Update test-network-k8s to support both v2.5 and v3.0 (#1291)

The existing orderer configuration file is incompatible with v3.0, and the v3.0 configuration does not work with v2.5. To support both versions, configuration settings have been updated to use environment variables instead of referencing static configuration files. Signed-off-by: Tatsuya Sato <tatsuya.sato.so@hitachi.com>
2026-06-17 07:25:10 +00:00 · 2025-01-17 08:15:00 +09:00 · 2025-01-17 08:15:00 +09:00 · f174360f14
commit f174360f14
parent b50ae22f73
4 changed files with 3 additions and 420 deletions
--- a/test-network-k8s/config/org0/orderer.yaml
+++ b/test-network-k8s/config/org0/orderer.yaml
@ -1,420 +0,0 @@
-# Copyright IBM Corp. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-
-
---
-################################################################################
-#
-#   Orderer Configuration
-#
-#   - This controls the type and configuration of the orderer.
-#
-################################################################################
-General:
-  # Listen address: The IP on which to bind to listen.
-  ListenAddress: 0.0.0.0
-
-  # Listen port: The port on which to bind to listen.
-  ListenPort: 6050
-
-  # TLS: TLS settings for the GRPC server.
-  TLS:
-    # Require server-side TLS
-    Enabled: false
-    # PrivateKey governs the file location of the private key of the TLS certificate.
-    PrivateKey: tls/server.key
-    # Certificate governs the file location of the server TLS certificate.
-    Certificate: tls/server.crt
-    # RootCAs contains a list of additional root certificates used for verifying certificates
-    # of other orderer nodes during outbound connections.
-    # It is not required to be set, but can be used to augment the set of TLS CA certificates
-    # available from the MSPs of each channel’s configuration.
-    RootCAs:
-      - tls/ca.crt
-    # Require client certificates / mutual TLS for inbound connections.
-    ClientAuthRequired: false
-    # If mutual TLS is enabled, ClientRootCAs contains a list of additional root certificates
-    # used for verifying certificates of client connections.
-    # It is not required to be set, but can be used to augment the set of TLS CA certificates
-    # available from the MSPs of each channel’s configuration.
-    ClientRootCAs:
-  # Keepalive settings for the GRPC server.
-  Keepalive:
-    # ServerMinInterval is the minimum permitted time between client pings.
-    # If clients send pings more frequently, the server will
-    # disconnect them.
-    ServerMinInterval: 60s
-    # ServerInterval is the time between pings to clients.
-    ServerInterval: 7200s
-    # ServerTimeout is the duration the server waits for a response from
-    # a client before closing the connection.
-    ServerTimeout: 20s
-  # Cluster settings for ordering service nodes that communicate with other ordering service nodes
-  # such as Raft based ordering service.
-  Cluster:
-    # SendBufferSize is the maximum number of messages in the egress buffer.
-    # Consensus messages are dropped if the buffer is full, and transaction
-    # messages are waiting for space to be freed.
-    SendBufferSize: 10
-
-    # ClientCertificate governs the file location of the client TLS certificate
-    # used to establish mutual TLS connections with other ordering service nodes.
-    # If not set, the server General.TLS.Certificate is re-used.
-    ClientCertificate:
-    # ClientPrivateKey governs the file location of the private key of the client TLS certificate.
-    # If not set, the server General.TLS.PrivateKey is re-used.
-    ClientPrivateKey:
-
-    # The below 4 properties should be either set together, or be unset together.
-    # If they are set, then the orderer node uses a separate listener for intra-cluster
-    # communication. If they are unset, then the general orderer listener is used.
-    # This is useful if you want to use a different TLS server certificates on the
-    # client-facing and the intra-cluster listeners.
-
-    # ListenPort defines the port on which the cluster listens to connections.
-    ListenPort:
-    # ListenAddress defines the IP on which to listen to intra-cluster communication.
-    ListenAddress:
-    # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
-    # communication.
-    ServerCertificate:
-    # ServerPrivateKey defines the file location of the private key of the TLS certificate.
-    ServerPrivateKey:
-
-  # Bootstrap method: The method by which to obtain the bootstrap block
-  # system channel is specified. The option can be one of:
-  #   "file" - path to a file containing the genesis block or config block of system channel
-  #   "none" - allows an orderer to start without a system channel configuration
-  BootstrapMethod: none
-
-  # Bootstrap file: The file containing the bootstrap block to use when
-  # initializing the orderer system channel and BootstrapMethod is set to
-  # "file".  The bootstrap file can be the genesis block, and it can also be
-  # a config block for late bootstrap of some consensus methods like Raft.
-  # Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
-  # using configtxgen command with "-outputBlock" option.
-  # Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
-  BootstrapFile:
-
-  # LocalMSPDir is where to find the private crypto material needed by the
-  # orderer. It is set relative here as a default for dev environments but
-  # should be changed to the real location in production.
-  LocalMSPDir: msp
-
-  # LocalMSPID is the identity to register the local MSP material with the MSP
-  # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
-  # ID of one of the organizations defined in the orderer system channel's
-  # /Channel/Orderer configuration. The sample organization defined in the
-  # sample configuration provided has an MSP ID of "SampleOrg".
-  LocalMSPID: SampleOrg
-
-  # Enable an HTTP service for Go "pprof" profiling as documented at:
-  # https://golang.org/pkg/net/http/pprof
-  Profile:
-    Enabled: false
-    Address: 0.0.0.0:6060
-
-  # BCCSP configures the blockchain crypto service providers.
-  BCCSP:
-    # Default specifies the preferred blockchain crypto service provider
-    # to use. If the preferred provider is not available, the software
-    # based provider ("SW") will be used.
-    # Valid providers are:
-    #  - SW: a software based crypto provider
-    #  - PKCS11: a CA hardware security module crypto provider.
-    Default: SW
-
-    # SW configures the software based blockchain crypto provider.
-    SW:
-      # TODO: The default Hash and Security level needs refactoring to be
-      # fully configurable. Changing these defaults requires coordination
-      # SHA2 is hardcoded in several places, not only BCCSP
-      Hash: SHA2
-      Security: 256
-      # Location of key store. If this is unset, a location will be
-      # chosen using: 'LocalMSPDir'/keystore
-      FileKeyStore:
-        KeyStore:
-
-    # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
-    PKCS11:
-      # Location of the PKCS11 module library
-      Library:
-      # Token Label
-      Label:
-      # User PIN
-      Pin:
-      Hash:
-      Security:
-      FileKeyStore:
-        KeyStore:
-
-  # Authentication contains configuration parameters related to authenticating
-  # client messages
-  Authentication:
-    # the acceptable difference between the current server time and the
-    # client's time as specified in a client request message
-    TimeWindow: 15m
-
-
-################################################################################
-#
-#   SECTION: File Ledger
-#
-#   - This section applies to the configuration of the file ledger.
-#
-################################################################################
-FileLedger:
-
-  # Location: The directory to store the blocks in.
-  Location: /var/hyperledger/production/orderer
-
-################################################################################
-#
-#   SECTION: Kafka
-#
-#   - This section applies to the configuration of the Kafka-based orderer, and
-#     its interaction with the Kafka cluster.
-#
-################################################################################
-Kafka:
-
-  # Retry: What do if a connection to the Kafka cluster cannot be established,
-  # or if a metadata request to the Kafka cluster needs to be repeated.
-  Retry:
-    # When a new channel is created, or when an existing channel is reloaded
-    # (in case of a just-restarted orderer), the orderer interacts with the
-    # Kafka cluster in the following ways:
-    # 1. It creates a Kafka producer (writer) for the Kafka partition that
-    # corresponds to the channel.
-    # 2. It uses that producer to post a no-op CONNECT message to that
-    # partition
-    # 3. It creates a Kafka consumer (reader) for that partition.
-    # If any of these steps fail, they will be re-attempted every
-    # <ShortInterval> for a total of <ShortTotal>, and then every
-    # <LongInterval> for a total of <LongTotal> until they succeed.
-    # Note that the orderer will be unable to write to or read from a
-    # channel until all of the steps above have been completed successfully.
-    ShortInterval: 5s
-    ShortTotal: 10m
-    LongInterval: 5m
-    LongTotal: 12h
-    # Affects the socket timeouts when waiting for an initial connection, a
-    # response, or a transmission. See Config.Net for more info:
-    # https://godoc.org/github.com/Shopify/sarama#Config
-    NetworkTimeouts:
-      DialTimeout: 10s
-      ReadTimeout: 10s
-      WriteTimeout: 10s
-    # Affects the metadata requests when the Kafka cluster is in the middle
-    # of a leader election.See Config.Metadata for more info:
-    # https://godoc.org/github.com/Shopify/sarama#Config
-    Metadata:
-      RetryBackoff: 250ms
-      RetryMax: 3
-    # What to do if posting a message to the Kafka cluster fails. See
-    # Config.Producer for more info:
-    # https://godoc.org/github.com/Shopify/sarama#Config
-    Producer:
-      RetryBackoff: 100ms
-      RetryMax: 3
-    # What to do if reading from the Kafka cluster fails. See
-    # Config.Consumer for more info:
-    # https://godoc.org/github.com/Shopify/sarama#Config
-    Consumer:
-      RetryBackoff: 2s
-  # Settings to use when creating Kafka topics.  Only applies when
-  # Kafka.Version is v0.10.1.0 or higher
-  Topic:
-    # The number of Kafka brokers across which to replicate the topic
-    ReplicationFactor: 3
-  # Verbose: Enable logging for interactions with the Kafka cluster.
-  Verbose: false
-
-  # TLS: TLS settings for the orderer's connection to the Kafka cluster.
-  TLS:
-
-    # Enabled: Use TLS when connecting to the Kafka cluster.
-    Enabled: false
-
-    # PrivateKey: PEM-encoded private key the orderer will use for
-    # authentication.
-    PrivateKey:
-    # As an alternative to specifying the PrivateKey here, uncomment the
-    # following "File" key and specify the file name from which to load the
-    # value of PrivateKey.
-    #File: path/to/PrivateKey
-
-    # Certificate: PEM-encoded signed public key certificate the orderer will
-    # use for authentication.
-    Certificate:
-    # As an alternative to specifying the Certificate here, uncomment the
-    # following "File" key and specify the file name from which to load the
-    # value of Certificate.
-    #File: path/to/Certificate
-
-    # RootCAs: PEM-encoded trusted root certificates used to validate
-    # certificates from the Kafka cluster.
-    RootCAs:
-    # As an alternative to specifying the RootCAs here, uncomment the
-    # following "File" key and specify the file name from which to load the
-    # value of RootCAs.
-    #File: path/to/RootCAs
-
-  # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
-  SASLPlain:
-    # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
-    Enabled: false
-    # User: Required when Enabled is set to true
-    User:
-    # Password: Required when Enabled is set to true
-    Password:
-
-  # Kafka protocol version used to communicate with the Kafka cluster brokers
-  # (defaults to 0.10.2.0 if not specified)
-  Version:
-
-################################################################################
-#
-#   Debug Configuration
-#
-#   - This controls the debugging options for the orderer
-#
-################################################################################
-Debug:
-
-  # BroadcastTraceDir when set will cause each request to the Broadcast service
-  # for this orderer to be written to a file in this directory
-  BroadcastTraceDir:
-
-  # DeliverTraceDir when set will cause each request to the Deliver service
-  # for this orderer to be written to a file in this directory
-  DeliverTraceDir:
-
-################################################################################
-#
-#   Operations Configuration
-#
-#   - This configures the operations server endpoint for the orderer
-#
-################################################################################
-Operations:
-  # host and port for the operations server
-  ListenAddress: 0.0.0.0:8443
-
-  # TLS configuration for the operations endpoint
-  TLS:
-    # TLS enabled
-    Enabled: false
-
-    # Certificate is the location of the PEM encoded TLS certificate
-    Certificate:
-
-    # PrivateKey points to the location of the PEM-encoded key
-    PrivateKey:
-
-    # Most operations service endpoints require client authentication when TLS
-    # is enabled. ClientAuthRequired requires client certificate authentication
-    # at the TLS layer to access all resources.
-    ClientAuthRequired: false
-
-    # Paths to PEM encoded ca certificates to trust for client authentication
-    ClientRootCAs: []
-
-################################################################################
-#
-#   Metrics Configuration
-#
-#   - This configures metrics collection for the orderer
-#
-################################################################################
-Metrics:
-  # The metrics provider is one of statsd, prometheus, or disabled
-  Provider: disabled
-
-  # The statsd configuration
-  Statsd:
-    # network type: tcp or udp
-    Network: udp
-
-    # the statsd server address
-    Address: 127.0.0.1:8125
-
-    # The interval at which locally cached counters and gauges are pushed
-    # to statsd; timings are pushed immediately
-    WriteInterval: 30s
-
-    # The prefix is prepended to all emitted statsd metrics
-    Prefix:
-
-################################################################################
-#
-#   Admin Configuration
-#
-#   - This configures the admin server endpoint for the orderer
-#
-################################################################################
-Admin:
-  # host and port for the admin server
-  ListenAddress: 0.0.0.0:9443
-
-  # TLS configuration for the admin endpoint
-  TLS:
-    # TLS enabled
-    Enabled: false
-
-    # Certificate is the location of the PEM encoded TLS certificate
-    Certificate:
-
-    # PrivateKey points to the location of the PEM-encoded key
-    PrivateKey:
-
-    # Most admin service endpoints require client authentication when TLS
-    # is enabled. ClientAuthRequired requires client certificate authentication
-    # at the TLS layer to access all resources.
-    #
-    # NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The
-    # orderer will panic on startup if this value is set to false.
-    ClientAuthRequired: true
-
-    # Paths to PEM encoded ca certificates to trust for client authentication
-    ClientRootCAs: []
-
-################################################################################
-#
-#   Channel participation API Configuration
-#
-#   - This provides the channel participation API configuration for the orderer.
-#   - Channel participation uses the ListenAddress and TLS settings of the Admin
-#     service.
-#
-################################################################################
-ChannelParticipation:
-  # Channel participation API is enabled.
-  Enabled: true
-
-  # The maximum size of the request body when joining a channel.
-  MaxRequestBodySize: 1 MB
-
-
-################################################################################
-#
-#   Consensus Configuration
-#
-#   - This section contains config options for a consensus plugin. It is opaque
-#     to orderer, and completely up to consensus implementation to make use of.
-#
-################################################################################
-Consensus:
-  # The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
-  # we use following options:
-
-  # WALDir specifies the location at which Write Ahead Logs for etcd/raft are
-  # stored. Each channel will have its own subdir named after channel ID.
-  WALDir: /var/hyperledger/production/orderer/etcdraft/wal
-
-  # SnapDir specifies the location at which snapshots for etcd/raft are
-  # stored. Each channel will have its own subdir named after channel ID.
-  SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot
--- a/test-network-k8s/kube/org0/org0-orderer1.yaml
+++ b/test-network-k8s/kube/org0/org0-orderer1.yaml
@ -44,6 +44,7 @@ data:
  ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
  ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
  ORDERER_GENERAL_BOOTSTRAPMETHOD: none
+  ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
  ORDERER_ADMIN_TLS_ENABLED: "true"
  ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
  ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
--- a/test-network-k8s/kube/org0/org0-orderer2.yaml
+++ b/test-network-k8s/kube/org0/org0-orderer2.yaml
@ -44,6 +44,7 @@ data:
  ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
  ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
  ORDERER_GENERAL_BOOTSTRAPMETHOD: none
+  ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
  ORDERER_ADMIN_TLS_ENABLED: "true"
  ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
  ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
--- a/test-network-k8s/kube/org0/org0-orderer3.yaml
+++ b/test-network-k8s/kube/org0/org0-orderer3.yaml
@ -44,6 +44,7 @@ data:
  ORDERER_GENERAL_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt
  ORDERER_GENERAL_TLS_PRIVATEKEY: /var/hyperledger/fabric/config/tls/tls.key
  ORDERER_GENERAL_BOOTSTRAPMETHOD: none
+  ORDERER_CHANNELPARTICIPATION_ENABLED: "true"
  ORDERER_ADMIN_TLS_ENABLED: "true"
  ORDERER_ADMIN_TLS_CERTIFICATE: /var/hyperledger/fabric/config/tls/tls.crt
  ORDERER_ADMIN_TLS_ROOTCAS: /var/hyperledger/fabric/config/tls/ca.crt