epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 07:25:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

FAB-17243 Add support for Fabric CA for Org3 on the (#91)

Browse source 
test network.

Signed-off-by: NIKHIL E GUPTA <negupta@us.ibm.com>
This commit is contained in:
nikhil550 2020-01-16 16:32:12 -05:00 committed by Arnaud J Le Hors
parent ce41ff7733
commit b3b526728f
17 changed files with 943 additions and 234 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
test-network/README.md
View file

@ -1,50 +1,5 @@
## Running the test network
Use the `./network.sh` script to stand up a simple Fabric test network. The
network has two peer peer organizations with one peer each and a single node
raft ordering service. You can also use the script to create channels, and deploy
the fabcar chaincode on those channels. The test network is being introduced in
Fabric v2.0 as the long term replacement for the `first-network` sample.
You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy the fabcar chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample.
Before you can deploy the test network, you need follow the instructions to
[Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. You may experience problems if you run the
sample using a local build.
For more information, see `./network.sh -help`
```
Usage:
network.sh <Mode> [Flags]
<Mode>
- 'up' - bring up fabric orderer and peer nodes. No channel is created
- 'up createChannel' - bring up fabric network with one channel
- 'createChannel' - create and join a channel after the network is created
- 'deployCC' - deploy the fabcar chaincode on the channel
- 'down' - clear the network with docker-compose down
- 'restart' - restart the network
Flags:
-ca <use CAs> - create Certificate Authorities to generate the crypto material
-c <channel name> - channel name to use (defaults to "mychannel")
-s <dbtype> - the database backend to use: goleveldb (default) or couchdb
-r <max retry> - CLI times out after certain number of attempts (defaults to 5)
-d <delay> - delay duration in seconds (defaults to 3)
-l <language> - the programming language of the chaincode to deploy: go (default), javascript, or java
-v <version> - chaincode version. Must be a round number, 1, 2, 3, etc
-i <imagetag> - the tag to be used to launch the network (defaults to "latest")
-verbose - verbose mode
network.sh -h (print this message)
Possible Mode and flags
network.sh up -ca -c -r -d -s -i -verbose
network.sh up createChannel -ca -c -r -d -s -i -verbose
network.sh createChannel -c -r -d -verbose
network.sh deployCC -l -v -r -d -verbose
Taking all defaults:
network.sh up
Examples:
network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0
network.sh createChannel -c channelName
network.sh deployCC -l node
```
Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation.

28
test-network/addOrg3/README.md Normal file
View file

@ -0,0 +1,28 @@
## Adding Org3 to the test network
You can use the `addOrg3.sh` script to add another organization to the Fabric test network. The `addOrg3.sh` script generates the Org3 crypto material, creates an Org3 organization definition, and adds Org3 to a channel on the test network.
You first need to run `./network.sh up createChannel` in the `test-network` directory before you can run the `addOrg3.sh` script.
```
./network.sh up createChannel
cd addOrg3
./addOrg3.sh up
```
If you used `network.sh` to create a channel other than the default `mychannel`, you need pass that name to the `addorg3.sh` script.
```
./network.sh up createChannel -c channel1
cd addOrg3
./addOrg3.sh up -c channel1
```
You can also re-run the `addOrg3.sh` script to add Org3 to additional channels.
```
cd ..
./network.sh createChannel -c channel2
cd addOrg3
./addOrg3.sh up -c channel2
```
For more information, use `./addOrg3.sh -h` to see the `addOrg3.sh` help text.

