epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-19 00:15:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Prepare for farmer, pulper, huller, and export

Browse source
This commit is contained in:
Ferry Ariawan 2024-06-07 16:44:50 +07:00
parent be5d9fd6e2
commit f376beac13
42 changed files with 2878 additions and 498 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
varion/bft-config/configtx.yaml
View file

@ -22,7 +22,7 @@ Organizations:
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ../organizations/ordererOrganizations/example.com/msp
MSPDir: ../organizations/ordererOrganizations/varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
@ -37,56 +37,102 @@ Organizations:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer.example.com:7050
- orderer2.example.com:7052
- orderer3.example.com:7056
- orderer4.example.com:7058
- &Org1
- orderer.varion.com:7050
- orderer2.varion.com:7052
- orderer3.varion.com:7056
- orderer4.varion.com:7058
- &Farmer
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
Name: FarmerMSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
ID: FarmerMSP
MSPDir: ../organizations/peerOrganizations/farmer.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Rule: "OR('FarmerMSP.admin', 'FarmerMSP.peer', 'FarmerMSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Rule: "OR('FarmerMSP.admin', 'FarmerMSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Rule: "OR('FarmerMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
- &Org2
Rule: "OR('FarmerMSP.peer')"
- &Pulper
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
Name: PulperMSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
ID: PulperMSP
MSPDir: ../organizations/peerOrganizations/pulper.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Rule: "OR('PulperMSP.admin', 'PulperMSP.peer', 'PulperMSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Rule: "OR('PulperMSP.admin', 'PulperMSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Rule: "OR('PulperMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
Rule: "OR('PulperMSP.peer')"
- &Huller
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: HullerMSP
# ID to load the MSP definition as
ID: HullerMSP
MSPDir: ../organizations/peerOrganizations/huller.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('HullerMSP.admin', 'HullerMSP.peer', 'HullerMSP.client')"
Writers:
Type: Signature
Rule: "OR('HullerMSP.admin', 'HullerMSP.client')"
Admins:
Type: Signature
Rule: "OR('HullerMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('HullerMSP.peer')"
- &Export
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: ExportMSP
# ID to load the MSP definition as
ID: ExportMSP
MSPDir: ../organizations/peerOrganizations/export.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('ExportMSP.admin', 'ExportMSP.peer', 'ExportMSP.client')"
Writers:
Type: Signature
Rule: "OR('ExportMSP.admin', 'ExportMSP.client')"
Admins:
Type: Signature
Rule: "OR('ExportMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('ExportMSP.peer')"
################################################################################
#
# SECTION: Capabilities
@ -237,7 +283,16 @@ Channel: &ChannelDefaults
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Type: ImplicitMeta farmer:
- department1
- department2
pulper:
- department1
huller:
- department1
export:
- department1
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
@ -277,36 +332,38 @@ Profiles:
LeaderHeartbeatCount: 10
ConsenterMapping:
- ID: 1
Host: orderer.example.com
Host: orderer.varion.com
Port: 7050
MSPID: OrdererMSP
Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/signcerts/orderer.varion.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt
- ID: 2
Host: orderer2.example.com
Host: orderer2.varion.com
Port: 7052
MSPID: OrdererMSP
Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/orderer2.example.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/msp/signcerts/orderer2.varion.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt
- ID: 3
Host: orderer3.example.com
Host: orderer3.varion.com
Port: 7056
MSPID: OrdererMSP
Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/signcerts/orderer3.example.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/msp/signcerts/orderer3.varion.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt
- ID: 4
Host: orderer4.example.com
Host: orderer4.varion.com
Port: 7058
MSPID: OrdererMSP
Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/signcerts/orderer4.example.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/msp/signcerts/orderer4.varion.com-cert.pem
ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Farmer
- *Pulper
- *Huller
- *Export
Capabilities: *ApplicationCapabilities

191
varion/compose/compose-bft-test-net.yaml
View file

@ -1,12 +1,14 @@
version: '3.7'
volumes:
orderer.example.com:
orderer2.example.com:
orderer3.example.com:
orderer4.example.com:
peer0.org1.example.com:
peer0.org2.example.com:
orderer.varion.com:
orderer2.varion.com:
orderer3.varion.com:
orderer4.varion.com:
peer0.farmer.varion.com:
peer0.pulper.varion.com:
peer0.huller.varion.com:
peer0.export.varion.com:
networks:
test:
@ -14,8 +16,8 @@ networks:
services:
orderer.example.com:
container_name: orderer.example.com
orderer.varion.com:
container_name: orderer.varion.com
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
@ -41,14 +43,14 @@ services:
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
- ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443
- ORDERER_OPERATIONS_LISTENADDRESS=orderer.varion.com:9443
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /root
command: orderer
volumes:
- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- orderer.example.com:/var/hyperledger/production/orderer
- ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/:/var/hyperledger/orderer/tls
- orderer.varion.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
- 7053:7053
@ -56,8 +58,8 @@ services:
networks:
- test
orderer2.example.com:
container_name: orderer2.example.com
orderer2.varion.com:
container_name: orderer2.varion.com
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
@ -83,14 +85,14 @@ services:
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7055
- ORDERER_OPERATIONS_LISTENADDRESS=orderer2.example.com:9446
- ORDERER_OPERATIONS_LISTENADDRESS=orderer2.varion.com:9446
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /root
command: orderer
volumes:
- ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls
- orderer2.example.com:/var/hyperledger/production/orderer
- ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/:/var/hyperledger/orderer/tls
- orderer2.varion.com:/var/hyperledger/production/orderer
ports:
- 7052:7052
- 7055:7055
@ -98,8 +100,8 @@ services:
networks:
- test
orderer3.example.com:
container_name: orderer3.example.com
orderer3.varion.com:
container_name: orderer3.varion.com
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
@ -125,14 +127,14 @@ services:
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7057
- ORDERER_OPERATIONS_LISTENADDRESS=orderer3.example.com:9447
- ORDERER_OPERATIONS_LISTENADDRESS=orderer3.varion.com:9447
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /root
command: orderer
volumes:
- ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls
- orderer3.example.com:/var/hyperledger/production/orderer
- ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/:/var/hyperledger/orderer/tls
- orderer3.varion.com:/var/hyperledger/production/orderer
ports:
- 7056:7056
- 7057:7057
@ -140,8 +142,8 @@ services:
networks:
- test
orderer4.example.com:
container_name: orderer4.example.com
orderer4.varion.com:
container_name: orderer4.varion.com
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
@ -167,14 +169,14 @@ services:
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7059
- ORDERER_OPERATIONS_LISTENADDRESS=orderer4.example.com:9448
- ORDERER_OPERATIONS_LISTENADDRESS=orderer4.varion.com:9448
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /root
command: orderer
volumes:
- ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls
- orderer4.example.com:/var/hyperledger/production/orderer
- ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/:/var/hyperledger/orderer/tls
- orderer4.varion.com:/var/hyperledger/production/orderer
ports:
- 7058:7058
- 7059:7059
@ -182,11 +184,8 @@ services:
networks:
- test
peer0.org1.example.com:
container_name: peer0.org1.example.com
peer0.farmer.varion.com:
container_name: peer0.farmer.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -200,22 +199,22 @@ services:
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_ID=peer0.farmer.varion.com
- CORE_PEER_ADDRESS=peer0.farmer.varion.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_CHAINCODEADDRESS=peer0.farmer.varion.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.farmer.varion.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.farmer.varion.com:7051
- CORE_PEER_LOCALMSPID=FarmerMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444
- CORE_OPERATIONS_LISTENADDRESS=peer0.farmer.varion.com:9444
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
- peer0.org1.example.com:/var/hyperledger/production
- ../organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com:/etc/hyperledger/fabric
- peer0.farmer.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
@ -224,8 +223,8 @@ services:
networks:
- test
peer0.org2.example.com:
container_name: peer0.org2.example.com
peer0.pulper.varion.com:
container_name: peer0.pulper.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -239,22 +238,22 @@ services:
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:9051
- CORE_PEER_ID=peer0.pulper.varion.com
- CORE_PEER_ADDRESS=peer0.pulper.varion.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
- CORE_PEER_CHAINCODEADDRESS=peer0.pulper.varion.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.pulper.varion.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.pulper.varion.com:9051
- CORE_PEER_LOCALMSPID=PulperMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445
- CORE_OPERATIONS_LISTENADDRESS=peer0.pulper.varion.com:9445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0pulper"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
- peer0.org2.example.com:/var/hyperledger/production
- ../organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com:/etc/hyperledger/fabric
- peer0.pulper.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
@ -262,3 +261,81 @@ services:
- 9445:9445
networks:
- test
peer0.huller.varion.com:
container_name: peer0.huller.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/peercfg
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.huller.varion.com
- CORE_PEER_ADDRESS=peer0.huller.varion.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.huller.varion.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.huller.varion.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.huller.varion.com:11051
- CORE_PEER_LOCALMSPID=HullerMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.huller.varion.com:11445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com:/etc/hyperledger/fabric
- peer0.huller.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
- 11051:11051
- 11445:11445
networks:
- test
peer0.export.varion.com:
container_name: peer0.export.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/peercfg
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.export.varion.com
- CORE_PEER_ADDRESS=peer0.export.varion.com:12051
- CORE_PEER_LISTENADDRESS=0.0.0.0:12051
- CORE_PEER_CHAINCODEADDRESS=peer0.export.varion.com:12052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:12052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.export.varion.com:12051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.export.varion.com:12051
- CORE_PEER_LOCALMSPID=ExportMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.export.varion.com:12445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0export"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com:/etc/hyperledger/fabric
- peer0.export.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
- 12051:12051
- 12445:12445
networks:
- test

