From eb16caf3d5adf05f58bd9a63cb91707f4e97b81a Mon Sep 17 00:00:00 2001 From: arkadipiven Date: Wed, 31 May 2023 20:06:52 +0300 Subject: [PATCH] Fix test-network to work with BFT consensus. Added a new option for creating channel: Running ./network.sh createChannel -bft will initiate a channel running BFT orderers. Using ./network.sh up -bft will initiate dockers for bft environment. Added option for 4 orderers. Add add_new_orderer_to_config.py which is referenced in the fabric official docs. Signed-off-by: Arkadi Piven Signed-off-by: arkadipiven --- test-network/README.md | 20 + test-network/bft-config/configtx.yaml | 312 ++++++++++++ .../compose/compose-bft-test-net.yaml | 287 +++++++++++ test-network/compose/compose-test-net.yaml | 16 +- .../docker/docker-compose-bft-test-net.yaml | 38 ++ test-network/configtx/configtx.yaml | 447 ++++++++---------- test-network/network.sh | 23 +- .../cryptogen/crypto-config-orderer.yaml | 11 + .../scripts/add_new_orderer_to_config.py | 98 ++++ test-network/scripts/createChannel.sh | 39 +- test-network/scripts/envVar.sh | 3 - test-network/scripts/orderer.sh | 10 + test-network/scripts/orderer2.sh | 10 + test-network/scripts/orderer3.sh | 10 + test-network/scripts/orderer4.sh | 10 + 15 files changed, 1070 insertions(+), 264 deletions(-) create mode 100644 test-network/bft-config/configtx.yaml create mode 100644 test-network/compose/compose-bft-test-net.yaml create mode 100644 test-network/compose/docker/docker-compose-bft-test-net.yaml create mode 100644 test-network/scripts/add_new_orderer_to_config.py create mode 100644 test-network/scripts/orderer.sh create mode 100755 test-network/scripts/orderer2.sh create mode 100644 test-network/scripts/orderer3.sh create mode 100644 test-network/scripts/orderer4.sh diff --git a/test-network/README.md b/test-network/README.md index 91b06438..b43d27a1 100644 --- a/test-network/README.md +++ b/test-network/README.md @@ -2,6 +2,26 @@ You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample. +If you are planning to run the test network with consesnsus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. +That is to create a network use: +```bash +./network.sh up -bft +``` + +To create a channel use: + +```bash +./network.sh createChannel -bft +``` + +To restart a running network use: + +```bash +./network.sh restart -bft +``` + +Note that running the createChannel command will start the network, if it is not already running. + Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. ## Using the Peer commands diff --git a/test-network/bft-config/configtx.yaml b/test-network/bft-config/configtx.yaml new file mode 100644 index 00000000..9e68982d --- /dev/null +++ b/test-network/bft-config/configtx.yaml @@ -0,0 +1,312 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Section: Organizations +# +# - This section defines the different organizational identities which will +# be referenced later in the configuration. +# +################################################################################ +Organizations: + - &OrdererOrg + # SampleOrg defines an MSP using the sampleconfig. It should never be used + # in production but may be used as a template for other definitions + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: OrdererOrg + # ID to load the MSP definition as + ID: OrdererMSP + # MSPDir is the filesystem path which contains the MSP configuration + MSPDir: ../organizations/ordererOrganizations/example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + OrdererEndpoints: + - orderer.example.com:7050 + - orderer.example.com:7052 + - orderer.example.com:7056 + - orderer.example.com:7058 + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + # ID to load the MSP definition as + ID: Org1MSP + MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org1MSP.peer')" + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + # ID to load the MSP definition as + ID: Org2MSP + MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org2MSP.peer')" +################################################################################ +# +# SECTION: Capabilities +# +# - This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V3.0 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v3.0.0 + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V3.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v3.0.0 or later. + V3_0: true + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V2_0 orderer capability ensures that orderers behave according + # to v2.0 orderer capabilities. Orderers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 orderer capability. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on channel are at v2.0.0 or later. + V2_0: true + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V2.5 for Application enables the new non-backwards compatible + # features of fabric v2.5, namely the ability to purge private data. + # Prior to enabling V2.5 application capabilities, ensure that all + # peers on a channel are at v2.5.0 or later. + V2_5: true +################################################################################ +# +# SECTION: Application +# +# - This section defines the values to encode into a config transaction or +# genesis block for application related parameters +# +################################################################################ +Application: &ApplicationDefaults + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Capabilities: + <<: *ApplicationCapabilities +################################################################################ +# +# SECTION: Orderer +# +# - This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters +# +################################################################################ +Orderer: &OrdererDefaults + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + # Batch Size: Controls the number of messages batched into a block + BatchSize: + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities +################################################################################ +# +# Profile +# +# - Different configuration profiles may be encoded here to be specified +# as parameters to the configtxgen tool +# +################################################################################ +Profiles: + ChannelUsingBFT: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - *OrdererOrg + Capabilities: *OrdererCapabilities + OrdererType: BFT + SmartBFT: + RequestBatchMaxCount: 100 + RequestBatchMaxInterval: 50ms + RequestForwardTimeout: 2s + RequestComplainTimeout: 20s + RequestAutoRemoveTimeout: 3m0s + ViewChangeResendInterval: 5s + ViewChangeTimeout: 20s + LeaderHeartbeatTimeout: 1m0s + CollectTimeout: 1s + RequestBatchMaxBytes: 10485760 + IncomingMessageBufferSize: 200 + RequestPoolSize: 100000 + LeaderHeartbeatCount: 10 + ConsenterMapping: + - ID: 1 + Host: orderer.example.com + Port: 7050 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + - ID: 2 + Host: orderer2.example.com + Port: 7052 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/orderer2.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + - ID: 3 + Host: orderer3.example.com + Port: 7056 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/signcerts/orderer3.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + - ID: 4 + Host: orderer4.example.com + Port: 7058 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/signcerts/orderer4.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + - *Org2 + Capabilities: *ApplicationCapabilities \ No newline at end of file diff --git a/test-network/compose/compose-bft-test-net.yaml b/test-network/compose/compose-bft-test-net.yaml new file mode 100644 index 00000000..cdab05e3 --- /dev/null +++ b/test-network/compose/compose-bft-test-net.yaml @@ -0,0 +1,287 @@ +version: '3.7' + +volumes: + orderer.example.com: + orderer2.example.com: + orderer3.example.com: + orderer4.example.com: + peer0.org1.example.com: + peer0.org2.example.com: + +networks: + test: + name: fabric_test + +services: + + orderer.example.com: + container_name: orderer.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7050 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls + - orderer.example.com:/var/hyperledger/production/orderer + ports: + - 7050:7050 + - 7053:7053 + - 9443:9443 + networks: + - test + + orderer2.example.com: + container_name: orderer2.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7052 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7055 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer2.example.com:9446 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls + - orderer2.example.com:/var/hyperledger/production/orderer + ports: + - 7052:7052 + - 7055:7055 + - 9446:9446 + networks: + - test + + orderer3.example.com: + container_name: orderer3.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7056 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7057 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer3.example.com:9447 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls + - orderer3.example.com:/var/hyperledger/production/orderer + ports: + - 7056:7056 + - 7057:7057 + - 9447:9447 + networks: + - test + + orderer4.example.com: + container_name: orderer4.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7058 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7059 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer4.example.com:9448 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls + - orderer4.example.com:/var/hyperledger/production/orderer + ports: + - 7058:7058 + - 7059:7059 + - 9448:9448 + networks: + - test + + + + + peer0.org1.example.com: + container_name: peer0.org1.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.org1.example.com + - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric + - peer0.org1.example.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 7051:7051 + - 9444:9444 + networks: + - test + + peer0.org2.example.com: + container_name: peer0.org2.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.org2.example.com + - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 + - CORE_PEER_LOCALMSPID=Org2MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric + - peer0.org2.example.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 9051:9051 + - 9445:9445 + networks: + - test + + cli: + container_name: cli + image: hyperledger/fabric-tools:latest + labels: + service: hyperledger-fabric + tty: true + stdin_open: true + environment: + - GOPATH=/opt/gopath + - FABRIC_LOGGING_SPEC=INFO + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + #- FABRIC_LOGGING_SPEC=DEBUG + working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer + command: /bin/bash + volumes: + - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations + - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + depends_on: + - peer0.org1.example.com + - peer0.org2.example.com + networks: + - test \ No newline at end of file diff --git a/test-network/compose/compose-test-net.yaml b/test-network/compose/compose-test-net.yaml index 6e0aef26..ba3a968c 100644 --- a/test-network/compose/compose-test-net.yaml +++ b/test-network/compose/compose-test-net.yaml @@ -87,8 +87,8 @@ services: - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - - peer0.org1.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric + - peer0.org1.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -120,14 +120,14 @@ services: - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 - CORE_PEER_LOCALMSPID=Org2MSP - - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 - CORE_METRICS_PROVIDER=prometheus - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - - peer0.org2.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric + - peer0.org2.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -151,10 +151,10 @@ services: working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes: - - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations - - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations + - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ depends_on: - peer0.org1.example.com - peer0.org2.example.com networks: - - test + - test \ No newline at end of file diff --git a/test-network/compose/docker/docker-compose-bft-test-net.yaml b/test-network/compose/docker/docker-compose-bft-test-net.yaml new file mode 100644 index 00000000..68f6dc56 --- /dev/null +++ b/test-network/compose/docker/docker-compose-bft-test-net.yaml @@ -0,0 +1,38 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' +services: + peer0.org1.example.com: + container_name: peer0.org1.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.org2.example.com: + container_name: peer0.org2.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + cli: + container_name: cli + image: hyperledger/fabric-tools:latest + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg diff --git a/test-network/configtx/configtx.yaml b/test-network/configtx/configtx.yaml index 01fb15fb..6f783e2a 100644 --- a/test-network/configtx/configtx.yaml +++ b/test-network/configtx/configtx.yaml @@ -13,91 +13,77 @@ # ################################################################################ Organizations: - + - &OrdererOrg # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions - - &OrdererOrg - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: OrdererOrg - - # ID to load the MSP definition as - ID: OrdererMSP - - # MSPDir is the filesystem path which contains the MSP configuration - MSPDir: ../organizations/ordererOrganizations/example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('OrdererMSP.member')" - Writers: - Type: Signature - Rule: "OR('OrdererMSP.member')" - Admins: - Type: Signature - Rule: "OR('OrdererMSP.admin')" - - OrdererEndpoints: - - orderer.example.com:7050 - - - &Org1 - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: Org1MSP - - # ID to load the MSP definition as - ID: Org1MSP - - MSPDir: ../organizations/peerOrganizations/org1.example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" - Writers: - Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" - Admins: - Type: Signature - Rule: "OR('Org1MSP.admin')" - Endorsement: - Type: Signature - Rule: "OR('Org1MSP.peer')" - - - &Org2 - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: Org2MSP - - # ID to load the MSP definition as - ID: Org2MSP - - MSPDir: ../organizations/peerOrganizations/org2.example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" - Writers: - Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" - Admins: - Type: Signature - Rule: "OR('Org2MSP.admin')" - Endorsement: - Type: Signature - Rule: "OR('Org2MSP.peer')" - + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: OrdererOrg + # ID to load the MSP definition as + ID: OrdererMSP + # MSPDir is the filesystem path which contains the MSP configuration + MSPDir: ../organizations/ordererOrganizations/example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + OrdererEndpoints: + - orderer.example.com:7050 + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + # ID to load the MSP definition as + ID: Org1MSP + MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org1MSP.peer')" + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + # ID to load the MSP definition as + ID: Org2MSP + MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org2MSP.peer')" ################################################################################ # # SECTION: Capabilities @@ -118,41 +104,37 @@ Organizations: # ################################################################################ Capabilities: - # Channel capabilities apply to both the orderers and the peers and must be - # supported by both. - # Set the value of the capability to true to require it. - Channel: &ChannelCapabilities - # V2_0 capability ensures that orderers and peers behave according - # to v2.0 channel capabilities. Orderers and peers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 capability. - # Prior to enabling V2.0 channel capabilities, ensure that all - # orderers and peers on a channel are at v2.0.0 or later. - V2_0: true - - - # Orderer capabilities apply only to the orderers, and may be safely - # used with prior release peers. - # Set the value of the capability to true to require it. - Orderer: &OrdererCapabilities - # V2_0 orderer capability ensures that orderers behave according - # to v2.0 orderer capabilities. Orderers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 orderer capability. - # Prior to enabling V2.0 orderer capabilities, ensure that all - # orderers on channel are at v2.0.0 or later. - V2_0: true - - # Application capabilities apply only to the peer network, and may be safely - # used with prior release orderers. - # Set the value of the capability to true to require it. - Application: &ApplicationCapabilities - # V2.5 for Application enables the new non-backwards compatible - # features of fabric v2.5, namely the ability to purge private data. - # Prior to enabling V2.5 application capabilities, ensure that all - # peers on a channel are at v2.5.0 or later. - V2_5: true - + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V2_0 capability ensures that orderers and peers behave according + # to v2.0 channel capabilities. Orderers and peers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 capability. + # Prior to enabling V2.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v2.0.0 or later. + V2_0: true + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V2_0 orderer capability ensures that orderers behave according + # to v2.0 orderer capabilities. Orderers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 orderer capability. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on channel are at v2.0.0 or later. + V2_0: true + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V2.5 for Application enables the new non-backwards compatible + # features of fabric v2.5, namely the ability to purge private data. + # Prior to enabling V2.5 application capabilities, ensure that all + # peers on a channel are at v2.5.0 or later. + V2_5: true ################################################################################ # # SECTION: Application @@ -162,33 +144,30 @@ Capabilities: # ################################################################################ Application: &ApplicationDefaults - - # Organizations is the list of orgs which are defined as participants on - # the application side of the network - Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Application policies, their canonical path is - # /Channel/Application/ - Policies: - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - Endorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - - Capabilities: - <<: *ApplicationCapabilities + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Capabilities: + <<: *ApplicationCapabilities ################################################################################ # # SECTION: Orderer @@ -198,65 +177,47 @@ Application: &ApplicationDefaults # ################################################################################ Orderer: &OrdererDefaults - - # Orderer Type: The orderer implementation to start - OrdererType: etcdraft - # Addresses used to be the list of orderer addresses that clients and peers - # could connect to. However, this does not allow clients to associate orderer - # addresses and orderer organizations which can be useful for things such - # as TLS validation. The preferred way to specify orderer addresses is now - # to include the OrdererEndpoints item in your org definition - Addresses: - - orderer.example.com:7050 - - EtcdRaft: - Consenters: - - Host: orderer.example.com - Port: 7050 - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - - # Batch Timeout: The amount of time to wait before creating a batch - BatchTimeout: 2s - - # Batch Size: Controls the number of messages batched into a block - BatchSize: - - # Max Message Count: The maximum number of messages to permit in a batch - MaxMessageCount: 10 - - # Absolute Max Bytes: The absolute maximum number of bytes allowed for - # the serialized messages in a batch. - AbsoluteMaxBytes: 99 MB - - # Preferred Max Bytes: The preferred maximum number of bytes allowed for - # the serialized messages in a batch. A message larger than the preferred - # max bytes will result in a batch larger than preferred max bytes. - PreferredMaxBytes: 512 KB - - # Organizations is the list of orgs which are defined as participants on - # the orderer side of the network - Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Orderer policies, their canonical path is - # /Channel/Orderer/ - Policies: - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - # BlockValidation specifies what signatures must be included in the block - # from the orderer for the peer to validate it. - BlockValidation: - Type: ImplicitMeta - Rule: "ANY Writers" - + # Addresses used to be the list of orderer addresses that clients and peers + # could connect to. However, this does not allow clients to associate orderer + # addresses and orderer organizations which can be useful for things such + # as TLS validation. The preferred way to specify orderer addresses is now + # to include the OrdererEndpoints item in your org definition + Addresses: + - orderer.example.com:7050 + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + # Batch Size: Controls the number of messages batched into a block + BatchSize: + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" ################################################################################ # # CHANNEL @@ -266,29 +227,27 @@ Orderer: &OrdererDefaults # ################################################################################ Channel: &ChannelDefaults - # Policies defines the set of policies at this level of the config tree - # For Channel policies, their canonical path is - # /Channel/ - Policies: - # Who may invoke the 'Deliver' API - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - # Who may invoke the 'Broadcast' API - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - # By default, who may modify elements at this config level - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - - # Capabilities describes the channel level capabilities, see the - # dedicated Capabilities section elsewhere in this file for a full - # description - Capabilities: - <<: *ChannelCapabilities - + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities ################################################################################ # # Profile @@ -298,17 +257,23 @@ Channel: &ChannelDefaults # ################################################################################ Profiles: - - TwoOrgsApplicationGenesis: - <<: *ChannelDefaults - Orderer: - <<: *OrdererDefaults - Organizations: - - *OrdererOrg - Capabilities: *OrdererCapabilities - Application: - <<: *ApplicationDefaults - Organizations: - - *Org1 - - *Org2 - Capabilities: *ApplicationCapabilities + ChannelUsingRaft: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + EtcdRaft: + Consenters: + - Host: orderer.example.com + Port: 7050 + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + Organizations: + - *OrdererOrg + Capabilities: *OrdererCapabilities + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + - *Org2 + Capabilities: *ApplicationCapabilities diff --git a/test-network/network.sh b/test-network/network.sh index f7167742..9af30264 100755 --- a/test-network/network.sh +++ b/test-network/network.sh @@ -244,6 +244,7 @@ function createOrgs() { # Bring up the peer and orderer nodes using docker compose. function networkUp() { + checkPrereqs # generate artifacts if they don't exist @@ -271,6 +272,8 @@ function createChannel() { # Bring up the network if it is not already up. bringUpNetwork="false" + local bft_true=$1 + if ! $CONTAINER_CLI info > /dev/null 2>&1 ; then fatalln "$CONTAINER_CLI network is required to be running to create a channel" fi @@ -293,7 +296,7 @@ function createChannel() { # now run the script that creates a channel. This script uses configtxgen once # to create the channel creation transaction and the anchor peer updates. - scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE + scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE $bft_true } @@ -317,7 +320,8 @@ function deployCCAAS() { # Tear down running network function networkDown() { - + local temp_compose=$COMPOSE_FILE_BASE + COMPOSE_FILE_BASE=compose-bft-test-net.yaml COMPOSE_BASE_FILES="-f compose/${COMPOSE_FILE_BASE} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_BASE}" COMPOSE_COUCH_FILES="-f compose/${COMPOSE_FILE_COUCH} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_COUCH}" COMPOSE_CA_FILES="-f compose/${COMPOSE_FILE_CA} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_CA}" @@ -337,6 +341,7 @@ function networkDown() { fatalln "Container CLI ${CONTAINER_CLI} not supported" fi + COMPOSE_FILE_BASE=$temp_compose # Don't remove the generated artifacts -- note, the ledgers are always removed if [ "$MODE" != "restart" ]; then @@ -405,6 +410,9 @@ DATABASE="leveldb" SOCK="${DOCKER_HOST:-/var/run/docker.sock}" DOCKER_SOCK="${SOCK##unix://}" +# BFT activated flag +BFT=0 + # Parse commandline args ## Parse mode @@ -438,6 +446,10 @@ while [[ $# -ge 1 ]] ; do CHANNEL_NAME="$2" shift ;; + -bft ) + BFT=1 + shift + ;; -ca ) CRYPTO="Certificate Authorities" ;; @@ -501,6 +513,11 @@ while [[ $# -ge 1 ]] ; do shift done +if [ $BFT -eq 1 ]; then + export FABRIC_CFG_PATH=${PWD}/bft-config + COMPOSE_FILE_BASE=compose-bft-test-net.yaml +fi + # Are we generating crypto material with this command? if [ ! -d "organizations/peerOrganizations" ]; then CRYPTO_MODE="with crypto from '${CRYPTO}'" @@ -515,7 +532,7 @@ if [ "$MODE" == "up" ]; then elif [ "$MODE" == "createChannel" ]; then infoln "Creating channel '${CHANNEL_NAME}'." infoln "If network is not up, starting nodes with CLI timeout of '${MAX_RETRY}' tries and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE} ${CRYPTO_MODE}" - createChannel + createChannel $BFT elif [ "$MODE" == "down" ]; then infoln "Stopping network" networkDown diff --git a/test-network/organizations/cryptogen/crypto-config-orderer.yaml b/test-network/organizations/cryptogen/crypto-config-orderer.yaml index 6c5e7668..e307ea2a 100755 --- a/test-network/organizations/cryptogen/crypto-config-orderer.yaml +++ b/test-network/organizations/cryptogen/crypto-config-orderer.yaml @@ -13,6 +13,8 @@ OrdererOrgs: - Name: Orderer Domain: example.com EnableNodeOUs: true + + # --------------------------------------------------------------------------- # "Specs" - See PeerOrgs for complete description # --------------------------------------------------------------------------- @@ -20,3 +22,12 @@ OrdererOrgs: - Hostname: orderer SANS: - localhost + - Hostname: orderer2 + SANS: + - localhost + - Hostname: orderer3 + SANS: + - localhost + - Hostname: orderer4 + SANS: + - localhost \ No newline at end of file diff --git a/test-network/scripts/add_new_orderer_to_config.py b/test-network/scripts/add_new_orderer_to_config.py new file mode 100644 index 00000000..2daf2171 --- /dev/null +++ b/test-network/scripts/add_new_orderer_to_config.py @@ -0,0 +1,98 @@ +# This is a sample Python script. + +# Press ⌃R to execute it or replace it with your code. +# Press Double ⇧ to search everywhere for classes, files, tool windows, actions, and settings. +import argparse +import base64 +import copy +import json +import math +from typing import Any + + +def parse_args(): + parser = argparse.ArgumentParser( + prog='Config Update', + description='What the program does', + epilog='Text at the bottom of help') + parser.add_argument('config_path', type=str) + parser.add_argument('updated_config_path', type=str) + parser.add_argument('-a', '--address', type=str, required=True) + parser.add_argument('-i', '--identity', type=str, required=True) + parser.add_argument('-s', '--server-cert', type=str, required=True) + parser.add_argument('-c', '--client-cert', type=str, required=True) + return parser.parse_args() + + +def _pem_file_to_base64(path: str) -> str: + with open(path, 'rb') as binary_file: + binary_file_data = binary_file.read() + base64_encoded_data = base64.b64encode(binary_file_data) + return base64_encoded_data.decode('utf-8') + + +def _log_update(name: str, old: Any, new: Any) -> None: + print('=' * 50) + print(f'Updating {name}:') + print(f'{old}') + print(">" * 25) + print(f'{new}') + print('=' * 50) + + +def _calculate_bft_quorum(n: int) -> int: + f = int((n - 1) / 3) + return int(math.ceil((n + f + 1) / 2)) + + +def update_config(config_path: str, updated_config_path: str, address: str, identity_pem_path: str, server_pem_path: str, client_pem_path: str): + with open(config_path, 'r') as f: + config = json.load(f) + identity = _pem_file_to_base64(identity_pem_path) + client_cert = _pem_file_to_base64(client_pem_path) + server_cert = _pem_file_to_base64(server_pem_path) + host, port = address.split(':') + + addresses = config['channel_group']['groups']['Orderer']['groups']['OrdererOrg']['values']['Endpoints']['value']['addresses'] + addresses_before_update = copy.deepcopy(addresses) + original_orderers_count = len(addresses_before_update) + addresses.append(f'{addresses[0].split(":")[0]}:{port}') + new_orderers_count = len(addresses) + _log_update('addresses', addresses_before_update, addresses) + + identities = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value']['identities'] + identities_before_update = copy.deepcopy(identities) + new_identity = copy.deepcopy(identities[0]) + new_identity['principal']['id_bytes'] = identity + identities.append(new_identity) + _log_update('block validation identities', identities_before_update, identities) + + rule = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value'][ + 'rule'] + rule_before_update = copy.deepcopy(rule) + rule['n_out_of']['n'] = _calculate_bft_quorum(new_orderers_count) + rule['n_out_of']['rules'].append({'signed_by': new_orderers_count - 1}) + _log_update('block validation rules', rule_before_update, rule) + + consenter_mapping = config['channel_group']['groups']['Orderer']['values']['Orderers']['value']['consenter_mapping'] + consenter_mapping_before_update = copy.deepcopy(consenter_mapping) + consenter_mapping.append({ + 'client_tls_cert': client_cert, + 'host': host, + 'id': new_orderers_count, + 'identity': identity, + 'msp_id': consenter_mapping[0]['msp_id'], + 'port': port, + 'server_tls_cert': server_cert + }) + _log_update('consenter_mapping', consenter_mapping_before_update, consenter_mapping) + + with open(updated_config_path, 'w') as f: + json.dump(config, f) + +# Press the green button in the gutter to run the script. +if __name__ == '__main__': + args = parse_args() + update_config(args.config_path, args.updated_config_path, args.address, args.identity, args.server_cert, args.client_cert) + +# See PyCharm help at https://www.jetbrains.com/help/pycharm/ diff --git a/test-network/scripts/createChannel.sh b/test-network/scripts/createChannel.sh index 96894258..d82214d1 100755 --- a/test-network/scripts/createChannel.sh +++ b/test-network/scripts/createChannel.sh @@ -4,14 +4,17 @@ . scripts/envVar.sh . scripts/utils.sh + CHANNEL_NAME="$1" DELAY="$2" MAX_RETRY="$3" VERBOSE="$4" +BFT="$5" : ${CHANNEL_NAME:="mychannel"} : ${DELAY:="3"} : ${MAX_RETRY:="5"} : ${VERBOSE:="false"} +: ${BFT:=0} : ${CONTAINER_CLI:="docker"} : ${CONTAINER_CLI_COMPOSE:="${CONTAINER_CLI}-compose"} @@ -22,26 +25,39 @@ if [ ! -d "channel-artifacts" ]; then fi createChannelGenesisBlock() { + setGlobals 1 which configtxgen if [ "$?" -ne 0 ]; then fatalln "configtxgen tool not found." fi + local bft_true=$1 set -x - configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + + if [ $bft_true -eq 1 ]; then + configtxgen -profile ChannelUsingBFT -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + else + configtxgen -profile ChannelUsingRaft -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + fi res=$? { set +x; } 2>/dev/null verifyResult $res "Failed to generate channel configuration transaction..." } createChannel() { - setGlobals 1 # Poll in case the raft leader is not set yet local rc=1 local COUNTER=1 + local bft_true=$1 + infoln "Adding orderers" while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY set -x - osnadmin channel join --channelID $CHANNEL_NAME --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >&log.txt + . scripts/orderer.sh ${CHANNEL_NAME}> /dev/null 2>&1 + if [ $bft_true -eq 1 ]; then + . scripts/orderer2.sh ${CHANNEL_NAME}> /dev/null 2>&1 + . scripts/orderer3.sh ${CHANNEL_NAME}> /dev/null 2>&1 + . scripts/orderer4.sh ${CHANNEL_NAME}> /dev/null 2>&1 + fi res=$? { set +x; } 2>/dev/null let rc=$res @@ -53,8 +69,8 @@ createChannel() { # joinChannel ORG joinChannel() { - FABRIC_CFG_PATH=$PWD/../config/ ORG=$1 + FABRIC_CFG_PATH=$PWD/../config/ setGlobals $ORG local rc=1 local COUNTER=1 @@ -77,18 +93,23 @@ setAnchorPeer() { ${CONTAINER_CLI} exec cli ./scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME } -FABRIC_CFG_PATH=${PWD}/configtx + ## Create channel genesis block -infoln "Generating channel genesis block '${CHANNEL_NAME}.block'" -createChannelGenesisBlock - FABRIC_CFG_PATH=$PWD/../config/ BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block" +infoln "Generating channel genesis block '${CHANNEL_NAME}.block'" +FABRIC_CFG_PATH=${PWD}/configtx +if [ $BFT -eq 1 ]; then + FABRIC_CFG_PATH=${PWD}/bft-config +fi +createChannelGenesisBlock $BFT + + ## Create channel infoln "Creating channel ${CHANNEL_NAME}" -createChannel +createChannel $BFT successln "Channel '$CHANNEL_NAME' created" ## Join all the peers to the channel diff --git a/test-network/scripts/envVar.sh b/test-network/scripts/envVar.sh index b2acfb2a..c30376c3 100755 --- a/test-network/scripts/envVar.sh +++ b/test-network/scripts/envVar.sh @@ -15,8 +15,6 @@ export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tl export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key # Set environment variables for the peer org setGlobals() { @@ -37,7 +35,6 @@ setGlobals() { export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 - elif [ $USING_ORG -eq 3 ]; then export CORE_PEER_LOCALMSPID="Org3MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG3_CA diff --git a/test-network/scripts/orderer.sh b/test-network/scripts/orderer.sh new file mode 100644 index 00000000..e18a89c9 --- /dev/null +++ b/test-network/scripts/orderer.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer2.sh b/test-network/scripts/orderer2.sh new file mode 100755 index 00000000..978aab2d --- /dev/null +++ b/test-network/scripts/orderer2.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7055 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer3.sh b/test-network/scripts/orderer3.sh new file mode 100644 index 00000000..8b216eba --- /dev/null +++ b/test-network/scripts/orderer3.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7057 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer4.sh b/test-network/scripts/orderer4.sh new file mode 100644 index 00000000..3c572770 --- /dev/null +++ b/test-network/scripts/orderer4.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7059 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file