diff --git a/ci/scripts/run-k8s-test-network-basic.sh b/ci/scripts/run-k8s-test-network-basic.sh index 6ce21f47..35e9e93d 100755 --- a/ci/scripts/run-k8s-test-network-basic.sh +++ b/ci/scripts/run-k8s-test-network-basic.sh @@ -28,12 +28,12 @@ export GATEWAY_CLIENT_APPLICATION_PATH=${GATEWAY_CLIENT_APPLICATION_PATH:-../ass export CHANNEL_NAME=${TEST_NETWORK_CHANNEL_NAME:-mychannel} export CHAINCODE_NAME=${TEST_NETWORK_CHAINCODE_NAME:-asset-transfer-basic} export MSP_ID=${MSP_ID:-Org1MSP} -export CRYPTO_PATH=${CRYPTO_PATH:-../../test-network-k8s/build/organizations/peerOrganizations/org1.example.com} -export KEY_DIRECTORY_PATH=${KEY_DIRECTORY_PATH:-../../test-network-k8s/build/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore} -export CERT_PATH=${CERT_PATH:-../../test-network-k8s/build/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/cert.pem} -export TLS_CERT_PATH=${TLS_CERT_PATH:-../../test-network-k8s/build/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/org1-tls-ca.pem} -export PEER_ENDPOINT=${PEER_ENDPOINT:-localhost:7051} -export PEER_HOST_ALIAS=${PEER_HOST_ALIAS:-org1-peer1} +export CRYPTO_PATH=${CRYPTO_PATH:-../../test-network-k8s/build/channel-msp/peerOrganizations/org1} +export KEY_DIRECTORY_PATH=${KEY_DIRECTORY_PATH:-../../test-network-k8s/build/enrollments/org1/users/org1admin/msp/keystore} +export CERT_PATH=${CERT_PATH:-../../test-network-k8s/build/enrollments/org1/users/org1admin/msp/signcerts/cert.pem} +export TLS_CERT_PATH=${TLS_CERT_PATH:-../../test-network-k8s/build/channel-msp/peerOrganizations/org1/msp/tlscacerts/tlsca-signcert.pem} +export PEER_ENDPOINT=${PEER_ENDPOINT:-org1-peer1.vcap.me:443} +export PEER_HOST_ALIAS=${PEER_HOST_ALIAS:-org1-peer1.vcap.me} function print() { GREEN='\033[0;32m' @@ -80,29 +80,13 @@ function createNetwork() { ./network up ./network channel create - print "Opening gateway port-forward to 'localhost:7051'" - kubectl -n test-network port-forward svc/org1-peer1 7051:7051 & - print "Deploying chaincode" ./network chaincode deploy - - print "Extracting certificates" - kubectl \ - -n test-network \ - exec deploy/org1-peer1 \ - -c main \ - -- tar zcf - -C /var/hyperledger/fabric organizations/peerOrganizations/org1.example.com \ - | tar zxvf - -C ../test-network-k8s/build/ } function stopNetwork() { - pkill -f "port-forward" - print "Stopping network" ./network down - - print "Cleaning client certificates" - rm -rf ../test-network-k8s/build/ } # Set up the suite with a KIND cluster @@ -122,8 +106,7 @@ print "Running rest-easy test" ( ./network rest-easy \ && sleep 5 \ && export SAMPLE_APIKEY='97834158-3224-4CE7-95F9-A148C886653E' \ - && curl -s --header "X-Api-Key: ${SAMPLE_APIKEY}" "http://localhost/api/assets/asset1" | jq \ - && curl -s --insecure --header "X-Api-Key: ${SAMPLE_APIKEY}" "https://localhost/api/assets/asset1" | jq ) + && curl -s --header "X-Api-Key: ${SAMPLE_APIKEY}" "http://fabric-rest-sample.vcap.me/api/assets/asset1" | jq ) print "OK" stopNetwork diff --git a/test-network-k8s/kube/fabric-rest-sample.yaml b/test-network-k8s/kube/fabric-rest-sample.yaml index b8803101..32be0f0a 100644 --- a/test-network-k8s/kube/fabric-rest-sample.yaml +++ b/test-network-k8s/kube/fabric-rest-sample.yaml @@ -236,23 +236,26 @@ spec: selector: app: fabric-rest-sample - --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: + annotations: + nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s + labels: + app: fabric-rest-sample name: fabric-rest-sample -# annotations: -# nginx.ingress.kubernetes.io/rewrite-target: /$1 spec: + ingressClassName: nginx rules: - - http: + - host: fabric-rest-sample.${DOMAIN} + http: paths: -# - path: "/fabric-rest-sample/(.*)" - - path: "/" - pathType: Prefix - backend: + - backend: service: name: fabric-rest-sample port: - number: 3000 + name: http + path: / + pathType: ImplementationSpecific + diff --git a/test-network-k8s/network b/test-network-k8s/network index c5d49691..955aef67 100755 --- a/test-network-k8s/network +++ b/test-network-k8s/network @@ -6,19 +6,13 @@ # set -o errexit -# todo: better handling for input parameters. +# todo: better handling for input parameters. Argbash? # todo: skip storage volume init if deploying to a remote / cloud cluster (ICP IKS ROKS etc...) # todo: for logging, set up a stack and allow multi-line status output codes -# todo: refactor - lots of for-org-in-0-to-2-... -# todo: find a better technique for passing input commands to a remote kube exec -# todo: register tls csr.hosts w/ kube DNS domain .NS.svc.cluster.local # todo: user:pass auth for tls and ecert bootstrap admins. here and in the server-config.yaml -# todo: set tls.certfiles= ... arg in deployment env / yaml # todo: refactor chaincode install to support other chaincode routines -# todo: consider using templates for boilerplate network nodes (orderers, peers, ...) # todo: allow the user to specify the chaincode name (hardcoded as 'basic') both in install and invoke/query # todo: track down a nasty bug whereby the CA service endpoints (kube services) will occasionally reject TCP connections after network down/up. This is patched by introducing a 10s sleep after the deployments are up... -# todo: refactor query/invoke to specify chaincode name (-n param) export CONTAINER_CLI=${CONTAINER_CLI:-docker} export FABRIC_VERSION=${TEST_NETWORK_FABRIC_VERSION:-2.4.3} @@ -75,8 +69,6 @@ function print_help() { log "Debug log file \t\t: ${DEBUG_FILE}" log - - echo todo: help output, parse mode, flags, env, etc. } diff --git a/test-network-k8s/scripts/chaincode.sh b/test-network-k8s/scripts/chaincode.sh index 5eee57e7..e1275609 100755 --- a/test-network-k8s/scripts/chaincode.sh +++ b/test-network-k8s/scripts/chaincode.sh @@ -22,37 +22,23 @@ function package_chaincode_for() { pop_fn } -# Copy the chaincode archive from the local host to the org admin -function transfer_chaincode_archive_for() { - local org=$1 - local cc_archive="build/chaincode/${CHAINCODE_NAME}.tgz" - push_fn "Transferring chaincode archive to ${org}" - - # Like kubectl cp, but targeted to a deployment rather than an individual pod. - tar cf - ${cc_archive} | kubectl -n $NS exec -i deploy/${org}-admin-cli -c main -- tar xvf - - - pop_fn -} - function install_chaincode_for() { local org=$1 local peer=$2 - push_fn "Installing chaincode for org ${org} peer ${peer}" + push_fn "Installing chaincode for org ${org} peer ${peer}" - # Install the chaincode - echo 'set -x - export CORE_PEER_ADDRESS='${org}'-'${peer}':7051 - peer lifecycle chaincode install build/chaincode/'${CHAINCODE_NAME}'.tgz - ' | exec kubectl -n $NS exec deploy/${org}-admin-cli -c main -i -- /bin/bash + export_peer_context $org $peer + + peer lifecycle chaincode install build/chaincode/${CHAINCODE_NAME}.tgz pop_fn } function launch_chaincode_service() { local org=$1 - local cc_id=$2 - local cc_image=$3 - local peer=$4 + local peer=$2 + local cc_id=$3 + local cc_image=$4 push_fn "Launching chaincode container \"${cc_image}\"" # The chaincode endpoint needs to have the generated chaincode ID available in the environment. @@ -72,76 +58,72 @@ function launch_chaincode_service() { function activate_chaincode_for() { local org=$1 - local cc_id=$2 - push_fn "Activating chaincode ${CHAINCODE_ID}" + local peer=$2 + local cc_id=$3 + push_fn "Activating $org chaincode ${CHAINCODE_ID}" + + export_peer_context $org $peer - echo 'set -x - export CORE_PEER_ADDRESS='${org}'-peer1:7051 - peer lifecycle \ chaincode approveformyorg \ - --channelID '${CHANNEL_NAME}' \ - --name '${CHAINCODE_NAME}' \ - --version 1 \ - --package-id '${cc_id}' \ - --sequence 1 \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem - + --channelID ${CHANNEL_NAME} \ + --name ${CHAINCODE_NAME} \ + --version 1 \ + --package-id ${cc_id} \ + --sequence 1 \ + --orderer org0-orderer1.${DOMAIN}:443 \ + --tls --cafile ${TEMP_DIR}/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem + peer lifecycle \ chaincode commit \ - --channelID '${CHANNEL_NAME}' \ - --name '${CHAINCODE_NAME}' \ - --version 1 \ - --sequence 1 \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem - ' | exec kubectl -n $NS exec deploy/${org}-admin-cli -c main -i -- /bin/bash + --channelID ${CHANNEL_NAME} \ + --name ${CHAINCODE_NAME} \ + --version 1 \ + --sequence 1 \ + --orderer org0-orderer1.${DOMAIN}:443 \ + --tls --cafile ${TEMP_DIR}/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem pop_fn } function query_chaincode() { set -x - # todo: mangle additional $@ parameters with bash escape quotations - echo ' - export CORE_PEER_ADDRESS=org1-peer1:7051 - peer chaincode query -n '${CHAINCODE_NAME}' -C '${CHANNEL_NAME}' -c '"'$@'"' - ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash + + export_peer_context org1 peer1 + + peer chaincode query \ + -n $CHAINCODE_NAME \ + -C $CHANNEL_NAME \ + -c $@ } function query_chaincode_metadata() { set -x local args='{"Args":["org.hyperledger.fabric:GetMetadata"]}' - # todo: mangle additional $@ parameters with bash escape quotations + + log '' log 'Org1-Peer1:' - echo ' - export CORE_PEER_ADDRESS=org1-peer1:7051 - peer chaincode query -n '${CHAINCODE_NAME}' -C '${CHANNEL_NAME}' -c '"'$args'"' - ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash + export_peer_context org1 peer1 + peer chaincode query -n $CHAINCODE_NAME -C $CHANNEL_NAME -c $args log '' log 'Org1-Peer2:' - echo ' - export CORE_PEER_ADDRESS=org1-peer2:7051 - peer chaincode query -n '${CHAINCODE_NAME}' -C '${CHANNEL_NAME}' -c '"'$args'"' - ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash - + export_peer_context org1 peer2 + peer chaincode query -n $CHAINCODE_NAME -C $CHANNEL_NAME -c $args } function invoke_chaincode() { # set -x # todo: mangle additional $@ parameters with bash escape quotations - echo ' - export CORE_PEER_ADDRESS=org1-peer1:7051 - peer chaincode \ - invoke \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem \ - -n '${CHAINCODE_NAME}' \ - -C '${CHANNEL_NAME}' \ - -c '"'$@'"' - ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash + + export_peer_context org1 peer1 + + peer chaincode invoke \ + -n $CHAINCODE_NAME \ + -C $CHANNEL_NAME \ + -c $@ \ + --orderer org0-orderer1.${DOMAIN}:443 \ + --tls --cafile ${TEMP_DIR}/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem sleep 2 } @@ -162,7 +144,7 @@ function install_chaincode() { local org=org1 package_chaincode_for ${org} - transfer_chaincode_archive_for ${org} + install_chaincode_for ${org} peer1 install_chaincode_for ${org} peer2 @@ -174,7 +156,11 @@ function activate_chaincode() { set -x set_chaincode_id - activate_chaincode_for org1 $CHAINCODE_ID + activate_chaincode_for org1 peer1 $CHAINCODE_ID + + # jdk: does activation on a single peer apply to all peers in the org? This is an error: +# activate_chaincode_for org1 peer1 $CHAINCODE_ID + } # Install, launch, and activate the chaincode @@ -182,8 +168,8 @@ function deploy_chaincode() { set -x install_chaincode - launch_chaincode_service org1 $CHAINCODE_ID $CHAINCODE_IMAGE peer1 - launch_chaincode_service org1 $CHAINCODE_ID $CHAINCODE_IMAGE peer2 + launch_chaincode_service org1 peer1 $CHAINCODE_ID $CHAINCODE_IMAGE + launch_chaincode_service org1 peer2 $CHAINCODE_ID $CHAINCODE_IMAGE activate_chaincode } diff --git a/test-network-k8s/scripts/channel.sh b/test-network-k8s/scripts/channel.sh index f7efc528..d5d4e7c9 100644 --- a/test-network-k8s/scripts/channel.sh +++ b/test-network-k8s/scripts/channel.sh @@ -45,12 +45,12 @@ function register_org_admin() { export FABRIC_CA_CLIENT_TLS_CERTFILES=/var/hyperledger/fabric/config/tls/ca.crt fabric-ca-client register \ - --id.name ${id_name} \ + --id.name ${id_name} \ --id.secret ${id_secret} \ - --id.type ${type} \ - --url https://${ca_name} \ - --mspdir /var/hyperledger/fabric-ca-client/${ca_name}/rcaadmin/msp \ - --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" + --id.type ${type} \ + --url https://${ca_name} \ + --mspdir /var/hyperledger/fabric-ca-client/${ca_name}/rcaadmin/msp \ + --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" EOF } @@ -104,7 +104,6 @@ function enroll_org_admin() { --url ${CA_URL} \ --tls.certfiles ${CA_DIR}/tls-cert.pem - # Construct an msp config.yaml CA_CERT_NAME=${CA_NAME}-$(echo $DOMAIN | tr -s . -)-${CA_PORT}.pem @@ -204,9 +203,9 @@ function create_genesis_block() { FABRIC_CFG_PATH=${PWD}/config/org0 \ configtxgen \ - -profile TwoOrgsApplicationGenesis \ - -channelID $CHANNEL_NAME \ - -outputBlock ${TEMP_DIR}/genesis_block.pb + -profile TwoOrgsApplicationGenesis \ + -channelID $CHANNEL_NAME \ + -outputBlock ${TEMP_DIR}/genesis_block.pb # configtxgen -inspectBlock ${TEMP_DIR}/genesis_block.pb @@ -235,11 +234,11 @@ function join_channel_orderer() { # of identity than the Docker Compose network, which transmits the orderer node's TLS key pair directly osnadmin channel join \ --orderer-address ${org}-${orderer}-admin.${DOMAIN} \ - --ca-file ${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/tls/signcerts/tls-cert.pem \ - --client-cert ${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp/signcerts/cert.pem \ - --client-key ${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp/keystore/key.pem \ - --channelID ${CHANNEL_NAME} \ - --config-block ${TEMP_DIR}/genesis_block.pb + --ca-file ${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/tls/signcerts/tls-cert.pem \ + --client-cert ${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp/signcerts/cert.pem \ + --client-key ${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp/keystore/key.pem \ + --channelID ${CHANNEL_NAME} \ + --config-block ${TEMP_DIR}/genesis_block.pb } function join_channel_peers() { @@ -251,8 +250,6 @@ function join_org_peers() { local org=$1 push_fn "Joining ${org} peers to channel ${CHANNEL_NAME}" - # fetch the genesis block from an orderer. (do we need to do this? It's available locally...) - # Join peers to channel join_channel_peer $org peer1 join_channel_peer $org peer2 @@ -264,13 +261,11 @@ function join_channel_peer() { local org=$1 local peer=$2 - FABRIC_CFG_PATH=${PWD}/config/${org} \ - CORE_PEER_ADDRESS=${org}-${peer}.${DOMAIN}:443 \ - CORE_PEER_MSPCONFIGPATH=${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp \ - CORE_PEER_TLS_ROOTCERT_FILE=${TEMP_DIR}/channel-msp/peerOrganizations/${org}/msp/tlscacerts/tlsca-signcert.pem \ - peer channel join \ - --blockpath ${TEMP_DIR}/genesis_block.pb \ - --orderer org0-orderer1.${DOMAIN} \ - --tls \ - --cafile ${TEMP_DIR}/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem + export_peer_context $org $peer + + peer channel join \ + --blockpath ${TEMP_DIR}/genesis_block.pb \ + --orderer org0-orderer1.${DOMAIN} \ + --tls \ + --cafile ${TEMP_DIR}/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem } diff --git a/test-network-k8s/scripts/fabric_CAs.sh b/test-network-k8s/scripts/fabric_CAs.sh index 20807cfc..fd31b555 100755 --- a/test-network-k8s/scripts/fabric_CAs.sh +++ b/test-network-k8s/scripts/fabric_CAs.sh @@ -17,7 +17,7 @@ function launch_ECert_CAs() { kubectl -n $NS rollout status deploy/org2-ca # todo: this papers over a nasty bug whereby the CAs are ready, but sporadically refuse connections after a down / up - # sleep 10 + sleep 5 pop_fn } diff --git a/test-network-k8s/scripts/old_channel.sh b/test-network-k8s/scripts/old_channel.sh deleted file mode 100755 index 8657a60a..00000000 --- a/test-network-k8s/scripts/old_channel.sh +++ /dev/null @@ -1,186 +0,0 @@ -#!/bin/bash -# -# Copyright IBM Corp All Rights Reserved -# -# SPDX-License-Identifier: Apache-2.0 -# - -function create_channel_org_MSP() { - local org=$1 - local org_type=$2 - local ecert_ca=${org}-ca - - echo 'set -x - - mkdir -p /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/cacerts - cp \ - $FABRIC_CA_CLIENT_HOME/'${ecert_ca}'/rcaadmin/msp/cacerts/'${ecert_ca}'.pem \ - /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/cacerts - - mkdir -p /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/tlscacerts - cp \ - /var/hyperledger/fabric/config/tls/ca.crt \ - /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/tlscacerts/'${org}'-tls-ca.pem - - echo "NodeOUs: - Enable: true - ClientOUIdentifier: - Certificate: cacerts/'${ecert_ca}'.pem - OrganizationalUnitIdentifier: client - PeerOUIdentifier: - Certificate: cacerts/'${ecert_ca}'.pem - OrganizationalUnitIdentifier: peer - AdminOUIdentifier: - Certificate: cacerts/'${ecert_ca}'.pem - OrganizationalUnitIdentifier: admin - OrdererOUIdentifier: - Certificate: cacerts/'${ecert_ca}'.pem - OrganizationalUnitIdentifier: orderer "> /var/hyperledger/fabric/organizations/'${org_type}'Organizations/'${org}'.example.com/msp/config.yaml - - ' | exec kubectl -n $NS exec deploy/${ecert_ca} -i -- /bin/sh -} - -function create_channel_MSP() { - push_fn "Creating channel MSP" - - create_channel_org_MSP org0 orderer - create_channel_org_MSP org1 peer - create_channel_org_MSP org2 peer - - pop_fn -} - -function aggregate_channel_MSP() { - push_fn "Aggregating channel MSP" - - rm -rf ./build/msp/ - mkdir -p ./build/msp - - kubectl -n $NS exec deploy/org0-ca -- tar zcvf - -C /var/hyperledger/fabric organizations/ordererOrganizations/org0.example.com/msp > build/msp/msp-org0.example.com.tgz - kubectl -n $NS exec deploy/org1-ca -- tar zcvf - -C /var/hyperledger/fabric organizations/peerOrganizations/org1.example.com/msp > build/msp/msp-org1.example.com.tgz - kubectl -n $NS exec deploy/org2-ca -- tar zcvf - -C /var/hyperledger/fabric organizations/peerOrganizations/org2.example.com/msp > build/msp/msp-org2.example.com.tgz - - kubectl -n $NS delete configmap msp-config || true - kubectl -n $NS create configmap msp-config --from-file=build/msp/ - - pop_fn -} - -function create_genesis_block() { - push_fn "Creating channel \"${CHANNEL_NAME}\"" - - echo 'set -x - configtxgen -profile TwoOrgsApplicationGenesis -channelID '${CHANNEL_NAME}' -outputBlock genesis_block.pb - # configtxgen -inspectBlock genesis_block.pb - - osnadmin channel join --orderer-address org0-orderer1:9443 --channelID '${CHANNEL_NAME}' --config-block genesis_block.pb - osnadmin channel join --orderer-address org0-orderer2:9443 --channelID '${CHANNEL_NAME}' --config-block genesis_block.pb - osnadmin channel join --orderer-address org0-orderer3:9443 --channelID '${CHANNEL_NAME}' --config-block genesis_block.pb - - ' | exec kubectl -n $NS exec deploy/org0-admin-cli -i -- /bin/bash - - # todo: readiness / liveiness equivalent for channel ? Needs a little bit to settle before peers can join. - sleep 10 - - pop_fn -} - -function join_org_peers() { - local org=$1 - push_fn "Joining ${org} peers to channel \"${CHANNEL_NAME}\"" - - echo 'set -x - # Fetch the genesis block from an orderer - peer channel \ - fetch oldest \ - genesis_block.pb \ - -c '${CHANNEL_NAME}' \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem - - # Join peer1 to the channel. - CORE_PEER_ADDRESS='${org}'-peer1:7051 \ - peer channel \ - join \ - -b genesis_block.pb \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem - - # Join peer2 to the channel. - CORE_PEER_ADDRESS='${org}'-peer2:7051 \ - peer channel \ - join \ - -b genesis_block.pb \ - -o org0-orderer1:6050 \ - --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem - - ' | exec kubectl -n $NS exec deploy/${org}-admin-cli -i -- /bin/bash - - pop_fn -} - -function join_peers() { - join_org_peers org1 - join_org_peers org2 -} - -# Copy the scripts/anchor_peers.sh to a remote volume -function push_anchor_peer_script() { - local org=$1 - - tar cf - scripts/ | kubectl -n $NS exec -i -c main deploy/${org}-admin-cli -- tar xf - -C /var/hyperledger/fabric -} - -verify_result() { - if [ $1 -ne 0 ]; then - echo $2 - exit $1 - fi -} - -# Launch the anchor peer update script on a remote org admin CLI -function invoke_anchor_peer_update() { - local org_num=$1 - local peer_name=$2 - - kubectl exec \ - -n $NS \ - -c main \ - deploy/org${org_num}-admin-cli \ - -i \ - /bin/bash -c "/var/hyperledger/fabric/scripts/set_anchor_peer.sh ${org_num} ${CHANNEL_NAME} ${peer_name}" - - verify_result $? "Error updating anchor peer for org ${org_num}" -} - -# -# To update the anchor peers we will need to execute a script on each of the peer admin CLI containers. These -# commands can be individually piped into kubectl exec ... but it will be simpler if we transfer the anchor -# peer update script over to the org volume and then trigger it from kubectl. -# -function update_anchor_peers() { - local peer_name=$1 - push_fn "Updating anchor peers to ${peer_name}" - - push_anchor_peer_script org1 - push_anchor_peer_script org2 - - invoke_anchor_peer_update 1 ${peer_name} - invoke_anchor_peer_update 2 ${peer_name} - - pop_fn -} - -function channel_up() { - - create_channel_MSP - aggregate_channel_MSP - - create_genesis_block - join_peers - - # peer1 was set as the anchor peer in configtx.yaml. Setting this again will force an - # error to be returned from the channel up. We might want to render the warning in - # this case to indicate that the call was made but had a nonzero exit. - # update_anchor_peers peer1 -} \ No newline at end of file diff --git a/test-network-k8s/scripts/rest_sample.sh b/test-network-k8s/scripts/rest_sample.sh index 9888f589..c40c6b78 100755 --- a/test-network-k8s/scripts/rest_sample.sh +++ b/test-network-k8s/scripts/rest_sample.sh @@ -5,16 +5,8 @@ # SPDX-License-Identifier: Apache-2.0 # -function extract_MSP_archives() { - mkdir -p build/msp - - kubectl -n $NS exec deploy/org1-ca -- tar zcf - -C /var/hyperledger/fabric organizations/peerOrganizations/org1.example.com/msp | tar zxf - -C build/msp - kubectl -n $NS exec deploy/org2-ca -- tar zcf - -C /var/hyperledger/fabric organizations/peerOrganizations/org2.example.com/msp | tar zxf - -C build/msp - - kubectl -n $NS exec deploy/org1-ca -- tar zcf - -C /var/hyperledger/fabric organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp | tar zxf - -C build/msp - kubectl -n $NS exec deploy/org2-ca -- tar zcf - -C /var/hyperledger/fabric organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp | tar zxf - -C build/msp -} - +# This magical awk script led to 30 hours of debugging a "TLS handshake error" +# moral: do not edit / alter the number of '\' in the following transform: function one_line_pem { echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`" } @@ -32,41 +24,32 @@ function json_ccp { function construct_rest_sample_configmap() { push_fn "Constructing fabric-rest-sample connection profiles" - extract_MSP_archives + ENROLLMENT_DIR=${TEMP_DIR}/enrollments + CHANNEL_MSP_DIR=${TEMP_DIR}/channel-msp + CONFIG_DIR=${TEMP_DIR}/fabric-rest-sample-config - mkdir -p build/fabric-rest-sample-config - - local peer_pem=build/msp/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/org1-tls-ca.pem - local ca_pem=build/msp/organizations/peerOrganizations/org1.example.com/msp/cacerts/org1-ca.pem + mkdir -p $CONFIG_DIR + local peer_pem=$CHANNEL_MSP_DIR/peerOrganizations/org1/msp/tlscacerts/tlsca-signcert.pem + local ca_pem=$CHANNEL_MSP_DIR/peerOrganizations/org1/msp/cacerts/ca-signcert.pem echo "$(json_ccp 1 $peer_pem $ca_pem)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG1 - - peer_pem=build/msp/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/org2-tls-ca.pem - ca_pem=build/msp/organizations/peerOrganizations/org2.example.com/msp/cacerts/org2-ca.pem + peer_pem=$CHANNEL_MSP_DIR/peerOrganizations/org2/msp/tlscacerts/tlsca-signcert.pem + ca_pem=$CHANNEL_MSP_DIR/peerOrganizations/org2/msp/cacerts/ca-signcert.pem echo "$(json_ccp 2 $peer_pem $ca_pem)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG2 - - cat build/msp/organizations/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/signcerts/cert.pem > build/fabric-rest-sample-config/HLF_CERTIFICATE_ORG1 - cat build/msp/organizations/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/signcerts/cert.pem > build/fabric-rest-sample-config/HLF_CERTIFICATE_ORG2 - cat build/msp/organizations/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/keystore/server.key > build/fabric-rest-sample-config/HLF_PRIVATE_KEY_ORG1 - cat build/msp/organizations/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/keystore/server.key > build/fabric-rest-sample-config/HLF_PRIVATE_KEY_ORG2 + cp $ENROLLMENT_DIR/org1/users/org1admin/msp/signcerts/cert.pem $CONFIG_DIR/HLF_CERTIFICATE_ORG1 + cp $ENROLLMENT_DIR/org2/users/org2admin/msp/signcerts/cert.pem $CONFIG_DIR/HLF_CERTIFICATE_ORG2 + + cp $ENROLLMENT_DIR/org1/users/org1admin/msp/keystore/key.pem $CONFIG_DIR/HLF_PRIVATE_KEY_ORG1 + cp $ENROLLMENT_DIR/org2/users/org2admin/msp/keystore/key.pem $CONFIG_DIR/HLF_PRIVATE_KEY_ORG2 kubectl -n $NS delete configmap fabric-rest-sample-config || true - kubectl -n $NS create configmap fabric-rest-sample-config --from-file=build/fabric-rest-sample-config/ + kubectl -n $NS create configmap fabric-rest-sample-config --from-file=$CONFIG_DIR pop_fn } -# todo: Make sure to port this to IKS / ICP -function ensure_rest_sample_image() { - push_fn "Ensuring fabric-rest-sample image" - - # todo: apply a tag / label to avoid pulling :latest from ghcr.io - - pop_fn 0 -} - function rollout_rest_sample() { push_fn "Starting fabric-rest-sample" @@ -77,15 +60,19 @@ function rollout_rest_sample() { } function launch_rest_sample() { - ensure_rest_sample_image + construct_rest_sample_configmap - rollout_rest_sample + + apply_template kube/fabric-rest-sample.yaml + + kubectl -n $NS rollout status deploy/fabric-rest-sample log "" - log "The fabric-rest-sample has started. See https://github.com/hyperledger/fabric-samples/tree/main/asset-transfer-basic/rest-api-typescript for additional usage." + log "The fabric-rest-sample has started." + log "See https://github.com/hyperledger/fabric-samples/tree/main/asset-transfer-basic/rest-api-typescript for additional usage details." log "To access the endpoint:" log "" log "export SAMPLE_APIKEY=97834158-3224-4CE7-95F9-A148C886653E" - log 'curl -s --header "X-Api-Key: ${SAMPLE_APIKEY}" http://localhost/api/assets' + log 'curl -s --header "X-Api-Key: ${SAMPLE_APIKEY}" http://fabric-rest-sample.'${DOMAIN}'/api/assets' log "" } \ No newline at end of file diff --git a/test-network-k8s/scripts/utils.sh b/test-network-k8s/scripts/utils.sh index 0c5c1d04..0b97c07d 100644 --- a/test-network-k8s/scripts/utils.sh +++ b/test-network-k8s/scripts/utils.sh @@ -84,3 +84,20 @@ function apply_template() { cat $1 | envsubst | kubectl -n $NS apply -f - } +# Set the calling context to refer the peer binary to the correct org / peer instance +# +# todo: Expose the output of this function to a target that prints the context to STDOUT. +# +# e.g.: +# bash $ source $(network set-peer-context org1 peer2) +# bash $ peer chaincode list +# bash $ ... +function export_peer_context() { + local org=$1 + local peer=$2 + + export FABRIC_CFG_PATH=${PWD}/config/${org} + export CORE_PEER_ADDRESS=${org}-${peer}.${DOMAIN}:443 + export CORE_PEER_MSPCONFIGPATH=${TEMP_DIR}/enrollments/${org}/users/${org}admin/msp + export CORE_PEER_TLS_ROOTCERT_FILE=${TEMP_DIR}/channel-msp/peerOrganizations/${org}/msp/tlscacerts/tlsca-signcert.pem +}