kube test network can be used as a platform to author and debug _cloud ready_ Fabric Client
applications on a development or CI workstation.
## Asset transfer samples and tutorials
The asset transfer series provides a series of sample smart contracts and applications to demonstrate how to store and transfer assets using Hyperledger Fabric.

2
test-network-kind/.gitignore vendored
View file

@ -1,2 +0,0 @@
crypto-config/
channel-artifacts/

269
test-network-kind/README.md
View file

@ -1,269 +0,0 @@
# Kubernetes Test Network
This directory includes a set of kubernetes deployment manifests, scripts, and configuration files suitable
for running the Hyperledger Fabric test network on a local [KIND](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
cluster.
This is currently an experimental branch. No attempt has been made to optimize or streamline the actual
deployment to kubernetes - no helm charts, operators, kustomization overlays, etc. are involved at this
early genesis. This is merely a set of kube manifests suitable for replicating the test network on
Kubernetes.
## Areas for Improvement
- [ ] Introduce `fabctl` as a bridge between objectives running locally and activities running remotely (`network.sh` equivalent, e.g. see [fabric-hyper-kube](https://github.com/hyperledgendary/fabric-hyper-kube))
- [ ] Provide simple scripts or CLI driver routines (e.g. `network.sh up` -> `kubectl apply ...`)
- [ ] `cryptogen` -> Configure a CA
- [ ] couchdb state database
- [ ] KIND is only one path to a Kube. Check that we are also in good shape with minikube, IBM Fyre, IKS, aws, OCP, azure, etc.
- [ ] Use kustomize, ~helm~, operator, etc. etc. to properly integrate and install.
- [ ] The manifests directly pull 2.3.2 fabric images and have an imagePullPolicy: Always. Find a better technique to pull :latest tag from docker hub or the kind control plane.
- [ ] The fabric config files (2.3.2) are also hard-wired into the /config folder. It would be nice if this project could use the fab release archive (or better - directly from git), and override the stanzas in core.yaml (e.g. externalBuilder)
- [ ] Publish [fabric-ccs-builder](https://github.com/hyperledgendary/fabric-ccs-builder) image to docker hub
- [ ] Publish [asset-transfer-basic](../asset-transfer-basic/chaincode-external) and external chaincode sample images to docker hub.
- [ ] The peer deployments currently mount the chaincode application bundle into a volume at launch time. This is wrong - chaincode bundles must come AFTER the peers have been deployed, and should not force a peer pod restart.
- [ ] Pick out the CC_PACKAGE_ID from `peer chaincode install` and load into a configmap / k8s secret / env
- [ ] Configure multiple pvc - one per network node, rather than one shared volume for all network elements.
- [ ] Configure the Fabric REST sample - needs attention in configuring connection profiles, pems, CAs, and signing keys.
## Prerequisites
- [Docker](https://www.docker.com)
- [kubectl](https://kubernetes.io/docs/tasks/tools/)
- [KIND](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
- [fabric-ccs-builder](#fabric-ccs-builder) docker image
### Fabric CCS Builder
Smart contracts running on Kubernetes rely extensively on the [Chaincode as a Service](https://hyperledger-fabric.readthedocs.io/en/latest/cc_service.html)
deployment pattern. This test network uses the [fabric-ccs-builder](https://github.com/jkneubuh/fabric-ccs-builder/tree/feature/docker-bundle)
image `release`, `build`, and `detect` binaries, copied into the peer pods via an init container at
deployment time. Before starting the test network, build the ccs image locally and push to the KIND control plane:
```shell
git clone https://github.com/hyperledgendary/fabric-ccs-builder.git /tmp/fabric-ccs-builder
docker build -t hyperledgendary/fabric-ccs-builder /tmp/fabric-ccs-builder
```
## Test Network
### Kube
Create a Kubernetes cluster and [load docker images](https://kind.sigs.k8s.io/docs/user/quick-start/#loading-an-image-into-your-cluster) into the KIND control plane.
```shell
kind create cluster
kind load docker-image hyperledgendary/fabric-ccs-builder
```
Create a dedicated namespace and persistent volume for the test-network:
```shell
kubectl create -f kube/pv-fabric.yaml
kubectl create -f kube/ns-test-network.yaml
kubectl -n test-network create -f kube/pvc-fabric.yaml
```
### Network Config
```shell
kubectl -n test-network create configmap fabric-config --from-file=config/
kubectl -n test-network create configmap chaincode-config --from-file=chaincode/
```
### Channel Artifacts
```shell
kubectl -n test-network create -f kube/debug.yaml
kubectl -n test-network create -f kube/job-crypto-config.yaml
kubectl -n test-network create -f kube/job-orderer-genesis.yaml
kubectl -n test-network create -f kube/job-create-channel-config.yaml
kubectl -n test-network create -f kube/job-update-org1-anchor-peers.yaml
kubectl -n test-network create -f kube/job-update-org2-anchor-peers.yaml
```
(Wait for these jobs to complete. It can take a few seconds for images to be pulled from docker hub.)
### Orderers
```shell
kubectl -n test-network apply -f kube/orderer1.yaml
kubectl -n test-network apply -f kube/orderer2.yaml
kubectl -n test-network apply -f kube/orderer3.yaml
```
### Peers
```shell
kubectl -n test-network apply -f kube/org1-peer1.yaml
kubectl -n test-network apply -f kube/org1-peer2.yaml
kubectl -n test-network apply -f kube/org2-peer1.yaml
kubectl -n test-network apply -f kube/org2-peer2.yaml
```
### Create `mychannel`
```shell
kubectl -n test-network exec deploy/org1-peer1 -i -t -- /bin/sh
export CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
peer channel \
create \
-c mychannel \
-o orderer1:6050 \
-f /var/hyperledger/fabric/channel-artifacts/mychannel.tx \
--outputBlock /var/hyperledger/fabric/channel-artifacts/mychannel.block \
--tls \
--cafile /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
peer channel \
update \
-o orderer1:6050 \
-c mychannel \
-f /var/hyperledger/fabric/channel-artifacts/Org1MSPanchors.tx \
--tls \
--cafile /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
exit
```
### Join Peers
```shell
kubectl \
-n test-network \
exec deploy/org1-peer1 \
-i -t -- \
/bin/sh -c 'CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp peer channel join -b /var/hyperledger/fabric/channel-artifacts/mychannel.block'
```
```shell
kubectl \
-n test-network \
exec deploy/org1-peer2 \
-i -t -- \
/bin/sh -c 'CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp peer channel join -b /var/hyperledger/fabric/channel-artifacts/mychannel.block'
```
```shell
kubectl \
-n test-network \
exec deploy/org2-peer1 \
-i -t -- \
/bin/sh -c 'CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp peer channel join -b /var/hyperledger/fabric/channel-artifacts/mychannel.block'
```
```shell
kubectl \
-n test-network \
exec deploy/org2-peer2 \
-i -t -- \
/bin/sh -c 'CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp peer channel join -b /var/hyperledger/fabric/channel-artifacts/mychannel.block'
```
## Chaincode
### Install
```shell
kubectl -n test-network exec deploy/org1-peer1 -i -t -- /bin/sh
export CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
peer lifecycle \
chaincode install \
/var/hyperledger/fabric/chaincode/asset-transfer-basic.tgz
exit
```
### Launch External Chaincode
- [ ] Determine `CHAINCODE_ID` from install command and load as a config map / env entry in the cc deployment spec.
- [ ] Use an [insecure docker registry](bin/make-kind-with-reg.sh) to build and deploy chaincode images without Docker hub or the kind control plane.
```shell
docker build \
-t hyperledger/asset-transfer-basic \
../asset-transfer-basic/chaincode-external
kind load docker-image hyperledger/asset-transfer-basic
```
```shell
kubectl -n test-network apply -f kube/cc-asset-transfer-basic.yaml
```
### Approve and Commit
```shell
kubectl -n test-network exec deploy/org1-peer1 -i -t -- /bin/sh
export FABRIC_LOGGING_SPEC=INFO
export CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CC_PACKAGE_ID=basic_1.0:d730a5ce916e120f2a2509ee33527a0df68cadac678f5eb196737ad10ba42da9
peer lifecycle \
chaincode approveformyorg \
-o orderer1:6050 \
--channelID mychannel \
--name basic \
--version 1 \
--package-id $CC_PACKAGE_ID \
--sequence 1 \
--tls \
--cafile /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer lifecycle \
chaincode commit \
-o orderer1:6050 \
--channelID mychannel \
--name basic \
--version 1 \
--sequence 1 \
--tls \
--cafile /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
```
### Query
(run on org1-peer1)
```shell
peer chaincode \
invoke \
-o orderer1:6050 \
-C mychannel \
-n basic \
-c '{"Args":["CreateAsset","1","blue","35","tom","1000"]}' \
--tls \
--cafile /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt \
sleep 2
peer chaincode \
query \
-C mychannel \
-n basic \
-c '{"Args":["ReadAsset","1"]}'
exit
```
### Reset Network
```shell
kubectl -n test-network delete deployment --all
kubectl -n test-network delete pod --all
kubectl -n test-network delete service --all
kubectl -n test-network delete configmap --all
kubectl -n test-network delete secret --all
kubectl -n test-network create -f kube/job-scrub-fabric-volume.yaml
kubectl -n test-network wait --for=condition=complete --timeout=60s job/job-scrub-fabric-volume
kubectl -n test-network delete job --all
```
[GOTO Config](#network-config)
or ...
```shell
kind delete cluster
```
[GOTO Kube](#kube)

