diff --git a/asset-transfer-basic/chaincode-java/Dockerfile b/asset-transfer-basic/chaincode-java/Dockerfile index 7920af4b..ca543d67 100755 --- a/asset-transfer-basic/chaincode-java/Dockerfile +++ b/asset-transfer-basic/chaincode-java/Dockerfile @@ -1,6 +1,5 @@ # the first stage FROM gradle:jdk11 AS GRADLE_BUILD -ARG CC_SERVER_PORT=9999 # copy the build.gradle and src code to the container COPY src/ src/ @@ -12,6 +11,7 @@ RUN gradle --no-daemon build shadowJar -x checkstyleMain -x checkstyleTest # the second stage of our build just needs the compiled files FROM openjdk:11-jre +ARG CC_SERVER_PORT=9999 # Setup tini to work better handle signals ENV TINI_VERSION v0.19.0 @@ -24,8 +24,8 @@ RUN addgroup --system javauser && useradd -g javauser javauser COPY --chown=javauser:javauser --from=GRADLE_BUILD /home/gradle/build/libs/chaincode.jar /chaincode.jar COPY --chown=javauser:javauser docker/docker-entrypoint.sh /docker-entrypoint.sh -ENV PORT 9999 -EXPOSE 9999 +ENV PORT $CC_SERVER_PORT +EXPOSE $CC_SERVER_PORT USER javauser ENTRYPOINT [ "/tini", "--", "/docker-entrypoint.sh" ] diff --git a/test-network/README.md b/test-network/README.md index ea2c06f7..5750c301 100644 --- a/test-network/README.md +++ b/test-network/README.md @@ -31,15 +31,16 @@ The `setOrgEnv` script outputs a series of `=` strings. These can t To learn more about how to use the improvements to the Chaincode-as-a-service please see this [tutorial](./test-network/../CHAINCODE_AS_A_SERVICE_TUTORIAL.md). It is expected that this will move to augment the tutorial in the [Hyperledger Fabric ReadTheDocs](https://hyperledger-fabric.readthedocs.io/en/release-2.4/cc_service.html) -## Podman support -_Note: currently experimental, only 2 org currently modified_ +## Podman -A copy of the `install_fabric.sh` script is in the `test-network` directory. This has been enhanced to support a `podman` argument; if used it will use `podman` to pull down images and tag them rather than docker. The images are the same, but need to pulled differently. +A copy of the `install_fabric.sh` script is in the `test-network` directory. This has been enhanced to support a `podman` argument; if used it will use the `podman` command to pull down images and tag them rather than docker. The images are the same, just pulled differently -The `network.sh` script has been enhanced so that it can use `podman` and `podman-compose` instead of docker. Ensure that `CONTAINER_CLI` is set as below when running anet `network.sh` script. +The `network.sh` script has been enhanced so that it can use `podman` and `podman-compose` instead of docker. Ensure that `CONTAINER_CLI` is set as below when running `network.sh` script. ```bash CONTAINER_CLI=podman ./network.sh up ```` -As there is no Docker-Daemon in this context, only Chaincode-as-a-service is supported. +As there is no Docker-Daemon when using podman, only the `./network.sh deployCCAAS` command will work. + + diff --git a/test-network/addOrg3/docker/docker-compose-ca-org3.yaml b/test-network/addOrg3/compose/compose-ca-org3.yaml similarity index 100% rename from test-network/addOrg3/docker/docker-compose-ca-org3.yaml rename to test-network/addOrg3/compose/compose-ca-org3.yaml diff --git a/test-network/addOrg3/docker/docker-compose-couch-org3.yaml b/test-network/addOrg3/compose/compose-couch-org3.yaml similarity index 100% rename from test-network/addOrg3/docker/docker-compose-couch-org3.yaml rename to test-network/addOrg3/compose/compose-couch-org3.yaml diff --git a/test-network/addOrg3/podman/docker-compose-org3.yaml b/test-network/addOrg3/compose/compose-org3.yaml similarity index 91% rename from test-network/addOrg3/podman/docker-compose-org3.yaml rename to test-network/addOrg3/compose/compose-org3.yaml index 208f6d04..f6e1ca1b 100644 --- a/test-network/addOrg3/podman/docker-compose-org3.yaml +++ b/test-network/addOrg3/compose/compose-org3.yaml @@ -39,8 +39,10 @@ services: - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:11051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051 - CORE_PEER_LOCALMSPID=Org3MSP + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../peercfg:/etc/hyperledger/peercfg - ../../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com:/etc/hyperledger/fabric - peer0.org3.example.com:/var/hyperledger/production working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer diff --git a/test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml b/test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml new file mode 100644 index 00000000..16732f0c --- /dev/null +++ b/test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml @@ -0,0 +1,7 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' + diff --git a/test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml b/test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml new file mode 100644 index 00000000..16732f0c --- /dev/null +++ b/test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml @@ -0,0 +1,7 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' + diff --git a/test-network/addOrg3/compose/docker/docker-compose-org3.yaml b/test-network/addOrg3/compose/docker/docker-compose-org3.yaml new file mode 100644 index 00000000..167ae44c --- /dev/null +++ b/test-network/addOrg3/compose/docker/docker-compose-org3.yaml @@ -0,0 +1,28 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' + +volumes: + peer0.org3.example.com: + +networks: + test: + name: fabric_test + +services: + + peer0.org3.example.com: + container_name: peer0.org3.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock diff --git a/test-network/addOrg3/compose/docker/peercfg/core.yaml b/test-network/addOrg3/compose/docker/peercfg/core.yaml new file mode 100644 index 00000000..16e5b606 --- /dev/null +++ b/test-network/addOrg3/compose/docker/peercfg/core.yaml @@ -0,0 +1,777 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +############################################################################### +# +# Peer section +# +############################################################################### +peer: + + # The peer id provides a name for this peer instance and is used when + # naming docker resources. + id: jdoe + + # The networkId allows for logical separation of networks and is used when + # naming docker resources. + networkId: dev + + # The Address at local network interface this Peer will listen on. + # By default, it will listen on all network interfaces + listenAddress: 0.0.0.0:7051 + + # The endpoint this peer uses to listen for inbound chaincode connections. + # If this is commented-out, the listen address is selected to be + # the peer's address (see below) with port 7052 + # chaincodeListenAddress: 0.0.0.0:7052 + + # The endpoint the chaincode for this peer uses to connect to the peer. + # If this is not specified, the chaincodeListenAddress address is selected. + # And if chaincodeListenAddress is not specified, address is selected from + # peer address (see below). If specified peer address is invalid then it + # will fallback to the auto detected IP (local IP) regardless of the peer + # addressAutoDetect value. + # chaincodeAddress: 0.0.0.0:7052 + + # When used as peer config, this represents the endpoint to other peers + # in the same organization. For peers in other organization, see + # gossip.externalEndpoint for more info. + # When used as CLI config, this means the peer's endpoint to interact with + address: 0.0.0.0:7051 + + # Whether the Peer should programmatically determine its address + # This case is useful for docker containers. + # When set to true, will override peer address. + addressAutoDetect: false + + # Settings for the Peer's gateway server. + gateway: + # Whether the gateway is enabled for this Peer. + enabled: true + # endorsementTimeout is the duration the gateway waits for a response + # from other endorsing peers before returning a timeout error to the client. + endorsementTimeout: 30s + # dialTimeout is the duration the gateway waits for a connection + # to other network nodes. + dialTimeout: 2m + + + # Keepalive settings for peer server and clients + keepalive: + # Interval is the duration after which if the server does not see + # any activity from the client it pings the client to see if it's alive + interval: 7200s + # Timeout is the duration the server waits for a response + # from the client after sending a ping before closing the connection + timeout: 20s + # MinInterval is the minimum permitted time between client pings. + # If clients send pings more frequently, the peer server will + # disconnect them + minInterval: 60s + # Client keepalive settings for communicating with other peer nodes + client: + # Interval is the time between pings to peer nodes. This must + # greater than or equal to the minInterval specified by peer + # nodes + interval: 60s + # Timeout is the duration the client waits for a response from + # peer nodes before closing the connection + timeout: 20s + # DeliveryClient keepalive settings for communication with ordering + # nodes. + deliveryClient: + # Interval is the time between pings to ordering nodes. This must + # greater than or equal to the minInterval specified by ordering + # nodes. + interval: 60s + # Timeout is the duration the client waits for a response from + # ordering nodes before closing the connection + timeout: 20s + + + # Gossip related configuration + gossip: + # Bootstrap set to initialize gossip with. + # This is a list of other peers that this peer reaches out to at startup. + # Important: The endpoints here have to be endpoints of peers in the same + # organization, because the peer would refuse connecting to these endpoints + # unless they are in the same organization as the peer. + bootstrap: 127.0.0.1:7051 + + # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive. + # Setting both to true would result in the termination of the peer + # since this is undefined state. If the peers are configured with + # useLeaderElection=false, make sure there is at least 1 peer in the + # organization that its orgLeader is set to true. + + # Defines whenever peer will initialize dynamic algorithm for + # "leader" selection, where leader is the peer to establish + # connection with ordering service and use delivery protocol + # to pull ledger blocks from ordering service. + useLeaderElection: false + # Statically defines peer to be an organization "leader", + # where this means that current peer will maintain connection + # with ordering service and disseminate block across peers in + # its own organization. Multiple peers or all peers in an organization + # may be configured as org leaders, so that they all pull + # blocks directly from ordering service. + orgLeader: true + + # Interval for membershipTracker polling + membershipTrackerInterval: 5s + + # Overrides the endpoint that the peer publishes to peers + # in its organization. For peers in foreign organizations + # see 'externalEndpoint' + endpoint: + # Maximum count of blocks stored in memory + maxBlockCountToStore: 10 + # Max time between consecutive message pushes(unit: millisecond) + maxPropagationBurstLatency: 10ms + # Max number of messages stored until a push is triggered to remote peers + maxPropagationBurstSize: 10 + # Number of times a message is pushed to remote peers + propagateIterations: 1 + # Number of peers selected to push messages to + propagatePeerNum: 3 + # Determines frequency of pull phases(unit: second) + # Must be greater than digestWaitTime + responseWaitTime + pullInterval: 4s + # Number of peers to pull from + pullPeerNum: 3 + # Determines frequency of pulling state info messages from peers(unit: second) + requestStateInfoInterval: 4s + # Determines frequency of pushing state info messages to peers(unit: second) + publishStateInfoInterval: 4s + # Maximum time a stateInfo message is kept until expired + stateInfoRetentionInterval: + # Time from startup certificates are included in Alive messages(unit: second) + publishCertPeriod: 10s + # Should we skip verifying block messages or not (currently not in use) + skipBlockVerification: false + # Dial timeout(unit: second) + dialTimeout: 3s + # Connection timeout(unit: second) + connTimeout: 2s + # Buffer size of received messages + recvBuffSize: 20 + # Buffer size of sending messages + sendBuffSize: 200 + # Time to wait before pull engine processes incoming digests (unit: second) + # Should be slightly smaller than requestWaitTime + digestWaitTime: 1s + # Time to wait before pull engine removes incoming nonce (unit: milliseconds) + # Should be slightly bigger than digestWaitTime + requestWaitTime: 1500ms + # Time to wait before pull engine ends pull (unit: second) + responseWaitTime: 2s + # Alive check interval(unit: second) + aliveTimeInterval: 5s + # Alive expiration timeout(unit: second) + aliveExpirationTimeout: 25s + # Reconnect interval(unit: second) + reconnectInterval: 25s + # Max number of attempts to connect to a peer + maxConnectionAttempts: 120 + # Message expiration factor for alive messages + msgExpirationFactor: 20 + # This is an endpoint that is published to peers outside of the organization. + # If this isn't set, the peer will not be known to other organizations. + externalEndpoint: + # Leader election service configuration + election: + # Longest time peer waits for stable membership during leader election startup (unit: second) + startupGracePeriod: 15s + # Interval gossip membership samples to check its stability (unit: second) + membershipSampleInterval: 1s + # Time passes since last declaration message before peer decides to perform leader election (unit: second) + leaderAliveThreshold: 10s + # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second) + leaderElectionDuration: 5s + + pvtData: + # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block + # would be attempted to be pulled from peers until the block would be committed without the private data + pullRetryThreshold: 60s + # As private data enters the transient store, it is associated with the peer's ledger's height at that time. + # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit, + # and the private data residing inside the transient store that is guaranteed not to be purged. + # Private data is purged from the transient store when blocks with sequences that are multiples + # of transientstoreMaxBlockRetention are committed. + transientstoreMaxBlockRetention: 1000 + # pushAckTimeout is the maximum time to wait for an acknowledgement from each peer + # at private data push at endorsement time. + pushAckTimeout: 3s + # Block to live pulling margin, used as a buffer + # to prevent peer from trying to pull private data + # from peers that is soon to be purged in next N blocks. + # This helps a newly joined peer catch up to current + # blockchain height quicker. + btlPullMargin: 10 + # the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to + # pull from the other peers the most recent missing blocks with a maximum batch size limitation. + # reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a + # single iteration. + reconcileBatchSize: 10 + # reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning + # of the next reconciliation iteration. + reconcileSleepInterval: 1m + # reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not. + reconciliationEnabled: true + # skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid + # transaction's private data from other peers need to be skipped during the commit time and pulled + # only through reconciler. + skipPullingInvalidTransactionsDuringCommit: false + # implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection. + # When a peer endorses a proposal that writes to its own implicit collection, below values override the default values + # for disseminating private data. + # Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to + # be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization. + implicitCollectionDisseminationPolicy: + # requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully + # disseminate private data for its own implicit collection during endorsement. Default value is 0. + requiredPeerCount: 0 + # maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to + # disseminate private data for its own implicit collection during endorsement. Default value is 1. + maxPeerCount: 1 + + # Gossip state transfer related configuration + state: + # indicates whenever state transfer is enabled or not + # default value is false, i.e. state transfer is active + # and takes care to sync up missing blocks allowing + # lagging peer to catch up to speed with rest network. + # Keep in mind that when peer.gossip.useLeaderElection is true + # and there are several peers in the organization, + # or peer.gossip.useLeaderElection is false alongside with + # peer.gossip.orgleader being false, the peer's ledger may lag behind + # the rest of the peers and will never catch up due to state transfer + # being disabled. + enabled: false + # checkInterval interval to check whether peer is lagging behind enough to + # request blocks via state transfer from another peer. + checkInterval: 10s + # responseTimeout amount of time to wait for state transfer response from + # other peers + responseTimeout: 3s + # batchSize the number of blocks to request via state transfer from another peer + batchSize: 10 + # blockBufferSize reflects the size of the re-ordering buffer + # which captures blocks and takes care to deliver them in order + # down to the ledger layer. The actual buffer size is bounded between + # 0 and 2*blockBufferSize, each channel maintains its own buffer + blockBufferSize: 20 + # maxRetries maximum number of re-tries to ask + # for single state transfer request + maxRetries: 3 + + # TLS Settings + tls: + # Require server-side TLS + enabled: false + # Require client certificates / mutual TLS for inbound connections. + # Note that clients that are not configured to use a certificate will + # fail to connect to the peer. + clientAuthRequired: false + # X.509 certificate used for TLS server + cert: + file: tls/server.crt + # Private key used for TLS server + key: + file: tls/server.key + # rootcert.file represents the trusted root certificate chain used for verifying certificates + # of other nodes during outbound connections. + # It is not required to be set, but can be used to augment the set of TLS CA certificates + # available from the MSPs of each channel’s configuration. + rootcert: + file: tls/ca.crt + # If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates + # used for verifying certificates of client connections. + # It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration. + # Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests. + clientRootCAs: + files: + - tls/ca.crt + # Private key used for TLS when making client connections. + # If not set, peer.tls.key.file will be used instead + clientKey: + file: + # X.509 certificate used for TLS when making client connections. + # If not set, peer.tls.cert.file will be used instead + clientCert: + file: + + # Authentication contains configuration parameters related to authenticating + # client messages + authentication: + # the acceptable difference between the current server time and the + # client's time as specified in a client request message + timewindow: 15m + + # Path on the file system where peer will store data (eg ledger). This + # location must be access control protected to prevent unintended + # modification that might corrupt the peer operations. + fileSystemPath: /var/hyperledger/production + + # BCCSP (Blockchain crypto provider): Select which crypto implementation or + # library to use + BCCSP: + Default: SW + # Settings for the SW crypto provider (i.e. when DEFAULT: SW) + SW: + # TODO: The default Hash and Security level needs refactoring to be + # fully configurable. Changing these defaults requires coordination + # SHA2 is hardcoded in several places, not only BCCSP + Hash: SHA2 + Security: 256 + # Location of Key Store + FileKeyStore: + # If "", defaults to 'mspConfigPath'/keystore + KeyStore: + # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) + PKCS11: + # Location of the PKCS11 module library + Library: + # Token Label + Label: + # User PIN + Pin: + Hash: + Security: + + # Path on the file system where peer will find MSP local configurations + mspConfigPath: mspreally + # Identifier of the local MSP + # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!---- + # Deployers need to change the value of the localMspId string. + # In particular, the name of the local MSP ID of a peer needs + # to match the name of one of the MSPs in each of the channel + # that this peer is a member of. Otherwise this peer's messages + # will not be identified as valid by other nodes. + localMspId: SampleOrg + + # CLI common client config options + client: + # connection timeout + connTimeout: 3s + + # Delivery service related config + deliveryclient: + # Enables this peer to disseminate blocks it pulled from the ordering service + # via gossip. + # Note that 'gossip.state.enabled' controls point to point block replication + # of blocks committed in the past. + blockGossipEnabled: true + # It sets the total time the delivery service may spend in reconnection + # attempts until its retry logic gives up and returns an error + reconnectTotalTimeThreshold: 3600s + + # It sets the delivery service <-> ordering service node connection timeout + connTimeout: 3s + + # It sets the delivery service maximal delay between consecutive retries + reConnectBackoffThreshold: 3600s + + # A list of orderer endpoint addresses which should be overridden + # when found in channel configurations. + addressOverrides: + # - from: + # to: + # caCertsFile: + # - from: + # to: + # caCertsFile: + + # Type for the local MSP - by default it's of type bccsp + localMspType: bccsp + + # Used with Go profiling tools only in none production environment. In + # production, it should be disabled (eg enabled: false) + profile: + enabled: false + listenAddress: 0.0.0.0:6060 + + # Handlers defines custom handlers that can filter and mutate + # objects passing within the peer, such as: + # Auth filter - reject or forward proposals from clients + # Decorators - append or mutate the chaincode input passed to the chaincode + # Endorsers - Custom signing over proposal response payload and its mutation + # Valid handler definition contains: + # - A name which is a factory method name defined in + # core/handlers/library/library.go for statically compiled handlers + # - library path to shared object binary for pluggable filters + # Auth filters and decorators are chained and executed in the order that + # they are defined. For example: + # authFilters: + # - + # name: FilterOne + # library: /opt/lib/filter.so + # - + # name: FilterTwo + # decorators: + # - + # name: DecoratorOne + # - + # name: DecoratorTwo + # library: /opt/lib/decorator.so + # Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden. + # Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality + # as the default ESCC. + # If the 'library' property is missing, the name is used as the constructor method in the builtin library similar + # to auth filters and decorators. + # endorsers: + # escc: + # name: DefaultESCC + # library: /etc/hyperledger/fabric/plugin/escc.so + handlers: + authFilters: + - + name: DefaultAuth + - + name: ExpirationCheck # This filter checks identity x509 certificate expiration + decorators: + - + name: DefaultDecorator + endorsers: + escc: + name: DefaultEndorsement + library: + validators: + vscc: + name: DefaultValidation + library: + + # library: /etc/hyperledger/fabric/plugin/escc.so + # Number of goroutines that will execute transaction validation in parallel. + # By default, the peer chooses the number of CPUs on the machine. Set this + # variable to override that choice. + # NOTE: overriding this value might negatively influence the performance of + # the peer so please change this value only if you know what you're doing + validatorPoolSize: + + # The discovery service is used by clients to query information about peers, + # such as - which peers have joined a certain channel, what is the latest + # channel config, and most importantly - given a chaincode and a channel, + # what possible sets of peers satisfy the endorsement policy. + discovery: + enabled: true + # Whether the authentication cache is enabled or not. + authCacheEnabled: true + # The maximum size of the cache, after which a purge takes place + authCacheMaxSize: 1000 + # The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation + authCachePurgeRetentionRatio: 0.75 + # Whether to allow non-admins to perform non channel scoped queries. + # When this is false, it means that only peer admins can perform non channel scoped queries. + orgMembersAllowedAccess: false + + # Limits is used to configure some internal resource limits. + limits: + # Concurrency limits the number of concurrently running requests to a service on each peer. + # Currently this option is only applied to endorser service and deliver service. + # When the property is missing or the value is 0, the concurrency limit is disabled for the service. + concurrency: + # endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation, + # including both user chaincodes and system chaincodes. + endorserService: 2500 + # deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events. + deliverService: 2500 + + # Since all nodes should be consistent it is recommended to keep + # the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize + # Max message size in bytes GRPC server and client can receive + maxRecvMsgSize: 104857600 + # Max message size in bytes GRPC server and client can send + maxSendMsgSize: 104857600 + +############################################################################### +# +# VM section +# +############################################################################### +vm: + + # Endpoint of the vm management system. For docker can be one of the following in general + # unix:///var/run/docker.sock + # http://localhost:2375 + # https://localhost:2376 + # If you utilize external chaincode builders and don't need the default Docker chaincode builder, + # the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered. + endpoint: unix:///var/run/docker.sock + + # settings for docker vms + docker: + tls: + enabled: false + ca: + file: docker/ca.crt + cert: + file: docker/tls.crt + key: + file: docker/tls.key + + # Enables/disables the standard out/err from chaincode containers for + # debugging purposes + attachStdout: false + + # Parameters on creating docker container. + # Container may be efficiently created using ipam & dns-server for cluster + # NetworkMode - sets the networking mode for the container. Supported + # standard values are: `host`(default),`bridge`,`ipvlan`,`none`. + # Dns - a list of DNS servers for the container to use. + # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of + # Docker Host Config are not supported and will not be used if set. + # LogConfig - sets the logging driver (Type) and related options + # (Config) for Docker. For more info, + # https://docs.docker.com/engine/admin/logging/overview/ + # Note: Set LogConfig using Environment Variables is not supported. + hostConfig: + NetworkMode: host + Dns: + # - 192.168.0.1 + LogConfig: + Type: json-file + Config: + max-size: "50m" + max-file: "5" + Memory: 2147483648 + +############################################################################### +# +# Chaincode section +# +############################################################################### +chaincode: + + # The id is used by the Chaincode stub to register the executing Chaincode + # ID with the Peer and is generally supplied through ENV variables + # the `path` form of ID is provided when installing the chaincode. + # The `name` is used for all other requests and can be any string. + id: + path: + name: + + # Generic builder environment, suitable for most chaincode types + builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION) + + # Enables/disables force pulling of the base docker images (listed below) + # during user chaincode instantiation. + # Useful when using moving image tags (such as :latest) + pull: false + + golang: + # golang will never need more than baseos + runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION) + + # whether or not golang chaincode should be linked dynamically + dynamicLink: false + + java: + # This is an image based on java:openjdk-8 with addition compiler + # tools added for java shim layer packaging. + # This image is packed with shim layer libraries that are necessary + # for Java chaincode runtime. + runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION) + + node: + # This is an image based on node:$(NODE_VER)-alpine + runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION) + + # List of directories to treat as external builders and launchers for + # chaincode. The external builder detection processing will iterate over the + # builders in the order specified below. + # If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above. + # To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}] + externalBuilders: + - name: ccaas_builder + path: /opt/hyperledger/ccaas_builder + propagateEnvironment: + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG + + + # The maximum duration to wait for the chaincode build and install process + # to complete. + installTimeout: 300s + + # Timeout duration for starting up a container and waiting for Register + # to come through. + startuptimeout: 300s + + # Timeout duration for Invoke and Init calls to prevent runaway. + # This timeout is used by all chaincodes in all the channels, including + # system chaincodes. + # Note that during Invoke, if the image is not available (e.g. being + # cleaned up when in development environment), the peer will automatically + # build the image, which might take more time. In production environment, + # the chaincode image is unlikely to be deleted, so the timeout could be + # reduced accordingly. + executetimeout: 30s + + # There are 2 modes: "dev" and "net". + # In dev mode, user runs the chaincode after starting peer from + # command line on local machine. + # In net mode, peer will run chaincode in a docker container. + mode: net + + # keepalive in seconds. In situations where the communication goes through a + # proxy that does not support keep-alive, this parameter will maintain connection + # between peer and chaincode. + # A value <= 0 turns keepalive off + keepalive: 0 + + # enabled system chaincodes + system: + _lifecycle: enable + cscc: enable + lscc: enable + qscc: enable + + # Logging section for the chaincode container + logging: + # Default level for all loggers within the chaincode container + level: info + # Override default level for the 'shim' logger + shim: warning + # Format for the chaincode container logs + format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}' + +############################################################################### +# +# Ledger section - ledger configuration encompasses both the blockchain +# and the state +# +############################################################################### +ledger: + + blockchain: + + state: + # stateDatabase - options are "goleveldb", "CouchDB" + # goleveldb - default state database stored in goleveldb. + # CouchDB - store state database in CouchDB + stateDatabase: goleveldb + # Limit on the number of records to return per query + totalQueryLimit: 100000 + couchDBConfig: + # It is recommended to run CouchDB on the same server as the peer, and + # not map the CouchDB container port to a server port in docker-compose. + # Otherwise proper security must be provided on the connection between + # CouchDB client (on the peer) and server. + couchDBAddress: 127.0.0.1:5984 + # This username must have read and write authority on CouchDB + username: + # The password is recommended to pass as an environment variable + # during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD). + # If it is stored here, the file must be access control protected + # to prevent unintended users from discovering the password. + password: + # Number of retries for CouchDB errors + maxRetries: 3 + # Number of retries for CouchDB errors during peer startup. + # The delay between retries doubles for each attempt. + # Default of 10 retries results in 11 attempts over 2 minutes. + maxRetriesOnStartup: 10 + # CouchDB request timeout (unit: duration, e.g. 20s) + requestTimeout: 35s + # Limit on the number of records per each CouchDB query + # Note that chaincode queries are only bound by totalQueryLimit. + # Internally the chaincode may execute multiple CouchDB queries, + # each of size internalQueryLimit. + internalQueryLimit: 1000 + # Limit on the number of records per CouchDB bulk update batch + maxBatchUpdateSize: 1000 + # Create the _global_changes system database + # This is optional. Creating the global changes database will require + # additional system resources to track changes and maintain the database + createGlobalChangesDB: false + # CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state + # cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple + # of 32 MB, the peer would round the size to the next multiple of 32 MB. + # To disable the cache, 0 MB needs to be assigned to the cacheSize. + cacheSize: 64 + + history: + # enableHistoryDatabase - options are true or false + # Indicates if the history of key updates should be stored. + # All history 'index' will be stored in goleveldb, regardless if using + # CouchDB or alternate database for the state. + enableHistoryDatabase: true + + pvtdataStore: + # the maximum db batch size for converting + # the ineligible missing data entries to eligible missing data entries + collElgProcMaxDbBatchSize: 5000 + # the minimum duration (in milliseconds) between writing + # two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries + collElgProcDbBatchesInterval: 1000 + # The missing data entries are classified into two categories: + # (1) prioritized + # (2) deprioritized + # Initially, all missing data are in the prioritized list. When the + # reconciler is unable to fetch the missing data from other peers, + # the unreconciled missing data would be moved to the deprioritized list. + # The reconciler would retry deprioritized missing data after every + # deprioritizedDataReconcilerInterval (unit: minutes). Note that the + # interval needs to be greater than the reconcileSleepInterval + deprioritizedDataReconcilerInterval: 60m + + snapshots: + # Path on the file system where peer will store ledger snapshots + rootDir: /var/hyperledger/production/snapshots + +############################################################################### +# +# Operations section +# +############################################################################### +operations: + # host and port for the operations server + listenAddress: 127.0.0.1:9443 + + # TLS configuration for the operations endpoint + tls: + # TLS enabled + enabled: false + + # path to PEM encoded server certificate for the operations server + cert: + file: + + # path to PEM encoded server key for the operations server + key: + file: + + # most operations service endpoints require client authentication when TLS + # is enabled. clientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + clientAuthRequired: false + + # paths to PEM encoded ca certificates to trust for client authentication + clientRootCAs: + files: [] + +############################################################################### +# +# Metrics section +# +############################################################################### +metrics: + # metrics provider is one of statsd, prometheus, or disabled + provider: disabled + + # statsd configuration + statsd: + # network type: tcp or udp + network: udp + + # statsd server address + address: 127.0.0.1:8125 + + # the interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + writeInterval: 10s + + # prefix is prepended to all emitted statsd metrics + prefix: diff --git a/test-network/nerdctl/peercfg/core.yaml b/test-network/addOrg3/compose/podman/peercfg/core.yaml similarity index 100% rename from test-network/nerdctl/peercfg/core.yaml rename to test-network/addOrg3/compose/podman/peercfg/core.yaml diff --git a/test-network/addOrg3/nerdctl/docker-compose-ca-org3.yaml b/test-network/addOrg3/compose/podman/podman-compose-ca-org3.yaml similarity index 100% rename from test-network/addOrg3/nerdctl/docker-compose-ca-org3.yaml rename to test-network/addOrg3/compose/podman/podman-compose-ca-org3.yaml diff --git a/test-network/addOrg3/nerdctl/docker-compose-couch-org3.yaml b/test-network/addOrg3/compose/podman/podman-compose-couch-org3.yaml similarity index 100% rename from test-network/addOrg3/nerdctl/docker-compose-couch-org3.yaml rename to test-network/addOrg3/compose/podman/podman-compose-couch-org3.yaml diff --git a/test-network/addOrg3/nerdctl/docker-compose-org3.yaml b/test-network/addOrg3/compose/podman/podman-compose-org3.yaml similarity index 100% rename from test-network/addOrg3/nerdctl/docker-compose-org3.yaml rename to test-network/addOrg3/compose/podman/podman-compose-org3.yaml diff --git a/test-network/addOrg3/docker/docker-compose-org3.yaml b/test-network/addOrg3/docker/docker-compose-org3.yaml deleted file mode 100644 index a596ea56..00000000 --- a/test-network/addOrg3/docker/docker-compose-org3.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -volumes: - peer0.org3.example.com: - -networks: - test: - name: fabric_test - -services: - - peer0.org3.example.com: - container_name: peer0.org3.example.com - image: hyperledger/fabric-peer:latest - labels: - service: hyperledger-fabric - environment: - #Generic peer variables - - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - - CORE_PEER_TLS_ENABLED=true - - CORE_PEER_PROFILE_ENABLED=true - - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt - # Peer specific variables - - CORE_PEER_ID=peer0.org3.example.com - - CORE_PEER_ADDRESS=peer0.org3.example.com:11051 - - CORE_PEER_LISTENADDRESS=0.0.0.0:11051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052 - - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:11051 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051 - - CORE_PEER_LOCALMSPID=Org3MSP - volumes: - - ${DOCKER_SOCK}:/host/var/run/docker.sock - - ../../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp - - ../../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls - - peer0.org3.example.com:/var/hyperledger/production - working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer - command: peer node start - ports: - - 11051:11051 - networks: - - test diff --git a/test-network/addOrg3/podman/docker-compose-ca-org3.yaml b/test-network/addOrg3/podman/docker-compose-ca-org3.yaml deleted file mode 100644 index 74dbf4d6..00000000 --- a/test-network/addOrg3/podman/docker-compose-ca-org3.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - ca_org3: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-org3 - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=11054 - ports: - - "11054:11054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server - container_name: ca_org3 diff --git a/test-network/addOrg3/podman/docker-compose-couch-org3.yaml b/test-network/addOrg3/podman/docker-compose-couch-org3.yaml deleted file mode 100644 index d10766f3..00000000 --- a/test-network/addOrg3/podman/docker-compose-couch-org3.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - couchdb4: - container_name: couchdb4 - image: couchdb:3.1.1 - labels: - service: hyperledger-fabric - # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password - # for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode. - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=adminpw - # Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service, - # for example map it to utilize Fauxton User Interface in dev environments. - ports: - - "9984:5984" - networks: - - test - - peer0.org3.example.com: - environment: - - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb4:5984 - # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD - # provide the credentials for ledger to connect to CouchDB. The username and password must - # match the username and password set for the associated CouchDB. - - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw - depends_on: - - couchdb4 - networks: - - test diff --git a/test-network/docker/docker-compose-ca.yaml b/test-network/compose/compose-ca.yaml similarity index 100% rename from test-network/docker/docker-compose-ca.yaml rename to test-network/compose/compose-ca.yaml diff --git a/test-network/docker/docker-compose-couch.yaml b/test-network/compose/compose-couch.yaml similarity index 100% rename from test-network/docker/docker-compose-couch.yaml rename to test-network/compose/compose-couch.yaml diff --git a/test-network/podman/docker-compose-test-net.yaml b/test-network/compose/compose-test-net.yaml similarity index 96% rename from test-network/podman/docker-compose-test-net.yaml rename to test-network/compose/compose-test-net.yaml index 7a048789..6e0aef26 100644 --- a/test-network/podman/docker-compose-test-net.yaml +++ b/test-network/compose/compose-test-net.yaml @@ -48,7 +48,6 @@ services: working_dir: /root command: orderer volumes: - - ../system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - orderer.example.com:/var/hyperledger/production/orderer @@ -88,7 +87,6 @@ services: - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ./peercfg:/etc/hyperledger/peercfg - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - peer0.org1.example.com:/var/hyperledger/production working_dir: /root @@ -128,7 +126,6 @@ services: - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ./peercfg:/etc/hyperledger/peercfg - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - peer0.org2.example.com:/var/hyperledger/production working_dir: /root @@ -149,7 +146,7 @@ services: environment: - GOPATH=/opt/gopath - FABRIC_LOGGING_SPEC=INFO - - FABRIC_CFG_PATH=/etc/hyperledger/fabric/cfg + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg #- FABRIC_LOGGING_SPEC=DEBUG working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash diff --git a/test-network/compose/docker/docker-compose-ca.yaml b/test-network/compose/docker/docker-compose-ca.yaml new file mode 100644 index 00000000..16732f0c --- /dev/null +++ b/test-network/compose/docker/docker-compose-ca.yaml @@ -0,0 +1,7 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' + diff --git a/test-network/compose/docker/docker-compose-couch.yaml b/test-network/compose/docker/docker-compose-couch.yaml new file mode 100644 index 00000000..6ab883d4 --- /dev/null +++ b/test-network/compose/docker/docker-compose-couch.yaml @@ -0,0 +1,6 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' diff --git a/test-network/compose/docker/docker-compose-test-net.yaml b/test-network/compose/docker/docker-compose-test-net.yaml new file mode 100644 index 00000000..68f6dc56 --- /dev/null +++ b/test-network/compose/docker/docker-compose-test-net.yaml @@ -0,0 +1,38 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' +services: + peer0.org1.example.com: + container_name: peer0.org1.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.org2.example.com: + container_name: peer0.org2.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + cli: + container_name: cli + image: hyperledger/fabric-tools:latest + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg diff --git a/test-network/compose/docker/peercfg/core.yaml b/test-network/compose/docker/peercfg/core.yaml new file mode 100644 index 00000000..16e5b606 --- /dev/null +++ b/test-network/compose/docker/peercfg/core.yaml @@ -0,0 +1,777 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +############################################################################### +# +# Peer section +# +############################################################################### +peer: + + # The peer id provides a name for this peer instance and is used when + # naming docker resources. + id: jdoe + + # The networkId allows for logical separation of networks and is used when + # naming docker resources. + networkId: dev + + # The Address at local network interface this Peer will listen on. + # By default, it will listen on all network interfaces + listenAddress: 0.0.0.0:7051 + + # The endpoint this peer uses to listen for inbound chaincode connections. + # If this is commented-out, the listen address is selected to be + # the peer's address (see below) with port 7052 + # chaincodeListenAddress: 0.0.0.0:7052 + + # The endpoint the chaincode for this peer uses to connect to the peer. + # If this is not specified, the chaincodeListenAddress address is selected. + # And if chaincodeListenAddress is not specified, address is selected from + # peer address (see below). If specified peer address is invalid then it + # will fallback to the auto detected IP (local IP) regardless of the peer + # addressAutoDetect value. + # chaincodeAddress: 0.0.0.0:7052 + + # When used as peer config, this represents the endpoint to other peers + # in the same organization. For peers in other organization, see + # gossip.externalEndpoint for more info. + # When used as CLI config, this means the peer's endpoint to interact with + address: 0.0.0.0:7051 + + # Whether the Peer should programmatically determine its address + # This case is useful for docker containers. + # When set to true, will override peer address. + addressAutoDetect: false + + # Settings for the Peer's gateway server. + gateway: + # Whether the gateway is enabled for this Peer. + enabled: true + # endorsementTimeout is the duration the gateway waits for a response + # from other endorsing peers before returning a timeout error to the client. + endorsementTimeout: 30s + # dialTimeout is the duration the gateway waits for a connection + # to other network nodes. + dialTimeout: 2m + + + # Keepalive settings for peer server and clients + keepalive: + # Interval is the duration after which if the server does not see + # any activity from the client it pings the client to see if it's alive + interval: 7200s + # Timeout is the duration the server waits for a response + # from the client after sending a ping before closing the connection + timeout: 20s + # MinInterval is the minimum permitted time between client pings. + # If clients send pings more frequently, the peer server will + # disconnect them + minInterval: 60s + # Client keepalive settings for communicating with other peer nodes + client: + # Interval is the time between pings to peer nodes. This must + # greater than or equal to the minInterval specified by peer + # nodes + interval: 60s + # Timeout is the duration the client waits for a response from + # peer nodes before closing the connection + timeout: 20s + # DeliveryClient keepalive settings for communication with ordering + # nodes. + deliveryClient: + # Interval is the time between pings to ordering nodes. This must + # greater than or equal to the minInterval specified by ordering + # nodes. + interval: 60s + # Timeout is the duration the client waits for a response from + # ordering nodes before closing the connection + timeout: 20s + + + # Gossip related configuration + gossip: + # Bootstrap set to initialize gossip with. + # This is a list of other peers that this peer reaches out to at startup. + # Important: The endpoints here have to be endpoints of peers in the same + # organization, because the peer would refuse connecting to these endpoints + # unless they are in the same organization as the peer. + bootstrap: 127.0.0.1:7051 + + # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive. + # Setting both to true would result in the termination of the peer + # since this is undefined state. If the peers are configured with + # useLeaderElection=false, make sure there is at least 1 peer in the + # organization that its orgLeader is set to true. + + # Defines whenever peer will initialize dynamic algorithm for + # "leader" selection, where leader is the peer to establish + # connection with ordering service and use delivery protocol + # to pull ledger blocks from ordering service. + useLeaderElection: false + # Statically defines peer to be an organization "leader", + # where this means that current peer will maintain connection + # with ordering service and disseminate block across peers in + # its own organization. Multiple peers or all peers in an organization + # may be configured as org leaders, so that they all pull + # blocks directly from ordering service. + orgLeader: true + + # Interval for membershipTracker polling + membershipTrackerInterval: 5s + + # Overrides the endpoint that the peer publishes to peers + # in its organization. For peers in foreign organizations + # see 'externalEndpoint' + endpoint: + # Maximum count of blocks stored in memory + maxBlockCountToStore: 10 + # Max time between consecutive message pushes(unit: millisecond) + maxPropagationBurstLatency: 10ms + # Max number of messages stored until a push is triggered to remote peers + maxPropagationBurstSize: 10 + # Number of times a message is pushed to remote peers + propagateIterations: 1 + # Number of peers selected to push messages to + propagatePeerNum: 3 + # Determines frequency of pull phases(unit: second) + # Must be greater than digestWaitTime + responseWaitTime + pullInterval: 4s + # Number of peers to pull from + pullPeerNum: 3 + # Determines frequency of pulling state info messages from peers(unit: second) + requestStateInfoInterval: 4s + # Determines frequency of pushing state info messages to peers(unit: second) + publishStateInfoInterval: 4s + # Maximum time a stateInfo message is kept until expired + stateInfoRetentionInterval: + # Time from startup certificates are included in Alive messages(unit: second) + publishCertPeriod: 10s + # Should we skip verifying block messages or not (currently not in use) + skipBlockVerification: false + # Dial timeout(unit: second) + dialTimeout: 3s + # Connection timeout(unit: second) + connTimeout: 2s + # Buffer size of received messages + recvBuffSize: 20 + # Buffer size of sending messages + sendBuffSize: 200 + # Time to wait before pull engine processes incoming digests (unit: second) + # Should be slightly smaller than requestWaitTime + digestWaitTime: 1s + # Time to wait before pull engine removes incoming nonce (unit: milliseconds) + # Should be slightly bigger than digestWaitTime + requestWaitTime: 1500ms + # Time to wait before pull engine ends pull (unit: second) + responseWaitTime: 2s + # Alive check interval(unit: second) + aliveTimeInterval: 5s + # Alive expiration timeout(unit: second) + aliveExpirationTimeout: 25s + # Reconnect interval(unit: second) + reconnectInterval: 25s + # Max number of attempts to connect to a peer + maxConnectionAttempts: 120 + # Message expiration factor for alive messages + msgExpirationFactor: 20 + # This is an endpoint that is published to peers outside of the organization. + # If this isn't set, the peer will not be known to other organizations. + externalEndpoint: + # Leader election service configuration + election: + # Longest time peer waits for stable membership during leader election startup (unit: second) + startupGracePeriod: 15s + # Interval gossip membership samples to check its stability (unit: second) + membershipSampleInterval: 1s + # Time passes since last declaration message before peer decides to perform leader election (unit: second) + leaderAliveThreshold: 10s + # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second) + leaderElectionDuration: 5s + + pvtData: + # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block + # would be attempted to be pulled from peers until the block would be committed without the private data + pullRetryThreshold: 60s + # As private data enters the transient store, it is associated with the peer's ledger's height at that time. + # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit, + # and the private data residing inside the transient store that is guaranteed not to be purged. + # Private data is purged from the transient store when blocks with sequences that are multiples + # of transientstoreMaxBlockRetention are committed. + transientstoreMaxBlockRetention: 1000 + # pushAckTimeout is the maximum time to wait for an acknowledgement from each peer + # at private data push at endorsement time. + pushAckTimeout: 3s + # Block to live pulling margin, used as a buffer + # to prevent peer from trying to pull private data + # from peers that is soon to be purged in next N blocks. + # This helps a newly joined peer catch up to current + # blockchain height quicker. + btlPullMargin: 10 + # the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to + # pull from the other peers the most recent missing blocks with a maximum batch size limitation. + # reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a + # single iteration. + reconcileBatchSize: 10 + # reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning + # of the next reconciliation iteration. + reconcileSleepInterval: 1m + # reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not. + reconciliationEnabled: true + # skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid + # transaction's private data from other peers need to be skipped during the commit time and pulled + # only through reconciler. + skipPullingInvalidTransactionsDuringCommit: false + # implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection. + # When a peer endorses a proposal that writes to its own implicit collection, below values override the default values + # for disseminating private data. + # Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to + # be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization. + implicitCollectionDisseminationPolicy: + # requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully + # disseminate private data for its own implicit collection during endorsement. Default value is 0. + requiredPeerCount: 0 + # maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to + # disseminate private data for its own implicit collection during endorsement. Default value is 1. + maxPeerCount: 1 + + # Gossip state transfer related configuration + state: + # indicates whenever state transfer is enabled or not + # default value is false, i.e. state transfer is active + # and takes care to sync up missing blocks allowing + # lagging peer to catch up to speed with rest network. + # Keep in mind that when peer.gossip.useLeaderElection is true + # and there are several peers in the organization, + # or peer.gossip.useLeaderElection is false alongside with + # peer.gossip.orgleader being false, the peer's ledger may lag behind + # the rest of the peers and will never catch up due to state transfer + # being disabled. + enabled: false + # checkInterval interval to check whether peer is lagging behind enough to + # request blocks via state transfer from another peer. + checkInterval: 10s + # responseTimeout amount of time to wait for state transfer response from + # other peers + responseTimeout: 3s + # batchSize the number of blocks to request via state transfer from another peer + batchSize: 10 + # blockBufferSize reflects the size of the re-ordering buffer + # which captures blocks and takes care to deliver them in order + # down to the ledger layer. The actual buffer size is bounded between + # 0 and 2*blockBufferSize, each channel maintains its own buffer + blockBufferSize: 20 + # maxRetries maximum number of re-tries to ask + # for single state transfer request + maxRetries: 3 + + # TLS Settings + tls: + # Require server-side TLS + enabled: false + # Require client certificates / mutual TLS for inbound connections. + # Note that clients that are not configured to use a certificate will + # fail to connect to the peer. + clientAuthRequired: false + # X.509 certificate used for TLS server + cert: + file: tls/server.crt + # Private key used for TLS server + key: + file: tls/server.key + # rootcert.file represents the trusted root certificate chain used for verifying certificates + # of other nodes during outbound connections. + # It is not required to be set, but can be used to augment the set of TLS CA certificates + # available from the MSPs of each channel’s configuration. + rootcert: + file: tls/ca.crt + # If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates + # used for verifying certificates of client connections. + # It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration. + # Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests. + clientRootCAs: + files: + - tls/ca.crt + # Private key used for TLS when making client connections. + # If not set, peer.tls.key.file will be used instead + clientKey: + file: + # X.509 certificate used for TLS when making client connections. + # If not set, peer.tls.cert.file will be used instead + clientCert: + file: + + # Authentication contains configuration parameters related to authenticating + # client messages + authentication: + # the acceptable difference between the current server time and the + # client's time as specified in a client request message + timewindow: 15m + + # Path on the file system where peer will store data (eg ledger). This + # location must be access control protected to prevent unintended + # modification that might corrupt the peer operations. + fileSystemPath: /var/hyperledger/production + + # BCCSP (Blockchain crypto provider): Select which crypto implementation or + # library to use + BCCSP: + Default: SW + # Settings for the SW crypto provider (i.e. when DEFAULT: SW) + SW: + # TODO: The default Hash and Security level needs refactoring to be + # fully configurable. Changing these defaults requires coordination + # SHA2 is hardcoded in several places, not only BCCSP + Hash: SHA2 + Security: 256 + # Location of Key Store + FileKeyStore: + # If "", defaults to 'mspConfigPath'/keystore + KeyStore: + # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) + PKCS11: + # Location of the PKCS11 module library + Library: + # Token Label + Label: + # User PIN + Pin: + Hash: + Security: + + # Path on the file system where peer will find MSP local configurations + mspConfigPath: mspreally + # Identifier of the local MSP + # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!---- + # Deployers need to change the value of the localMspId string. + # In particular, the name of the local MSP ID of a peer needs + # to match the name of one of the MSPs in each of the channel + # that this peer is a member of. Otherwise this peer's messages + # will not be identified as valid by other nodes. + localMspId: SampleOrg + + # CLI common client config options + client: + # connection timeout + connTimeout: 3s + + # Delivery service related config + deliveryclient: + # Enables this peer to disseminate blocks it pulled from the ordering service + # via gossip. + # Note that 'gossip.state.enabled' controls point to point block replication + # of blocks committed in the past. + blockGossipEnabled: true + # It sets the total time the delivery service may spend in reconnection + # attempts until its retry logic gives up and returns an error + reconnectTotalTimeThreshold: 3600s + + # It sets the delivery service <-> ordering service node connection timeout + connTimeout: 3s + + # It sets the delivery service maximal delay between consecutive retries + reConnectBackoffThreshold: 3600s + + # A list of orderer endpoint addresses which should be overridden + # when found in channel configurations. + addressOverrides: + # - from: + # to: + # caCertsFile: + # - from: + # to: + # caCertsFile: + + # Type for the local MSP - by default it's of type bccsp + localMspType: bccsp + + # Used with Go profiling tools only in none production environment. In + # production, it should be disabled (eg enabled: false) + profile: + enabled: false + listenAddress: 0.0.0.0:6060 + + # Handlers defines custom handlers that can filter and mutate + # objects passing within the peer, such as: + # Auth filter - reject or forward proposals from clients + # Decorators - append or mutate the chaincode input passed to the chaincode + # Endorsers - Custom signing over proposal response payload and its mutation + # Valid handler definition contains: + # - A name which is a factory method name defined in + # core/handlers/library/library.go for statically compiled handlers + # - library path to shared object binary for pluggable filters + # Auth filters and decorators are chained and executed in the order that + # they are defined. For example: + # authFilters: + # - + # name: FilterOne + # library: /opt/lib/filter.so + # - + # name: FilterTwo + # decorators: + # - + # name: DecoratorOne + # - + # name: DecoratorTwo + # library: /opt/lib/decorator.so + # Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden. + # Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality + # as the default ESCC. + # If the 'library' property is missing, the name is used as the constructor method in the builtin library similar + # to auth filters and decorators. + # endorsers: + # escc: + # name: DefaultESCC + # library: /etc/hyperledger/fabric/plugin/escc.so + handlers: + authFilters: + - + name: DefaultAuth + - + name: ExpirationCheck # This filter checks identity x509 certificate expiration + decorators: + - + name: DefaultDecorator + endorsers: + escc: + name: DefaultEndorsement + library: + validators: + vscc: + name: DefaultValidation + library: + + # library: /etc/hyperledger/fabric/plugin/escc.so + # Number of goroutines that will execute transaction validation in parallel. + # By default, the peer chooses the number of CPUs on the machine. Set this + # variable to override that choice. + # NOTE: overriding this value might negatively influence the performance of + # the peer so please change this value only if you know what you're doing + validatorPoolSize: + + # The discovery service is used by clients to query information about peers, + # such as - which peers have joined a certain channel, what is the latest + # channel config, and most importantly - given a chaincode and a channel, + # what possible sets of peers satisfy the endorsement policy. + discovery: + enabled: true + # Whether the authentication cache is enabled or not. + authCacheEnabled: true + # The maximum size of the cache, after which a purge takes place + authCacheMaxSize: 1000 + # The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation + authCachePurgeRetentionRatio: 0.75 + # Whether to allow non-admins to perform non channel scoped queries. + # When this is false, it means that only peer admins can perform non channel scoped queries. + orgMembersAllowedAccess: false + + # Limits is used to configure some internal resource limits. + limits: + # Concurrency limits the number of concurrently running requests to a service on each peer. + # Currently this option is only applied to endorser service and deliver service. + # When the property is missing or the value is 0, the concurrency limit is disabled for the service. + concurrency: + # endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation, + # including both user chaincodes and system chaincodes. + endorserService: 2500 + # deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events. + deliverService: 2500 + + # Since all nodes should be consistent it is recommended to keep + # the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize + # Max message size in bytes GRPC server and client can receive + maxRecvMsgSize: 104857600 + # Max message size in bytes GRPC server and client can send + maxSendMsgSize: 104857600 + +############################################################################### +# +# VM section +# +############################################################################### +vm: + + # Endpoint of the vm management system. For docker can be one of the following in general + # unix:///var/run/docker.sock + # http://localhost:2375 + # https://localhost:2376 + # If you utilize external chaincode builders and don't need the default Docker chaincode builder, + # the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered. + endpoint: unix:///var/run/docker.sock + + # settings for docker vms + docker: + tls: + enabled: false + ca: + file: docker/ca.crt + cert: + file: docker/tls.crt + key: + file: docker/tls.key + + # Enables/disables the standard out/err from chaincode containers for + # debugging purposes + attachStdout: false + + # Parameters on creating docker container. + # Container may be efficiently created using ipam & dns-server for cluster + # NetworkMode - sets the networking mode for the container. Supported + # standard values are: `host`(default),`bridge`,`ipvlan`,`none`. + # Dns - a list of DNS servers for the container to use. + # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of + # Docker Host Config are not supported and will not be used if set. + # LogConfig - sets the logging driver (Type) and related options + # (Config) for Docker. For more info, + # https://docs.docker.com/engine/admin/logging/overview/ + # Note: Set LogConfig using Environment Variables is not supported. + hostConfig: + NetworkMode: host + Dns: + # - 192.168.0.1 + LogConfig: + Type: json-file + Config: + max-size: "50m" + max-file: "5" + Memory: 2147483648 + +############################################################################### +# +# Chaincode section +# +############################################################################### +chaincode: + + # The id is used by the Chaincode stub to register the executing Chaincode + # ID with the Peer and is generally supplied through ENV variables + # the `path` form of ID is provided when installing the chaincode. + # The `name` is used for all other requests and can be any string. + id: + path: + name: + + # Generic builder environment, suitable for most chaincode types + builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION) + + # Enables/disables force pulling of the base docker images (listed below) + # during user chaincode instantiation. + # Useful when using moving image tags (such as :latest) + pull: false + + golang: + # golang will never need more than baseos + runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION) + + # whether or not golang chaincode should be linked dynamically + dynamicLink: false + + java: + # This is an image based on java:openjdk-8 with addition compiler + # tools added for java shim layer packaging. + # This image is packed with shim layer libraries that are necessary + # for Java chaincode runtime. + runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION) + + node: + # This is an image based on node:$(NODE_VER)-alpine + runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION) + + # List of directories to treat as external builders and launchers for + # chaincode. The external builder detection processing will iterate over the + # builders in the order specified below. + # If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above. + # To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}] + externalBuilders: + - name: ccaas_builder + path: /opt/hyperledger/ccaas_builder + propagateEnvironment: + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG + + + # The maximum duration to wait for the chaincode build and install process + # to complete. + installTimeout: 300s + + # Timeout duration for starting up a container and waiting for Register + # to come through. + startuptimeout: 300s + + # Timeout duration for Invoke and Init calls to prevent runaway. + # This timeout is used by all chaincodes in all the channels, including + # system chaincodes. + # Note that during Invoke, if the image is not available (e.g. being + # cleaned up when in development environment), the peer will automatically + # build the image, which might take more time. In production environment, + # the chaincode image is unlikely to be deleted, so the timeout could be + # reduced accordingly. + executetimeout: 30s + + # There are 2 modes: "dev" and "net". + # In dev mode, user runs the chaincode after starting peer from + # command line on local machine. + # In net mode, peer will run chaincode in a docker container. + mode: net + + # keepalive in seconds. In situations where the communication goes through a + # proxy that does not support keep-alive, this parameter will maintain connection + # between peer and chaincode. + # A value <= 0 turns keepalive off + keepalive: 0 + + # enabled system chaincodes + system: + _lifecycle: enable + cscc: enable + lscc: enable + qscc: enable + + # Logging section for the chaincode container + logging: + # Default level for all loggers within the chaincode container + level: info + # Override default level for the 'shim' logger + shim: warning + # Format for the chaincode container logs + format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}' + +############################################################################### +# +# Ledger section - ledger configuration encompasses both the blockchain +# and the state +# +############################################################################### +ledger: + + blockchain: + + state: + # stateDatabase - options are "goleveldb", "CouchDB" + # goleveldb - default state database stored in goleveldb. + # CouchDB - store state database in CouchDB + stateDatabase: goleveldb + # Limit on the number of records to return per query + totalQueryLimit: 100000 + couchDBConfig: + # It is recommended to run CouchDB on the same server as the peer, and + # not map the CouchDB container port to a server port in docker-compose. + # Otherwise proper security must be provided on the connection between + # CouchDB client (on the peer) and server. + couchDBAddress: 127.0.0.1:5984 + # This username must have read and write authority on CouchDB + username: + # The password is recommended to pass as an environment variable + # during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD). + # If it is stored here, the file must be access control protected + # to prevent unintended users from discovering the password. + password: + # Number of retries for CouchDB errors + maxRetries: 3 + # Number of retries for CouchDB errors during peer startup. + # The delay between retries doubles for each attempt. + # Default of 10 retries results in 11 attempts over 2 minutes. + maxRetriesOnStartup: 10 + # CouchDB request timeout (unit: duration, e.g. 20s) + requestTimeout: 35s + # Limit on the number of records per each CouchDB query + # Note that chaincode queries are only bound by totalQueryLimit. + # Internally the chaincode may execute multiple CouchDB queries, + # each of size internalQueryLimit. + internalQueryLimit: 1000 + # Limit on the number of records per CouchDB bulk update batch + maxBatchUpdateSize: 1000 + # Create the _global_changes system database + # This is optional. Creating the global changes database will require + # additional system resources to track changes and maintain the database + createGlobalChangesDB: false + # CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state + # cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple + # of 32 MB, the peer would round the size to the next multiple of 32 MB. + # To disable the cache, 0 MB needs to be assigned to the cacheSize. + cacheSize: 64 + + history: + # enableHistoryDatabase - options are true or false + # Indicates if the history of key updates should be stored. + # All history 'index' will be stored in goleveldb, regardless if using + # CouchDB or alternate database for the state. + enableHistoryDatabase: true + + pvtdataStore: + # the maximum db batch size for converting + # the ineligible missing data entries to eligible missing data entries + collElgProcMaxDbBatchSize: 5000 + # the minimum duration (in milliseconds) between writing + # two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries + collElgProcDbBatchesInterval: 1000 + # The missing data entries are classified into two categories: + # (1) prioritized + # (2) deprioritized + # Initially, all missing data are in the prioritized list. When the + # reconciler is unable to fetch the missing data from other peers, + # the unreconciled missing data would be moved to the deprioritized list. + # The reconciler would retry deprioritized missing data after every + # deprioritizedDataReconcilerInterval (unit: minutes). Note that the + # interval needs to be greater than the reconcileSleepInterval + deprioritizedDataReconcilerInterval: 60m + + snapshots: + # Path on the file system where peer will store ledger snapshots + rootDir: /var/hyperledger/production/snapshots + +############################################################################### +# +# Operations section +# +############################################################################### +operations: + # host and port for the operations server + listenAddress: 127.0.0.1:9443 + + # TLS configuration for the operations endpoint + tls: + # TLS enabled + enabled: false + + # path to PEM encoded server certificate for the operations server + cert: + file: + + # path to PEM encoded server key for the operations server + key: + file: + + # most operations service endpoints require client authentication when TLS + # is enabled. clientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + clientAuthRequired: false + + # paths to PEM encoded ca certificates to trust for client authentication + clientRootCAs: + files: [] + +############################################################################### +# +# Metrics section +# +############################################################################### +metrics: + # metrics provider is one of statsd, prometheus, or disabled + provider: disabled + + # statsd configuration + statsd: + # network type: tcp or udp + network: udp + + # statsd server address + address: 127.0.0.1:8125 + + # the interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + writeInterval: 10s + + # prefix is prepended to all emitted statsd metrics + prefix: diff --git a/test-network/podman/peercfg/core.yaml b/test-network/compose/podman/peercfg/core.yaml similarity index 100% rename from test-network/podman/peercfg/core.yaml rename to test-network/compose/podman/peercfg/core.yaml diff --git a/test-network/compose/podman/podman-compose-ca.yaml b/test-network/compose/podman/podman-compose-ca.yaml new file mode 100644 index 00000000..6ab883d4 --- /dev/null +++ b/test-network/compose/podman/podman-compose-ca.yaml @@ -0,0 +1,6 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' diff --git a/test-network/compose/podman/podman-compose-couch.yaml b/test-network/compose/podman/podman-compose-couch.yaml new file mode 100644 index 00000000..6ab883d4 --- /dev/null +++ b/test-network/compose/podman/podman-compose-couch.yaml @@ -0,0 +1,6 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' diff --git a/test-network/compose/podman/podman-compose-test-net.yaml b/test-network/compose/podman/podman-compose-test-net.yaml new file mode 100644 index 00000000..8afe4149 --- /dev/null +++ b/test-network/compose/podman/podman-compose-test-net.yaml @@ -0,0 +1,19 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' + +services: + peer0.org1.example.com: + volumes: + - ./podman/peercfg:/etc/hyperledger/peercfg + + peer0.org2.example.com: + volumes: + - ./podman/peercfg:/etc/hyperledger/peercfg + + cli: + volumes: + - ./podman/peercfg:/etc/hyperledger/peercfg diff --git a/test-network/docker/docker-compose-test-net.yaml b/test-network/docker/docker-compose-test-net.yaml deleted file mode 100644 index 059f5838..00000000 --- a/test-network/docker/docker-compose-test-net.yaml +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -volumes: - orderer.example.com: - peer0.org1.example.com: - peer0.org2.example.com: - -networks: - test: - name: fabric_test - -services: - - orderer.example.com: - container_name: orderer.example.com - image: hyperledger/fabric-orderer:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_LOGGING_SPEC=INFO - - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 - - ORDERER_GENERAL_LISTENPORT=7050 - - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp - # enabled TLS - - ORDERER_GENERAL_TLS_ENABLED=true - - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key - - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt - - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt - - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key - - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - - ORDERER_GENERAL_BOOTSTRAPMETHOD=none - - ORDERER_CHANNELPARTICIPATION_ENABLED=true - - ORDERER_ADMIN_TLS_ENABLED=true - - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt - - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key - - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 - - ORDERER_METRICS_PROVIDER=prometheus - working_dir: /opt/gopath/src/github.com/hyperledger/fabric - command: orderer - volumes: - - ../system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - - orderer.example.com:/var/hyperledger/production/orderer - ports: - - 7050:7050 - - 7053:7053 - - 9443:9443 - networks: - - test - - peer0.org1.example.com: - container_name: peer0.org1.example.com - image: hyperledger/fabric-peer:latest - labels: - service: hyperledger-fabric - environment: - #Generic peer variables - - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - - CORE_PEER_TLS_ENABLED=true - - CORE_PEER_PROFILE_ENABLED=false - - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt - # Peer specific variables - - CORE_PEER_ID=peer0.org1.example.com - - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 - - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - - CORE_PEER_LOCALMSPID=Org1MSP - - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 - - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} - - CORE_CHAINCODE_EXECUTETIMEOUT=300s - volumes: - - ${DOCKER_SOCK}:/host/var/run/docker.sock - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls - - peer0.org1.example.com:/var/hyperledger/production - working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer - command: peer node start - ports: - - 7051:7051 - - 9444:9444 - networks: - - test - - peer0.org2.example.com: - container_name: peer0.org2.example.com - image: hyperledger/fabric-peer:latest - labels: - service: hyperledger-fabric - environment: - #Generic peer variables - - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - - CORE_PEER_TLS_ENABLED=true - - CORE_PEER_PROFILE_ENABLED=false - - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt - # Peer specific variables - - CORE_PEER_ID=peer0.org2.example.com - - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 - - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 - - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 - - CORE_PEER_LOCALMSPID=Org2MSP - - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 - - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} - - CORE_CHAINCODE_EXECUTETIMEOUT=300s - volumes: - - ${DOCKER_SOCK}:/host/var/run/docker.sock - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls - - peer0.org2.example.com:/var/hyperledger/production - working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer - command: peer node start - ports: - - 9051:9051 - - 9445:9445 - networks: - - test - - cli: - container_name: cli - image: hyperledger/fabric-tools:latest - labels: - service: hyperledger-fabric - tty: true - stdin_open: true - environment: - - GOPATH=/opt/gopath - - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer - command: /bin/bash - volumes: - - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations - - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - depends_on: - - peer0.org1.example.com - - peer0.org2.example.com - networks: - - test diff --git a/test-network/install-fabric.sh b/test-network/install-fabric.sh deleted file mode 100755 index bf68f12e..00000000 --- a/test-network/install-fabric.sh +++ /dev/null @@ -1,313 +0,0 @@ -#!/bin/bash -# -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# A modified version of the Fabric bootstrap script -# Use positional arguments to select componenets to install -# -# Has exactly the same functional power of bootstrap.sh - -### START OF CODE GENERATED BY Argbash v2.9.0 ### -# Argbash is a bash code generator used to get arguments parsing right. -# Argbash is FREE SOFTWARE, see https://argbash.io for more info -# Generated online by https://argbash.io/generate - -# Default values -_positionals=() -_arg_comp=('' ) - -# if version not passed in, default to latest released version -# if ca version not passed in, default to latest released version -_arg_fabric_version="2.4.0" -_arg_ca_version="1.5.2" - -ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')") -MARCH=$(uname -m) - -die() -{ - local _ret="${2:-1}" - test "${_PRINT_HELP:-no}" = yes && print_help >&2 - echo "$1" >&2 - exit "${_ret}" -} - - -begins_with_short_option() -{ - local first_option all_short_options='fc' - first_option="${1:0:1}" - test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0 -} - - - -print_help() -{ - printf 'Usage: %s [-f|--fabric-version ] [-c|--ca-version ] [] ... [] ...\n' "$0" - printf '\t%s\n' ": Component to install one or more of d[ocker]|b[inary]|s[amples]|p[podman]|n[nerdctl]. If none specified, all will be installed" - printf '\t%s\n' "-f, --fabric-version: FabricVersion (default: '2.4.0')" - printf '\t%s\n' "-c, --ca-version: Fabric CA Version (default: '1.5.2')" -} - - -parse_commandline() -{ - _positionals_count=0 - while test $# -gt 0 - do - _key="$1" - case "$_key" in - -f|--fabric-version) - test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 - _arg_fabric_version="$2" - shift - ;; - --fabric-version=*) - _arg_fabric_version="${_key##--fabric-version=}" - ;; - -f*) - _arg_fabric_version="${_key##-f}" - ;; - -c|--ca-version) - test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 - _arg_ca_version="$2" - shift - ;; - -h|--help) - print_help - exit 0 - ;; - -h*) - print_help - exit 0 - ;; - --ca-version=*) - _arg_ca_version="${_key##--ca-version=}" - ;; - -c*) - _arg_ca_version="${_key##-c}" - ;; - *) - _last_positional="$1" - _positionals+=("$_last_positional") - _positionals_count=$((_positionals_count + 1)) - ;; - esac - shift - done -} - - -handle_passed_args_count() -{ - local _required_args_string="'comp'" - # test "${_positionals_count}" -ge 1 || _PRINT_HELP=yes die "FATAL ERROR: Not enough positional arguments - we require at least 1 (namely: $_required_args_string), but got only ${_positionals_count}." 1 -} - - -assign_positional_args() -{ - local _positional_name _shift_for=$1 - _positional_names="_arg_comp " - _our_args=$((${#_positionals[@]} - 1)) - for ((ii = 0; ii < _our_args; ii++)) - do - _positional_names="$_positional_names _arg_comp[$((ii + 1))]" - done - - shift "$_shift_for" - for _positional_name in ${_positional_names} - do - test $# -gt 0 || break - eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1 - shift - done -} - -# End of ARGBASH code - -# dockerPull() pulls docker images from fabric and chaincode repositories -# note, if a docker image doesn't exist for a requested release, it will simply -# be skipped, since this script doesn't terminate upon errors. - -singleImagePull() { - #three_digit_image_tag is passed in, e.g. "1.4.7" - three_digit_image_tag=$1 - shift - #two_digit_image_tag is derived, e.g. "1.4", especially useful as a local tag for two digit references to most recent baseos, ccenv, javaenv, nodeenv patch releases - two_digit_image_tag=$(echo "$three_digit_image_tag" | cut -d'.' -f1,2) - while [[ $# -gt 0 ]] - do - image_name="$1" - echo "====> hyperledger/fabric-$image_name:$three_digit_image_tag" - ${CONTAINER_CLI} pull "hyperledger/fabric-$image_name:$three_digit_image_tag" - ${CONTAINER_CLI} tag "hyperledger/fabric-$image_name:$three_digit_image_tag" "hyperledger/fabric-$image_name" - ${CONTAINER_CLI} tag "hyperledger/fabric-$image_name:$three_digit_image_tag" "hyperledger/fabric-$image_name:$two_digit_image_tag" - shift - done -} - -cloneSamplesRepo() { - # clone (if needed) hyperledger/fabric-samples and checkout corresponding - # version to the binaries and docker images to be downloaded - if [ -d test-network ]; then - # if we are in the fabric-samples repo, checkout corresponding version - echo "==> Already in fabric-samples repo" - elif [ -d fabric-samples ]; then - # if fabric-samples repo already cloned and in current directory, - # cd fabric-samples - echo "===> Changing directory to fabric-samples" - cd fabric-samples - else - echo "===> Cloning hyperledger/fabric-samples repo" - git clone -b main https://github.com/hyperledger/fabric-samples.git && cd fabric-samples - fi - - if GIT_DIR=.git git rev-parse v${VERSION} >/dev/null 2>&1; then - echo "===> Checking out v${VERSION} of hyperledger/fabric-samples" - git checkout -q v${VERSION} - else - echo "fabric-samples v${VERSION} does not exist, defaulting to main. fabric-samples main branch is intended to work with recent versions of fabric." - git checkout -q main - fi -} - -# This will download the .tar.gz -download() { - local BINARY_FILE=$1 - local URL=$2 - local DEST_DIR=$(pwd) - echo "===> Downloading: " "${URL}" - if [ -d fabric-samples ]; then - DEST_DIR="fabric-samples" - fi - echo "===> Will unpack to: ${DEST_DIR}" - curl -L --retry 5 --retry-delay 3 "${URL}" | tar xz -C ${DEST_DIR}|| rc=$? - if [ -n "$rc" ]; then - echo "==> There was an error downloading the binary file." - return 22 - else - echo "==> Done." - fi -} - -pullBinaries() { - echo "===> Downloading version ${FABRIC_TAG} platform specific fabric binaries" - download "${BINARY_FILE}" "https://github.com/hyperledger/fabric/releases/download/v${VERSION}/${BINARY_FILE}" - if [ $? -eq 22 ]; then - echo - echo "------> ${FABRIC_TAG} platform specific fabric binary is not available to download <----" - echo - exit - fi - - echo "===> Downloading version ${CA_TAG} platform specific fabric-ca-client binary" - download "${CA_BINARY_FILE}" "https://github.com/hyperledger/fabric-ca/releases/download/v${CA_VERSION}/${CA_BINARY_FILE}" - if [ $? -eq 22 ]; then - echo - echo "------> ${CA_TAG} fabric-ca-client binary is not available to download (Available from 1.1.0-rc1) <----" - echo - exit - fi -} - -pullImages() { - command -v ${CONTAINER_CLI} >& /dev/null - NODOCKER=$? - if [ "${NODOCKER}" == 0 ]; then - FABRIC_IMAGES=(peer orderer ccenv tools) - case "$VERSION" in - 2.*) - FABRIC_IMAGES+=(baseos) - shift - ;; - esac - - echo "FABRIC_IMAGES:" "${FABRIC_IMAGES[@]}" - echo "===> Pulling fabric Images" - singleImagePull "${FABRIC_TAG}" "${FABRIC_IMAGES[@]}" - echo "===> Pulling fabric ca Image" - CA_IMAGE=(ca) - singleImagePull "${CA_TAG}" "${CA_IMAGE[@]}" - echo "===> List out hyperledger images" - ${CONTAINER_CLI} images | grep hyperledger - else - echo "=========================================================" - echo "${CONTAINER_CLI} not installed, bypassing download of Fabric images" - echo "=========================================================" - fi -} - - -# Main code starts here -parse_commandline "$@" -handle_passed_args_count -assign_positional_args 1 "${_positionals[@]}" - - -VERSION=$_arg_fabric_version -CA_VERSION=$_arg_ca_version - -# prior to 1.2.0 architecture was determined by uname -m -if [[ $VERSION =~ ^1\.[0-1]\.* ]]; then - export FABRIC_TAG=${MARCH}-${VERSION} - export CA_TAG=${MARCH}-${CA_VERSION} -else - # starting with 1.2.0, multi-arch images will be default - : "${CA_TAG:="$CA_VERSION"}" - : "${FABRIC_TAG:="$VERSION"}" -fi - -BINARY_FILE=hyperledger-fabric-${ARCH}-${VERSION}.tar.gz -CA_BINARY_FILE=hyperledger-fabric-ca-${ARCH}-${CA_VERSION}.tar.gz - -# if nothing has been specified, assume everything -if [[ ${_arg_comp[@]} =~ ^$ ]]; then - echo "Getting all samples, binaries, and docker images" - _arg_comp=('samples','binary','docker') -fi - -# Process samples first then the binaries. So if the fabric-samples dir is present -# the binaries will go there -if [[ "${_arg_comp[@]}" =~ s(amples)? ]]; then - echo - echo "Clone hyperledger/fabric-samples repo" - echo - cloneSamplesRepo -fi - -if [[ "${_arg_comp[@]}" =~ b(inary)? ]]; then - echo - echo "Pull Hyperledger Fabric binaries" - echo - pullBinaries -fi - -if [[ "${_arg_comp[@]}" =~ p(odman)? ]]; then - echo - echo "Pull Hyperledger Fabric podman images" - echo - CONTAINER_CLI=podman - pullImages -fi - -if [[ "${_arg_comp[@]}" =~ n(erdctl)? ]]; then - echo - echo "Pull Hyperledger Fabric images into containerd" - echo - CONTAINER_CLI=nerdctl - pullImages -fi - -if [[ "${_arg_comp[@]}" =~ d(ocker)? ]]; then - echo - echo "Pull Hyperledger Fabric docker images" - echo - CONTAINER_CLI=docker - pullImages -fi - diff --git a/test-network/nerdctl/docker-compose-ca.yaml b/test-network/nerdctl/docker-compose-ca.yaml deleted file mode 100644 index f678755b..00000000 --- a/test-network/nerdctl/docker-compose-ca.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - - ca_org1: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-org1 - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=7054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:17054 - ports: - - "7054:7054" - - "17054:17054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server - container_name: ca_org1 - networks: - - test - - ca_org2: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-org2 - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=8054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:18054 - ports: - - "8054:8054" - - "18054:18054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server - container_name: ca_org2 - networks: - - test - - ca_orderer: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-orderer - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=9054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:19054 - ports: - - "9054:9054" - - "19054:19054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server - container_name: ca_orderer - networks: - - test diff --git a/test-network/nerdctl/docker-compose-couch.yaml b/test-network/nerdctl/docker-compose-couch.yaml deleted file mode 100644 index f67e3a1c..00000000 --- a/test-network/nerdctl/docker-compose-couch.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - couchdb0: - container_name: couchdb0 - image: couchdb:3.1.1 - labels: - service: hyperledger-fabric - # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password - # for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode. - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=adminpw - # Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service, - # for example map it to utilize Fauxton User Interface in dev environments. - ports: - - "5984:5984" - networks: - - test - - peer0.org1.example.com: - environment: - - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0:5984 - # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD - # provide the credentials for ledger to connect to CouchDB. The username and password must - # match the username and password set for the associated CouchDB. - - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw - depends_on: - - couchdb0 - - couchdb1: - container_name: couchdb1 - image: couchdb:3.1.1 - labels: - service: hyperledger-fabric - # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password - # for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode. - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=adminpw - # Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service, - # for example map it to utilize Fauxton User Interface in dev environments. - ports: - - "7984:5984" - networks: - - test - - peer0.org2.example.com: - environment: - - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1:5984 - # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD - # provide the credentials for ledger to connect to CouchDB. The username and password must - # match the username and password set for the associated CouchDB. - - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw - depends_on: - - couchdb1 diff --git a/test-network/nerdctl/docker-compose-test-net.yaml b/test-network/nerdctl/docker-compose-test-net.yaml deleted file mode 100644 index 899eb61b..00000000 --- a/test-network/nerdctl/docker-compose-test-net.yaml +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -volumes: - orderer.example.com: - peer0.org1.example.com: - peer0.org2.example.com: - -networks: - test: - name: fabric_test - -services: - - orderer.example.com: - container_name: orderer.example.com - image: hyperledger/fabric-orderer:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_LOGGING_SPEC=INFO - - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 - - ORDERER_GENERAL_LISTENPORT=7050 - - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - - ORDERER_GENERAL_LOCALMSPDIR=/opt/hyperledger/orderer/msp - # enabled TLS - - ORDERER_GENERAL_TLS_ENABLED=true - - ORDERER_GENERAL_TLS_PRIVATEKEY=/opt/hyperledger/orderer/tls/server.key - - ORDERER_GENERAL_TLS_CERTIFICATE=/opt/hyperledger/orderer/tls/server.crt - - ORDERER_GENERAL_TLS_ROOTCAS=[/opt/hyperledger/orderer/tls/ca.crt] - - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/opt/hyperledger/orderer/tls/server.crt - - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/opt/hyperledger/orderer/tls/server.key - - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/opt/hyperledger/orderer/tls/ca.crt] - - ORDERER_GENERAL_BOOTSTRAPMETHOD=none - - ORDERER_CHANNELPARTICIPATION_ENABLED=true - - ORDERER_ADMIN_TLS_ENABLED=true - - ORDERER_ADMIN_TLS_CERTIFICATE=/opt/hyperledger/orderer/tls/server.crt - - ORDERER_ADMIN_TLS_PRIVATEKEY=/opt/hyperledger/orderer/tls/server.key - - ORDERER_ADMIN_TLS_ROOTCAS=[/opt/hyperledger/orderer/tls/ca.crt] - - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/opt/hyperledger/orderer/tls/ca.crt] - - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 - - ORDERER_METRICS_PROVIDER=prometheus - working_dir: /root - command: orderer - volumes: - # todo: track down why nerdctl compose can NOT mount these files into /var/hyperledger in the orderer container. - # todo: why are we mounting a genesis block when the test network uses the channel participation API? - # - ../system-genesis-block/genesis.block:/opt/hyperledger/orderer/orderer.genesis.block - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/opt/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/opt/hyperledger/orderer/tls - - orderer.example.com:/opt/hyperledger/production/orderer - ports: - - 7050:7050 - - 7053:7053 - - 9443:9443 - networks: - - test - - peer0.org1.example.com: - container_name: peer0.org1.example.com - image: hyperledger/fabric-peer:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CFG_PATH=/etc/hyperledger/peercfg - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - - CORE_PEER_TLS_ENABLED=true - - CORE_PEER_PROFILE_ENABLED=false - - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt - # Peer specific variables - - CORE_PEER_ID=peer0.org1.example.com - - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 - - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - - CORE_PEER_LOCALMSPID=Org1MSP - - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 - - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} - - CORE_CHAINCODE_EXECUTETIMEOUT=300s - volumes: - - ./peercfg:/etc/hyperledger/peercfg - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - - peer0.org1.example.com:/var/hyperledger/production - working_dir: /root - command: peer node start - ports: - - 7051:7051 - - 9444:9444 - networks: - - test - - peer0.org2.example.com: - container_name: peer0.org2.example.com - image: hyperledger/fabric-peer:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CFG_PATH=/etc/hyperledger/peercfg - - FABRIC_LOGGING_SPEC=INFO - #- FABRIC_LOGGING_SPEC=DEBUG - - CORE_PEER_TLS_ENABLED=true - - CORE_PEER_PROFILE_ENABLED=false - - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt - # Peer specific variables - - CORE_PEER_ID=peer0.org2.example.com - - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 - - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 - - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 - - CORE_PEER_LOCALMSPID=Org2MSP - - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 - - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} - - CORE_CHAINCODE_EXECUTETIMEOUT=300s - volumes: - - ./peercfg:/etc/hyperledger/peercfg - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - - peer0.org2.example.com:/var/hyperledger/production - working_dir: /root - command: peer node start - ports: - - 9051:9051 - - 9445:9445 - networks: - - test - - cli: - container_name: cli - image: hyperledger/fabric-tools:latest - labels: - service: hyperledger-fabric - tty: true - stdin_open: true - environment: - - GOPATH=/opt/gopath - - FABRIC_LOGGING_SPEC=INFO - - FABRIC_CFG_PATH=/etc/hyperledger/fabric/cfg - #- FABRIC_LOGGING_SPEC=DEBUG - working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer - command: /bin/bash - volumes: - - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations - - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - depends_on: - - peer0.org1.example.com - - peer0.org2.example.com - networks: - - test diff --git a/test-network/network.sh b/test-network/network.sh index cfdcb331..75612086 100755 --- a/test-network/network.sh +++ b/test-network/network.sh @@ -174,7 +174,7 @@ function createOrgs() { # Create crypto material using Fabric CA if [ "$CRYPTO" == "Certificate Authorities" ]; then infoln "Generating certificates using Fabric CA" - ${CONTAINER_CLI_COMPOSE} -f $COMPOSE_FILE_CA up -d 2>&1 + ${CONTAINER_CLI_COMPOSE} -f compose/$COMPOSE_FILE_CA -f compose/$CONTAINER_CLI/${CONTAINER_CLI}-$COMPOSE_FILE_CA up -d 2>&1 . organizations/fabric-ca/registerEnroll.sh @@ -234,16 +234,16 @@ function createOrgs() { # Bring up the peer and orderer nodes using docker compose. function networkUp() { checkPrereqs - echo "==========done preqs" + # generate artifacts if they don't exist if [ ! -d "organizations/peerOrganizations" ]; then createOrgs fi - echo "============done orgs" - COMPOSE_FILES="-f ${COMPOSE_FILE_BASE}" + COMPOSE_FILES="-f compose/${COMPOSE_FILE_BASE} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_BASE}" + if [ "${DATABASE}" == "couchdb" ]; then - COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}" + COMPOSE_FILES="${COMPOSE_FILES} -f compose/${COMPOSE_FILE_COUCH} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_COUCH}" fi DOCKER_SOCK="${DOCKER_SOCK}" ${CONTAINER_CLI_COMPOSE} ${COMPOSE_FILES} up -d 2>&1 @@ -292,10 +292,16 @@ function deployCCAAS() { function networkDown() { # stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3 - for descriptor in $COMPOSE_FILE_BASE $COMPOSE_FILE_COUCH $COMPOSE_FILE_CA $COMPOSE_FILE_COUCH_ORG3 $COMPOSE_FILE_ORG3 + for descriptor in $COMPOSE_FILE_BASE $COMPOSE_FILE_COUCH $COMPOSE_FILE_CA #$COMPOSE_FILE_COUCH_ORG3 $COMPOSE_FILE_ORG3 do infoln "Decomposing $descriptor" - DOCKER_SOCK=$DOCKER_SOCK ${CONTAINER_CLI_COMPOSE} -f $descriptor down --volumes #--remove-orphans + if [ "${CONTAINER_CLI}" == "docker" ]; then + DOCKER_SOCK=$DOCKER_SOCK ${CONTAINER_CLI_COMPOSE} -f compose/$descriptor -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${descriptor} down --volumes --remove-orphans + elif [ "${CONTAINER_CLI}" == "podman" ]; then + ${CONTAINER_CLI_COMPOSE} -f compose/$descriptor -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${descriptor} down --volumes + else + fatalln "Container CLI ${CONTAINER_CLI} not supported" + fi done # Don't remove the generated artifacts -- note, the ledgers are always removed @@ -340,11 +346,11 @@ CC_COLL_CONFIG="NA" # chaincode init function defaults to "NA" CC_INIT_FCN="NA" # use this as the default docker-compose yaml definition -COMPOSE_FILE_BASE=${CONTAINER_CLI}/docker-compose-test-net.yaml +COMPOSE_FILE_BASE=compose-test-net.yaml # docker-compose.yaml file if you are using couchdb -COMPOSE_FILE_COUCH=${CONTAINER_CLI}/docker-compose-couch.yaml +COMPOSE_FILE_COUCH=compose-couch.yaml # certificate authorities compose file -COMPOSE_FILE_CA=${CONTAINER_CLI}/docker-compose-ca.yaml +COMPOSE_FILE_CA=compose-ca.yaml # use this as the docker compose couch file for org3 COMPOSE_FILE_COUCH_ORG3=addOrg3/${CONTAINER_CLI}/docker-compose-couch-org3.yaml # use this as the default docker-compose yaml definition for org3 diff --git a/test-network/podman/docker-compose-ca.yaml b/test-network/podman/docker-compose-ca.yaml deleted file mode 100644 index f678755b..00000000 --- a/test-network/podman/docker-compose-ca.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - - ca_org1: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-org1 - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=7054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:17054 - ports: - - "7054:7054" - - "17054:17054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server - container_name: ca_org1 - networks: - - test - - ca_org2: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-org2 - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=8054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:18054 - ports: - - "8054:8054" - - "18054:18054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server - container_name: ca_org2 - networks: - - test - - ca_orderer: - image: hyperledger/fabric-ca:latest - labels: - service: hyperledger-fabric - environment: - - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - - FABRIC_CA_SERVER_CA_NAME=ca-orderer - - FABRIC_CA_SERVER_TLS_ENABLED=true - - FABRIC_CA_SERVER_PORT=9054 - - FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=0.0.0.0:19054 - ports: - - "9054:9054" - - "19054:19054" - command: sh -c 'fabric-ca-server start -b admin:adminpw -d' - volumes: - - ../organizations/fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server - container_name: ca_orderer - networks: - - test diff --git a/test-network/podman/docker-compose-couch.yaml b/test-network/podman/docker-compose-couch.yaml deleted file mode 100644 index f67e3a1c..00000000 --- a/test-network/podman/docker-compose-couch.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright IBM Corp. All Rights Reserved. -# -# SPDX-License-Identifier: Apache-2.0 -# - -version: '3.7' - -networks: - test: - name: fabric_test - -services: - couchdb0: - container_name: couchdb0 - image: couchdb:3.1.1 - labels: - service: hyperledger-fabric - # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password - # for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode. - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=adminpw - # Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service, - # for example map it to utilize Fauxton User Interface in dev environments. - ports: - - "5984:5984" - networks: - - test - - peer0.org1.example.com: - environment: - - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0:5984 - # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD - # provide the credentials for ledger to connect to CouchDB. The username and password must - # match the username and password set for the associated CouchDB. - - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw - depends_on: - - couchdb0 - - couchdb1: - container_name: couchdb1 - image: couchdb:3.1.1 - labels: - service: hyperledger-fabric - # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password - # for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode. - environment: - - COUCHDB_USER=admin - - COUCHDB_PASSWORD=adminpw - # Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service, - # for example map it to utilize Fauxton User Interface in dev environments. - ports: - - "7984:5984" - networks: - - test - - peer0.org2.example.com: - environment: - - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1:5984 - # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD - # provide the credentials for ledger to connect to CouchDB. The username and password must - # match the username and password set for the associated CouchDB. - - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw - depends_on: - - couchdb1 diff --git a/test-network/scripts/createChannel.sh b/test-network/scripts/createChannel.sh index e4d14f0b..96894258 100755 --- a/test-network/scripts/createChannel.sh +++ b/test-network/scripts/createChannel.sh @@ -13,6 +13,10 @@ VERBOSE="$4" : ${MAX_RETRY:="5"} : ${VERBOSE:="false"} +: ${CONTAINER_CLI:="docker"} +: ${CONTAINER_CLI_COMPOSE:="${CONTAINER_CLI}-compose"} +infoln "Using ${CONTAINER_CLI} and ${CONTAINER_CLI_COMPOSE}" + if [ ! -d "channel-artifacts" ]; then mkdir channel-artifacts fi @@ -70,7 +74,7 @@ joinChannel() { setAnchorPeer() { ORG=$1 - docker exec cli ./scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME + ${CONTAINER_CLI} exec cli ./scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME } FABRIC_CFG_PATH=${PWD}/configtx diff --git a/test-network/scripts/deployCCAAS.sh b/test-network/scripts/deployCCAAS.sh index b290f221..33593a6a 100755 --- a/test-network/scripts/deployCCAAS.sh +++ b/test-network/scripts/deployCCAAS.sh @@ -23,6 +23,10 @@ VERBOSE=${12:-"false"} CCAAS_SERVER_PORT=9999 +: ${CONTAINER_CLI:="docker"} +: ${CONTAINER_CLI_COMPOSE:="${CONTAINER_CLI}-compose"} +infoln "Using ${CONTAINER_CLI} and ${CONTAINER_CLI_COMPOSE}" + println "executing with the following" println "- CHANNEL_NAME: ${C_GREEN}${CHANNEL_NAME}${C_RESET}" println "- CC_NAME: ${C_GREEN}${CC_NAME}${C_RESET}" diff --git a/test-network/scripts/setAnchorPeer.sh b/test-network/scripts/setAnchorPeer.sh index 80a4b207..743203eb 100755 --- a/test-network/scripts/setAnchorPeer.sh +++ b/test-network/scripts/setAnchorPeer.sh @@ -51,6 +51,7 @@ updateAnchorPeer() { ORG=$1 CHANNEL_NAME=$2 + setGlobalsCLI $ORG createAnchorPeerUpdate