217
test-network/addOrg3/addOrg3.sh
View file

@ -21,24 +21,24 @@ function printHelp () {
echo " addOrg3.sh up|down|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>]"
echo " addOrg3.sh -h|--help (print this message)"
echo " <mode> - one of 'up', 'down', or 'generate'"
echo " - 'up' - add org3 to the sample network. You need to create a channel first."
echo " - 'down' - clear the network with docker-compose down"
echo " - 'up' - add org3 to the sample network. You need to bring up the test network and create a channel first."
echo " - 'down' - bring down the test network and org3 nodes"
echo " - 'generate' - generate required certificates and org definition"
echo " -c <channel name> - channel name to use (defaults to \"mychannel\")"
echo " -c <channel name> - test network channel name (defaults to \"mychannel\")"
echo " -ca <use CA> - Use a CA to generate the crypto material"
echo " -t <timeout> - CLI timeout duration in seconds (defaults to 10)"
echo " -d <delay> - delay duration in seconds (defaults to 3)"
echo " -f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)"
echo " -s <dbtype> - the database backend to use: goleveldb (default) or couchdb"
echo " -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")"
echo " -v - verbose mode"
echo " -verbose - verbose mode"
echo
echo "Typically, one would first generate the required certificates and "
echo "genesis block, then bring up the network. e.g.:"
echo
echo " addOrg3.sh generate"
echo " addOrg3.sh up"
echo " addOrg3.sh up -c mychannel -s couchdb"
echo " addOrg3.sh up -l node"
echo " addOrg3.sh down -c mychannel"
echo " addOrg3.sh down"
echo
echo "Taking all defaults:"
echo " addOrg3.sh up"
@ -49,27 +49,76 @@ function printHelp () {
# (x509 certs) for the new org. After we run the tool, the certs will
# be put in the organizations folder with org1 and org2
# Generates Org3 certs using cryptogen tool
function generateOrg3 (){
which cryptogen
if [ "$?" -ne 0 ]; then
echo "cryptogen tool not found. exiting"
exit 1
fi
echo
echo "###############################################################"
echo "##### Generate Org3 certificates using cryptogen tool #########"
echo "###############################################################"
# Create Organziation crypto material using cryptogen or CAs
function generateOrg3() {
# Create crypto material using cryptogen
if [ "$CRYPTO" == "cryptogen" ]; then
which cryptogen
if [ "$?" -ne 0 ]; then
echo "cryptogen tool not found. exiting"
exit 1
fi
echo
echo "##########################################################"
echo "##### Generate certificates using cryptogen tool #########"
echo "##########################################################"
echo
echo "##########################################################"
echo "############ Create Org1 Identities ######################"
echo "##########################################################"
set -x
cryptogen generate --config=org3-crypto.yaml --output="../organizations"
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate certificates..."
exit 1
fi
fi
# Create crypto material using Fabric CAs
if [ "$CRYPTO" == "Certificate Authorities" ]; then
fabric-ca-client version > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Fabric CA client not found locally, downloading..."
cd ../..
curl -s -L "https://github.com/hyperledger/fabric-ca/releases/download/v1.4.4/hyperledger-fabric-ca-${OS_ARCH}-1.4.4.tar.gz" | tar xz || rc=$?
if [ -n "$rc" ]; then
echo "==> There was an error downloading the binary file."
echo "fabric-ca-client binary is not available to download"
else
echo "==> Done."
cd test-network/addOrg3/
fi
fi
echo
echo "##########################################################"
echo "##### Generate certificates using Fabric CA's ############"
echo "##########################################################"
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_CA_ORG3 up -d 2>&1
. fabric-ca/registerEnroll.sh
sleep 10
echo "##########################################################"
echo "############ Create Org1 Identities ######################"
echo "##########################################################"
createOrg3
fi
set -x
cryptogen generate --config=org3-crypto.yaml --output="../organizations"
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate certificates..."
exit 1
fi
echo
echo "Generate CCP files for Org3"
./ccp-generate.sh
}
# Generate channel configuration transaction
@ -80,7 +129,7 @@ function generateOrg3Definition() {
exit 1
fi
echo "##########################################################"
echo "######### Generating Org3 config material ###############"
echo "####### Generating Org3 organization definition #########"
echo "##########################################################"
export FABRIC_CFG_PATH=$PWD
set -x
@ -94,24 +143,40 @@ function generateOrg3Definition() {
echo
}
function Org3Up () {
# start org3 nodes
if [ "${DATABASE}" == "couchdb" ]; then
IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1
fi
if [ $? -ne 0 ]; then
echo "ERROR !!!! Unable to start Org3 network"
exit 1
fi
}
# Generate the needed certificates, the genesis block and start the network.
function networkUp () {
function addOrg3 () {
# If the test network is not up, abort
if [ ! -d ../organizations/ordererOrganizations ]; then
echo
echo "ERROR: Please, run ./network.sh up createChannel first."
echo
exit 1
fi
# generate artifacts if they don't exist
if [ ! -d "../organizations/peerOrganizations/org3.example.com" ]; then
generateOrg3
generateOrg3Definition
fi
# start org3 peers
if [ "${DATABASE}" == "couchdb" ]; then
IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1
fi
if [ $? -ne 0 ]; then
echo "ERROR !!!! Unable to start Org3 network"
exit 1
CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-tools/) {print $1}')
if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then
echo "Bringing up network"
Org3Up
fi
# Use the CLI container to create the configuration transaction needed to add
@ -143,23 +208,18 @@ function networkDown () {
cd ..
./network.sh down
}
# If the test network is not up, abort
if [ ! -d ../organizations/peerOrganizations ]; then
echo
echo "ERROR: Please, run network.sh first."
echo
exit 1
fi
# Obtain the OS and Architecture string that will be used to select the correct
# native binaries for your platform
OS_ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}')
# timeout duration - the duration the CLI should wait for a response from
# another container before giving up
# Using crpto vs CA. default is cryptogen
CRYPTO="cryptogen"
CLI_TIMEOUT=10
#default for delay
CLI_DELAY=3
@ -169,6 +229,8 @@ CHANNEL_NAME="mychannel"
COMPOSE_FILE_COUCH_ORG3=docker/docker-compose-couch-org3.yaml
# use this as the default docker-compose yaml definition
COMPOSE_FILE_ORG3=docker/docker-compose-org3.yaml
# certificate authorities compose file
COMPOSE_FILE_CA_ORG3=docker/docker-compose-ca-org3.yaml
# default image tag
IMAGETAG="latest"
# database
@ -176,32 +238,63 @@ DATABASE="leveldb"
# Parse commandline args
MODE=$1;
shift
## Parse mode
if [[ $# -lt 1 ]] ; then
printHelp
exit 0
else
MODE=$1
shift
fi
while getopts "h?c:t:d:f:s:l:i:v" opt; do
case "$opt" in
h|\?)
printHelp
exit 0
# parse flags
while [[ $# -ge 1 ]] ; do
key="$1"
case $key in
-h )
printHelp
exit 0
;;
c) CHANNEL_NAME=$OPTARG
-c )
CHANNEL_NAME="$2"
shift
;;
t) CLI_TIMEOUT=$OPTARG
-ca )
CRYPTO="Certificate Authorities"
;;
d) CLI_DELAY=$OPTARG
-t )
CLI_TIMEOUT="$2"
shift
;;
f) COMPOSE_FILE=$OPTARG
-d )
CLI_DELAY="$2"
shift
;;
s) DATABASE=$OPTARG
-s )
DATABASE="$2"
shift
;;
i) IMAGETAG=$OPTARG
-i )
IMAGETAG=$(go env GOARCH)"-""$2"
shift
;;
v) VERBOSE=true
-verbose )
VERBOSE=true
shift
;;
* )
echo
echo "Unknown flag: $key"
echo
printHelp
exit 1
;;
esac
shift
done
# Determine whether starting, stopping, restarting or generating for announce
if [ "$MODE" == "up" ]; then
echo "Add Org3 to channel '${CHANNEL_NAME}' with '${CLI_TIMEOUT}' seconds and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE}'"
@ -217,7 +310,7 @@ fi
#Create the network using docker compose
if [ "${MODE}" == "up" ]; then
networkUp
addOrg3
elif [ "${MODE}" == "down" ]; then ## Clear the network
networkDown
elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts

36
test-network/addOrg3/ccp-generate.sh Executable file
View file

@ -0,0 +1,36 @@
#!/bin/bash
function one_line_pem {
echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`"
}
function json_ccp {
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
ccp-template.json
}
function yaml_ccp {
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g'
}
ORG=3
P0PORT=11051
CAPORT=11054
PEERPEM=../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
CAPEM=../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml

49
test-network/addOrg3/ccp-template.json Normal file
View file

@ -0,0 +1,49 @@
{
"name": "first-network-org${ORG}",
"version": "1.0.0",
"client": {
"organization": "Org${ORG}",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"Org${ORG}": {
"mspid": "Org${ORG}MSP",
"peers": [
"peer0.org${ORG}.example.com"
],
"certificateAuthorities": [
"ca.org${ORG}.example.com"
]
}
},
"peers": {
"peer0.org${ORG}.example.com": {
"url": "grpcs://localhost:${P0PORT}",
"tlsCACerts": {
"pem": "${PEERPEM}"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org${ORG}.example.com",
"hostnameOverride": "peer0.org${ORG}.example.com"
}
}
},
"certificateAuthorities": {
"ca.org${ORG}.example.com": {
"url": "https://localhost:${CAPORT}",
"caName": "ca-org${ORG}",
"tlsCACerts": {
"pem": "${CAPEM}"
},
"httpOptions": {
"verify": false
}
}
}
}