31
test-network-kind/bin/make-kind-with-reg.sh
View file

@ -1,31 +0,0 @@
#!/bin/sh
set -o errexit
# create registry container unless it already exists
reg_name='kind-registry'
reg_port='5000'
running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)"
if [ "${running}" != 'true' ]; then
docker run \
-d --restart=always -p "${reg_port}:5000" --name "${reg_name}" \
registry:2
fi
# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${reg_port}"]
endpoint = ["http://${reg_name}:${reg_port}"]
EOF
# connect the registry to the cluster network
docker network connect "kind" "${reg_name}"
# tell https://tilt.dev to use the registry
# https://docs.tilt.dev/choosing_clusters.html#discovering-the-registry
for node in $(kind get nodes); do
kubectl annotate node "${node}" "kind.x-k8s.io/registry=localhost:${reg_port}";
done

BIN
test-network-kind/chaincode/asset-transfer-basic-debug.tgz
View file

Binary file not shown.

BIN
test-network-kind/chaincode/asset-transfer-basic-debug/code.tar.gz
View file

Binary file not shown.

5
test-network-kind/chaincode/asset-transfer-basic-debug/connection.json
View file

@ -1,5 +0,0 @@
{
"address": "host.docker.internal:9999",
"dial_timeout": "10s",
"tls_required": false
}

4
test-network-kind/chaincode/asset-transfer-basic-debug/metadata.json
View file

@ -1,4 +0,0 @@
{
"type": "external",
"label": "basic_debug_1.0"
}

BIN
test-network-kind/chaincode/asset-transfer-basic.tgz
View file

Binary file not shown.

BIN
test-network-kind/chaincode/asset-transfer-basic/code.tar.gz
View file

Binary file not shown.

5
test-network-kind/chaincode/asset-transfer-basic/connection.json
View file

@ -1,5 +0,0 @@
{
"address": "cc-asset-transfer-basic:9999",
"dial_timeout": "10s",
"tls_required": false
}

4
test-network-kind/chaincode/asset-transfer-basic/metadata.json
View file

@ -1,4 +0,0 @@
{
"type": "external",
"label": "basic_1.0"
}

389
test-network-kind/config/configtx.yaml
View file

@ -1,389 +0,0 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer1:6050
- orderer2:6050
- orderer3:6050
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org1-peer1
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org2-peer1
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2_0 capability ensures that orderers and peers behave according
# to v2.0 channel capabilities. Orderers and peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 capability.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2_0 application capability ensures that peers behave according
# to v2.0 application capabilities. Peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_0: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: Signature
Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1
Port: 6050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
- Host: orderer2
Port: 6050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3
Port: 6050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
# Options to be specified for all the etcd/raft nodes. The values here
# are the defaults for all new channels and can be modified on a
# per-channel basis via configuration updates.
Options:
# TickInterval is the time interval between two Node.Tick invocations.
#TickInterval: 500ms default
TickInterval: 2500ms
# ElectionTick is the number of Node.Tick invocations that must pass
# between elections. That is, if a follower does not receive any
# message from the leader of current term before ElectionTick has
# elapsed, it will become candidate and start an election.
# ElectionTick must be greater than HeartbeatTick.
# ElectionTick: 10 default
ElectionTick: 5
# HeartbeatTick is the number of Node.Tick invocations that must
# pass between heartbeats. That is, a leader sends heartbeat
# messages to maintain its leadership every HeartbeatTick ticks.
HeartbeatTick: 1
# MaxInflightBlocks limits the max number of in-flight append messages
# during optimistic replication phase.
MaxInflightBlocks: 5
# SnapshotIntervalSize defines number of bytes per which a snapshot is taken
SnapshotIntervalSize: 16 MB
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
Org1Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Capabilities:
<<: *ApplicationCapabilities
Org2Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org2
Capabilities:
<<: *ApplicationCapabilities

