epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 15:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test-network-k8s: Introduce initial support for BFT orderers (#1294)

Browse source 
This patch adds initial support for BFT orderers in the test-network-k8s.
When `TEST_NETWORK_ORDERER_TYPE` is set to `bft`, the network launches
four orderers configured with SmartBFT.

Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
This commit is contained in:
Tatsuya Sato 2025-01-27 19:06:03 +09:00 committed by GitHub
parent 859c025e57
commit 714bcb0a9f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 561 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

358
test-network-k8s/config/org0/bft/configtx-template.yaml Normal file
View file

@ -0,0 +1,358 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ./channel-msp/ordererOrganizations/org0/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- org0-orderer1.${ORG0_NS}.svc.cluster.local:6050
- org0-orderer2.${ORG0_NS}.svc.cluster.local:6050
- org0-orderer3.${ORG0_NS}.svc.cluster.local:6050
- org0-orderer4.${ORG0_NS}.svc.cluster.local:6050
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: ./channel-msp/peerOrganizations/org1/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org1-peer1.${ORG1_NS}.svc.cluster.local
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: ./channel-msp/peerOrganizations/org2/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org2-peer1.${ORG2_NS}.svc.cluster.local
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V3.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v3.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V3.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v3.0.0 or later.
V3_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2_0 application capability ensures that peers behave according
# to v2.0 application capabilities. Peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_5: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: Signature
Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer','Org2MSP.peer')"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
ChannelUsingBFT:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities: *OrdererCapabilities
OrdererType: BFT
SmartBFT:
RequestBatchMaxCount: 100
RequestBatchMaxInterval: 50ms
RequestForwardTimeout: 2s
RequestComplainTimeout: 20s
RequestAutoRemoveTimeout: 3m0s
ViewChangeResendInterval: 5s
ViewChangeTimeout: 20s
LeaderHeartbeatTimeout: 1m0s
CollectTimeout: 1s
RequestBatchMaxBytes: 10485760
IncomingMessageBufferSize: 200
RequestPoolSize: 100000
LeaderHeartbeatCount: 10
ConsenterMapping:
- ID: 1
Host: org0-orderer1
Port: 6050
MSPID: OrdererMSP
Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
- ID: 2
Host: org0-orderer2
Port: 6050
MSPID: OrdererMSP
Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
- ID: 3
Host: org0-orderer3
Port: 6050
MSPID: OrdererMSP
Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
- ID: 4
Host: org0-orderer4
Port: 6050
MSPID: OrdererMSP
Identity: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer4/tls/signcerts/tls-cert.pem
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities: *ApplicationCapabilities

2
test-network-k8s/config/org0/configtx-template.yaml
View file

@ -169,7 +169,7 @@ Capabilities:
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_0: true
V2_5: true
################################################################################
#

