epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-19 08:15:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

separate namespace for each organization (#817)

Browse source 
* seperate namespace for each organization

Signed-off-by: Basil K Y <techiebasil@gmail.com>

* rest server working

Signed-off-by: Basil K Y <techiebasil@gmail.com>

* use single namespace by default, fix k8s buider

Signed-off-by: Basil K Y <techiebasil@gmail.com>

* added ci test for testing k8s n/w on multiple namespaces

Signed-off-by: Basil K Y <techiebasil@gmail.com>

* fix: access rest server via gateway

Signed-off-by: Basil K Y <techiebasil@gmail.com>

Signed-off-by: Basil K Y <techiebasil@gmail.com>
This commit is contained in:
Basil K Y 2022-08-26 22:09:45 +05:30 committed by GitHub
parent 70c5aa7a28
commit d1b3253cc5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 238 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ci/azure-pipelines.yml
View file

@ -147,6 +147,13 @@ jobs:
CHAINCODE_NAME: basic
CHAINCODE_LANGUAGE: java
CHAINCODE_BUILDER: k8s
Multi-Namespace:
ORG0_NS: org0-namespace
ORG1_NS: org1-namespace
ORG2_NS: org2-namespace
CHAINCODE_NAME: basic
CHAINCODE_LANGUAGE: java
CHAINCODE_BUILDER: k8s
steps:
- template: templates/install-k8s-deps.yml

28
test-network-k8s/config/org0/configtx.yaml → test-network-k8s/config/org0/configtx-template.yaml
View file

@ -25,7 +25,7 @@ Organizations:
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ../../build/channel-msp/ordererOrganizations/org0/msp
MSPDir: ./channel-msp/ordererOrganizations/org0/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
@ -42,9 +42,9 @@ Organizations:
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- org0-orderer1:6050
- org0-orderer2:6050
- org0-orderer3:6050
- org0-orderer1.${ORG0_NS}.svc.cluster.local:6050
- org0-orderer2.${ORG0_NS}.svc.cluster.local:6050
- org0-orderer3.${ORG0_NS}.svc.cluster.local:6050
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
@ -54,7 +54,7 @@ Organizations:
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: ../../build/channel-msp/peerOrganizations/org1/msp
MSPDir: ./channel-msp/peerOrganizations/org1/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
@ -78,7 +78,7 @@ Organizations:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org1-peer1
- Host: org1-peer1.${ORG1_NS}.svc.cluster.local
Port: 7051
- &Org2
@ -89,7 +89,7 @@ Organizations:
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: ../../build/channel-msp/peerOrganizations/org2/msp
MSPDir: ./channel-msp/peerOrganizations/org2/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
@ -112,7 +112,7 @@ Organizations:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: org2-peer1
- Host: org2-peer1.${ORG2_NS}.svc.cluster.local
Port: 7051
################################################################################
@ -224,16 +224,16 @@ Orderer: &OrdererDefaults
Consenters:
- Host: org0-orderer1
Port: 6050
ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer1/tls/signcerts/tls-cert.pem
- Host: org0-orderer2
Port: 6050
ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer2/tls/signcerts/tls-cert.pem
- Host: org0-orderer3
Port: 6050
ClientTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
ServerTLSCert: ../../build/channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
ClientTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
ServerTLSCert: ./channel-msp/ordererOrganizations/org0/orderers/org0-orderer3/tls/signcerts/tls-cert.pem
# Options to be specified for all the etcd/raft nodes. The values here

2
test-network-k8s/kube/fabric-builder-rolebinding.yaml
View file

@ -13,6 +13,6 @@ roleRef:
kind: Role
name: fabric-builder-role
subjects:
- namespace: ${NS}
- namespace: ${ORG1_NS}
kind: ServiceAccount
name: default

6
test-network-k8s/kube/fabric-rest-sample.yaml
View file

@ -11,7 +11,7 @@ metadata:
data:
HLF_CONNECTION_PROFILE_ORG1: |
{
"name": "${NS}-org1",
"name": "Org1",
"version": "1.0.0",
"client": {
"organization": "Org1",
@ -87,7 +87,7 @@ data:
-----END PRIVATE KEY-----
HLF_CONNECTION_PROFILE_ORG2: |
{
"name": "${NS}-org2",
"name": "Org2",
"version": "1.0.0",
"client": {
"organization": "Org2",
@ -112,7 +112,7 @@ data:
},
"peers": {
"org2-peers": {
"url": "grpcs://org2-peer-gateway-svc:7051",
"url": "org2-peer-gateway-svc:7051",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\\nMIICKDCCAc6gAwIBAgIUJJ4wGOSCfw8XOOIx29o67wBpFB4wCgYIKoZIzj0EAwIw\\naDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQK\\nEwtIeXBlcmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMt\\nY2Etc2VydmVyMB4XDTIxMDkyMDExNDEwMFoXDTM2MDkxNjExNDEwMFowaDELMAkG\\nA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRQwEgYDVQQKEwtIeXBl\\ncmxlZGdlcjEPMA0GA1UECxMGRmFicmljMRkwFwYDVQQDExBmYWJyaWMtY2Etc2Vy\\ndmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyzGJLZX6pe59QAIBacjfzU4I\\nHezBYLyEu4ySpFx4xwxNLE4BWqLhB1VaOuenSQATM8pmSAy7i1830oM9elKWK6NW\\nMFQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE\\nFEoAAhmjq/3M8CFPc7N8SL53erL5MA8GA1UdEQQIMAaHBH8AAAEwCgYIKoZIzj0E\\nAwIDSAAwRQIhAJQ5PJOT4Gg8oiBU2KthMPkZqOLeu3Li4S3yBpLFgbsgAiB960P2\\nXPMu3HLoNXrktYOL9JzWlGyYRSPAnkap5Bsj0w==\\n-----END CERTIFICATE-----\\n"
},

2
test-network-k8s/kube/org0/org0-ca.yaml
View file

@ -16,7 +16,7 @@ spec:
dnsNames:
- localhost
- org0-ca
- org0-ca.${NS}.svc.cluster.local
- org0-ca.${ORG0_NS}.svc.cluster.local
- org0-ca.${DOMAIN}
ipAddresses:
- 127.0.0.1

32
test-network-k8s/kube/org0/org0-job-scrub-fabric-volumes.yaml Normal file
View file

@ -0,0 +1,32 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
name: job-scrub-fabric-volumes
spec:
backoffLimit: 0
completions: 1
template:
metadata:
name: job-scrub-fabric-volumes
spec:
restartPolicy: "Never"
containers:
- name: main
image: busybox:latest
command:
- sh
- -c
- "rm -rvf /mnt/fabric-*/*"
volumeMounts:
- name: fabric-org0-volume
mountPath: /mnt/fabric-org0
volumes:
- name: fabric-org0-volume
persistentVolumeClaim:
claimName: fabric-org0

4
test-network-k8s/kube/org0/org0-orderer1.yaml
View file

@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org0-orderer1-tls-cert
namespace: ${NS}
namespace: ${ORG0_NS}
spec:
isCA: false
privateKey:
@ -18,7 +18,7 @@ spec:
dnsNames:
- localhost
- org0-orderer1
- org0-orderer1.${NS}.svc.cluster.local
- org0-orderer1.${ORG0_NS}.svc.cluster.local
- org0-orderer1.${DOMAIN}
- org0-orderer1-admin.${DOMAIN}
ipAddresses:

4
test-network-k8s/kube/org0/org0-orderer2.yaml
View file

@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org0-orderer2-tls-cert
namespace: ${NS}
namespace: ${ORG0_NS}
spec:
isCA: false
privateKey:
@ -18,7 +18,7 @@ spec:
dnsNames:
- localhost
- org0-orderer2
- org0-orderer2.${NS}.svc.cluster.local
- org0-orderer2.${ORG0_NS}.svc.cluster.local
- org0-orderer2.${DOMAIN}
- org0-orderer2-admin.${DOMAIN}
ipAddresses:

4
test-network-k8s/kube/org0/org0-orderer3.yaml
View file

@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org0-orderer3-tls-cert
namespace: ${NS}
namespace: ${ORG0_NS}
spec:
isCA: false
privateKey:
@ -18,7 +18,7 @@ spec:
dnsNames:
- localhost
- org0-orderer3
- org0-orderer3.${NS}.svc.cluster.local
- org0-orderer3.${ORG0_NS}.svc.cluster.local
- org0-orderer3.${DOMAIN}
- org0-orderer3-admin.${DOMAIN}
ipAddresses:

2
test-network-k8s/kube/org1/org1-ca.yaml
View file

@ -16,7 +16,7 @@ spec:
dnsNames:
- localhost
- org1-ca
- org1-ca.${NS}.svc.cluster.local
- org1-ca.${ORG1_NS}.svc.cluster.local
- org1-ca.${DOMAIN}
ipAddresses:
- 127.0.0.1

32
test-network-k8s/kube/org1/org1-job-scrub-fabric-volumes.yaml Normal file
View file

@ -0,0 +1,32 @@
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
apiVersion: batch/v1
kind: Job
metadata:
name: job-scrub-fabric-volumes
spec:
backoffLimit: 0
completions: 1
template:
metadata:
name: job-scrub-fabric-volumes
spec:
restartPolicy: "Never"
containers:
- name: main
image: busybox:latest
command:
- sh
- -c
- "rm -rvf /mnt/fabric-*/*"
volumeMounts:
- name: fabric-org1-volume
mountPath: /mnt/fabric-org1
volumes:
- name: fabric-org1-volume
persistentVolumeClaim:
claimName: fabric-org1

6
test-network-k8s/kube/org1/org1-peer1.yaml
View file

@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org1-peer1-tls-cert
namespace: ${NS}
namespace: ${ORG1_NS}
spec:
isCA: false
privateKey:
@ -17,7 +17,7 @@ spec:
dnsNames:
- localhost
- org1-peer1
- org1-peer1.${NS}.svc.cluster.local
- org1-peer1.${ORG1_NS}.svc.cluster.local
- org1-peer1.${DOMAIN}
- org1-peer-gateway-svc
- org1-peer-gateway-svc.${DOMAIN}
@ -46,7 +46,7 @@ data:
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer1.${ORG1_NS}.svc.cluster.local:7051
CORE_PEER_LOCALMSPID: Org1MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org1.example.com/peers/org1-peer1.org1.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

6
test-network-k8s/kube/org1/org1-peer2.yaml
View file

@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org1-peer2-tls-cert
namespace: ${NS}
namespace: ${ORG1_NS}
spec:
isCA: false
privateKey:
@ -18,7 +18,7 @@ spec:
- localhost
- org1-peer2
- org1-peer-gateway-svc
- org1-peer2.${NS}.svc.cluster.local
- org1-peer2.${ORG1_NS}.svc.cluster.local
- org1-peer2.${DOMAIN}
ipAddresses:
- 127.0.0.1
@ -46,7 +46,7 @@ data:
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org1-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org1-peer2.${ORG1_NS}.svc.cluster.local:7051
CORE_PEER_LOCALMSPID: Org1MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org1.example.com/peers/org1-peer2.org1.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

2
test-network-k8s/kube/org2/org2-ca.yaml
View file

@ -16,7 +16,7 @@ spec:
dnsNames:
- localhost
- org2-ca
- org2-ca.${NS}.svc.cluster.local
- org2-ca.${ORG2_NS}.svc.cluster.local
- org2-ca.${DOMAIN}
ipAddresses:
- 127.0.0.1

10
test-network-k8s/kube/job-scrub-fabric-volumes.yaml → test-network-k8s/kube/org2/org2-job-scrub-fabric-volumes.yaml
View file

@ -24,19 +24,9 @@ spec:
- -c
- "rm -rvf /mnt/fabric-*/*"
volumeMounts:
- name: fabric-org0-volume
mountPath: /mnt/fabric-org0
- name: fabric-org1-volume
mountPath: /mnt/fabric-org1
- name: fabric-org2-volume
mountPath: /mnt/fabric-org2
volumes:
- name: fabric-org0-volume
persistentVolumeClaim:
claimName: fabric-org0
- name: fabric-org1-volume
persistentVolumeClaim:
claimName: fabric-org1
- name: fabric-org2-volume
persistentVolumeClaim:
claimName: fabric-org2

6
test-network-k8s/kube/org2/org2-peer1.yaml
View file

@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org2-peer1-tls-cert
namespace: ${NS}
namespace: ${ORG2_NS}
spec:
isCA: false
privateKey:
@ -17,7 +17,7 @@ spec:
dnsNames:
- localhost
- org2-peer1
- org2-peer1.${NS}.svc.cluster.local
- org2-peer1.${ORG2_NS}.svc.cluster.local
- org2-peer1.${DOMAIN}
- org2-peer-gateway-svc
- org2-peer-gateway-svc.${DOMAIN}
@ -46,7 +46,7 @@ data:
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org2-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer1.${ORG2_NS}.svc.cluster.local:7051
CORE_PEER_LOCALMSPID: Org2MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org2.example.com/peers/org2-peer1.org2.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

6
test-network-k8s/kube/org2/org2-peer2.yaml
View file

@ -8,7 +8,7 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: org2-peer2-tls-cert
namespace: ${NS}
namespace: ${ORG2_NS}
spec:
isCA: false
privateKey:
@ -18,7 +18,7 @@ spec:
- localhost
- org2-peer2
- org2-peer-gateway-svc
- org2-peer2.${NS}.svc.cluster.local
- org2-peer2.${ORG2_NS}.svc.cluster.local
- org2-peer2.${DOMAIN}
ipAddresses:
- 127.0.0.1
@ -45,7 +45,7 @@ data:
CORE_PEER_CHAINCODELISTENADDRESS: 0.0.0.0:7052
# bootstrap peer is the other peer in the same org
CORE_PEER_GOSSIP_BOOTSTRAP: org2-peer1:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer2:7051
CORE_PEER_GOSSIP_EXTERNALENDPOINT: org2-peer2.${ORG2_NS}.svc.cluster.local:7051
CORE_PEER_LOCALMSPID: Org2MSP
CORE_PEER_MSPCONFIGPATH: /var/hyperledger/fabric/organizations/peerOrganizations/org2.example.com/peers/org2-peer2.org2.example.com/msp
CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443

3
test-network-k8s/network
View file

@ -41,6 +41,9 @@ context NETWORK_NAME test-network
context CLUSTER_NAME kind
context KUBE_NAMESPACE ${NETWORK_NAME}
context NS ${KUBE_NAMESPACE}
context ORG0_NS ${NS}
context ORG1_NS ${NS}
context ORG2_NS ${NS}
context DOMAIN localho.st
context CHANNEL_NAME mychannel
context ORDERER_TIMEOUT 10s # see https://github.com/hyperledger/fabric/issues/3372

6
test-network-k8s/scripts/ccp-template.json
View file

@ -24,13 +24,13 @@
},
"peers": {
"org${ORG}-peers": {
"url": "grpcs://org${ORG}-peer-gateway-svc:7051",
"url": "grpcs://org${ORG}-peer1.${NS}.svc.cluster.local:7051",
"tlsCACerts": {
"pem": "${PEERPEM}"
},
"grpcOptions": {
"ssl-target-name-override": "org${ORG}-peer-gateway-svc",
"hostnameOverride": "org${ORG}-peer-gateway-svc"
"ssl-target-name-override": "org${ORG}-peer1.${NS}.svc.cluster.local",
"hostnameOverride": "org${ORG}-peer1.${NS}.svc.cluster.local"
}
}
},

4
test-network-k8s/scripts/chaincode.sh
View file

@ -299,9 +299,9 @@ function launch_chaincode_service() {
| sed 's,{{CHAINCODE_ID}},'${cc_id}',g' \
| sed 's,{{CHAINCODE_IMAGE}},'${cc_image}',g' \
| sed 's,{{PEER_NAME}},'${peer}',g' \
| exec kubectl -n $NS apply -f -
| exec kubectl -n $ORG1_NS apply -f -
kubectl -n $NS rollout status deploy/${org}${peer}-ccaas-${cc_name}
kubectl -n $ORG1_NS rollout status deploy/${org}${peer}-ccaas-${cc_name}
pop_fn
}

16
test-network-k8s/scripts/channel.sh
View file

@ -146,9 +146,9 @@ EOF
function create_channel_MSP() {
push_fn "Creating channel MSP"
create_channel_org_MSP org0 orderer
create_channel_org_MSP org1 peer
create_channel_org_MSP org2 peer
create_channel_org_MSP org0 orderer $ORG0_NS
create_channel_org_MSP org1 peer $ORG1_NS
create_channel_org_MSP org2 peer $ORG2_NS
extract_orderer_tls_cert org0 orderer1
extract_orderer_tls_cert org0 orderer2
@ -160,6 +160,7 @@ function create_channel_MSP() {
function create_channel_org_MSP() {
local org=$1
local type=$2
local ns=$3
local ca_name=${org}-ca
ORG_MSP_DIR=${TEMP_DIR}/channel-msp/${type}Organizations/${org}/msp
@ -175,7 +176,7 @@ function create_channel_org_MSP() {
> ${ORG_MSP_DIR}/cacerts/ca-signcert.pem
# extract the CA's TLS CA certificate from the cert-manager secret
kubectl -n $NS get secret ${ca_name}-tls-cert -o json \
kubectl -n $ns get secret ${ca_name}-tls-cert -o json \
| jq -r .data.\"ca.crt\" \
| base64 -d \
> ${ORG_MSP_DIR}/tlscacerts/tlsca-signcert.pem
@ -188,13 +189,14 @@ function create_channel_org_MSP() {
function extract_orderer_tls_cert() {
local org=$1
local orderer=$2
local ns=$ORG0_NS
echo "Extracting TLS cert for $org $orderer"
ORDERER_TLS_DIR=${TEMP_DIR}/channel-msp/ordererOrganizations/${org}/orderers/${org}-${orderer}/tls
mkdir -p $ORDERER_TLS_DIR/signcerts
kubectl -n $NS get secret ${org}-${orderer}-tls-cert -o json \
kubectl -n $ns get secret ${org}-${orderer}-tls-cert -o json \
| jq -r .data.\"tls.crt\" \
| base64 -d \
> ${ORDERER_TLS_DIR}/signcerts/tls-cert.pem
@ -202,8 +204,8 @@ function extract_orderer_tls_cert() {
function create_genesis_block() {
push_fn "Creating channel genesis block"
FABRIC_CFG_PATH=${PWD}/config/org0 \
cat ${PWD}/config/org0/configtx-template.yaml | envsubst > ${TEMP_DIR}/configtx.yaml
FABRIC_CFG_PATH=${TEMP_DIR} \
configtxgen \
-profile TwoOrgsApplicationGenesis \
-channelID $CHANNEL_NAME \

41
test-network-k8s/scripts/fabric_CAs.sh
View file

@ -8,13 +8,13 @@
function launch_ECert_CAs() {
push_fn "Launching Fabric CAs"
apply_template kube/org0/org0-ca.yaml
apply_template kube/org1/org1-ca.yaml
apply_template kube/org2/org2-ca.yaml
apply_template kube/org0/org0-ca.yaml $ORG0_NS
apply_template kube/org1/org1-ca.yaml $ORG1_NS
apply_template kube/org2/org2-ca.yaml $ORG2_NS
kubectl -n $NS rollout status deploy/org0-ca
kubectl -n $NS rollout status deploy/org1-ca
kubectl -n $NS rollout status deploy/org2-ca
kubectl -n $ORG0_NS rollout status deploy/org0-ca
kubectl -n $ORG1_NS rollout status deploy/org1-ca
kubectl -n $ORG2_NS rollout status deploy/org2-ca
# todo: this papers over a nasty bug whereby the CAs are ready, but sporadically refuse connections after a down / up
sleep 5
@ -28,23 +28,28 @@ function init_tls_cert_issuers() {
# Create a self-signing certificate issuer / root TLS certificate for the blockchain.
# TODO : Bring-Your-Own-Key - allow the network bootstrap to read an optional ECDSA key pair for the TLS trust root CA.
kubectl -n $NS apply -f kube/root-tls-cert-issuer.yaml
kubectl -n $NS wait --timeout=30s --for=condition=Ready issuer/root-tls-cert-issuer
kubectl -n $ORG0_NS apply -f kube/root-tls-cert-issuer.yaml
kubectl -n $ORG0_NS wait --timeout=30s --for=condition=Ready issuer/root-tls-cert-issuer
kubectl -n $ORG1_NS apply -f kube/root-tls-cert-issuer.yaml
kubectl -n $ORG1_NS wait --timeout=30s --for=condition=Ready issuer/root-tls-cert-issuer
kubectl -n $ORG2_NS apply -f kube/root-tls-cert-issuer.yaml
kubectl -n $ORG2_NS wait --timeout=30s --for=condition=Ready issuer/root-tls-cert-issuer
# Use the self-signing issuer to generate three Issuers, one for each org.
kubectl -n $NS apply -f kube/org0/org0-tls-cert-issuer.yaml
kubectl -n $NS apply -f kube/org1/org1-tls-cert-issuer.yaml
kubectl -n $NS apply -f kube/org2/org2-tls-cert-issuer.yaml
kubectl -n $ORG0_NS apply -f kube/org0/org0-tls-cert-issuer.yaml
kubectl -n $ORG1_NS apply -f kube/org1/org1-tls-cert-issuer.yaml
kubectl -n $ORG2_NS apply -f kube/org2/org2-tls-cert-issuer.yaml
kubectl -n $NS wait --timeout=30s --for=condition=Ready issuer/org0-tls-cert-issuer
kubectl -n $NS wait --timeout=30s --for=condition=Ready issuer/org1-tls-cert-issuer
kubectl -n $NS wait --timeout=30s --for=condition=Ready issuer/org2-tls-cert-issuer
kubectl -n $ORG0_NS wait --timeout=30s --for=condition=Ready issuer/org0-tls-cert-issuer
kubectl -n $ORG1_NS wait --timeout=30s --for=condition=Ready issuer/org1-tls-cert-issuer
kubectl -n $ORG2_NS wait --timeout=30s --for=condition=Ready issuer/org2-tls-cert-issuer
pop_fn
}
function enroll_bootstrap_ECert_CA_user() {
local org=$1
local ns=$2
# Determine the CA information and TLS certificate
CA_NAME=${org}-ca
@ -53,7 +58,7 @@ function enroll_bootstrap_ECert_CA_user() {
# Read the CA's TLS certificate from the cert-manager CA secret
echo "retrieving ${CA_NAME} TLS root cert"
kubectl -n $NS get secret ${CA_NAME}-tls-cert -o json \
kubectl -n $ns get secret ${CA_NAME}-tls-cert -o json \
| jq -r .data.\"ca.crt\" \
| base64 -d \
> ${CA_DIR}/tlsca-cert.pem
@ -68,9 +73,9 @@ function enroll_bootstrap_ECert_CA_user() {
function enroll_bootstrap_ECert_CA_users() {
push_fn "Enrolling bootstrap ECert CA users"
enroll_bootstrap_ECert_CA_user org0
enroll_bootstrap_ECert_CA_user org1
enroll_bootstrap_ECert_CA_user org2
enroll_bootstrap_ECert_CA_user org0 $ORG0_NS
enroll_bootstrap_ECert_CA_user org1 $ORG1_NS
enroll_bootstrap_ECert_CA_user org2 $ORG2_NS
pop_fn
}

48
test-network-k8s/scripts/fabric_config.sh
View file

@ -6,19 +6,21 @@
#
function init_namespace() {
push_fn "Creating namespace \"$NS\""
kubectl create namespace $NS || true
pop_fn
local namespaces=$(echo "$ORG0_NS $ORG1_NS $ORG2_NS" | xargs -n1 | sort -u)
for ns in $namespaces; do
push_fn "Creating namespace \"$ns\""
kubectl create namespace $ns || true
pop_fn
done
}
function delete_namespace() {
push_fn "Deleting namespace \"$NS\""
kubectl delete namespace $NS || true
pop_fn
local namespaces=$(echo "$ORG0_NS $ORG1_NS $ORG2_NS" | xargs -n1 | sort -u)
for ns in $namespaces; do
push_fn "Deleting namespace \"$ns\""
kubectl delete namespace $ns || true
pop_fn
done
}
function init_storage_volumes() {
@ -37,9 +39,9 @@ function init_storage_volumes() {
exit 1
fi
cat kube/pvc-fabric-org0.yaml | envsubst | kubectl -n $NS create -f - || true
cat kube/pvc-fabric-org1.yaml | envsubst | kubectl -n $NS create -f - || true
cat kube/pvc-fabric-org2.yaml | envsubst | kubectl -n $NS create -f - || true
cat kube/pvc-fabric-org0.yaml | envsubst | kubectl -n $ORG0_NS create -f - || true
cat kube/pvc-fabric-org1.yaml | envsubst | kubectl -n $ORG1_NS create -f - || true
cat kube/pvc-fabric-org2.yaml | envsubst | kubectl -n $ORG2_NS create -f - || true
pop_fn
}
@ -47,13 +49,13 @@ function init_storage_volumes() {
function load_org_config() {
push_fn "Creating fabric config maps"
kubectl -n $NS delete configmap org0-config || true
kubectl -n $NS delete configmap org1-config || true
kubectl -n $NS delete configmap org2-config || true
kubectl -n $ORG0_NS delete configmap org0-config || true
kubectl -n $ORG1_NS delete configmap org1-config || true
kubectl -n $ORG2_NS delete configmap org2-config || true
kubectl -n $NS create configmap org0-config --from-file=config/org0
kubectl -n $NS create configmap org1-config --from-file=config/org1
kubectl -n $NS create configmap org2-config --from-file=config/org2
kubectl -n $ORG0_NS create configmap org0-config --from-file=config/org0
kubectl -n $ORG1_NS create configmap org1-config --from-file=config/org1
kubectl -n $ORG2_NS create configmap org2-config --from-file=config/org2
pop_fn
}
@ -61,8 +63,8 @@ function load_org_config() {
function apply_k8s_builder_roles() {
push_fn "Applying k8s chaincode builder roles"
apply_template kube/fabric-builder-role.yaml
apply_template kube/fabric-builder-rolebinding.yaml
apply_template kube/fabric-builder-role.yaml $ORG1_NS
apply_template kube/fabric-builder-rolebinding.yaml $ORG1_NS
pop_fn
}
@ -70,8 +72,8 @@ function apply_k8s_builder_roles() {
function apply_k8s_builders() {
push_fn "Installing k8s chaincode builders"
apply_template kube/org1/org1-install-k8s-builder.yaml
apply_template kube/org2/org2-install-k8s-builder.yaml
apply_template kube/org1/org1-install-k8s-builder.yaml $ORG1_NS
apply_template kube/org2/org2-install-k8s-builder.yaml $ORG1_NS
pop_fn
}

22
test-network-k8s/scripts/rest_sample.sh
View file

@ -15,13 +15,16 @@ function json_ccp {
local ORG=$1
local PP=$(one_line_pem $2)
local CP=$(one_line_pem $3)
local NS=$4
sed -e "s/\${ORG}/$ORG/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
-e "s#\${NS}#$NS#" \
scripts/ccp-template.json
}
function construct_rest_sample_configmap() {
local ns=$ORG1_NS
push_fn "Constructing fabric-rest-sample connection profiles"
ENROLLMENT_DIR=${TEMP_DIR}/enrollments
@ -32,11 +35,11 @@ function construct_rest_sample_configmap() {
local peer_pem=$CHANNEL_MSP_DIR/peerOrganizations/org1/msp/tlscacerts/tlsca-signcert.pem
local ca_pem=$CHANNEL_MSP_DIR/peerOrganizations/org1/msp/cacerts/ca-signcert.pem
echo "$(json_ccp 1 $peer_pem $ca_pem)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG1
echo "$(json_ccp 1 $peer_pem $ca_pem $ORG1_NS)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG1
peer_pem=$CHANNEL_MSP_DIR/peerOrganizations/org2/msp/tlscacerts/tlsca-signcert.pem
ca_pem=$CHANNEL_MSP_DIR/peerOrganizations/org2/msp/cacerts/ca-signcert.pem
echo "$(json_ccp 2 $peer_pem $ca_pem)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG2
echo "$(json_ccp 2 $peer_pem $ca_pem $ORG2_NS)" > build/fabric-rest-sample-config/HLF_CONNECTION_PROFILE_ORG2
cp $ENROLLMENT_DIR/org1/users/org1admin/msp/signcerts/cert.pem $CONFIG_DIR/HLF_CERTIFICATE_ORG1
cp $ENROLLMENT_DIR/org2/users/org2admin/msp/signcerts/cert.pem $CONFIG_DIR/HLF_CERTIFICATE_ORG2
@ -44,28 +47,29 @@ function construct_rest_sample_configmap() {
cp $ENROLLMENT_DIR/org1/users/org1admin/msp/keystore/key.pem $CONFIG_DIR/HLF_PRIVATE_KEY_ORG1
cp $ENROLLMENT_DIR/org2/users/org2admin/msp/keystore/key.pem $CONFIG_DIR/HLF_PRIVATE_KEY_ORG2
kubectl -n $NS delete configmap fabric-rest-sample-config || true
kubectl -n $NS create configmap fabric-rest-sample-config --from-file=$CONFIG_DIR
kubectl -n $ns delete configmap fabric-rest-sample-config || true
kubectl -n $ns create configmap fabric-rest-sample-config --from-file=$CONFIG_DIR
pop_fn
}
function rollout_rest_sample() {
local ns=$ORG1_NS
push_fn "Starting fabric-rest-sample"
kubectl -n $NS apply -f kube/fabric-rest-sample.yaml
kubectl -n $NS rollout status deploy/fabric-rest-sample
kubectl -n $ns apply -f kube/fabric-rest-sample.yaml
kubectl -n $ns rollout status deploy/fabric-rest-sample
pop_fn
}
function launch_rest_sample() {
local ns=$ORG1_NS
construct_rest_sample_configmap
apply_template kube/fabric-rest-sample.yaml
apply_template kube/fabric-rest-sample.yaml $ns
kubectl -n $NS rollout status deploy/fabric-rest-sample
kubectl -n $ns rollout status deploy/fabric-rest-sample
log ""
log "The fabric-rest-sample has started."

94
test-network-k8s/scripts/test_network.sh
View file

@ -8,13 +8,13 @@
function launch_orderers() {
push_fn "Launching orderers"
apply_template kube/org0/org0-orderer1.yaml
apply_template kube/org0/org0-orderer2.yaml
apply_template kube/org0/org0-orderer3.yaml
apply_template kube/org0/org0-orderer1.yaml $ORG0_NS
apply_template kube/org0/org0-orderer2.yaml $ORG0_NS
apply_template kube/org0/org0-orderer3.yaml $ORG0_NS
kubectl -n $NS rollout status deploy/org0-orderer1
kubectl -n $NS rollout status deploy/org0-orderer2
kubectl -n $NS rollout status deploy/org0-orderer3
kubectl -n $ORG0_NS rollout status deploy/org0-orderer1
kubectl -n $ORG0_NS rollout status deploy/org0-orderer2
kubectl -n $ORG0_NS rollout status deploy/org0-orderer3
pop_fn
}
@ -22,15 +22,15 @@ function launch_orderers() {
function launch_peers() {
push_fn "Launching peers"
apply_template kube/org1/org1-peer1.yaml
apply_template kube/org1/org1-peer2.yaml
apply_template kube/org2/org2-peer1.yaml
apply_template kube/org2/org2-peer2.yaml
apply_template kube/org1/org1-peer1.yaml $ORG1_NS
apply_template kube/org1/org1-peer2.yaml $ORG1_NS
apply_template kube/org2/org2-peer1.yaml $ORG2_NS
apply_template kube/org2/org2-peer2.yaml $ORG2_NS
kubectl -n $NS rollout status deploy/org1-peer1
kubectl -n $NS rollout status deploy/org1-peer2
kubectl -n $NS rollout status deploy/org2-peer1
kubectl -n $NS rollout status deploy/org2-peer2
kubectl -n $ORG1_NS rollout status deploy/org1-peer1
kubectl -n $ORG1_NS rollout status deploy/org1-peer2
kubectl -n $ORG2_NS rollout status deploy/org2-peer1
kubectl -n $ORG2_NS rollout status deploy/org2-peer2
pop_fn
}
@ -41,6 +41,7 @@ function create_node_local_MSP() {
local org=$2
local node=$3
local csr_hosts=$4
local ns=$5
local id_name=${org}-${node}
local id_secret=${node_type}pw
local ca_name=${org}-ca
@ -62,7 +63,7 @@ function create_node_local_MSP() {
# Enroll the node admin user from within k8s. This will leave the certificates available on a volume share in the
# cluster for access by the nodes when launching in a container.
cat <<EOF | kubectl -n $NS exec deploy/${ca_name} -i -- /bin/sh
cat <<EOF | kubectl -n ${ns} exec deploy/${ca_name} -i -- /bin/sh
set -x
export FABRIC_CA_CLIENT_HOME=/var/hyperledger/fabric-ca-client
@ -96,15 +97,16 @@ function create_orderer_local_MSP() {
local orderer=$2
local csr_hosts=${org}-${orderer}
create_node_local_MSP orderer $org $orderer $csr_hosts
create_node_local_MSP orderer $org $orderer $csr_hosts $ORG0_NS
}
function create_peer_local_MSP() {
local org=$1
local peer=$2
local ns=$3
local csr_hosts=localhost,${org}-${peer},${org}-peer-gateway-svc
create_node_local_MSP peer $org $peer $csr_hosts
create_node_local_MSP peer $org $peer $csr_hosts ${ns}
}
function create_local_MSP() {
@ -114,11 +116,11 @@ function create_local_MSP() {
create_orderer_local_MSP org0 orderer2
create_orderer_local_MSP org0 orderer3
create_peer_local_MSP org1 peer1
create_peer_local_MSP org1 peer2
create_peer_local_MSP org1 peer1 $ORG1_NS
create_peer_local_MSP org1 peer2 $ORG1_NS
create_peer_local_MSP org2 peer1
create_peer_local_MSP org2 peer2
create_peer_local_MSP org2 peer1 $ORG2_NS
create_peer_local_MSP org2 peer2 $ORG2_NS
pop_fn
}
@ -152,43 +154,45 @@ function network_up() {
function stop_services() {
push_fn "Stopping Fabric services"
kubectl -n $NS delete ingress --all
kubectl -n $NS delete deployment --all
kubectl -n $NS delete pod --all
kubectl -n $NS delete service --all
kubectl -n $NS delete configmap --all
kubectl -n $NS delete cert --all
kubectl -n $NS delete issuer --all
kubectl -n $NS delete secret --all
for ns in $ORG0_NS $ORG1_NS $ORG2_NS; do
kubectl -n $ns delete ingress --all
kubectl -n $ns delete deployment --all
kubectl -n $ns delete pod --all
kubectl -n $ns delete service --all
kubectl -n $ns delete configmap --all
kubectl -n $ns delete cert --all
kubectl -n $ns delete issuer --all
kubectl -n $ns delete secret --all
done
pop_fn
}
function scrub_org_volumes() {
push_fn "Scrubbing Fabric volumes"
# clean job to make this function can be rerun
kubectl -n $NS delete jobs --all
# scrub all pv contents
kubectl -n $NS create -f kube/job-scrub-fabric-volumes.yaml
kubectl -n $NS wait --for=condition=complete --timeout=60s job/job-scrub-fabric-volumes
kubectl -n $NS delete jobs --all
for org in org0 org1 org2; do
# clean job to make this function can be rerun
local namespace_variable=${org^^}_NS
kubectl -n ${!namespace_variable} delete jobs --all
# scrub all pv contents
kubectl -n ${!namespace_variable} create -f kube/${org}/${org}-job-scrub-fabric-volumes.yaml
kubectl -n ${!namespace_variable} wait --for=condition=complete --timeout=60s job/job-scrub-fabric-volumes
kubectl -n ${!namespace_variable} delete jobs --all
done
pop_fn
}
function network_down() {
set +e
kubectl get namespace $NS > /dev/null
if [[ $? -ne 0 ]]; then
echo "No namespace $NS found - nothing to do."
return
fi
for ns in $ORG0_NS $ORG1_NS $ORG2_NS; do
kubectl get namespace $ns > /dev/null
if [[ $? -ne 0 ]]; then
echo "No namespace $ns found - nothing to do."
return
fi
done
set -e
stop_services

2
test-network-k8s/scripts/utils.sh
View file

@ -84,7 +84,7 @@ function apply_template() {
echo "Applying template $1:"
cat $1 | envsubst
cat $1 | envsubst | kubectl -n $NS apply -f -
cat $1 | envsubst | kubectl -n $2 apply -f -
}
# Set the calling context to refer the peer binary to the correct org / peer instance