759
test-network-kind/config/core.yaml
View file

@ -1,759 +0,0 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
###############################################################################
#
# Peer section
#
###############################################################################
peer:
# The peer id provides a name for this peer instance and is used when
# naming docker resources.
id: jdoe
# The networkId allows for logical separation of networks and is used when
# naming docker resources.
networkId: dev
# The Address at local network interface this Peer will listen on.
# By default, it will listen on all network interfaces
listenAddress: 0.0.0.0:7051
# The endpoint this peer uses to listen for inbound chaincode connections.
# If this is commented-out, the listen address is selected to be
# the peer's address (see below) with port 7052
# chaincodeListenAddress: 0.0.0.0:7052
# The endpoint the chaincode for this peer uses to connect to the peer.
# If this is not specified, the chaincodeListenAddress address is selected.
# And if chaincodeListenAddress is not specified, address is selected from
# peer address (see below). If specified peer address is invalid then it
# will fallback to the auto detected IP (local IP) regardless of the peer
# addressAutoDetect value.
# chaincodeAddress: 0.0.0.0:7052
# When used as peer config, this represents the endpoint to other peers
# in the same organization. For peers in other organization, see
# gossip.externalEndpoint for more info.
# When used as CLI config, this means the peer's endpoint to interact with
address: 0.0.0.0:7051
# Whether the Peer should programmatically determine its address
# This case is useful for docker containers.
# When set to true, will override peer address.
addressAutoDetect: false
# Keepalive settings for peer server and clients
keepalive:
# Interval is the duration after which if the server does not see
# any activity from the client it pings the client to see if it's alive
interval: 7200s
# Timeout is the duration the server waits for a response
# from the client after sending a ping before closing the connection
timeout: 20s
# MinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the peer server will
# disconnect them
minInterval: 60s
# Client keepalive settings for communicating with other peer nodes
client:
# Interval is the time between pings to peer nodes. This must
# greater than or equal to the minInterval specified by peer
# nodes
interval: 60s
# Timeout is the duration the client waits for a response from
# peer nodes before closing the connection
timeout: 20s
# DeliveryClient keepalive settings for communication with ordering
# nodes.
deliveryClient:
# Interval is the time between pings to ordering nodes. This must
# greater than or equal to the minInterval specified by ordering
# nodes.
interval: 60s
# Timeout is the duration the client waits for a response from
# ordering nodes before closing the connection
timeout: 20s
# Gossip related configuration
gossip:
# Bootstrap set to initialize gossip with.
# This is a list of other peers that this peer reaches out to at startup.
# Important: The endpoints here have to be endpoints of peers in the same
# organization, because the peer would refuse connecting to these endpoints
# unless they are in the same organization as the peer.
bootstrap: 127.0.0.1:7051
# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.
# Setting both to true would result in the termination of the peer
# since this is undefined state. If the peers are configured with
# useLeaderElection=false, make sure there is at least 1 peer in the
# organization that its orgLeader is set to true.
# Defines whenever peer will initialize dynamic algorithm for
# "leader" selection, where leader is the peer to establish
# connection with ordering service and use delivery protocol
# to pull ledger blocks from ordering service.
useLeaderElection: false
# Statically defines peer to be an organization "leader",
# where this means that current peer will maintain connection
# with ordering service and disseminate block across peers in
# its own organization. Multiple peers or all peers in an organization
# may be configured as org leaders, so that they all pull
# blocks directly from ordering service.
orgLeader: true
# Interval for membershipTracker polling
membershipTrackerInterval: 5s
# Overrides the endpoint that the peer publishes to peers
# in its organization. For peers in foreign organizations
# see 'externalEndpoint'
endpoint:
# Maximum count of blocks stored in memory
maxBlockCountToStore: 10
# Max time between consecutive message pushes(unit: millisecond)
maxPropagationBurstLatency: 10ms
# Max number of messages stored until a push is triggered to remote peers
maxPropagationBurstSize: 10
# Number of times a message is pushed to remote peers
propagateIterations: 1
# Number of peers selected to push messages to
propagatePeerNum: 3
# Determines frequency of pull phases(unit: second)
# Must be greater than digestWaitTime + responseWaitTime
pullInterval: 4s
# Number of peers to pull from
pullPeerNum: 3
# Determines frequency of pulling state info messages from peers(unit: second)
requestStateInfoInterval: 4s
# Determines frequency of pushing state info messages to peers(unit: second)
publishStateInfoInterval: 4s
# Maximum time a stateInfo message is kept until expired
stateInfoRetentionInterval:
# Time from startup certificates are included in Alive messages(unit: second)
publishCertPeriod: 10s
# Should we skip verifying block messages or not (currently not in use)
skipBlockVerification: false
# Dial timeout(unit: second)
dialTimeout: 3s
# Connection timeout(unit: second)
connTimeout: 2s
# Buffer size of received messages
recvBuffSize: 20
# Buffer size of sending messages
sendBuffSize: 200
# Time to wait before pull engine processes incoming digests (unit: second)
# Should be slightly smaller than requestWaitTime
digestWaitTime: 1s
# Time to wait before pull engine removes incoming nonce (unit: milliseconds)
# Should be slightly bigger than digestWaitTime
requestWaitTime: 1500ms
# Time to wait before pull engine ends pull (unit: second)
responseWaitTime: 2s
# Alive check interval(unit: second)
aliveTimeInterval: 5s
# Alive expiration timeout(unit: second)
aliveExpirationTimeout: 25s
# Reconnect interval(unit: second)
reconnectInterval: 25s
# Max number of attempts to connect to a peer
maxConnectionAttempts: 120
# Message expiration factor for alive messages
msgExpirationFactor: 20
# This is an endpoint that is published to peers outside of the organization.
# If this isn't set, the peer will not be known to other organizations.
externalEndpoint:
# Leader election service configuration
election:
# Longest time peer waits for stable membership during leader election startup (unit: second)
startupGracePeriod: 15s
# Interval gossip membership samples to check its stability (unit: second)
membershipSampleInterval: 1s
# Time passes since last declaration message before peer decides to perform leader election (unit: second)
leaderAliveThreshold: 10s
# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)
leaderElectionDuration: 5s
pvtData:
# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block
# would be attempted to be pulled from peers until the block would be committed without the private data
pullRetryThreshold: 60s
# As private data enters the transient store, it is associated with the peer's ledger's height at that time.
# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,
# and the private data residing inside the transient store that is guaranteed not to be purged.
# Private data is purged from the transient store when blocks with sequences that are multiples
# of transientstoreMaxBlockRetention are committed.
transientstoreMaxBlockRetention: 1000
# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer
# at private data push at endorsement time.
pushAckTimeout: 3s
# Block to live pulling margin, used as a buffer
# to prevent peer from trying to pull private data
# from peers that is soon to be purged in next N blocks.
# This helps a newly joined peer catch up to current
# blockchain height quicker.
btlPullMargin: 10
# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to
# pull from the other peers the most recent missing blocks with a maximum batch size limitation.
# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a
# single iteration.
reconcileBatchSize: 10
# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning
# of the next reconciliation iteration.
reconcileSleepInterval: 1m
# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.
reconciliationEnabled: true
# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid
# transaction's private data from other peers need to be skipped during the commit time and pulled
# only through reconciler.
skipPullingInvalidTransactionsDuringCommit: false
# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.
# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values
# for disseminating private data.
# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to
# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.
implicitCollectionDisseminationPolicy:
# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully
# disseminate private data for its own implicit collection during endorsement. Default value is 0.
requiredPeerCount: 0
# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to
# disseminate private data for its own implicit collection during endorsement. Default value is 1.
maxPeerCount: 1
# Gossip state transfer related configuration
state:
# indicates whenever state transfer is enabled or not
# default value is true, i.e. state transfer is active
# and takes care to sync up missing blocks allowing
# lagging peer to catch up to speed with rest network.
# Keep in mind that when peer.gossip.useLeaderElection is true
# and there are several peers in the organization,
# or peer.gossip.useLeaderElection is false alongside with
# peer.gossip.orgleader being false, the peer's ledger may lag behind
# the rest of the peers and will never catch up due to state transfer
# being disabled.
enabled: false
# checkInterval interval to check whether peer is lagging behind enough to
# request blocks via state transfer from another peer.
checkInterval: 10s
# responseTimeout amount of time to wait for state transfer response from
# other peers
responseTimeout: 3s
# batchSize the number of blocks to request via state transfer from another peer
batchSize: 10
# blockBufferSize reflects the size of the re-ordering buffer
# which captures blocks and takes care to deliver them in order
# down to the ledger layer. The actual buffer size is bounded between
# 0 and 2*blockBufferSize, each channel maintains its own buffer
blockBufferSize: 20
# maxRetries maximum number of re-tries to ask
# for single state transfer request
maxRetries: 3
# TLS Settings
tls:
# Require server-side TLS
enabled: false
# Require client certificates / mutual TLS for inbound connections.
# Note that clients that are not configured to use a certificate will
# fail to connect to the peer.
clientAuthRequired: false
# X.509 certificate used for TLS server
cert:
file: tls/server.crt
# Private key used for TLS server
key:
file: tls/server.key
# rootcert.file represents the trusted root certificate chain used for verifying certificates
# of other nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channels configuration.
rootcert:
file: tls/ca.crt
# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates
# used for verifying certificates of client connections.
# It augments the set of TLS CA certificates available from the MSPs of each channels configuration.
# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.
clientRootCAs:
files:
- tls/ca.crt
# Private key used for TLS when making client connections.
# If not set, peer.tls.key.file will be used instead
clientKey:
file:
# X.509 certificate used for TLS when making client connections.
# If not set, peer.tls.cert.file will be used instead
clientCert:
file:
# Authentication contains configuration parameters related to authenticating
# client messages
authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
timewindow: 15m
# Path on the file system where peer will store data (eg ledger). This
# location must be access control protected to prevent unintended
# modification that might corrupt the peer operations.
fileSystemPath: /var/hyperledger/production
# BCCSP (Blockchain crypto provider): Select which crypto implementation or
# library to use
BCCSP:
Default: SW
# Settings for the SW crypto provider (i.e. when DEFAULT: SW)
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of Key Store
FileKeyStore:
# If "", defaults to 'mspConfigPath'/keystore
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
# Path on the file system where peer will find MSP local configurations
mspConfigPath: msp
# Identifier of the local MSP
# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----
# Deployers need to change the value of the localMspId string.
# In particular, the name of the local MSP ID of a peer needs
# to match the name of one of the MSPs in each of the channel
# that this peer is a member of. Otherwise this peer's messages
# will not be identified as valid by other nodes.
localMspId: SampleOrg
# CLI common client config options
client:
# connection timeout
connTimeout: 3s
# Delivery service related config
deliveryclient:
# It sets the total time the delivery service may spend in reconnection
# attempts until its retry logic gives up and returns an error
reconnectTotalTimeThreshold: 3600s
# It sets the delivery service <-> ordering service node connection timeout
connTimeout: 3s
# It sets the delivery service maximal delay between consecutive retries
reConnectBackoffThreshold: 3600s
# A list of orderer endpoint addresses which should be overridden
# when found in channel configurations.
addressOverrides:
# - from:
# to:
# caCertsFile:
# - from:
# to:
# caCertsFile:
# Type for the local MSP - by default it's of type bccsp
localMspType: bccsp
# Used with Go profiling tools only in none production environment. In
# production, it should be disabled (eg enabled: false)
profile:
enabled: false
listenAddress: 0.0.0.0:6060
# Handlers defines custom handlers that can filter and mutate
# objects passing within the peer, such as:
# Auth filter - reject or forward proposals from clients
# Decorators - append or mutate the chaincode input passed to the chaincode
# Endorsers - Custom signing over proposal response payload and its mutation
# Valid handler definition contains:
# - A name which is a factory method name defined in
# core/handlers/library/library.go for statically compiled handlers
# - library path to shared object binary for pluggable filters
# Auth filters and decorators are chained and executed in the order that
# they are defined. For example:
# authFilters:
# -
# name: FilterOne
# library: /opt/lib/filter.so
# -
# name: FilterTwo
# decorators:
# -
# name: DecoratorOne
# -
# name: DecoratorTwo
# library: /opt/lib/decorator.so
# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.
# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality
# as the default ESCC.
# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar
# to auth filters and decorators.
# endorsers:
# escc:
# name: DefaultESCC
# library: /etc/hyperledger/fabric/plugin/escc.so
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck # This filter checks identity x509 certificate expiration
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
# library: /etc/hyperledger/fabric/plugin/escc.so
# Number of goroutines that will execute transaction validation in parallel.
# By default, the peer chooses the number of CPUs on the machine. Set this
# variable to override that choice.
# NOTE: overriding this value might negatively influence the performance of
# the peer so please change this value only if you know what you're doing
validatorPoolSize:
# The discovery service is used by clients to query information about peers,
# such as - which peers have joined a certain channel, what is the latest
# channel config, and most importantly - given a chaincode and a channel,
# what possible sets of peers satisfy the endorsement policy.
discovery:
enabled: true
# Whether the authentication cache is enabled or not.
authCacheEnabled: true
# The maximum size of the cache, after which a purge takes place
authCacheMaxSize: 1000
# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation
authCachePurgeRetentionRatio: 0.75
# Whether to allow non-admins to perform non channel scoped queries.
# When this is false, it means that only peer admins can perform non channel scoped queries.
orgMembersAllowedAccess: false
# Limits is used to configure some internal resource limits.
limits:
# Concurrency limits the number of concurrently running requests to a service on each peer.
# Currently this option is only applied to endorser service and deliver service.
# When the property is missing or the value is 0, the concurrency limit is disabled for the service.
concurrency:
# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,
# including both user chaincodes and system chaincodes.
endorserService: 2500
# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.
deliverService: 2500
###############################################################################
#
# VM section
#
###############################################################################
vm:
# Endpoint of the vm management system. For docker can be one of the following in general
# unix:///var/run/docker.sock
# http://localhost:2375
# https://localhost:2376
endpoint: unix:///var/run/docker.sock
# settings for docker vms
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