160
test-network-k8s/kube/org0/org0-orderer4.yaml Normal file
View file

@ -0,0 +1,160 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org0-orderer4-tls-cert
namespace: ${ORG0_NS}
spec:
isCA: false
privateKey:
algorithm: ECDSA
size: 256
dnsNames:
- localhost
- org0-orderer4
- org0-orderer4.${ORG0_NS}.svc.cluster.local
- org0-orderer4.${DOMAIN}
- org0-orderer4-admin.${DOMAIN}
ipAddresses:
- 127.0.0.1
secretName: org0-orderer4-tls-cert
issuerRef:
name: org0-tls-cert-issuer
---
apiVersion: v1
kind: ConfigMap
metadata:
name: org0-orderer4-env
data:
FABRIC_CFG_PATH: /var/hyperledger/fabric/config
FABRIC_LOGGING_SPEC: INFO # debug:cauthdsl,policies,msp,common.configtx,common.channelconfig=info
ORDERER_GENERAL_LISTENADDRESS: 0.0.0.0
ORDERER_GENERAL_LISTENPORT: "6050"
ORDERER_GENERAL_LOCALMSPID: OrdererMSP
ORDERER_GENERAL_LOCALMSPDIR: /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp
ORDERER_GENERAL_TLS_ENABLED: "true"
ORDERER_GENERAL_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
ORDERER_GENERAL_BOOTSTRAPMETHOD: none
ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
ORDERER_ADMIN_TLS_ENABLED: "true"
ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
ORDERER_ADMIN_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
# Authenticate client connections with the org's ecert / admin user enrollments
ORDERER_ADMIN_TLS_CLIENTROOTCAS: "[/var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/orderers/org0-orderer4.org0.example.com/msp/cacerts/org0-ca.pem]"
ORDERER_FILELEDGER_LOCATION: /var/hyperledger/fabric/data/orderer4
ORDERER_CONSENSUS_WALDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal
ORDERER_CONSENSUS_SNAPDIR: /var/hyperledger/fabric/data/orderer4/etcdraft/wal
ORDERER_OPERATIONS_LISTENADDRESS: 0.0.0.0:8443
ORDERER_ADMIN_LISTENADDRESS: 0.0.0.0:9443
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: org0-orderer4
spec:
replicas: 1
selector:
matchLabels:
app: org0-orderer4
template:
metadata:
labels:
app: org0-orderer4
spec:
containers:
- name: main
image: ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:${FABRIC_VERSION}
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: org0-orderer4-env
ports:
- containerPort: 6050
- containerPort: 8443
- containerPort: 9443
volumeMounts:
- name: fabric-volume
mountPath: /var/hyperledger
- name: fabric-config
mountPath: /var/hyperledger/fabric/config
- name: tls-cert-volume
mountPath: /var/hyperledger/fabric/config/tls
readOnly: true
volumes:
- name: fabric-volume
persistentVolumeClaim:
claimName: fabric-org0
- name: fabric-config
configMap:
name: org0-config
- name: tls-cert-volume
secret:
secretName: org0-orderer4-tls-cert
---
apiVersion: v1
kind: Service
metadata:
name: org0-orderer4
spec:
ports:
- name: general
port: 6050
protocol: TCP
- name: operations
port: 8443
protocol: TCP
- name: admin
port: 9443
protocol: TCP
selector:
app: org0-orderer4
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
labels:
app: org0-orderer4
name: org0-orderer4
spec:
ingressClassName: nginx
rules:
- host: org0-orderer4.${DOMAIN}
http:
paths:
- backend:
service:
name: org0-orderer4
port:
name: general
path: /
pathType: ImplementationSpecific
- host: org0-orderer4-admin.${DOMAIN}
http:
paths:
- backend:
service:
name: org0-orderer4
port:
name: admin
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- org0-orderer4.${DOMAIN}
- hosts:
- org0-orderer4-admin.${DOMAIN}

2
test-network-k8s/network
View file

@ -47,6 +47,7 @@ context ORG1_NS ${NS}
context ORG2_NS ${NS}
context DOMAIN localho.st
context CHANNEL_NAME mychannel
context ORDERER_TYPE raft # or bft for BFT Orderer (for Fabric v3.0+)
context ORDERER_TIMEOUT 10s # see https://github.com/hyperledger/fabric/issues/3372
context TEMP_DIR ${PWD}/build
context CHAINCODE_BUILDER ccaas # see https://github.com/hyperledgendary/fabric-builder-k8s/blob/main/docs/TEST_NETWORK_K8S.md
@ -77,6 +78,7 @@ function print_help() {
log "Network name \t\t: ${NETWORK_NAME}"
log "Ingress domain \t\t: ${DOMAIN}"
log "Channel name \t\t: ${CHANNEL_NAME}"
log "Orderer type \t\t: ${ORDERER_TYPE}"
log
log "--- Cluster Information"
log "Cluster runtime \t: ${CLUSTER_RUNTIME}"

