epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 15:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test-network: Add support for using BFT consensus with CA (#1301)

Browse source 
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
This commit is contained in:
Tatsuya Sato 2025-02-19 02:44:43 +09:00 committed by GitHub
parent 5e91d365d4
commit 63bb2282fe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 47 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/test-network-bft-orderer.yaml vendored
View file

@ -25,6 +25,9 @@ jobs:
- javascript - javascript
- typescript - typescript
- java - java
crypto:
- cryptogen
- ca
steps: steps:
- name: Checkout - name: Checkout
@ -43,3 +46,4 @@ jobs:
env: env:
CHAINCODE_LANGUAGE: ${{ matrix.chaincode-language }} CHAINCODE_LANGUAGE: ${{ matrix.chaincode-language }}
ORDERER_TYPE: bft ORDERER_TYPE: bft
CRYPTO: ${{ matrix.crypto }}

12
ci/scripts/run-test-network-basic.sh
View file

@ -5,6 +5,12 @@ set -euo pipefail
CHAINCODE_LANGUAGE=${CHAINCODE_LANGUAGE:-go} CHAINCODE_LANGUAGE=${CHAINCODE_LANGUAGE:-go}
CHAINCODE_PATH=${CHAINCODE_PATH:-../asset-transfer-basic} CHAINCODE_PATH=${CHAINCODE_PATH:-../asset-transfer-basic}
ORDERER_TYPE=${ORDERER_TYPE:-raft} ORDERER_TYPE=${ORDERER_TYPE:-raft}
CRYPTO=${CRYPTO:-ca}
CRYPTO_OPTION=""
if [ "$CRYPTO" == "ca" ]; then
CRYPTO_OPTION="-ca"
fi
function print() { function print() {
GREEN='\033[0;32m' GREEN='\033[0;32m'
@ -15,15 +21,15 @@ function print() {
function createNetworkWithRaft() { function createNetworkWithRaft() {
print "Creating 3 Org network with Raft Orderers" print "Creating 3 Org network with Raft Orderers"
./network.sh up createChannel -ca -s couchdb ./network.sh up createChannel ${CRYPTO_OPTION} -s couchdb
cd addOrg3 cd addOrg3
./addOrg3.sh up -ca -s couchdb ./addOrg3.sh up ${CRYPTO_OPTION} -s couchdb
cd .. cd ..
} }
function createNetworkWithBFT() { function createNetworkWithBFT() {
print "Creating 2 Org network with BFT Orderers" print "Creating 2 Org network with BFT Orderers"
./network.sh up createChannel -bft ./network.sh up createChannel -bft ${CRYPTO_OPTION}
} }
function createNetwork() { function createNetwork() {

1
test-network/.gitignore vendored
View file

@ -8,6 +8,7 @@
organizations/fabric-ca/ordererOrg/* organizations/fabric-ca/ordererOrg/*
organizations/fabric-ca/org1/* organizations/fabric-ca/org1/*
organizations/fabric-ca/org2/* organizations/fabric-ca/org2/*
addOrg3/fabric-ca/org3/*
organizations/ordererOrganizations/* organizations/ordererOrganizations/*
organizations/peerOrganizations/* organizations/peerOrganizations/*
system-genesis-block/* system-genesis-block/*

2
test-network/README.md
View file

@ -2,7 +2,7 @@
You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample. You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample.
If you are planning to run the test network with consensus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. Note that currently this sample does not yet support the use of consensus type BFT and CA together. If you are planning to run the test network with consensus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. This sample also supports the use of consensus type BFT and CA together.
That is to create a network use: That is to create a network use:
```bash ```bash
./network.sh up -bft ./network.sh up -bft

5
test-network/network.sh
View file

@ -619,11 +619,6 @@ while [[ $# -ge 1 ]] ; do
shift shift
done done
## Check if user attempts to use BFT orderer and CA together
if [[ $BFT -eq 1 && "$CRYPTO" == "Certificate Authorities" ]]; then
fatalln "This sample does not yet support the use of consensus type BFT and CA together."
fi
if [ $BFT -eq 1 ]; then if [ $BFT -eq 1 ]; then
export FABRIC_CFG_PATH=${PWD}/bft-config export FABRIC_CFG_PATH=${PWD}/bft-config
COMPOSE_FILE_BASE=compose-bft-test-net.yaml COMPOSE_FILE_BASE=compose-bft-test-net.yaml

57
test-network/organizations/fabric-ca/registerEnroll.sh
View file

@ -207,37 +207,44 @@ function createOrderer() {
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca" mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem" cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
infoln "Registering orderer" # Loop through each orderer (orderer, orderer2, orderer3, orderer4) to register and generate artifacts
set -x for ORDERER in orderer orderer2 orderer3 orderer4; do
fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" infoln "Registering ${ORDERER}"
{ set +x; } 2>/dev/null set -x
fabric-ca-client register --caname ca-orderer --id.name ${ORDERER} --id.secret ${ORDERER}pw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Generating the ${ORDERER} MSP"
set -x
fabric-ca-client enroll -u https://${ORDERER}:${ORDERER}pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/config.yaml"
# Workaround: Rename the signcert file to ensure consistency with Cryptogen generated artifacts
mv "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/signcerts/cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/signcerts/${ORDERER}.example.com-cert.pem"
infoln "Generating the ${ORDERER} TLS certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://${ORDERER}:${ORDERER}pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls" --enrollment.profile tls --csr.hosts ${ORDERER}.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/server.key"
# Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
done
# Register and generate artifacts for the orderer admin
infoln "Registering the orderer admin" infoln "Registering the orderer admin"
set -x set -x
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null { set +x; } 2>/dev/null
infoln "Generating the orderer msp"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"
infoln "Generating the orderer-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
# Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
infoln "Generating the admin msp" infoln "Generating the admin msp"
set -x set -x
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

6
test-network/scripts/createChannel.sh
View file

@ -95,12 +95,6 @@ setAnchorPeer() {
. scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME . scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME
} }
## User attempts to use BFT orderer in Fabric network with CA
if [ $BFT -eq 1 ] && [ -d "organizations/fabric-ca/ordererOrg/msp" ]; then
fatalln "Fabric network seems to be using CA. This sample does not yet support the use of consensus type BFT and CA together."
fi
## Create channel genesis block ## Create channel genesis block
FABRIC_CFG_PATH=$PWD/../config/ FABRIC_CFG_PATH=$PWD/../config/
BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block" BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block"