142
varion/compose/compose-test-net.yaml
View file

@ -6,9 +6,11 @@
version: '3.7'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer0.org2.example.com:
orderer.varion.com:
peer0.farmer.varion.com:
peer0.pulper.varion.com:
peer0.huller.varion.com:
peer0.export.varion.com:
networks:
test:
@ -16,8 +18,8 @@ networks:
services:
orderer.example.com:
container_name: orderer.example.com
orderer.varion.com:
container_name: orderer.varion.com
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
@ -43,14 +45,14 @@ services:
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
- ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443
- ORDERER_OPERATIONS_LISTENADDRESS=orderer.varion.com:9443
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /root
command: orderer
volumes:
- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- orderer.example.com:/var/hyperledger/production/orderer
- ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp:/var/hyperledger/orderer/msp
- ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/:/var/hyperledger/orderer/tls
- orderer.varion.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
- 7053:7053
@ -58,8 +60,8 @@ services:
networks:
- test
peer0.org1.example.com:
container_name: peer0.org1.example.com
peer0.farmer.varion.com:
container_name: peer0.farmer.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -73,22 +75,22 @@ services:
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_ID=peer0.farmer.varion.com
- CORE_PEER_ADDRESS=peer0.farmer.varion.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_CHAINCODEADDRESS=peer0.farmer.varion.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.farmer.varion.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.farmer.varion.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444
- CORE_OPERATIONS_LISTENADDRESS=peer0.farmer.varion.com:9444
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
- peer0.org1.example.com:/var/hyperledger/production
- ../organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com:/etc/hyperledger/fabric
- peer0.farmer.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
@ -97,8 +99,8 @@ services:
networks:
- test
peer0.org2.example.com:
container_name: peer0.org2.example.com
peer0.pulper.varion.com:
container_name: peer0.pulper.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -112,22 +114,100 @@ services:
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:9051
- CORE_PEER_ID=peer0.pulper.varion.com
- CORE_PEER_ADDRESS=peer0.pulper.varion.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
- CORE_PEER_CHAINCODEADDRESS=peer0.pulper.varion.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.pulper.varion.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.pulper.varion.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445
- CORE_OPERATIONS_LISTENADDRESS=peer0.pulper.varion.com:9445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0pulper"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
- peer0.org2.example.com:/var/hyperledger/production
- ../organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com:/etc/hyperledger/fabric
- peer0.pulper.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
- 9051:9051
- 9445:9445
networks:
- test
peer0.huller.varion.com:
container_name: peer0.huller.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/peercfg
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.huller.varion.com
- CORE_PEER_ADDRESS=peer0.huller.varion.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.huller.varion.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.huller.varion.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.huller.varion.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.huller.varion.com:9445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0huller"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com:/etc/hyperledger/fabric
- peer0.huller.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:
- 9051:9051
- 9445:9445
networks:
- test
peer0.export.varion.com:
container_name: peer0.export.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/peercfg
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variables
- CORE_PEER_ID=peer0.export.varion.com
- CORE_PEER_ADDRESS=peer0.export.varion.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.export.varion.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.export.varion.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.export.varion.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
- CORE_OPERATIONS_LISTENADDRESS=peer0.export.varion.com:9445
- CORE_METRICS_PROVIDER=prometheus
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0export"}
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
volumes:
- ../organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com:/etc/hyperledger/fabric
- peer0.export.varion.com:/var/hyperledger/production
working_dir: /root
command: peer node start
ports:

34
varion/compose/docker/docker-compose-bft-test-net.yaml
View file

@ -5,8 +5,8 @@
version: '3.7'
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
peer0.farmer.varion.com:
container_name: peer0.farmer.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -18,8 +18,34 @@ services:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.org2.example.com:
container_name: peer0.org2.example.com
peer0.pulper.varion.com:
container_name: peer0.pulper.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.huller.varion.com:
container_name: peer0.huller.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.export.varion.com:
container_name: peer0.export.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric

34
varion/compose/docker/docker-compose-test-net.yaml
View file

@ -5,8 +5,8 @@
version: '3.7'
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
peer0.farmer.varion.com:
container_name: peer0.farmer.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
@ -18,8 +18,34 @@ services:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.org2.example.com:
container_name: peer0.org2.example.com
peer0.pulper.varion.com:
container_name: peer0.pulper.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.huller.varion.com:
container_name: peer0.huller.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
- ./docker/peercfg:/etc/hyperledger/peercfg
- ${DOCKER_SOCK}:/host/var/run/docker.sock
peer0.export.varion.com:
container_name: peer0.export.varion.com
image: hyperledger/fabric-peer:latest
labels:
service: hyperledger-fabric

2
varion/compose/docker/peercfg/core.yaml
View file

@ -680,7 +680,7 @@ ledger:
# Internally the chaincode may execute multiple CouchDB queries,
# each of size internalQueryLimit.
internalQueryLimit: 1000
# Limit on the number of records per CouchDB bulk update batch
# Limit on the number of recordpulpers per CouchDB bulk update batch
maxBatchUpdateSize: 1000
# Create the _global_changes system database
# This is optional. Creating the global changes database will require

12
varion/compose/podman/podman-compose-test-net.yaml
View file

@ -6,11 +6,19 @@
version: '3.7'
services:
peer0.org1.example.com:
peer0.farmer.varion.com:
volumes:
- ./podman/peercfg:/etc/hyperledger/peercfg
peer0.org2.example.com:
peer0.pulper.varion.com:
volumes:
- ./podman/peercfg:/etc/hyperledger/peercfg
peer0.huller.varion.com:
volumes:
- ./podman/peercfg:/etc/hyperledger/peercfg
peer0.export.varion.com:
volumes:
- ./podman/peercfg:/etc/hyperledger/peercfg

94
varion/configtx/configtx.yaml
View file

@ -22,7 +22,7 @@ Organizations:
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ../organizations/ordererOrganizations/example.com/msp
MSPDir: ../organizations/ordererOrganizations/varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
@ -37,53 +37,99 @@ Organizations:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer.example.com:7050
- &Org1
- orderer.varion.com:7050
- &Farmer
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
Name: FarmerMSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
ID: FarmerMSP
MSPDir: ../organizations/peerOrganizations/farmer.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Rule: "OR('FarmerMSP.admin', 'FarmerMSP.peer', 'FarmerMSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Rule: "OR('FarmerMSP.admin', 'FarmerMSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Rule: "OR('FarmerMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
- &Org2
Rule: "OR('FarmerMSP.peer')"
- &Pulper
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
Name: PulperMSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
ID: PulperMSP
MSPDir: ../organizations/peerOrganizations/pulper.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Rule: "OR('PulperMSP.admin', 'PulperMSP.peer', 'PulperMSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Rule: "OR('PulperMSP.admin', 'PulperMSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Rule: "OR('PulperMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
Rule: "OR('PulperMSP.peer')"
- &Huller
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: HullerMSP
# ID to load the MSP definition as
ID: HullerMSP
MSPDir: ../organizations/peerOrganizations/huller.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('HullerMSP.admin', 'HullerMSP.peer', 'HullerMSP.client')"
Writers:
Type: Signature
Rule: "OR('HullerMSP.admin', 'HullerMSP.client')"
Admins:
Type: Signature
Rule: "OR('HullerMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('HullerMSP.peer')"
- &Export
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: ExportMSP
# ID to load the MSP definition as
ID: ExportMSP
MSPDir: ../organizations/peerOrganizations/export.varion.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('ExportMSP.admin', 'ExportMSP.peer', 'ExportMSP.client')"
Writers:
Type: Signature
Rule: "OR('ExportMSP.admin', 'ExportMSP.client')"
Admins:
Type: Signature
Rule: "OR('ExportMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('ExportMSP.peer')"
################################################################################
#
# SECTION: Capabilities
@ -183,7 +229,7 @@ Orderer: &OrdererDefaults
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
Addresses:
- orderer.example.com:7050
- orderer.varion.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
@ -264,16 +310,16 @@ Profiles:
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
- Host: orderer.varion.com
Port: 7050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt
Organizations:
- *OrdererOrg
Capabilities: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Farmer
- *Pulper
Capabilities: *ApplicationCapabilities

6
varion/network.config
View file

@ -17,7 +17,7 @@ CLI_DELAY=3
CHANNEL_NAME="mychannel"
# default database (-s)
DATABASE="leveldb"
DATABASE="couchdb"
# default org (-org)
ORG=1
@ -29,13 +29,13 @@ CC_SRC_LANGUAGE="go"
CC_VERSION="1.0.1"
# chaincode name defaults to "NA" (-ccn)
CC_NAME="basic"
CC_NAME="varion"
# default to running the docker commands for the CCAAS (-ccaasdocker)
CCAAS_DOCKER_RUN=true
# chaincode path defaults to "NA" (-ccp)
CC_SRC_PATH="../asset-transfer-basic/chaincode-go"
CC_SRC_PATH="../varion-contract/chaincode-go"
# endorsement policy defaults to "NA". This would allow chaincodes to use the majority default policy. (-ccep)
CC_END_POLICY="NA"

84
varion/network.sh
View file

@ -167,20 +167,40 @@ function createOrgs() {
fi
infoln "Generating certificates using cryptogen tool"
infoln "Creating Org1 Identities"
infoln "Creating Farmer Identities"
set -x
cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-farmer.yaml --output="organizations"
res=$?
{ set +x; } 2>/dev/null
if [ $res -ne 0 ]; then
fatalln "Failed to generate certificates..."
fi
infoln "Creating Org2 Identities"
infoln "Creating Pulper Identities"
set -x
cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-pulper.yaml --output="organizations"
res=$?
{ set +x; } 2>/dev/null
if [ $res -ne 0 ]; then
fatalln "Failed to generate certificates..."
fi
infoln "Creating Huller Identities"
set -x
cryptogen generate --config=./organizations/cryptogen/crypto-config-huller.yaml --output="organizations"
res=$?
{ set +x; } 2>/dev/null
if [ $res -ne 0 ]; then
fatalln "Failed to generate certificates..."
fi
infoln "Creating Export Identities"
set -x
cryptogen generate --config=./organizations/cryptogen/crypto-config-export.yaml --output="organizations"
res=$?
{ set +x; } 2>/dev/null
if [ $res -ne 0 ]; then
@ -204,18 +224,28 @@ function createOrgs() {
. organizations/cfssl/registerEnroll.sh
#function_name cert-type CN org
peer_cert peer peer0.org1.example.com org1
peer_cert admin Admin@org1.example.com org1
peer_cert peer peer0.farmer.varion.com farmer
peer_cert admin Admin@farmer.varion.com farmer
infoln "Creating Org2 Identities"
infoln "Creating Pulper Identities"
#function_name cert-type CN org
peer_cert peer peer0.org2.example.com org2
peer_cert admin Admin@org2.example.com org2
peer_cert peer peer0.pulper.varion.com pulper
peer_cert admin Admin@pulper.varion.com pulper
infoln "Creating Huller Identities"
#function_name cert-type CN org
peer_cert peer peer0.huller.varion.com huller
peer_cert admin Admin@huller.varion.com huller
infoln "Creating Export Identities"
#function_name cert-type CN org
peer_cert peer peer0.export.varion.com export
peer_cert admin Admin@export.varion.com export
infoln "Creating Orderer Org Identities"
#function_name cert-type CN
orderer_cert orderer orderer.example.com
orderer_cert admin Admin@example.com
orderer_cert orderer orderer.varion.com
orderer_cert admin Admin@varion.com
fi
@ -228,20 +258,28 @@ function createOrgs() {
while :
do
if [ ! -f "organizations/fabric-ca/org1/tls-cert.pem" ]; then
if [ ! -f "organizations/fabric-ca/farmer/tls-cert.pem" ]; then
sleep 1
else
break
fi
done
infoln "Creating Org1 Identities"
infoln "Creating Farmer Identities"
createOrg1
createFarmer
infoln "Creating Org2 Identities"
infoln "Creating Pulper Identities"
createOrg2
createPulper
infoln "Creating Huller Identities"
createPulper
infoln "Creating Export Identities"
createPulper
infoln "Creating Orderer Org Identities"
@ -249,7 +287,7 @@ function createOrgs() {
fi
infoln "Generating CCP files for Org1 and Org2"
infoln "Generating CCP files for Farmer, Pulper, Huller, and Export"
./organizations/ccp-generate.sh
}
@ -303,7 +341,7 @@ function networkUp() {
fi
}
# call the script to create the channel, join the peers of org1 and org2,
# call the script to create the channel, join the peers of farmer and pulper,
# and then update the anchor peers for each organization
function createChannel() {
# Bring up the network if it is not already up.
@ -424,7 +462,7 @@ function networkDown() {
COMPOSE_CA_FILES="-f compose/${COMPOSE_FILE_CA} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_CA}"
COMPOSE_FILES="${COMPOSE_BASE_FILES} ${COMPOSE_COUCH_FILES} ${COMPOSE_CA_FILES}"
# stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3
# stop org3 containers also in addition to farmer and pulper, in case we were running sample to add org3
COMPOSE_ORG3_BASE_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_BASE} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_BASE}"
COMPOSE_ORG3_COUCH_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_COUCH} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_COUCH}"
COMPOSE_ORG3_CA_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_CA} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_CA}"
@ -443,7 +481,7 @@ function networkDown() {
# Don't remove the generated artifacts -- note, the ledgers are always removed
if [ "$MODE" != "restart" ]; then
# Bring down the network, deleting the volumes
${CONTAINER_CLI} volume rm docker_orderer.example.com docker_peer0.org1.example.com docker_peer0.org2.example.com
${CONTAINER_CLI} volume rm docker_orderer.varion.com docker_peer0.farmer.varion.com docker_peer0.pulper.varion.com docker_peer0.huller.varion.com docker_peer0.export.varion.com
#Cleanup the chaincode containers
clearContainers
#Cleanup images
@ -451,8 +489,10 @@ function networkDown() {
# remove orderer block and other channel configuration transactions and certs
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf system-genesis-block/*.block organizations/peerOrganizations organizations/ordererOrganizations'
## remove fabric ca artifacts
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/org1/msp organizations/fabric-ca/org1/tls-cert.pem organizations/fabric-ca/org1/ca-cert.pem organizations/fabric-ca/org1/IssuerPublicKey organizations/fabric-ca/org1/IssuerRevocationPublicKey organizations/fabric-ca/org1/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/org2/msp organizations/fabric-ca/org2/tls-cert.pem organizations/fabric-ca/org2/ca-cert.pem organizations/fabric-ca/org2/IssuerPublicKey organizations/fabric-ca/org2/IssuerRevocationPublicKey organizations/fabric-ca/org2/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/farmer/msp organizations/fabric-ca/farmer/tls-cert.pem organizations/fabric-ca/farmer/ca-cert.pem organizations/fabric-ca/farmer/IssuerPublicKey organizations/fabric-ca/farmer/IssuerRevocationPublicKey organizations/fabric-ca/farmer/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/pulper/msp organizations/fabric-ca/pulper/tls-cert.pem organizations/fabric-ca/pulper/ca-cert.pem organizations/fabric-ca/pulper/IssuerPublicKey organizations/fabric-ca/pulper/IssuerRevocationPublicKey organizations/fabric-ca/pulper/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/huller/msp organizations/fabric-ca/huller/tls-cert.pem organizations/fabric-ca/huller/ca-cert.pem organizations/fabric-ca/huller/IssuerPublicKey organizations/fabric-ca/huller/IssuerRevocationPublicKey organizations/fabric-ca/huller/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/export/msp organizations/fabric-ca/export/tls-cert.pem organizations/fabric-ca/export/ca-cert.pem organizations/fabric-ca/export/IssuerPublicKey organizations/fabric-ca/export/IssuerRevocationPublicKey organizations/fabric-ca/export/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/ordererOrg/msp organizations/fabric-ca/ordererOrg/tls-cert.pem organizations/fabric-ca/ordererOrg/ca-cert.pem organizations/fabric-ca/ordererOrg/IssuerPublicKey organizations/fabric-ca/ordererOrg/IssuerRevocationPublicKey organizations/fabric-ca/ordererOrg/fabric-ca-server.db'
${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf addOrg3/fabric-ca/org3/msp addOrg3/fabric-ca/org3/tls-cert.pem addOrg3/fabric-ca/org3/ca-cert.pem addOrg3/fabric-ca/org3/IssuerPublicKey addOrg3/fabric-ca/org3/IssuerRevocationPublicKey addOrg3/fabric-ca/org3/fabric-ca-server.db'
# remove channel and script artifacts

38
varion/organizations/ccp-generate.sh
View file

@ -26,20 +26,38 @@ function yaml_ccp {
organizations/ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g'
}
ORG=1
ORG=farmer
P0PORT=7051
CAPORT=7054
PEERPEM=organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
CAPEM=organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
PEERPEM=organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem
CAPEM=organizations/peerOrganizations/farmer.varion.com/ca/ca.farmer.varion.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/farmer.varion.com/connection-farmer.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/farmer.varion.com/connection-farmer.yaml
ORG=2
ORG=pulper
P0PORT=9051
CAPORT=8054
PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
PEERPEM=organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem
CAPEM=organizations/peerOrganizations/pulper.varion.com/ca/ca.pulper.varion.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/pulper.varion.com/connection-pulper.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/pulper.varion.com/connection-pulper.yaml
ORG=huller
P0PORT=9051
CAPORT=8054
PEERPEM=organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem
CAPEM=organizations/peerOrganizations/huller.varion.com/ca/ca.huller.varion.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/huller.varion.com/connection-huller.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/huller.varion.com/connection-huller.yaml
ORG=export
P0PORT=9051
CAPORT=8054
PEERPEM=organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem
CAPEM=organizations/peerOrganizations/export.varion.com/ca/ca.export.varion.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/export.varion.com/connection-export.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/export.varion.com/connection-export.yaml

16
varion/organizations/ccp-template.json
View file

@ -1,5 +1,5 @@
{
"name": "test-network-org${ORG}",
"name": "test-network-${ORG}",
"version": "1.0.0",
"client": {
"organization": "Org${ORG}",
@ -15,29 +15,29 @@
"Org${ORG}": {
"mspid": "Org${ORG}MSP",
"peers": [
"peer0.org${ORG}.example.com"
"peer0.${ORG}.varion.com"
],
"certificateAuthorities": [
"ca.org${ORG}.example.com"
"ca.${ORG}.varion.com"
]
}
},
"peers": {
"peer0.org${ORG}.example.com": {
"peer0.${ORG}.varion.com": {
"url": "grpcs://localhost:${P0PORT}",
"tlsCACerts": {
"pem": "${PEERPEM}"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org${ORG}.example.com",
"hostnameOverride": "peer0.org${ORG}.example.com"
"ssl-target-name-override": "peer0.${ORG}.varion.com",
"hostnameOverride": "peer0.${ORG}.varion.com"
}
}
},
"certificateAuthorities": {
"ca.org${ORG}.example.com": {
"ca.${ORG}.varion.com": {
"url": "https://localhost:${CAPORT}",
"caName": "ca-org${ORG}",
"caName": "ca-${ORG}",
"tlsCACerts": {
"pem": ["${CAPEM}"]
},

20
varion/organizations/ccp-template.yaml
View file

@ -1,32 +1,32 @@
---
name: test-network-org${ORG}
name: test-network-${ORG}
version: 1.0.0
client:
organization: Org${ORG}
organization: ${ORG}
connection:
timeout:
peer:
endorser: '300'
organizations:
Org${ORG}:
mspid: Org${ORG}MSP
mspid: ${ORG}MSP
peers:
- peer0.org${ORG}.example.com
- peer0.${ORG}.varion.com
certificateAuthorities:
- ca.org${ORG}.example.com
- ca.${ORG}.varion.com
peers:
peer0.org${ORG}.example.com:
peer0.${ORG}.varion.com:
url: grpcs://localhost:${P0PORT}
tlsCACerts:
pem: |
${PEERPEM}
grpcOptions:
ssl-target-name-override: peer0.org${ORG}.example.com
hostnameOverride: peer0.org${ORG}.example.com
ssl-target-name-override: peer0.${ORG}.varion.com
hostnameOverride: peer0.${ORG}.varion.com
certificateAuthorities:
ca.org${ORG}.example.com:
ca.${ORG}.varion.com:
url: https://localhost:${CAPORT}
caName: ca-org${ORG}
caName: ca-${ORG}
tlsCACerts:
pem:
- |

12
varion/organizations/cfssl/admin-csr-template.json
View file

@ -1,15 +1,15 @@
{
"CN": "{USER}",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "admin"
}
],

14
varion/organizations/cfssl/ca-orderer.json
View file

@ -1,15 +1,15 @@
{
"CN": "cfssl-orderer-ca",
"CN": "varion-orderer-ca",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "client"
}
],

16
varion/organizations/cfssl/ca-peer.json
View file

@ -1,16 +1,16 @@
{
"CN": "cfssl-peer-ca",
"CN": "varion-peer-ca",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"OU": "Fabric"
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "Varion"
}
],
"hosts": [

12
varion/organizations/cfssl/client-csr-template.json
View file

@ -1,15 +1,15 @@
{
"CN": "{USER}",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "client"
}
],

12
varion/organizations/cfssl/orderer-csr-template.json
View file

@ -1,15 +1,15 @@
{
"CN": "{USER}",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "orderer"
}
],

12
varion/organizations/cfssl/peer-csr-template.json
View file

@ -1,15 +1,15 @@
{
"CN": "{USER}",
"key": {
"algo": "ecdsa",
"size": 256
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "IN",
"ST": "Delhi",
"L": "Aero city",
"O": "cfssl",
"C": "ID",
"ST": "Jakarta",
"L": "Jakarta",
"O": "varion",
"OU": "peer"
}
],

40
varion/organizations/cfssl/registerEnroll.sh
View file

@ -7,20 +7,20 @@ function peer_cert() {
USER=$2
ORG=$3
mkdir -p "organizations/peerOrganizations/$ORG.example.com/ca"
mkdir -p "organizations/peerOrganizations/$ORG.example.com/msp/cacerts"
mkdir -p "organizations/peerOrganizations/$ORG.example.com/msp/tlscacerts"
mkdir -p "organizations/peerOrganizations/$ORG.example.com/peers"
mkdir -p "organizations/peerOrganizations/$ORG.example.com/tlsca"
mkdir -p "organizations/peerOrganizations/$ORG.varion.com/ca"
mkdir -p "organizations/peerOrganizations/$ORG.varion.com/msp/cacerts"
mkdir -p "organizations/peerOrganizations/$ORG.varion.com/msp/tlscacerts"
mkdir -p "organizations/peerOrganizations/$ORG.varion.com/peers"
mkdir -p "organizations/peerOrganizations/$ORG.varion.com/tlsca"
CERT_DIR=organizations/peerOrganizations/$ORG.example.com
CERT_DIR=organizations/peerOrganizations/$ORG.varion.com
if [ ! -f "$CERT_DIR/ca/ca-key.pem" ]; then
cfssl gencert -initca "${PWD}/organizations/cfssl/ca-peer.json" | cfssljson -bare "$CERT_DIR/ca/ca"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.$ORG.example.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/ca/ca.$ORG.example.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.$ORG.varion.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/ca/ca.$ORG.varion.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/cacerts/"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/"
@ -55,24 +55,24 @@ function peer_cert() {
function orderer_cert() {
TYPE=$1 #orderer user
USER=$2 #orderer.example.com
USER=$2 #orderer.varion.com
mkdir -p organizations/ordererOrganizations/example.com/ca
mkdir -p organizations/ordererOrganizations/example.com/msp/cacerts
mkdir -p organizations/ordererOrganizations/example.com/msp/tlscacerts
mkdir -p organizations/ordererOrganizations/example.com/orderers
mkdir -p organizations/ordererOrganizations/example.com/tlsca
mkdir -p organizations/ordererOrganizations/varion.com/ca
mkdir -p organizations/ordererOrganizations/varion.com/msp/cacerts
mkdir -p organizations/ordererOrganizations/varion.com/msp/tlscacerts
mkdir -p organizations/ordererOrganizations/varion.com/orderers
mkdir -p organizations/ordererOrganizations/varion.com/tlsca
CERT_DIR=organizations/ordererOrganizations/example.com
CERT_DIR=organizations/ordererOrganizations/varion.com
if [ ! -f "$CERT_DIR/ca/ca-key.pem" ]; then
cfssl gencert -initca "${PWD}/organizations/cfssl/ca-orderer.json" | cfssljson -bare "$CERT_DIR/ca/ca"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.example.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.varion.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/cacerts/"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/tlsca.example.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/tlsca.varion.com-cert.pem"
echo 'NodeOUs:
Enable: true
@ -224,10 +224,10 @@ function generate_orderer_certs() {
USER=$2
for DIR in cacerts keystore signcerts tlscacerts; do
mkdir -p "organizations/ordererOrganizations/example.com/orderers/$USER/msp/$DIR"
mkdir -p "organizations/ordererOrganizations/varion.com/orderers/$USER/msp/$DIR"
done
mkdir -p "organizations/ordererOrganizations/example.com/orderers/$USER/tls"
mkdir -p "organizations/ordererOrganizations/varion.com/orderers/$USER/tls"
sed -e "s/{USER}/$USER/g" <"$PWD/organizations/cfssl/orderer-csr-template.json" >"$PWD/organizations/cfssl/orderer-${USER}.json"
@ -243,7 +243,7 @@ function generate_orderer_certs() {
mv "$CERT_DIR/orderers/$USER/msp/signcerts/cert-key.pem" "$CERT_DIR/orderers/$USER/msp/keystore"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/cacerts"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/tlscacerts/tlsca.example.com-cert.pem"
cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/tlscacerts/tlsca.varion.com-cert.pem"
echo 'NodeOUs:
Enable: true

10
varion/organizations/cryptogen/crypto-config-org2.yaml → varion/organizations/cryptogen/crypto-config-export.yaml
View file

@ -8,10 +8,10 @@
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org2
# Export
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
- Name: Export
Domain: export.varion.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
@ -30,8 +30,8 @@ PeerOrgs:
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: foo # implicitly "foo.org1.varion.com"
# CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------

10
varion/organizations/cryptogen/crypto-config-org1.yaml → varion/organizations/cryptogen/crypto-config-farmer.yaml
View file

@ -9,10 +9,10 @@
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# Farmer
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
- Name: Farmer
Domain: farmer.varion.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
@ -30,8 +30,8 @@ PeerOrgs:
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: foo # implicitly "foo.farmer.varion.com"
# CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------

61
varion/organizations/cryptogen/crypto-config-huller.yaml Executable file
View file

@ -0,0 +1,61 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Huller
# ---------------------------------------------------------------------------
- Name: Huller
Domain: huller.varion.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.varion.com"
# CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 1
SANS:
- localhost
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1

2
varion/organizations/cryptogen/crypto-config-orderer.yaml
View file

@ -11,7 +11,7 @@ OrdererOrgs:
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
Domain: varion.com
EnableNodeOUs: true

61
varion/organizations/cryptogen/crypto-config-pulper.yaml Executable file
View file

@ -0,0 +1,61 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Pulper
# ---------------------------------------------------------------------------
- Name: Pulper
Domain: pulper.varion.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.varion.com"
# CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 1
SANS:
- localhost
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1

410
varion/organizations/fabric-ca/export/fabric-ca-server-config.yaml Executable file
View file

@ -0,0 +1,410 @@
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name: ExportCA
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
farmer:
- department1
- department2
pulper:
- department1
huller:
- department1
export:
- department1
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: ca.export.varion.com
names:
- C: ID
ST: "Jakarta"
L: "Jakarta"
O: export.varion.com
OU:
hosts:
- localhost
- export.varion.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount <number-of-CAs>
# Automatically generate <number-of-CAs> non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles <CA-config-files>
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

410
varion/organizations/fabric-ca/farmer/fabric-ca-server-config.yaml Executable file
View file

@ -0,0 +1,410 @@
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name: FarmerCA
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
farmer:
- department1
- department2
pulper:
- department1
huller:
- department1
export:
- department1
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: ca.export.varion.com
names:
- C: ID
ST: "Jakarta"
L: "Jakarta"
O: export.varion.com
OU:
hosts:
- localhost
- export.varion.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount <number-of-CAs>
# Automatically generate <number-of-CAs> non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles <CA-config-files>
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

410
varion/organizations/fabric-ca/huller/fabric-ca-server-config.yaml Executable file
View file

@ -0,0 +1,410 @@
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name: HullerCA
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
farmer:
- department1
- department2
pulper:
- department1
huller:
- department1
export:
- department1
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: ca.huller.varion.com
names:
- C: ID
ST: "Jakarta"
L: "Jakarta"
O: huller.varion.com
OU:
hosts:
- localhost
- huller.varion.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount <number-of-CAs>
# Automatically generate <number-of-CAs> non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles <CA-config-files>
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

410
varion/organizations/fabric-ca/pulper/fabric-ca-server-config.yaml Executable file
View file

@ -0,0 +1,410 @@
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: true
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name: PulperCA
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
farmer:
- department1
- department2
pulper:
- department1
huller:
- department1
export:
- department1
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: ca.pulper.varion.com
names:
- C: ID
ST: "Jakarta"
L: "Jakarta"
O: pulper.varion.com
OU:
hosts:
- localhost
- pulper.varion.com
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount <number-of-CAs>
# Automatically generate <number-of-CAs> non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is <number-of-CAs>
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles <CA-config-files>
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:

330
varion/organizations/fabric-ca/registerEnroll.sh
View file

@ -1,182 +1,354 @@
#!/bin/bash
function createOrg1() {
function createFarmer() {
infoln "Enrolling the CA admin"
mkdir -p organizations/peerOrganizations/org1.example.com/
mkdir -p organizations/peerOrganizations/farmer.varion.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/farmer.varion.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-farmer --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
Certificate: cacerts/localhost-7054-ca-farmer.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
Certificate: cacerts/localhost-7054-ca-farmer.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
Certificate: cacerts/localhost-7054-ca-farmer.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-7054-ca-org1.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml"
Certificate: cacerts/localhost-7054-ca-farmer.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml"
# Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories
# Copy org1's CA cert to org1's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"
# Copy farmer's CA cert to farmer's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/tlscacerts/ca.crt"
# Copy org1's CA cert to org1's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
# Copy farmer's CA cert to farmer's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/tlsca"
cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem"
# Copy org1's CA cert to org1's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"
# Copy farmer's CA cert to farmer's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/ca"
cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/ca/ca.farmer.varion.com-cert.pem"
infoln "Registering peer0"
set -x
fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-farmer --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering user"
set -x
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-farmer --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering the org admin"
set -x
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-farmer --id.name farmeradmin --id.secret farmeradminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Generating the peer0 msp"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/msp/config.yaml"
infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.farmer.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/server.key"
infoln "Generating the user msp"
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/User1@farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/User1@farmer.varion.com/msp/config.yaml"
infoln "Generating the org admin msp"
set -x
fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client enroll -u https://farmeradmin:farmeradminpw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp/config.yaml"
}
function createOrg2() {
function createPulper() {
infoln "Enrolling the CA admin"
mkdir -p organizations/peerOrganizations/org2.example.com/
mkdir -p organizations/peerOrganizations/pulper.varion.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/pulper.varion.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-pulper --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
Certificate: cacerts/localhost-8054-ca-pulper.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
Certificate: cacerts/localhost-8054-ca-pulper.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
Certificate: cacerts/localhost-8054-ca-pulper.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml"
Certificate: cacerts/localhost-8054-ca-pulper.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml"
# Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories
# Copy org2's CA cert to org2's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt"
# Copy pulper's CA cert to pulper's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/tlscacerts/ca.crt"
# Copy org2's CA cert to org2's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
# Copy pulper's CA cert to pulper's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/tlsca"
cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem"
# Copy org2's CA cert to org2's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"
# Copy pulper's CA cert to pulper's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/ca"
cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/ca/ca.pulper.varion.com-cert.pem"
infoln "Registering peer0"
set -x
fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-pulper --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering user"
set -x
fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-pulper --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering the org admin"
set -x
fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-pulper --id.name pulperadmin --id.secret pulperadminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Generating the peer0 msp"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/msp/config.yaml"
infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.pulper.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/server.key"
infoln "Generating the user msp"
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/User1@pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/User1@pulper.varion.com/msp/config.yaml"
infoln "Generating the org admin msp"
set -x
fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client enroll -u https://pulperadmin:pulperadminpw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml"
cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp/config.yaml"
}
function createHuller() {
infoln "Enrolling the CA admin"
mkdir -p organizations/peerOrganizations/huller.varion.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/huller.varion.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-huller --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-huller.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-huller.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-huller.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-huller.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml"
# Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories
# Copy huller's CA cert to huller's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/tlscacerts/ca.crt"
# Copy huller's CA cert to huller's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/tlsca"
cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem"
# Copy huller's CA cert to huller's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/ca"
cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/ca/ca.huller.varion.com-cert.pem"
infoln "Registering peer0"
set -x
fabric-ca-client register --caname ca-huller --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering user"
set -x
fabric-ca-client register --caname ca-huller --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering the org admin"
set -x
fabric-ca-client register --caname ca-huller --id.name hulleradmin --id.secret hulleradminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Generating the peer0 msp"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/msp/config.yaml"
infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.huller.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/server.key"
infoln "Generating the user msp"
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/users/User1@huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/users/User1@huller.varion.com/msp/config.yaml"
infoln "Generating the org admin msp"
set -x
fabric-ca-client enroll -u https://hulleradmin:hulleradminpw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp/config.yaml"
}
function createExport() {
infoln "Enrolling the CA admin"
mkdir -p organizations/peerOrganizations/export.varion.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/export.varion.com/
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-export --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-export.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-export.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-export.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-export.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml"
# Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories
# Copy export's CA cert to export's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/msp/tlscacerts/ca.crt"
# Copy export's CA cert to export's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/tlsca"
cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem"
# Copy export's CA cert to export's /ca directory (for use by clients)
mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/ca"
cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/ca/ca.export.varion.com-cert.pem"
infoln "Registering peer0"
set -x
fabric-ca-client register --caname ca-export --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering user"
set -x
fabric-ca-client register --caname ca-export --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Registering the org admin"
set -x
fabric-ca-client register --caname ca-export --id.name exportadmin --id.secret exportadminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
infoln "Generating the peer0 msp"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/msp/config.yaml"
infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.export.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/server.key"
infoln "Generating the user msp"
set -x
fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/users/User1@export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/users/User1@export.varion.com/msp/config.yaml"
infoln "Generating the org admin msp"
set -x
fabric-ca-client enroll -u https://exportadmin:exportadminpw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp/config.yaml"
}
function createOrderer() {
infoln "Enrolling the CA admin"
mkdir -p organizations/ordererOrganizations/example.com
mkdir -p organizations/ordererOrganizations/varion.com
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/varion.com
set -x
fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
@ -195,17 +367,17 @@ function createOrderer() {
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml"
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml"
# Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories
# Copy orderer org's CA cert to orderer org's /msp/tlscacerts directory (for use in the channel MSP definition)
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/varion.com/msp/tlscacerts/tlsca.varion.com-cert.pem"
# Copy orderer org's CA cert to orderer org's /tlsca directory (for use by clients)
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/tlsca"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem"
infoln "Registering orderer"
set -x
@ -219,29 +391,29 @@ function createOrderer() {
infoln "Generating the orderer msp"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"
cp "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/config.yaml"
infoln "Generating the orderer-tls certificates, use --csr.hosts to specify Subject Alternative Names"
set -x
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls" --enrollment.profile tls --csr.hosts orderer.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
# Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.key"
# Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/tlscacerts/tlsca.varion.com-cert.pem"
infoln "Generating the admin msp"
set -x
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/users/Admin@varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
{ set +x; } 2>/dev/null
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"
cp "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/varion.com/users/Admin@varion.com/msp/config.yaml"
}

64
varion/scripts/ccutils.sh
View file

@ -12,8 +12,8 @@ function installChaincode() {
fi
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode installation on peer0.org${ORG} has failed"
successln "Chaincode is installed on peer0.org${ORG}"
verifyResult $res "Chaincode installation on peer0.${ORG} has failed"
successln "Chaincode is installed on peer0.${ORG}"
}
# queryInstalled PEER ORG
@ -25,8 +25,8 @@ function queryInstalled() {
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Query installed on peer0.org${ORG} has failed"
successln "Query installed successful on peer0.org${ORG} on channel"
verifyResult $res "Query installed on peer0.${ORG} has failed"
successln "Query installed successful on peer0.${ORG} on channel"
}
# approveForMyOrg VERSION PEER ORG
@ -34,12 +34,12 @@ function approveForMyOrg() {
ORG=$1
setGlobals $ORG
set -x
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --package-id ${PACKAGE_ID} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --package-id ${PACKAGE_ID} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode definition approved on peer0.org${ORG} on channel '$CHANNEL_NAME' failed"
successln "Chaincode definition approved on peer0.org${ORG} on channel '$CHANNEL_NAME'"
verifyResult $res "Chaincode definition approved on peer0.${ORG} on channel '$CHANNEL_NAME' failed"
successln "Chaincode definition approved on peer0.${ORG} on channel '$CHANNEL_NAME'"
}
# checkCommitReadiness VERSION PEER ORG
@ -47,14 +47,14 @@ function checkCommitReadiness() {
ORG=$1
shift 1
setGlobals $ORG
infoln "Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'..."
infoln "Checking the commit readiness of the chaincode definition on peer0.${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG}, Retry after $DELAY seconds."
infoln "Attempting to check the commit readiness of the chaincode definition on peer0.${ORG}, Retry after $DELAY seconds."
set -x
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} --output json >&log.txt
res=$?
@ -67,9 +67,9 @@ function checkCommitReadiness() {
done
cat log.txt
if test $rc -eq 0; then
infoln "Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME'"
infoln "Checking the commit readiness of the chaincode definition successful on peer0.${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID!"
fatalln "After $MAX_RETRY attempts, Check commit readiness result on peer0.${ORG} is INVALID!"
fi
}
@ -83,11 +83,11 @@ function commitChaincodeDefinition() {
# peer (if join was successful), let's supply it directly as we know
# it using the "-o" option
set -x
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} "${PEER_CONN_PARMS[@]}" --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} "${PEER_CONN_PARMS[@]}" --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt
res=$?
{ set +x; } 2>/dev/null
cat log.txt
verifyResult $res "Chaincode definition commit failed on peer0.org${ORG} on channel '$CHANNEL_NAME' failed"
verifyResult $res "Chaincode definition commit failed on peer0.${ORG} on channel '$CHANNEL_NAME' failed"
successln "Chaincode definition committed on channel '$CHANNEL_NAME'"
}
@ -96,14 +96,14 @@ function queryCommitted() {
ORG=$1
setGlobals $ORG
EXPECTED_RESULT="Version: ${CC_VERSION}, Sequence: ${CC_SEQUENCE}, Endorsement Plugin: escc, Validation Plugin: vscc"
infoln "Querying chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'..."
infoln "Querying chaincode definition on peer0.${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Query committed status on peer0.org${ORG}, Retry after $DELAY seconds."
infoln "Attempting to Query committed status on peer0.${ORG}, Retry after $DELAY seconds."
set -x
peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name ${CC_NAME} >&log.txt
res=$?
@ -114,9 +114,9 @@ function queryCommitted() {
done
cat log.txt
if test $rc -eq 0; then
successln "Query chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME'"
successln "Query chaincode definition successful on peer0.${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Query chaincode definition result on peer0.org${ORG} is INVALID!"
fatalln "After $MAX_RETRY attempts, Query chaincode definition result on peer0.${ORG} is INVALID!"
fi
}
@ -137,7 +137,7 @@ function chaincodeInvokeInit() {
# it using the "-o" option
set -x
infoln "invoke fcn call:${fcn_call}"
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" -C $CHANNEL_NAME -n ${CC_NAME} "${PEER_CONN_PARMS[@]}" --isInit -c ${fcn_call} >&log.txt
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" -C $CHANNEL_NAME -n ${CC_NAME} "${PEER_CONN_PARMS[@]}" --isInit -c ${fcn_call} >&log.txt
res=$?
{ set +x; } 2>/dev/null
let rc=$res
@ -151,14 +151,14 @@ function chaincodeInvokeInit() {
function chaincodeQuery() {
ORG=$1
setGlobals $ORG
infoln "Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'..."
infoln "Querying on peer0.${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Query peer0.org${ORG}, Retry after $DELAY seconds."
infoln "Attempting to Query peer0.${ORG}, Retry after $DELAY seconds."
set -x
peer chaincode query -C $CHANNEL_NAME -n ${CC_NAME} -c '{"Args":["org.hyperledger.fabric:GetMetadata"]}' >&log.txt
res=$?
@ -168,9 +168,9 @@ function chaincodeQuery() {
done
cat log.txt
if test $rc -eq 0; then
successln "Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME'"
successln "Query successful on peer0.${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID!"
fatalln "After $MAX_RETRY attempts, Query result on peer0.${ORG} is INVALID!"
fi
}
@ -233,7 +233,7 @@ queryInstalledOnPeer() {
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
#sleep $DELAY
#infoln "Attempting to list on peer0.org${ORG}, Retry after $DELAY seconds."
#infoln "Attempting to list on peer0.${ORG}, Retry after $DELAY seconds."
peer lifecycle chaincode queryinstalled >&log.txt
res=$?
let rc=$res
@ -250,7 +250,7 @@ queryCommittedOnChannel() {
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
#sleep $DELAY
#infoln "Attempting to list on peer0.org${ORG}, Retry after $DELAY seconds."
#infoln "Attempting to list on peer0.${ORG}, Retry after $DELAY seconds."
peer lifecycle chaincode querycommitted -C $CHANNEL >&log.txt
res=$?
let rc=$res
@ -293,14 +293,14 @@ chaincodeInvoke() {
CC_NAME=$3
CC_INVOKE_CONSTRUCTOR=$4
infoln "Invoking on peer0.org${ORG} on channel '$CHANNEL_NAME'..."
infoln "Invoking on peer0.${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Invoke on peer0.org${ORG}, Retry after $DELAY seconds."
infoln "Attempting to Invoke on peer0.${ORG}, Retry after $DELAY seconds."
set -x
peer chaincode invoke -o localhost:7050 -C $CHANNEL_NAME -n ${CC_NAME} -c ${CC_INVOKE_CONSTRUCTOR} --tls --cafile $ORDERER_CA --peerAddresses localhost:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses localhost:9051 --tlsRootCertFiles $PEER0_ORG2_CA >&log.txt
res=$?
@ -310,9 +310,9 @@ chaincodeInvoke() {
done
cat log.txt
if test $rc -eq 0; then
successln "Invoke successful on peer0.org${ORG} on channel '$CHANNEL_NAME'"
successln "Invoke successful on peer0.${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Invoke result on peer0.org${ORG} is INVALID!"
fatalln "After $MAX_RETRY attempts, Invoke result on peer0.${ORG} is INVALID!"
fi
}
@ -322,14 +322,14 @@ chaincodeQuery() {
CC_NAME=$3
CC_QUERY_CONSTRUCTOR=$4
infoln "Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'..."
infoln "Querying on peer0.${ORG} on channel '$CHANNEL_NAME'..."
local rc=1
local COUNTER=1
# continue to poll
# we either get a successful response, or reach MAX RETRY
while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do
sleep $DELAY
infoln "Attempting to Query peer0.org${ORG}, Retry after $DELAY seconds."
infoln "Attempting to Query peer0.${ORG}, Retry after $DELAY seconds."
set -x
peer chaincode query -C $CHANNEL_NAME -n ${CC_NAME} -c ${CC_QUERY_CONSTRUCTOR} >&log.txt
res=$?
@ -339,8 +339,8 @@ chaincodeQuery() {
done
cat log.txt
if test $rc -eq 0; then
successln "Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME'"
successln "Query successful on peer0.${ORG} on channel '$CHANNEL_NAME'"
else
fatalln "After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID!"
fatalln "After $MAX_RETRY attempts, Query result on peer0.${ORG} is INVALID!"
fi
}

2
varion/scripts/configUpdate.sh
View file

@ -26,7 +26,7 @@ fetchChannelConfig() {
infoln "Fetching the most recent configuration block for the channel"
set -x
peer channel fetch config ${TEST_NETWORK_HOME}/channel-artifacts/config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL --tls --cafile "$ORDERER_CA"
peer channel fetch config ${TEST_NETWORK_HOME}/channel-artifacts/config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com -c $CHANNEL --tls --cafile "$ORDERER_CA"
{ set +x; } 2>/dev/null
infoln "Decoding config block to JSON and isolating config to ${OUTPUT}"

24
varion/scripts/createChannel.sh
View file

@ -119,15 +119,23 @@ createChannel $BFT
successln "Channel '$CHANNEL_NAME' created"
## Join all the peers to the channel
infoln "Joining org1 peer to the channel..."
joinChannel 1
infoln "Joining org2 peer to the channel..."
joinChannel 2
infoln "Joining farmer peer to the channel..."
joinChannel farmer
infoln "Joining pulper peer to the channel..."
joinChannel pulper
infoln "Joining huller peer to the channel..."
joinChannel huller
infoln "Joining export peer to the channel..."
joinChannel export
## Set the anchor peers for each org in the channel
infoln "Setting anchor peer for org1..."
setAnchorPeer 1
infoln "Setting anchor peer for org2..."
setAnchorPeer 2
infoln "Setting anchor peer for farmer..."
setAnchorPeer farmer
infoln "Setting anchor peer for pulper..."
setAnchorPeer pulper
infoln "Setting anchor peer for huller..."
setAnchorPeer huller
infoln "Setting anchor peer for export..."
setAnchorPeer export
successln "Channel '$CHANNEL_NAME' joined"

44
varion/scripts/deployCC.sh
View file

@ -73,46 +73,56 @@ checkPrereqs
PACKAGE_ID=$(peer lifecycle chaincode calculatepackageid ${CC_NAME}.tar.gz)
## Install chaincode on peer0.org1 and peer0.org2
infoln "Installing chaincode on peer0.org1..."
installChaincode 1
infoln "Install chaincode on peer0.org2..."
installChaincode 2
## Install chaincode on peer0.farmer, peer0.pulper, peer0.huller, and peer0.export
infoln "Install chaincode on peer0.farmer..."
installChaincode farmer
infoln "Install chaincode on peer0.pulper..."
installChaincode pulper
infoln "Install chaincode on peer0.huller..."
installChaincode huller
infoln "Install chaincode on peer0.export..."
installChaincode export
resolveSequence
## query whether the chaincode is installed
queryInstalled 1
queryInstalled farmer
## approve the definition for org1
approveForMyOrg 1
approveForMyOrg farmer
## check whether the chaincode definition is ready to be committed
## expect org1 to have approved and org2 not to
checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": false"
checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": false"
## expect farmer to have approved and pulper not to
checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": false"
checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": false"
## now approve also for org2
approveForMyOrg 2
approveForMyOrg pulper
## check whether the chaincode definition is ready to be committed
## expect them both to have approved
checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": true"
checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": true"
checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": true"
checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": true"
approveForMyOrg huller
approveForMyOrg export
## now that we know for sure both orgs have approved, commit the definition
commitChaincodeDefinition 1 2
commitChaincodeDefinition farmer pulper huller export
## query on both orgs to see that the definition committed successfully
queryCommitted 1
queryCommitted 2
queryCommitted farmer
queryCommitted pulper
queryCommitted huller
queryCommitted export
## Invoke the chaincode - this does require that the chaincode have the 'initLedger'
## method defined
if [ "$CC_INIT_FCN" = "NA" ]; then
infoln "Chaincode initialization is not required"
else
chaincodeInvokeInit 1 2
chaincodeInvokeInit farmer pulper huller export
fi
exit 0

65
varion/scripts/deployCCAAS.sh
View file

@ -136,13 +136,23 @@ startDockerContainer() {
if [ "$CCAAS_DOCKER_RUN" = "true" ]; then
infoln "Starting the Chaincode-as-a-Service docker container..."
set -x
${CONTAINER_CLI} run --rm -d --name peer0org1_${CC_NAME}_ccaas \
${CONTAINER_CLI} run --rm -d --name peer0farmer_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest
${CONTAINER_CLI} run --rm -d --name peer0org2_${CC_NAME}_ccaas \
${CONTAINER_CLI} run --rm -d --name peer0pulper_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest
${CONTAINER_CLI} run --rm -d --name peer0huller_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest
${CONTAINER_CLI} run --rm -d --name peer0export_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
@ -155,12 +165,22 @@ startDockerContainer() {
else
infoln "Not starting docker containers; these are the commands we would have run"
infoln " ${CONTAINER_CLI} run --rm -d --name peer0org1_${CC_NAME}_ccaas \
infoln " ${CONTAINER_CLI} run --rm -d --name peer0farmer_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest"
infoln " ${CONTAINER_CLI} run --rm -d --name peer0org2_${CC_NAME}_ccaas \
infoln " ${CONTAINER_CLI} run --rm -d --name peer0pulper_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest"
infoln " ${CONTAINER_CLI} run --rm -d --name peer0huller_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
${CC_NAME}_ccaas_image:latest"
infoln " ${CONTAINER_CLI} run --rm -d --name peer0export_${CC_NAME}_ccaas \
--network fabric_test \
-e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \
-e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \
@ -176,38 +196,43 @@ buildDockerImages
packageChaincode
## Install chaincode on peer0.org1 and peer0.org2
infoln "Installing chaincode on peer0.org1..."
installChaincode 1
infoln "Install chaincode on peer0.org2..."
installChaincode 2
infoln "Installing chaincode on peer0.farmer..."
installChaincode farmer
infoln "Install chaincode on peer0.pulper..."
installChaincode pulper
resolveSequence
## query whether the chaincode is installed
queryInstalled 1
queryInstalled farmer
## approve the definition for org1
approveForMyOrg 1
approveForMyOrg farmer
## check whether the chaincode definition is ready to be committed
## expect org1 to have approved and org2 not to
checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": false"
checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": false"
## expect farmer to have approved and pulper not to
checkCommitReadiness 1 "\"FarmerMSP\": true" "\"PulperMSP\": falpulperse"
checkCommitReadiness 2 "\"FarmerMSP\": true" "\"PulperMSP\": false"
## now approve also for org2
approveForMyOrg 2
approveForMyOrg pulper
## check whether the chaincode definition is ready to be committed
## expect them both to have approved
checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": true"
checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": true"
checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": true"
checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": true"
approveForMyOrg huller
approveForMyOrg export
## now that we know for sure both orgs have approved, commit the definition
commitChaincodeDefinition 1 2
commitChaincodeDefinition farmer pulper huller export
## query on both orgs to see that the definition committed successfully
queryCommitted 1
queryCommitted 2
queryCommitted farmer
queryCommitted pulper
queryCommitted huller
queryCommitted export
# start the container
startDockerContainer
@ -217,7 +242,7 @@ startDockerContainer
if [ "$CC_INIT_FCN" = "NA" ]; then
infoln "Chaincode initialization is not required"
else
chaincodeInvokeInit 1 2
chaincodeInvokeInit farmer pulper huller export
fi
exit 0

42
varion/scripts/envVar.sh
View file

@ -18,10 +18,11 @@ TEST_NETWORK_HOME=${TEST_NETWORK_HOME:-${PWD}}
. ${TEST_NETWORK_HOME}/scripts/utils.sh
export CORE_PEER_TLS_ENABLED=true
export ORDERER_CA=${TEST_NETWORK_HOME}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
export PEER0_ORG1_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
export PEER0_ORG2_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
export PEER0_ORG3_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
export ORDERER_CA=${TEST_NETWORK_HOME}/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem
export PEER0_FARMER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem
export PEER0_PULPER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem
export PEER0_HULLER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem
export PEER0_EXPORT_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem
# Set environment variables for the peer org
setGlobals() {
@ -32,21 +33,26 @@ setGlobals() {
USING_ORG="${OVERRIDE_ORG}"
fi
infoln "Using organization ${USING_ORG}"
if [ $USING_ORG -eq 1 ]; then
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
if [ $USING_ORG -eq "farmer" ]; then
export CORE_PEER_LOCALMSPID=FarmerMSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_FARMER_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp
export CORE_PEER_ADDRESS=localhost:7051
elif [ $USING_ORG -eq 2 ]; then
export CORE_PEER_LOCALMSPID=Org2MSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
elif [ $USING_ORG -eq "pulper" ]; then
export CORE_PEER_LOCALMSPID=PulperMSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_PULPER_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/pulper.varion.com/users/Admin@farmer.varion.com/msp
export CORE_PEER_ADDRESS=localhost:9051
elif [ $USING_ORG -eq 3 ]; then
export CORE_PEER_LOCALMSPID=Org3MSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG3_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
elif [ $USING_ORG -eq "huller" ]; then
export CORE_PEER_LOCALMSPID=HullerMSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_HULLER_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp
export CORE_PEER_ADDRESS=localhost:11051
elif [ $USING_ORG -eq "export" ]; then
export CORE_PEER_LOCALMSPID=ExportMSP
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_EXPORT_CA
export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp
export CORE_PEER_ADDRESS=localhost:12051
else
errorln "ORG Unknown"
fi
@ -64,7 +70,7 @@ parsePeerConnectionParameters() {
PEERS=""
while [ "$#" -gt 0 ]; do
setGlobals $1
PEER="peer0.org$1"
PEER="peer0.$1"
## Set peer addresses
if [ -z "$PEERS" ]
then
@ -74,7 +80,7 @@ parsePeerConnectionParameters() {
fi
PEER_CONN_PARMS=("${PEER_CONN_PARMS[@]}" --peerAddresses $CORE_PEER_ADDRESS)
## Set path to TLS certificate
CA=PEER0_ORG$1_CA
CA=PEER0_$1_CA
TLSINFO=(--tlsRootCertFiles "${!CA}")
PEER_CONN_PARMS=("${PEER_CONN_PARMS[@]}" "${TLSINFO[@]}")
# shift by one to get to the next organization

4
varion/scripts/orderer.sh
View file

@ -4,7 +4,7 @@
channel_name=$1
export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key /dev/null 2>&1
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.key /dev/null 2>&1
osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

4
varion/scripts/orderer2.sh
View file

@ -4,7 +4,7 @@
channel_name=$1
export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key > /dev/null 2>&1
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.key > /dev/null 2>&1
osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7055 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

4
varion/scripts/orderer3.sh
View file

@ -4,7 +4,7 @@
channel_name=$1
export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key > /dev/null 2>&1
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.key > /dev/null 2>&1
osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7057 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

4
varion/scripts/orderer4.sh
View file

@ -4,7 +4,7 @@
channel_name=$1
export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key > /dev/null 2>&1
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt /dev/null 2>&1
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.key > /dev/null 2>&1
osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7059 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

23
varion/scripts/setAnchorPeer.sh
View file

@ -7,8 +7,8 @@
# import utils
# test network home var targets to test network folder
# the reason we use a var here is considering with org3 specific folder
# when invoking this for org3 as test-network/scripts/org3-scripts
# the reason we use a var here is considering with huller specific folder
# when invoking this for huller as test-network/scripts/huller-scripts
# the value is changed from default as $PWD(test-network)
# to .. as relative path to make the import works
TEST_NETWORK_HOME=${TEST_NETWORK_HOME:-${PWD}}
@ -20,17 +20,20 @@ createAnchorPeerUpdate() {
infoln "Fetching channel config for channel $CHANNEL_NAME"
fetchChannelConfig $ORG $CHANNEL_NAME ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}config.json
infoln "Generating anchor peer update transaction for Org${ORG} on channel $CHANNEL_NAME"
infoln "Generating anchor peer update transaction for ${ORG} on channel $CHANNEL_NAME"
if [ $ORG -eq 1 ]; then
HOST="peer0.org1.example.com"
if [ $ORG -eq "farmer" ]; then
HOST="peer0.farmer.varion.com"
PORT=7051
elif [ $ORG -eq 2 ]; then
HOST="peer0.org2.example.com"
elif [ $ORG -eq "pulper" ]; then
HOST="peer0.pulper.varion.com"
PORT=9051
elif [ $ORG -eq 3 ]; then
HOST="peer0.org3.example.com"
elif [ $ORG -eq "huller" ]; then
HOST="peer0.huller.varion.com"
PORT=11051
elif [ $ORG -eq "export" ]; then
HOST="peer0.export.varion.com"
PORT=12051
else
errorln "Org${ORG} unknown"
fi
@ -50,7 +53,7 @@ createAnchorPeerUpdate() {
}
updateAnchorPeer() {
peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA" >&log.txt
peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com -c $CHANNEL_NAME -f ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA" >&log.txt
res=$?
cat log.txt
verifyResult $res "Anchor peer update failed"

54
varion/setOrgEnv.sh
View file

@ -6,7 +6,7 @@
# default to using Org1
ORG=${1:-Org1}
ORG=${farmer:-Org1}
# Exit on first error, print all commands.
set -e
@ -15,42 +15,58 @@ set -o pipefail
# Where am I?
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
ORDERER_CA=${DIR}/test-network/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
PEER0_ORG1_CA=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
PEER0_ORG2_CA=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
PEER0_ORG3_CA=${DIR}/test-network/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
ORDERER_CA=${DIR}/test-network/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem
PEER0_FARMER_CA=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem
PEER0_PULPER_CA=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem
PEER0_HULLER_CA=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem
PEER0_EXPORT_CA=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem
if [[ ${ORG,,} == "org1" || ${ORG,,} == "digibank" ]]; then
if [[ ${ORG,,} == "farmer" ]]; then
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_LOCALMSPID=FarmerMSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp
CORE_PEER_ADDRESS=localhost:7051
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem
elif [[ ${ORG,,} == "org2" || ${ORG,,} == "magnetocorp" ]]; then
elif [[ ${ORG,,} == "pulper" ]]; then
CORE_PEER_LOCALMSPID=Org2MSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
CORE_PEER_LOCALMSPID=PulperMSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp
CORE_PEER_ADDRESS=localhost:9051
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem
elif [[ ${ORG,,} == "huller" ]]; then
CORE_PEER_LOCALMSPID=HullerMSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp
CORE_PEER_ADDRESS=localhost:9051
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem
elif [[ ${ORG,,} == "export" ]]; then
CORE_PEER_LOCALMSPID=ExportMSP
CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp
CORE_PEER_ADDRESS=localhost:9051
CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem
else
echo "Unknown \"$ORG\", please choose Org1/Digibank or Org2/Magnetocorp"
echo "For example to get the environment variables to set upa Org2 shell environment run: ./setOrgEnv.sh Org2"
echo "Unknown \"$ORG\", please choose Farmer, Pulper, Huller, or Export"
echo "For varion to get the environment variables to set upa Pulper shell environment run: ./setOrgEnv.sh Pulper"
echo
echo "This can be automated to set them as well with:"
echo
echo 'export $(./setOrgEnv.sh Org2 | xargs)'
echo 'export $(./setOrgEnv.sh Pulper | xargs)'
exit 1
fi
# output the variables that need to be set
echo "CORE_PEER_TLS_ENABLED=true"
echo "ORDERER_CA=${ORDERER_CA}"
echo "PEER0_ORG1_CA=${PEER0_ORG1_CA}"
echo "PEER0_ORG2_CA=${PEER0_ORG2_CA}"
echo "PEER0_ORG3_CA=${PEER0_ORG3_CA}"
echo "PEER0_FARMER_CA=${PEER0_FARMER_CA}"
echo "PEER0_PULPER_CA=${PEER0_PULPER_CA}"
echo "PEER0_HULLER_CA=${PEER0_HULLER_CA}"
echo "PEER0_EXPORT_CA=${PEER0_EXPORT_CA}"
echo "CORE_PEER_MSPCONFIGPATH=${CORE_PEER_MSPCONFIGPATH}"
echo "CORE_PEER_ADDRESS=${CORE_PEER_ADDRESS}"