34
test-network/addOrg3/ccp-template.yaml Normal file
View file

@ -0,0 +1,34 @@
---
name: first-network-org${ORG}
version: 1.0.0
client:
organization: Org${ORG}
connection:
timeout:
peer:
endorser: '300'
organizations:
Org${ORG}:
mspid: Org${ORG}MSP
peers:
- peer0.org${ORG}.example.com
certificateAuthorities:
- ca.org${ORG}.example.com
peers:
peer0.org${ORG}.example.com:
url: grpcs://localhost:${P0PORT}
tlsCACerts:
pem: |
${PEERPEM}
grpcOptions:
ssl-target-name-override: peer0.org${ORG}.example.com
hostnameOverride: peer0.org${ORG}.example.com
certificateAuthorities:
ca.org${ORG}.example.com:
url: https://localhost:${CAPORT}
caName: ca-org${ORG}
tlsCACerts:
pem: |
${CAPEM}
httpOptions:
verify: false

22
test-network/addOrg3/docker/docker-compose-ca-org3.yaml Normal file
View file

@ -0,0 +1,22 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
ca_org3:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org3
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:11054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
container_name: ca_org3

406
test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml Normal file
View file

@ -0,0 +1,406 @@
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 11054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name: Org3CA
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
org1:
- department1
- department2
org2:
- department1
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: ca.org3.example.com
names:
- C: US
ST: "North Carolina"
L: "Raleigh"
O: org3.example.com
OU:
hosts:
- localhost
- org3.example.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount <number-of-CAs>
# Automatically generate <number-of-CAs> non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles <CA-config-files>
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

108
test-network/addOrg3/fabric-ca/registerEnroll.sh Normal file
View file

@ -0,0 +1,108 @@
function createOrg3 {
echo
echo "Enroll the CA admin"
echo
mkdir -p ../organizations/peerOrganizations/org3.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/../organizations/peerOrganizations/org3.example.com/
# rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
# rm -rf $FABRIC_CA_CLIENT_HOME/msp
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:11054 --caname ca-org3 --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml
echo
echo "Register peer0"
echo
set -x
fabric-ca-client register --caname ca-org3 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
echo
echo "Register user"
echo
set -x
fabric-ca-client register --caname ca-org3 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
echo
echo "Register the org admin"
echo
set -x
fabric-ca-client register --caname ca-org3 --id.name org3admin --id.secret org3adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
mkdir -p ../organizations/peerOrganizations/org3.example.com/peers
mkdir -p ../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com
echo
echo "## Generate the peer0 msp"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --csr.hosts peer0.org3.example.com --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml
echo
echo "## Generate the peer0-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/signcerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/keystore/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts/ca.crt
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/ca
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/cacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
mkdir -p ../organizations/peerOrganizations/org3.example.com/users
mkdir -p ../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com
echo
echo "## Generate the user msp"
echo
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
mkdir -p ../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com
echo
echo "## Generate the org admin msp"
echo
set -x
fabric-ca-client enroll -u https://org3admin:org3adminpw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml
}

6
test-network/docker/docker-compose-ca.yaml
View file

@ -7,7 +7,7 @@ version: '2'
services:
ca0:
ca_org1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
@ -21,7 +21,7 @@ services:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
container_name: ca_org1
ca1:
ca_org2:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
@ -35,7 +35,7 @@ services:
- ../organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server
container_name: ca_org2
ca2:
ca_orderer:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server