# Enables/disables the standard out/err from chaincode containers for
# debugging purposes
attachStdout: false
# Parameters on creating docker container.
# Container may be efficiently created using ipam & dns-server for cluster
# NetworkMode - sets the networking mode for the container. Supported
# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.
# Dns - a list of DNS servers for the container to use.
# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of
# Docker Host Config are not supported and will not be used if set.
# LogConfig - sets the logging driver (Type) and related options
# (Config) for Docker. For more info,
# https://docs.docker.com/engine/admin/logging/overview/
# Note: Set LogConfig using Environment Variables is not supported.
hostConfig:
NetworkMode: host
Dns:
# - 192.168.0.1
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:
# The id is used by the Chaincode stub to register the executing Chaincode
# ID with the Peer and is generally supplied through ENV variables
# the `path` form of ID is provided when installing the chaincode.
# The `name` is used for all other requests and can be any string.
id:
path:
name:
# Generic builder environment, suitable for most chaincode types
builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)
# Enables/disables force pulling of the base docker images (listed below)
# during user chaincode instantiation.
# Useful when using moving image tags (such as :latest)
pull: false
golang:
# golang will never need more than baseos
runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)
# whether or not golang chaincode should be linked dynamically
dynamicLink: false
java:
# This is an image based on java:openjdk-8 with addition compiler
# tools added for java shim layer packaging.
# This image is packed with shim layer libraries that are necessary
# for Java chaincode runtime.
runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)
node:
# This is an image based on node:$(NODE_VER)-alpine
runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)
# List of directories to treat as external builders and launchers for
# chaincode. The external builder detection processing will iterate over the
# builders in the order specified below.
externalBuilders:
- path: /var/hyperledger/fabric/chaincode/ccs-builder
name: ccs-builder
propagateEnvironment:
- HOME
- CORE_PEER_ID
- CORE_PEER_LOCALMSPID
# The maximum duration to wait for the chaincode build and install process
# to complete.
installTimeout: 300s
# Timeout duration for starting up a container and waiting for Register
# to come through.
startuptimeout: 300s
# Timeout duration for Invoke and Init calls to prevent runaway.
# This timeout is used by all chaincodes in all the channels, including
# system chaincodes.
# Note that during Invoke, if the image is not available (e.g. being
# cleaned up when in development environment), the peer will automatically
# build the image, which might take more time. In production environment,
# the chaincode image is unlikely to be deleted, so the timeout could be
# reduced accordingly.
executetimeout: 30s
# There are 2 modes: "dev" and "net".
# In dev mode, user runs the chaincode after starting peer from
# command line on local machine.
# In net mode, peer will run chaincode in a docker container.
mode: net
# keepalive in seconds. In situations where the communication goes through a
# proxy that does not support keep-alive, this parameter will maintain connection
# between peer and chaincode.
# A value <= 0 turns keepalive off
keepalive: 0
# enabled system chaincodes
system:
_lifecycle: enable
cscc: enable
lscc: enable
qscc: enable
# Logging section for the chaincode container
logging:
# Default level for all loggers within the chaincode container
level: info
# Override default level for the 'shim' logger
shim: warning
# Format for the chaincode container logs
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:
blockchain:
state:
# stateDatabase - options are "goleveldb", "CouchDB"
# goleveldb - default state database stored in goleveldb.
# CouchDB - store state database in CouchDB
stateDatabase: goleveldb
# Limit on the number of records to return per query
totalQueryLimit: 100000
couchDBConfig:
# It is recommended to run CouchDB on the same server as the peer, and
# not map the CouchDB container port to a server port in docker-compose.
# Otherwise proper security must be provided on the connection between
# CouchDB client (on the peer) and server.
couchDBAddress: 127.0.0.1:5984
# This username must have read and write authority on CouchDB
username:
# The password is recommended to pass as an environment variable
# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).
# If it is stored here, the file must be access control protected
# to prevent unintended users from discovering the password.
password:
# Number of retries for CouchDB errors
maxRetries: 3
# Number of retries for CouchDB errors during peer startup.
# The delay between retries doubles for each attempt.
# Default of 10 retries results in 11 attempts over 2 minutes.
maxRetriesOnStartup: 10
# CouchDB request timeout (unit: duration, e.g. 20s)
requestTimeout: 35s
# Limit on the number of records per each CouchDB query
# Note that chaincode queries are only bound by totalQueryLimit.
# Internally the chaincode may execute multiple CouchDB queries,
# each of size internalQueryLimit.
internalQueryLimit: 1000
# Limit on the number of records per CouchDB bulk update batch
maxBatchUpdateSize: 1000
# Warm indexes after every N blocks.
# This option warms any indexes that have been
# deployed to CouchDB after every N blocks.
# A value of 1 will warm indexes after every block commit,
# to ensure fast selector queries.
# Increasing the value may improve write efficiency of peer and CouchDB,
# but may degrade query response time.
warmIndexesAfterNBlocks: 1
# Create the _global_changes system database
# This is optional. Creating the global changes database will require
# additional system resources to track changes and maintain the database
createGlobalChangesDB: false
# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state
# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple
# of 32 MB, the peer would round the size to the next multiple of 32 MB.
# To disable the cache, 0 MB needs to be assigned to the cacheSize.
cacheSize: 64
history:
# enableHistoryDatabase - options are true or false
# Indicates if the history of key updates should be stored.
# All history 'index' will be stored in goleveldb, regardless if using
# CouchDB or alternate database for the state.
enableHistoryDatabase: true
pvtdataStore:
# the maximum db batch size for converting
# the ineligible missing data entries to eligible missing data entries
collElgProcMaxDbBatchSize: 5000
# the minimum duration (in milliseconds) between writing
# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries
collElgProcDbBatchesInterval: 1000
# The missing data entries are classified into two categories:
# (1) prioritized
# (2) deprioritized
# Initially, all missing data are in the prioritized list. When the
# reconciler is unable to fetch the missing data from other peers,
# the unreconciled missing data would be moved to the deprioritized list.
# The reconciler would retry deprioritized missing data after every
# deprioritizedDataReconcilerInterval (unit: minutes). Note that the
# interval needs to be greater than the reconcileSleepInterval
deprioritizedDataReconcilerInterval: 60m
snapshots:
# Path on the file system where peer will store ledger snapshots
rootDir: /var/hyperledger/production/snapshots
###############################################################################
#
# Operations section
#
###############################################################################
operations:
# host and port for the operations server
listenAddress: 127.0.0.1:9443
# TLS configuration for the operations endpoint
tls:
# TLS enabled
enabled: false
# path to PEM encoded server certificate for the operations server
cert:
file:
# path to PEM encoded server key for the operations server
key:
file:
# most operations service endpoints require client authentication when TLS
# is enabled. clientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
clientAuthRequired: false
# paths to PEM encoded ca certificates to trust for client authentication
clientRootCAs:
files: []
###############################################################################
#
# Metrics section
#
###############################################################################
metrics:
# metrics provider is one of statsd, prometheus, or disabled
provider: disabled
# statsd configuration
statsd:
# network type: tcp or udp
network: udp
# statsd server address
address: 127.0.0.1:8125
# the interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
writeInterval: 10s
# prefix is prepended to all emitted statsd metrics
prefix:

59
test-network-kind/config/crypto-config.yaml
View file

@ -1,59 +0,0 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
- Name: Orderer
Domain: example.com
EnableNodeOUs: true
Specs:
- Hostname: orderer1
SANS:
- 0.0.0.0
- Hostname: orderer2
SANS:
- 0.0.0.0
- Hostname: orderer3
SANS:
- 0.0.0.0
- Hostname: orderer4
SANS:
- 0.0.0.0
- Hostname: orderer5
SANS:
- 0.0.0.0
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
Specs:
- Hostname: org1-peer1
SANS:
- 0.0.0.0
- Hostname: org1-peer2
SANS:
- 0.0.0.0
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Specs:
- Hostname: org2-peer1
SANS:
- 0.0.0.0
- Hostname: org2-peer2
SANS:
- 0.0.0.0
Users:
Count: 1

420
test-network-kind/config/orderer.yaml
View file

@ -1,420 +0,0 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Orderer Configuration
#
# - This controls the type and configuration of the orderer.
#
################################################################################
General:
# Listen address: The IP on which to bind to listen.
ListenAddress: 127.0.0.1
# Listen port: The port on which to bind to listen.
ListenPort: 7050
# TLS: TLS settings for the GRPC server.
TLS:
# Require server-side TLS
Enabled: false
# PrivateKey governs the file location of the private key of the TLS certificate.
PrivateKey: tls/server.key
# Certificate governs the file location of the server TLS certificate.
Certificate: tls/server.crt
# RootCAs contains a list of additional root certificates used for verifying certificates
# of other orderer nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channels configuration.
RootCAs:
- tls/ca.crt
# Require client certificates / mutual TLS for inbound connections.
ClientAuthRequired: false
# If mutual TLS is enabled, ClientRootCAs contains a list of additional root certificates
# used for verifying certificates of client connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channels configuration.
ClientRootCAs:
# Keepalive settings for the GRPC server.
Keepalive:
# ServerMinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the server will
# disconnect them.
ServerMinInterval: 60s
# ServerInterval is the time between pings to clients.
ServerInterval: 7200s
# ServerTimeout is the duration the server waits for a response from
# a client before closing the connection.
ServerTimeout: 20s
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
# such as Raft based ordering service.
Cluster:
# SendBufferSize is the maximum number of messages in the egress buffer.
# Consensus messages are dropped if the buffer is full, and transaction
# messages are waiting for space to be freed.
SendBufferSize: 10
# ClientCertificate governs the file location of the client TLS certificate
# used to establish mutual TLS connections with other ordering service nodes.
# If not set, the server General.TLS.Certificate is re-used.
ClientCertificate:
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
# If not set, the server General.TLS.PrivateKey is re-used.
ClientPrivateKey:
# The below 4 properties should be either set together, or be unset together.
# If they are set, then the orderer node uses a separate listener for intra-cluster
# communication. If they are unset, then the general orderer listener is used.
# This is useful if you want to use a different TLS server certificates on the
# client-facing and the intra-cluster listeners.
# ListenPort defines the port on which the cluster listens to connections.
ListenPort:
# ListenAddress defines the IP on which to listen to intra-cluster communication.
ListenAddress:
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
# communication.
ServerCertificate:
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
ServerPrivateKey:
# Bootstrap method: The method by which to obtain the bootstrap block
# system channel is specified. The option can be one of:
# "file" - path to a file containing the genesis block or config block of system channel
# "none" - allows an orderer to start without a system channel configuration
BootstrapMethod: file
# Bootstrap file: The file containing the bootstrap block to use when
# initializing the orderer system channel and BootstrapMethod is set to
# "file". The bootstrap file can be the genesis block, and it can also be
# a config block for late bootstrap of some consensus methods like Raft.
# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
# using configtxgen command with "-outputBlock" option.
# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
BootstrapFile:
# LocalMSPDir is where to find the private crypto material needed by the
# orderer. It is set relative here as a default for dev environments but
# should be changed to the real location in production.
LocalMSPDir: msp
# LocalMSPID is the identity to register the local MSP material with the MSP
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
# ID of one of the organizations defined in the orderer system channel's
# /Channel/Orderer configuration. The sample organization defined in the
# sample configuration provided has an MSP ID of "SampleOrg".
LocalMSPID: SampleOrg
# Enable an HTTP service for Go "pprof" profiling as documented at:
# https://golang.org/pkg/net/http/pprof
Profile:
Enabled: false
Address: 0.0.0.0:6060
# BCCSP configures the blockchain crypto service providers.
BCCSP:
# Default specifies the preferred blockchain crypto service provider
# to use. If the preferred provider is not available, the software
# based provider ("SW") will be used.
# Valid providers are:
# - SW: a software based crypto provider
# - PKCS11: a CA hardware security module crypto provider.
Default: SW
# SW configures the software based blockchain crypto provider.
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of key store. If this is unset, a location will be
# chosen using: 'LocalMSPDir'/keystore
FileKeyStore:
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
# Authentication contains configuration parameters related to authenticating
# client messages
Authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
TimeWindow: 15m
################################################################################
#
# SECTION: File Ledger
#
# - This section applies to the configuration of the file ledger.
#
################################################################################
FileLedger:
# Location: The directory to store the blocks in.
Location: /var/hyperledger/production/orderer
################################################################################
#
# SECTION: Kafka
#
# - This section applies to the configuration of the Kafka-based orderer, and
# its interaction with the Kafka cluster.
#
################################################################################
Kafka:
# Retry: What do if a connection to the Kafka cluster cannot be established,
# or if a metadata request to the Kafka cluster needs to be repeated.
Retry:
# When a new channel is created, or when an existing channel is reloaded
# (in case of a just-restarted orderer), the orderer interacts with the
# Kafka cluster in the following ways:
# 1. It creates a Kafka producer (writer) for the Kafka partition that
# corresponds to the channel.
# 2. It uses that producer to post a no-op CONNECT message to that
# partition
# 3. It creates a Kafka consumer (reader) for that partition.
# If any of these steps fail, they will be re-attempted every
# <ShortInterval> for a total of <ShortTotal>, and then every
# <LongInterval> for a total of <LongTotal> until they succeed.
# Note that the orderer will be unable to write to or read from a
# channel until all of the steps above have been completed successfully.
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
# Affects the socket timeouts when waiting for an initial connection, a
# response, or a transmission. See Config.Net for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
# Affects the metadata requests when the Kafka cluster is in the middle
# of a leader election.See Config.Metadata for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Metadata:
RetryBackoff: 250ms
RetryMax: 3
# What to do if posting a message to the Kafka cluster fails. See
# Config.Producer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Producer:
RetryBackoff: 100ms
RetryMax: 3
# What to do if reading from the Kafka cluster fails. See
# Config.Consumer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Consumer:
RetryBackoff: 2s
# Settings to use when creating Kafka topics. Only applies when
# Kafka.Version is v0.10.1.0 or higher
Topic:
# The number of Kafka brokers across which to replicate the topic
ReplicationFactor: 3
# Verbose: Enable logging for interactions with the Kafka cluster.
Verbose: false
# TLS: TLS settings for the orderer's connection to the Kafka cluster.
TLS:
# Enabled: Use TLS when connecting to the Kafka cluster.
Enabled: false
# PrivateKey: PEM-encoded private key the orderer will use for
# authentication.
PrivateKey:
# As an alternative to specifying the PrivateKey here, uncomment the
# following "File" key and specify the file name from which to load the
# value of PrivateKey.
#File: path/to/PrivateKey
# Certificate: PEM-encoded signed public key certificate the orderer will
# use for authentication.
Certificate:
# As an alternative to specifying the Certificate here, uncomment the
# following "File" key and specify the file name from which to load the
# value of Certificate.
#File: path/to/Certificate
# RootCAs: PEM-encoded trusted root certificates used to validate
# certificates from the Kafka cluster.
RootCAs:
# As an alternative to specifying the RootCAs here, uncomment the
# following "File" key and specify the file name from which to load the
# value of RootCAs.
#File: path/to/RootCAs
# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
SASLPlain:
# Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
Enabled: false
# User: Required when Enabled is set to true
User:
# Password: Required when Enabled is set to true
Password:
# Kafka protocol version used to communicate with the Kafka cluster brokers
# (defaults to 0.10.2.0 if not specified)
Version:
################################################################################
#
# Debug Configuration
#
# - This controls the debugging options for the orderer
#
################################################################################
Debug:
# BroadcastTraceDir when set will cause each request to the Broadcast service
# for this orderer to be written to a file in this directory
BroadcastTraceDir:
# DeliverTraceDir when set will cause each request to the Deliver service
# for this orderer to be written to a file in this directory
DeliverTraceDir:
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
# host and port for the operations server
ListenAddress: 127.0.0.1:8443
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most operations service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 127.0.0.1:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Admin Configuration
#
# - This configures the admin server endpoint for the orderer
#
################################################################################
Admin:
# host and port for the admin server
ListenAddress: 127.0.0.1:9443
# TLS configuration for the admin endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most admin service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
#
# NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The
# orderer will panic on startup if this value is set to false.
ClientAuthRequired: true
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Channel participation API Configuration
#
# - This provides the channel participation API configuration for the orderer.
# - Channel participation uses the ListenAddress and TLS settings of the Admin
# service.
#
################################################################################
ChannelParticipation:
# Channel participation API is enabled.
Enabled: false
# The maximum size of the request body when joining a channel.
MaxRequestBodySize: 1 MB
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
WALDir: /var/hyperledger/production/orderer/etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot

46
test-network-kind/kube/cc-asset-transfer-basic.yaml
View file

@ -1,46 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cc-asset-transfer-basic
spec:
replicas: 1
selector:
matchLabels:
app: cc-asset-transfer-basic
template:
metadata:
labels:
app: cc-asset-transfer-basic
spec:
containers:
- name: main
image: hyperledger/asset-transfer-basic
imagePullPolicy: IfNotPresent
env:
- name: CHAINCODE_SERVER_ADDRESS
value: 0.0.0.0:9999
# todo: load with an envFrom and a dynamic config map with the ID.
- name: CHAINCODE_ID
value: basic_1.0:d730a5ce916e120f2a2509ee33527a0df68cadac678f5eb196737ad10ba42da9
ports:
- containerPort: 9999
---
apiVersion: v1
kind: Service
metadata:
name: cc-asset-transfer-basic
spec:
ports:
- name: chaincode
port: 9999
protocol: TCP
selector:
app: cc-asset-transfer-basic

55
test-network-kind/kube/debug.yaml
View file

@ -1,55 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: debug
name: debug
namespace: test-network
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
run: debug
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
run: debug
spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
containers:
- image: radial/busyboxplus:curl
imagePullPolicy: Always
name: main
resources: {}
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config

45
test-network-kind/kube/job-create-channel-config.yaml
View file

@ -1,45 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: create-channel-config-
spec:
backoffLimit: 1
template:
metadata:
name: create-channel-config
spec:
restartPolicy: "Never"
containers:
- name: main
image: hyperledger/fabric-tools:2.3.2
# todo: latest tag is not at docker hub
imagePullPolicy: Always
env:
- name: FABRIC_CFG_PATH
value: /var/hyperledger/fabric
command: [
"configtxgen",
"-channelID", "mychannel",
"-profile", "TwoOrgsChannel",
"-outputCreateChannelTx", "/var/hyperledger/fabric/channel-artifacts/mychannel.tx",
]
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: config-volume
mountPath: /var/hyperledger/fabric/configtx.yaml
subPath: configtx.yaml
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: config-volume
configMap:
name: fabric-config

41
test-network-kind/kube/job-crypto-config.yaml
View file

@ -1,41 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: crypto-config-
spec:
backoffLimit: 1
template:
metadata:
name: crypto-config
spec:
restartPolicy: "Never"
containers:
- name: main
image: hyperledger/fabric-tools:2.3.2
# todo: fixme for KIND clusters
imagePullPolicy: Always
command:
- cryptogen
- generate
- --config=/var/hyperledger/fabric/crypto-config.yaml
- --output=/var/hyperledger/fabric/crypto-config
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: config-volume
mountPath: /var/hyperledger/fabric/crypto-config.yaml
subPath: crypto-config.yaml
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: config-volume
configMap:
name: fabric-config