39
test-network-k8s/scripts/channel.sh
View file

@ -150,9 +150,12 @@ function create_channel_MSP() {
create_channel_org_MSP org1 peer $ORG1_NS
create_channel_org_MSP org2 peer $ORG2_NS
extract_orderer_tls_cert org0 orderer1
extract_orderer_tls_cert org0 orderer2
extract_orderer_tls_cert org0 orderer3
extract_orderer_cert org0 orderer1
extract_orderer_cert org0 orderer2
extract_orderer_cert org0 orderer3
if [ "${ORDERER_TYPE}" == "bft" ]; then
extract_orderer_cert org0 orderer4
fi
pop_fn
}
@ -185,13 +188,13 @@ function create_channel_org_MSP() {
create_msp_config_yaml ${ca_name} ca-signcert.pem ${ORG_MSP_DIR}
}
# Extract an orderer's TLS signing certificate for inclusion in the channel config block
function extract_orderer_tls_cert() {
# Extract an orderer's signing certificate for inclusion in the channel config block
function extract_orderer_cert() {
local org=$1
local orderer=$2
local ns=$ORG0_NS
echo "Extracting TLS cert for $org $orderer"
echo "Extracting cert for $org $orderer"
ORDERER_TLS_DIR=${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/tls
mkdir -p $ORDERER_TLS_DIR/signcerts
@ -200,14 +203,33 @@ function extract_orderer_tls_cert() {
| jq -r .data.\"tls.crt\" \
| base64 -d \
> ${ORDERER_TLS_DIR}/signcerts/tls-cert.pem
# For the orderer type is BFT, retrieve the enrollment certificate from the pod
POD_NAME=$(kubectl -n $ns get pods -l app=${org}-${orderer} -o jsonpath="{.items[0].metadata.name}")
# - Check if the pod exists before proceeding
if [ -z "$POD_NAME" ]; then
fatalln "Error: No Pod found with label app=${org}-${orderer} in namespace $ns"
fi
# - Copy the enrollment certificate from the pod to the local machine
kubectl -n $ns cp ${POD_NAME}:var/hyperledger/fabric/organizations/ordererOrganizations/${org}.example.com/orderers/${org}-${orderer}.${org}.example.com/msp/signcerts/cert.pem ${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/cert.pem
}
function create_genesis_block() {
push_fn "Creating channel genesis block"
# Define the default channel configtx and profile
local profile="TwoOrgsApplicationGenesis"
cat ${PWD}/config/org0/configtx-template.yaml | envsubst > ${TEMP_DIR}/configtx.yaml
# Overwrite configtx and profile for bft orderer
if [ "${ORDERER_TYPE}" == "bft" ]; then
cat ${PWD}/config/org0/bft/configtx-template.yaml | envsubst > ${TEMP_DIR}/configtx.yaml
profile="ChannelUsingBFT"
fi
FABRIC_CFG_PATH=${TEMP_DIR} \
configtxgen \
-profile TwoOrgsApplicationGenesis \
-profile $profile \
-channelID $CHANNEL_NAME \
-outputBlock ${TEMP_DIR}/genesis_block.pb
@ -222,6 +244,9 @@ function join_channel_orderers() {
join_channel_orderer org0 orderer1
join_channel_orderer org0 orderer2
join_channel_orderer org0 orderer3
if [ "${ORDERER_TYPE}" == "bft" ]; then
join_channel_orderer org0 orderer4
fi
# todo: readiness / liveiness equivalent for channel? Needs a little bit to settle before peers can join.
sleep 10

8
test-network-k8s/scripts/test_network.sh
View file

@ -16,6 +16,11 @@ function launch_orderers() {
kubectl -n $ORG0_NS rollout status deploy/org0-orderer2
kubectl -n $ORG0_NS rollout status deploy/org0-orderer3
if [ "${ORDERER_TYPE}" == "bft" ]; then
apply_template kube/org0/org0-orderer4.yaml $ORG0_NS
kubectl -n $ORG0_NS rollout status deploy/org0-orderer4
fi
pop_fn
}
@ -115,6 +120,9 @@ function create_local_MSP() {
create_orderer_local_MSP org0 orderer1
create_orderer_local_MSP org0 orderer2
create_orderer_local_MSP org0 orderer3
if [ "${ORDERER_TYPE}" == "bft" ]; then
create_orderer_local_MSP org0 orderer4
fi
create_peer_local_MSP org1 peer1 $ORG1_NS
create_peer_local_MSP org1 peer2 $ORG1_NS