19
test-network/network.sh
View file

@ -50,9 +50,9 @@ function printHelp() {
echo " network.sh up"
echo
echo " Examples:"
echo " network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0"
echo " network.sh up createChannel -ca -c mychannel -s couchdb -i 2.0.0-beta"
echo " network.sh createChannel -c channelName"
echo " network.sh deployCC -l node"
echo " network.sh deployCC -l javascript"
}
# Obtain CONTAINER_IDS and remove them
@ -350,8 +350,7 @@ function createChannel() {
## Bring up the network if it is not arleady up.
CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-peer/) {print $1}')
if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then
if [ ! -d "organizations/peerOrganizations" ]; then
echo "Bringing up network"
networkUp
fi
@ -371,14 +370,6 @@ function createChannel() {
## Call the script to isntall and instantiate a chaincode on the channel
function deployCC() {
if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then
echo Vendoring Go dependencies ...
pushd ../chaincode/fabcar/go
GO111MODULE=on go mod vendor
popd
echo Finished vendoring Go dependencies
fi
scripts/deployCC.sh $CHANNEL_NAME $CC_RUNTIME_LANGUAGE $VERSION $CLI_DELAY $MAX_RETRY $VERBOSE
if [ $? -ne 0 ]; then
@ -410,6 +401,9 @@ function networkDown() {
rm -rf organizations/fabric-ca/org1/msp organizations/fabric-ca/org1/tls-cert.pem organizations/fabric-ca/org1/ca-cert.pem organizations/fabric-ca/org1/IssuerPublicKey organizations/fabric-ca/org1/IssuerRevocationPublicKey organizations/fabric-ca/org1/fabric-ca-server.db
rm -rf organizations/fabric-ca/org2/msp organizations/fabric-ca/org2/tls-cert.pem organizations/fabric-ca/org2/ca-cert.pem organizations/fabric-ca/org2/IssuerPublicKey organizations/fabric-ca/org2/IssuerRevocationPublicKey organizations/fabric-ca/org2/fabric-ca-server.db
rm -rf organizations/fabric-ca/ordererOrg/msp organizations/fabric-ca/ordererOrg/tls-cert.pem organizations/fabric-ca/ordererOrg/ca-cert.pem organizations/fabric-ca/ordererOrg/IssuerPublicKey organizations/fabric-ca/ordererOrg/IssuerRevocationPublicKey organizations/fabric-ca/ordererOrg/fabric-ca-server.db
rm -rf addOrg3/fabric-ca/org3/msp addOrg3/fabric-ca/org3/tls-cert.pem addOrg3/fabric-ca/org3/ca-cert.pem addOrg3/fabric-ca/org3/IssuerPublicKey addOrg3/fabric-ca/org3/IssuerRevocationPublicKey addOrg3/fabric-ca/org3/fabric-ca-server.db
# remove channel and script artifacts
rm -rf channel-artifacts log.txt fabcar.tar.gz fabcar
@ -479,7 +473,6 @@ while [[ $# -ge 1 ]] ; do
printHelp
exit 0
;;
-c )
CHANNEL_NAME="$2"
shift

24
test-network/organizations/ccp-generate.sh
View file

@ -5,24 +5,22 @@ function one_line_pem {
}
function json_ccp {
local PP=$(one_line_pem $5)
local CP=$(one_line_pem $6)
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${P1PORT}/$3/" \
-e "s/\${CAPORT}/$4/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
organizations/ccp-template.json
}
function yaml_ccp {
local PP=$(one_line_pem $5)
local CP=$(one_line_pem $6)
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${P1PORT}/$3/" \
-e "s/\${CAPORT}/$4/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
organizations/ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g'
@ -30,20 +28,18 @@ function yaml_ccp {
ORG=1
P0PORT=7051
P1PORT=8051
CAPORT=7054
PEERPEM=organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
CAPEM=organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json
echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml
ORG=2
P0PORT=9051
P1PORT=10051
CAPORT=8054
PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml

13
test-network/organizations/ccp-template.json
View file

@ -15,8 +15,7 @@
"Org${ORG}": {
"mspid": "Org${ORG}MSP",
"peers": [
"peer0.org${ORG}.example.com",
"peer1.org${ORG}.example.com"
"peer0.org${ORG}.example.com"
],
"certificateAuthorities": [
"ca.org${ORG}.example.com"
@ -33,16 +32,6 @@
"ssl-target-name-override": "peer0.org${ORG}.example.com",
"hostnameOverride": "peer0.org${ORG}.example.com"
}
},
"peer1.org${ORG}.example.com": {
"url": "grpcs://localhost:${P1PORT}",
"tlsCACerts": {
"pem": "${PEERPEM}"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org${ORG}.example.com",
"hostnameOverride": "peer1.org${ORG}.example.com"
}
}
},
"certificateAuthorities": {