44
test-network-kind/kube/job-orderer-genesis.yaml
View file

@ -1,44 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: orderer-genesis-
spec:
backoffLimit: 1
template:
metadata:
name: orderer-genesis
spec:
restartPolicy: "Never"
containers:
- name: main
image: hyperledger/fabric-tools:2.3.2
# todo: latest tag is not at docker hub
imagePullPolicy: Always
env:
- name: FABRIC_CFG_PATH
value: /var/hyperledger/fabric
command: [
"configtxgen",
"-profile", "TwoOrgsOrdererGenesis",
"-channelID", "test-system-channel-name",
"-outputBlock", "/var/hyperledger/fabric/channel-artifacts/genesis.block"
]
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: config-volume
mountPath: /var/hyperledger/fabric/configtx.yaml
subPath: configtx.yaml
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: config-volume
configMap:
name: fabric-config

32
test-network-kind/kube/job-scrub-fabric-volume.yaml
View file

@ -1,32 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
name: job-scrub-fabric-volume
spec:
backoffLimit: 0
completions: 1
template:
metadata:
name: scrub-fabric-volume
spec:
restartPolicy: "Never"
containers:
- name: main
image: alpine
command:
- sh
- -c
- "rm -rvf /var/hyperledger/fabric/*"
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric

45
test-network-kind/kube/job-update-org1-anchor-peers.yaml
View file

@ -1,45 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: update-org1-anchor-peers-
spec:
backoffLimit: 1
template:
metadata:
name: update-org1-anchor-peers
spec:
restartPolicy: "Never"
containers:
- name: main
image: hyperledger/fabric-tools:2.3.2
# todo: latest tag is not at docker hub
imagePullPolicy: Always
env:
- name: FABRIC_CFG_PATH
value: /var/hyperledger/fabric
command: [
"configtxgen",
"-profile", "TwoOrgsChannel",
"-outputAnchorPeersUpdate", "/var/hyperledger/fabric/channel-artifacts/Org1MSPanchors.tx",
"-channelID", "mychannel",
"-asOrg", "Org1MSP",
]
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: config-volume
mountPath: /var/hyperledger/fabric/configtx.yaml
subPath: configtx.yaml
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: config-volume
configMap:
name: fabric-config

45
test-network-kind/kube/job-update-org2-anchor-peers.yaml
View file

@ -1,45 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: update-org2-anchor-peers-
spec:
backoffLimit: 1
template:
metadata:
name: update-org2-anchor-peers
spec:
restartPolicy: "Never"
containers:
- name: main
image: hyperledger/fabric-tools:2.3.2
# todo: latest tag is not at docker hub
imagePullPolicy: Always
env:
- name: FABRIC_CFG_PATH
value: /var/hyperledger/fabric
command: [
"configtxgen",
"-profile", "TwoOrgsChannel",
"-outputAnchorPeersUpdate", "/var/hyperledger/fabric/channel-artifacts/Org2MSPanchors.tx",
"-channelID", "mychannel",
"-asOrg", "Org2MSP",
]
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: config-volume
mountPath: /var/hyperledger/fabric/configtx.yaml
subPath: configtx.yaml
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: config-volume
configMap:
name: fabric-config

10
test-network-kind/kube/ns-test-network.yaml
View file

@ -1,10 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: Namespace
metadata:
name: test-network

87
test-network-kind/kube/orderer1.yaml
View file

@ -1,87 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: orderer1-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info"
ORDERER_GENERAL_LISTENADDRESS: "0.0.0.0"
ORDERER_GENERAL_LISTENPORT: "6050"
ORDERER_GENERAL_LOCALMSPID: OrdererMSP
ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp
ORDERER_GENERAL_TLS_ENABLED: "true"
ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key
ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# following setting is not really needed at runtime since channel config has ca root certs, but we need to override the default in orderer.yaml
ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
ORDERER_GENERAL_BOOTSTRAPMETHOD: file
ORDERER_GENERAL_BOOTSTRAPFILE: /var/hyperledger/fabric/channel-artifacts/genesis.block
ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer
ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer/etcdraft/wal
ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer/etcdraft/wal
ORDERER_OPERATIONS_LISTENADDRESS: "0.0.0.0:8443"
ORDERER_ADMIN_LISTENADDRESS: "0.0.0.0:9443"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: orderer1
spec:
replicas: 1
selector:
matchLabels:
app: orderer1
template:
metadata:
labels:
app: orderer1
spec:
containers:
- name: main
image: hyperledger/fabric-orderer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: orderer1-config
ports:
- containerPort: 6050
- containerPort: 8443
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
---
apiVersion: v1
kind: Service
metadata:
name: orderer1
spec:
ports:
- name: general
port: 6050
protocol: TCP
- name: operations
port: 8443
protocol: TCP
- name: admin
port: 9443
protocol: TCP
selector:
app: orderer1

87
test-network-kind/kube/orderer2.yaml
View file

@ -1,87 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: orderer2-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info"
ORDERER_GENERAL_LISTENADDRESS: "0.0.0.0"
ORDERER_GENERAL_LISTENPORT: "6050"
ORDERER_GENERAL_LOCALMSPID: OrdererMSP
ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp
ORDERER_GENERAL_TLS_ENABLED: "true"
ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key
ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# following setting is not really needed at runtime since channel config has ca root certs, but we need to override the default in orderer.yaml
ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
ORDERER_GENERAL_BOOTSTRAPMETHOD: file
ORDERER_GENERAL_BOOTSTRAPFILE: /var/hyperledger/fabric/channel-artifacts/genesis.block
ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer2
ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer2/etcdraft/wal
ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer2/etcdraft/wal
ORDERER_OPERATIONS_LISTENADDRESS: "0.0.0.0:8443"
ORDERER_ADMIN_LISTENADDRESS: "0.0.0.0:9443"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: orderer2
spec:
replicas: 1
selector:
matchLabels:
app: orderer2
template:
metadata:
labels:
app: orderer2
spec:
containers:
- name: main
image: hyperledger/fabric-orderer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: orderer2-config
ports:
- containerPort: 6050
- containerPort: 8443
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
---
apiVersion: v1
kind: Service
metadata:
name: orderer2
spec:
ports:
- name: general
port: 6050
protocol: TCP
- name: operations
port: 8443
protocol: TCP
- name: admin
port: 9443
protocol: TCP
selector:
app: orderer2

87
test-network-kind/kube/orderer3.yaml
View file

@ -1,87 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: orderer3-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info"
ORDERER_GENERAL_LISTENADDRESS: "0.0.0.0"
ORDERER_GENERAL_LISTENPORT: "6050"
ORDERER_GENERAL_LOCALMSPID: OrdererMSP
ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/msp
ORDERER_GENERAL_TLS_ENABLED: "true"
ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key
ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
# following setting is not really needed at runtime since channel config has ca root certs, but we need to override the default in orderer.yaml
ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/ca.crt
ORDERER_GENERAL_BOOTSTRAPMETHOD: file
ORDERER_GENERAL_BOOTSTRAPFILE: /var/hyperledger/fabric/channel-artifacts/genesis.block
ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer3
ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer3/etcdraft/wal
ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer3/etcdraft/wal
ORDERER_OPERATIONS_LISTENADDRESS: "0.0.0.0:8443"
ORDERER_ADMIN_LISTENADDRESS: "0.0.0.0:9443"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: orderer3
spec:
replicas: 1
selector:
matchLabels:
app: orderer3
template:
metadata:
labels:
app: orderer3
spec:
containers:
- name: main
image: hyperledger/fabric-orderer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: orderer3-config
ports:
- containerPort: 6050
- containerPort: 8443
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
---
apiVersion: v1
kind: Service
metadata:
name: orderer3
spec:
ports:
- name: general
port: 6050
protocol: TCP
- name: operations
port: 8443
protocol: TCP
- name: admin
port: 9443
protocol: TCP
selector:
app: orderer3

