mirror of
https://github.com/hyperledger/fabric-samples.git
synced 2026-06-17 15:35:09 +00:00
test-network: Add support for using BFT consensus with CA
Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
This commit is contained in:
Tatsuya Sato
parent
5e91d365d4
commit
bb83ae7977
7 changed files with 47 additions and 40 deletions
|
|
@ -25,6 +25,9 @@ jobs:
|
|||
- javascript
|
||||
- typescript
|
||||
- java
|
||||
crypto:
|
||||
- cryptogen
|
||||
- ca
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
|
@ -43,3 +46,4 @@ jobs:
|
|||
env:
|
||||
CHAINCODE_LANGUAGE: ${{ matrix.chaincode-language }}
|
||||
ORDERER_TYPE: bft
|
||||
CRYPTO: ${{ matrix.crypto }}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,12 @@ set -euo pipefail
|
|||
CHAINCODE_LANGUAGE=${CHAINCODE_LANGUAGE:-go}
|
||||
CHAINCODE_PATH=${CHAINCODE_PATH:-../asset-transfer-basic}
|
||||
ORDERER_TYPE=${ORDERER_TYPE:-raft}
|
||||
CRYPTO=${CRYPTO:-ca}
|
||||
|
||||
CRYPTO_OPTION=""
|
||||
if [ "$CRYPTO" == "ca" ]; then
|
||||
CRYPTO_OPTION="-ca"
|
||||
fi
|
||||
|
||||
function print() {
|
||||
GREEN='\033[0;32m'
|
||||
|
|
@ -15,15 +21,15 @@ function print() {
|
|||
|
||||
function createNetworkWithRaft() {
|
||||
print "Creating 3 Org network with Raft Orderers"
|
||||
./network.sh up createChannel -ca -s couchdb
|
||||
./network.sh up createChannel ${CRYPTO_OPTION} -s couchdb
|
||||
cd addOrg3
|
||||
./addOrg3.sh up -ca -s couchdb
|
||||
./addOrg3.sh up ${CRYPTO_OPTION} -s couchdb
|
||||
cd ..
|
||||
}
|
||||
|
||||
function createNetworkWithBFT() {
|
||||
print "Creating 2 Org network with BFT Orderers"
|
||||
./network.sh up createChannel -bft
|
||||
./network.sh up createChannel -bft ${CRYPTO_OPTION}
|
||||
}
|
||||
|
||||
function createNetwork() {
|
||||
|
|
|
|||
1
test-network/.gitignore
vendored
1
test-network/.gitignore
vendored
|
|
@ -8,6 +8,7 @@
|
|||
organizations/fabric-ca/ordererOrg/*
|
||||
organizations/fabric-ca/org1/*
|
||||
organizations/fabric-ca/org2/*
|
||||
addOrg3/fabric-ca/org3/*
|
||||
organizations/ordererOrganizations/*
|
||||
organizations/peerOrganizations/*
|
||||
system-genesis-block/*
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample.
|
||||
|
||||
If you are planning to run the test network with consensus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. Note that currently this sample does not yet support the use of consensus type BFT and CA together.
|
||||
If you are planning to run the test network with consensus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. This sample also supports the use of consensus type BFT and CA together.
|
||||
That is to create a network use:
|
||||
```bash
|
||||
./network.sh up -bft
|
||||
|
|
|
|||
|
|
@ -619,11 +619,6 @@ while [[ $# -ge 1 ]] ; do
|
|||
shift
|
||||
done
|
||||
|
||||
## Check if user attempts to use BFT orderer and CA together
|
||||
if [[ $BFT -eq 1 && "$CRYPTO" == "Certificate Authorities" ]]; then
|
||||
fatalln "This sample does not yet support the use of consensus type BFT and CA together."
|
||||
fi
|
||||
|
||||
if [ $BFT -eq 1 ]; then
|
||||
export FABRIC_CFG_PATH=${PWD}/bft-config
|
||||
COMPOSE_FILE_BASE=compose-bft-test-net.yaml
|
||||
|
|
|
|||
|
|
@ -207,37 +207,44 @@ function createOrderer() {
|
|||
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
|
||||
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
|
||||
|
||||
infoln "Registering orderer"
|
||||
set -x
|
||||
fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
# Loop through each orderer (orderer, orderer2, orderer3, orderer4) to register and generate artifacts
|
||||
for ORDERER in orderer orderer2 orderer3 orderer4; do
|
||||
infoln "Registering ${ORDERER}"
|
||||
set -x
|
||||
fabric-ca-client register --caname ca-orderer --id.name ${ORDERER} --id.secret ${ORDERER}pw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
infoln "Generating the ${ORDERER} MSP"
|
||||
set -x
|
||||
fabric-ca-client enroll -u https://${ORDERER}:${ORDERER}pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/config.yaml"
|
||||
|
||||
# Workaround: Rename the signcert file to ensure consistency with Cryptogen generated artifacts
|
||||
mv "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/signcerts/cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/signcerts/${ORDERER}.example.com-cert.pem"
|
||||
|
||||
infoln "Generating the ${ORDERER} TLS certificates, use --csr.hosts to specify Subject Alternative Names"
|
||||
set -x
|
||||
fabric-ca-client enroll -u https://${ORDERER}:${ORDERER}pw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls" --enrollment.profile tls --csr.hosts ${ORDERER}.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
# Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/ca.crt"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/server.crt"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/server.key"
|
||||
|
||||
# Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
|
||||
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/tlscacerts"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/${ORDERER}.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
|
||||
done
|
||||
|
||||
# Register and generate artifacts for the orderer admin
|
||||
infoln "Registering the orderer admin"
|
||||
set -x
|
||||
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
infoln "Generating the orderer msp"
|
||||
set -x
|
||||
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"
|
||||
|
||||
infoln "Generating the orderer-tls certificates, use --csr.hosts to specify Subject Alternative Names"
|
||||
set -x
|
||||
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
# Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
|
||||
|
||||
# Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
|
||||
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
|
||||
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
|
||||
|
||||
infoln "Generating the admin msp"
|
||||
set -x
|
||||
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
|
||||
|
|
|
|||
|
|
@ -95,12 +95,6 @@ setAnchorPeer() {
|
|||
. scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME
|
||||
}
|
||||
|
||||
|
||||
## User attempts to use BFT orderer in Fabric network with CA
|
||||
if [ $BFT -eq 1 ] && [ -d "organizations/fabric-ca/ordererOrg/msp" ]; then
|
||||
fatalln "Fabric network seems to be using CA. This sample does not yet support the use of consensus type BFT and CA together."
|
||||
fi
|
||||
|
||||
## Create channel genesis block
|
||||
FABRIC_CFG_PATH=$PWD/../config/
|
||||
BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block"
|
||||
|
|
|
|||
Loading…
Reference in a new issue