9
test-network/organizations/ccp-template.yaml
View file

@ -12,7 +12,6 @@ organizations:
mspid: Org${ORG}MSP
peers:
- peer0.org${ORG}.example.com
- peer1.org${ORG}.example.com
certificateAuthorities:
- ca.org${ORG}.example.com
peers:
@ -24,14 +23,6 @@ peers:
grpcOptions:
ssl-target-name-override: peer0.org${ORG}.example.com
hostnameOverride: peer0.org${ORG}.example.com
peer1.org${ORG}.example.com:
url: grpcs://localhost:${P1PORT}
tlsCACerts:
pem: |
${PEERPEM}
grpcOptions:
ssl-target-name-override: peer1.org${ORG}.example.com
hostnameOverride: peer1.org${ORG}.example.com
certificateAuthorities:
ca.org${ORG}.example.com:
url: https://localhost:${CAPORT}

25
test-network/scripts/createChannel.sh
View file

@ -9,7 +9,6 @@ VERBOSE="$4"
: ${DELAY:="3"}
: ${MAX_RETRY:="5"}
: ${VERBOSE:="false"}
COUNTER=1
# import utils
. scripts/envVar.sh
@ -54,8 +53,8 @@ createChannel() {
# Poll in case the raft leader is not set yet
local rc=1
if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
COUNTER=$(expr $COUNTER + 1)
local COUNTER=1
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
sleep $DELAY
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
set -x
@ -68,12 +67,12 @@ createChannel() {
res=$?
set +x
fi
test $res -eq 0 || let rc=1
else
COUNTER=1
fi
let rc=$res
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
verifyResult $res "Channel creation failed"
echo
echo "===================== Channel '$CHANNEL_NAME' created ===================== "
echo
}
@ -83,19 +82,17 @@ joinChannel() {
ORG=$1
setGlobals $ORG
local rc=1
local COUNTER=1
## Sometimes Join takes time, hence retry
if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
COUNTER=$(expr $COUNTER + 1)
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
sleep $DELAY
set -x
peer channel join -b ./channel-artifacts/$CHANNEL_NAME.block >&log.txt
res=$?
set +x
test $res -eq 0 || let rc=1
else
COUNTER=1
echo "peer0.org${ORG} failed to join the channel, Retry after $DELAY seconds"
fi
let rc=$res
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
echo
verifyResult $res "After $MAX_RETRY attempts, peer0.org${ORG} has failed to join channel '$CHANNEL_NAME' "

128
test-network/scripts/deployCC.sh
View file

@ -12,19 +12,33 @@ VERBOSE="$6"
: ${MAX_RETRY:="5"}
: ${VERBOSE:="false"}
CC_RUNTIME_LANGUAGE=`echo "$CC_RUNTIME_LANGUAGE" | tr [:upper:] [:lower:]`
COUNTER=1
FABRIC_CFG_PATH=$PWD/../config/
if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then
if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ] ; then
CC_RUNTIME_LANGUAGE=golang
CC_SRC_PATH="../chaincode/fabcar/go/"
echo Vendoring Go dependencies ...
pushd ../chaincode/fabcar/go
GO111MODULE=on go mod vendor
popd
echo Finished vendoring Go dependencies
elif [ "$CC_RUNTIME_LANGUAGE" = "javascript" ]; then
CC_RUNTIME_LANGUAGE=node # chaincode runtime language is node.js
CC_SRC_PATH="../chaincode/fabcar/javascript/"
elif [ "$CC_RUNTIME_LANGUAGE" = "java" ]; then
CC_RUNTIME_LANGUAGE=java
CC_SRC_PATH="../chaincode/fabcar/java/"
CC_SRC_PATH="../chaincode/fabcar/java/build/install/fabcar"
echo Compiling Java code ...
pushd ../chaincode/fabcar/java
./gradlew installDist
popd
echo Finished compiling Java code
else
echo The chaincode language ${CC_RUNTIME_LANGUAGE} is not supported by this script
echo Supported chaincode languages are: go, javascript, java
@ -83,7 +97,7 @@ approveForMyOrg() {
ORG=$1
setGlobals $ORG
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then
set -x
peer lifecycle chaincode approveformyorg -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar --version ${VERSION} --init-required --package-id ${PACKAGE_ID} --sequence ${VERSION} --waitForEvent >&log.txt
set +x
@ -98,6 +112,42 @@ approveForMyOrg() {
echo
}
# checkCommitReadiness VERSION PEER ORG
checkCommitReadiness() {
ORG=$1
shift 1
setGlobals $ORG
echo "===================== Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
sleep $DELAY
echo "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG} secs"
set -x
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --output json --init-required >&log.txt
res=$?
set +x
#test $res -eq 0 || continue
let rc=0
for var in "$@"
do
grep "$var" log.txt &>/dev/null || let rc=1
done
COUNTER=$(expr $COUNTER + 1)
done
cat log.txt
if test $rc -eq 0; then
echo "===================== Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
else
echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
echo
exit 1
fi
}
# commitChaincodeDefinition VERSION PEER ORG (PEER ORG)...
commitChaincodeDefinition() {
parsePeerConnectionParameters $@
@ -107,7 +157,7 @@ commitChaincodeDefinition() {
# while 'peer chaincode' command can get the orderer endpoint from the
# peer (if join was successful), let's supply it directly as we know
# it using the "-o" option
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then
if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then
set -x
peer lifecycle chaincode commit -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt
res=$?
@ -124,43 +174,6 @@ commitChaincodeDefinition() {
echo
}
# checkCommitReadiness VERSION PEER ORG
checkCommitReadiness() {
ORG=$1
shift 1
setGlobals $ORG
echo "===================== Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
local rc=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
COUNTER=$(expr $COUNTER + 1)
sleep $DELAY
echo "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG} secs"
set -x
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --output json --init-required >&log.txt
res=$?
set +x
test $res -eq 0 || let rc=1
else
COUNTER=1
fi
for var in "$@"
do
grep "$var" log.txt &>/dev/null || let rc=1
done
echo
cat log.txt
if test $rc -eq 1; then
echo "===================== Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
else
echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
echo
exit 1
fi
}
# queryCommitted ORG
queryCommitted() {
ORG=$1
@ -168,27 +181,27 @@ queryCommitted() {
EXPECTED_RESULT="Version: ${VERSION}, Sequence: ${VERSION}, Endorsement Plugin: escc, Validation Plugin: vscc"
echo "===================== Querying chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
COUNTER=$(expr $COUNTER + 1)
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
sleep $DELAY
echo "Attempting to Query committed status on peer0.org${ORG}, Retry after $DELAY seconds."
set -x
peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name fabcar >&log.txt
res=$?
set +x
test $res -eq 0 || let rc=1
else
COUNTER=1
fi
test $res -eq 0 && VALUE=$(cat log.txt | grep -o '^Version: [0-9], Sequence: [0-9], Endorsement Plugin: escc, Validation Plugin: vscc')
test "$VALUE" = "$EXPECTED_RESULT" && let rc=0
COUNTER=$(expr $COUNTER + 1)
done
echo
cat log.txt
if test $rc -eq 1; then
if test $rc -eq 0; then
echo "===================== Query chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
echo
else
echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query chaincode definition result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
echo
exit 1
fi
@ -249,27 +262,26 @@ chaincodeQuery() {
setGlobals $ORG
echo "===================== Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== "
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then
COUNTER=$(expr $COUNTER + 1)
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
sleep $DELAY
echo "Attempting to Query peer0.org${ORG} ...$(($(date +%s) - starttime)) secs"
set -x
peer chaincode query -C $CHANNEL_NAME -n fabcar -c '{"Args":["queryAllCars"]}' >&log.txt
res=$?
set +x
test $res -eq 0 || let rc=1
else
COUNTER=1
fi
let rc=$res
COUNTER=$(expr $COUNTER + 1)
done
echo
cat log.txt
if test $rc -eq 1; then
if test $rc -eq 0; then
echo "===================== Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== "
echo
else
echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!"
echo "================== ERROR !!! FAILED to execute End-2-End Scenario =================="
echo
exit 1
fi

4
test-network/scripts/org3-scripts/step2org3.sh
View file

@ -12,7 +12,7 @@
#
echo
echo "========= Getting Org3 on to your first network ========= "
echo "========= Getting Org3 on to your test network ========= "
echo
CHANNEL_NAME="$1"
DELAY="$2"
@ -62,7 +62,7 @@ joinChannelWithRetry 3
echo "===================== peer0.org3 joined channel '$CHANNEL_NAME' ===================== "
echo
echo "========= Finished adding Org3 to your first network! ========= "
echo "========= Finished adding Org3 to your test network! ========= "
echo
exit 0