110
test-network-kind/kube/org1-peer1.yaml
View file

@ -1,110 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: org1-peer1-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,grpc,peer.gossip.mcs,gossip,leveldbhelper=info"
CORE_PEER_TLS_ENABLED: "true"
CORE_PEER_TLS_CERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/tls/ca.crt
CORE_PEER_ID: org1-peer1.org1.example.com
CORE_PEER_ADDRESS: org1-peer1:7051
CORE_PEER_LISTENADDRESS: 0.0.0.0:7051
CORE_PEER_CHAINCODEADDRESS: org1-peer1:7052
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer1:7051
CORE_PEER_LOCALMSPID: Org1MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443
CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org1-peer1.org1.example.com
CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org1-peer1.org1.example.com/snapshots
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: org1-peer1
spec:
replicas: 1
selector:
matchLabels:
app: org1-peer1
template:
metadata:
labels:
app: org1-peer1
spec:
containers:
- name: main
image: hyperledger/fabric-peer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: org1-peer1-config
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
- name: ccs-builder
mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin
- name: chaincode-config
mountPath: /var/hyperledger/fabric/chaincode/
# load the external chaincode builder into the peer image prior to peer launch.
initContainers:
- name: fabric-ccs-builder
# todo: publish this image to docker hub. It's currently read from the kind docker context.
image: hyperledgendary/fabric-ccs-builder
imagePullPolicy: IfNotPresent
command: [sh, -c]
args: ["cp /go/bin/* /var/hyperledger/fabric/chaincode/ccs-builder/bin/"]
volumeMounts:
- name: ccs-builder
mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
- name: ccs-builder
emptyDir: {}
- name: chaincode-config
configMap:
name: chaincode-config
---
apiVersion: v1
kind: Service
metadata:
name: org1-peer1
spec:
ports:
- name: gossip
port: 7051
protocol: TCP
- name: chaincode
port: 7052
protocol: TCP
- name: operations
port: 9443
protocol: TCP
selector:
app: org1-peer1

105
test-network-kind/kube/org1-peer2.yaml
View file

@ -1,105 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: org1-peer2-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,grpc,peer.gossip.mcs,gossip,leveldbhelper=info"
CORE_PEER_TLS_ENABLED: "true"
CORE_PEER_TLS_CERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/tls/ca.crt
CORE_PEER_ID: org1-peer2.org1.example.com
CORE_PEER_ADDRESS: org1-peer2:7051
CORE_PEER_LISTENADDRESS: 0.0.0.0:7051
CORE_PEER_CHAINCODEADDRESS: org1-peer2:7052
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer2:7051
CORE_PEER_LOCALMSPID: Org1MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443
CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org1-peer2.org1.example.com
CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org1-peer2.org1.example.com/snapshots
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: org1-peer2
spec:
replicas: 1
selector:
matchLabels:
app: org1-peer2
template:
metadata:
labels:
app: org1-peer2
spec:
containers:
- name: main
image: hyperledger/fabric-peer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: org1-peer2-config
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
- name: ccs-builder
mountPath: /var/hyperledger/fabric/external-chaincode/builder
# load the external chaincode binaries into the peer image prior to peer launch.
initContainers:
- name: fabric-ccs-builder
# todo: publish this image to docker hub. It's currently read from the kind docker context.
image: hyperledgendary/fabric-ccs-builder
imagePullPolicy: IfNotPresent
command: [sh, -c]
args: ["cp /go/bin/* /podshare"]
volumeMounts:
- name: ccs-builder
mountPath: /podshare
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
- name: ccs-builder
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: org1-peer2
spec:
ports:
- name: gossip
port: 7051
protocol: TCP
- name: chaincode
port: 7052
protocol: TCP
- name: operations
port: 9443
protocol: TCP
selector:
app: org1-peer2

105
test-network-kind/kube/org2-peer1.yaml
View file

@ -1,105 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: org2-peer1-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,grpc,peer.gossip.mcs,gossip,leveldbhelper=info"
CORE_PEER_TLS_ENABLED: "true"
CORE_PEER_TLS_CERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/tls/ca.crt
CORE_PEER_ID: org2-peer1.org2.example.com
CORE_PEER_ADDRESS: org2-peer1:7051
CORE_PEER_LISTENADDRESS: 0.0.0.0:7051
CORE_PEER_CHAINCODEADDRESS: org2-peer1:7052
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org2-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer1:7051
CORE_PEER_LOCALMSPID: Org2MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443
CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org2-peer1.org2.example.com
CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org2-peer1.org2.example.com/snapshots
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: org2-peer1
spec:
replicas: 1
selector:
matchLabels:
app: org2-peer1
template:
metadata:
labels:
app: org2-peer1
spec:
containers:
- name: main
image: hyperledger/fabric-peer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: org2-peer1-config
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
- name: ccs-builder
mountPath: /var/hyperledger/fabric/external-chaincode/builder
# load the external chaincode binaries into the peer image prior to peer launch.
initContainers:
- name: fabric-ccs-builder
# todo: publish this image to docker hub. It's currently read from the kind docker context.
image: hyperledgendary/fabric-ccs-builder
imagePullPolicy: IfNotPresent
command: [sh, -c]
args: ["cp /go/bin/* /podshare"]
volumeMounts:
- name: ccs-builder
mountPath: /podshare
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
- name: ccs-builder
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: org2-peer1
spec:
ports:
- name: gossip
port: 7051
protocol: TCP
- name: chaincode
port: 7052
protocol: TCP
- name: operations
port: 9443
protocol: TCP
selector:
app: org2-peer1

105
test-network-kind/kube/org2-peer2.yaml
View file

@ -1,105 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: ConfigMap
metadata:
name: org2-peer2-config
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: "debug:cauthdsl,policies,msp,grpc,peer.gossip.mcs,gossip,leveldbhelper=info"
CORE_PEER_TLS_ENABLED: "true"
CORE_PEER_TLS_CERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer2.org2.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer2.org2.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer2.org2.example.com/tls/ca.crt
CORE_PEER_ID: org2-peer2.org2.example.com
CORE_PEER_ADDRESS: org2-peer2:7051
CORE_PEER_LISTENADDRESS: 0.0.0.0:7051
CORE_PEER_CHAINCODEADDRESS: org2-peer2:7052
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org2-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer2:7051
CORE_PEER_LOCALMSPID: Org2MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/org2-peer2.org2.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443
CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org2-peer2.org2.example.com
CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org2-peer2.org2.example.com/snapshots
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: org2-peer2
spec:
replicas: 1
selector:
matchLabels:
app: org2-peer2
template:
metadata:
labels:
app: org2-peer2
spec:
containers:
- name: main
image: hyperledger/fabric-peer:2.3.2
imagePullPolicy: Always
envFrom:
- configMapRef:
name: org2-peer2-config
ports:
- containerPort: 7051
- containerPort: 7052
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger/fabric
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
- name: ccs-builder
mountPath: /var/hyperledger/fabric/external-chaincode/builder
# load the external chaincode binaries into the peer image prior to peer launch.
initContainers:
- name: fabric-ccs-builder
# todo: publish this image to docker hub. It's currently read from the kind docker context.
image: hyperledgendary/fabric-ccs-builder
imagePullPolicy: IfNotPresent
command: [sh, -c]
args: ["cp /go/bin/* /podshare"]
volumeMounts:
- name: ccs-builder
mountPath: /podshare
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric
- name: fabric-config
configMap:
name: fabric-config
- name: ccs-builder
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: org2-peer2
spec:
ports:
- name: gossip
port: 7051
protocol: TCP
- name: chaincode
port: 7052
protocol: TCP
- name: operations
port: 9443
protocol: TCP
selector:
app: org2-peer2

18
test-network-kind/kube/pv-fabric.yaml
View file

@ -1,18 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: fabric
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
capacity:
storage: 2Gi
hostPath:
path: /var/hyperledger/fabric

17
test-network-kind/kube/pvc-fabric.yaml
View file

@ -1,17 +0,0 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: fabric
spec:
volumeName: fabric
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi