From f376beac1346660456b19bc2620af5da2a1087a7 Mon Sep 17 00:00:00 2001 From: Ferry Ariawan Date: Fri, 7 Jun 2024 16:44:50 +0700 Subject: [PATCH] Prepare for farmer, pulper, huller, and export --- varion/bft-config/configtx.yaml | 137 ++++-- varion/compose/compose-bft-test-net.yaml | 191 +++++--- varion/compose/compose-test-net.yaml | 142 ++++-- .../docker/docker-compose-bft-test-net.yaml | 34 +- .../docker/docker-compose-test-net.yaml | 34 +- varion/compose/docker/peercfg/core.yaml | 2 +- .../podman/podman-compose-test-net.yaml | 12 +- varion/configtx/configtx.yaml | 94 +++- varion/network.config | 6 +- varion/network.sh | 84 +++- varion/organizations/ccp-generate.sh | 38 +- varion/organizations/ccp-template.json | 16 +- varion/organizations/ccp-template.yaml | 20 +- .../cfssl/admin-csr-template.json | 12 +- varion/organizations/cfssl/ca-orderer.json | 14 +- varion/organizations/cfssl/ca-peer.json | 16 +- .../cfssl/client-csr-template.json | 12 +- .../cfssl/orderer-csr-template.json | 12 +- .../cfssl/peer-csr-template.json | 12 +- varion/organizations/cfssl/registerEnroll.sh | 40 +- ...ig-org2.yaml => crypto-config-export.yaml} | 10 +- ...ig-org1.yaml => crypto-config-farmer.yaml} | 10 +- .../cryptogen/crypto-config-huller.yaml | 61 +++ .../cryptogen/crypto-config-orderer.yaml | 2 +- .../cryptogen/crypto-config-pulper.yaml | 61 +++ .../export/fabric-ca-server-config.yaml | 410 ++++++++++++++++++ .../farmer/fabric-ca-server-config.yaml | 410 ++++++++++++++++++ .../huller/fabric-ca-server-config.yaml | 410 ++++++++++++++++++ .../pulper/fabric-ca-server-config.yaml | 410 ++++++++++++++++++ .../organizations/fabric-ca/registerEnroll.sh | 330 ++++++++++---- varion/scripts/ccutils.sh | 64 +-- varion/scripts/configUpdate.sh | 2 +- varion/scripts/createChannel.sh | 24 +- varion/scripts/deployCC.sh | 44 +- varion/scripts/deployCCAAS.sh | 65 ++- varion/scripts/envVar.sh | 42 +- varion/scripts/orderer.sh | 4 +- varion/scripts/orderer2.sh | 4 +- varion/scripts/orderer3.sh | 4 +- varion/scripts/orderer4.sh | 4 +- varion/scripts/setAnchorPeer.sh | 23 +- varion/setOrgEnv.sh | 54 ++- 42 files changed, 2878 insertions(+), 498 deletions(-) rename varion/organizations/cryptogen/{crypto-config-org2.yaml => crypto-config-export.yaml} (93%) rename varion/organizations/cryptogen/{crypto-config-org1.yaml => crypto-config-farmer.yaml} (92%) create mode 100755 varion/organizations/cryptogen/crypto-config-huller.yaml create mode 100755 varion/organizations/cryptogen/crypto-config-pulper.yaml create mode 100755 varion/organizations/fabric-ca/export/fabric-ca-server-config.yaml create mode 100755 varion/organizations/fabric-ca/farmer/fabric-ca-server-config.yaml create mode 100755 varion/organizations/fabric-ca/huller/fabric-ca-server-config.yaml create mode 100755 varion/organizations/fabric-ca/pulper/fabric-ca-server-config.yaml diff --git a/varion/bft-config/configtx.yaml b/varion/bft-config/configtx.yaml index 39b6f0f3..d6f86c69 100644 --- a/varion/bft-config/configtx.yaml +++ b/varion/bft-config/configtx.yaml @@ -22,7 +22,7 @@ Organizations: # ID to load the MSP definition as ID: OrdererMSP # MSPDir is the filesystem path which contains the MSP configuration - MSPDir: ../organizations/ordererOrganizations/example.com/msp + MSPDir: ../organizations/ordererOrganizations/varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// @@ -37,56 +37,102 @@ Organizations: Type: Signature Rule: "OR('OrdererMSP.admin')" OrdererEndpoints: - - orderer.example.com:7050 - - orderer2.example.com:7052 - - orderer3.example.com:7056 - - orderer4.example.com:7058 - - &Org1 + - orderer.varion.com:7050 + - orderer2.varion.com:7052 + - orderer3.varion.com:7056 + - orderer4.varion.com:7058 + - &Farmer # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment - Name: Org1MSP + Name: FarmerMSP # ID to load the MSP definition as - ID: Org1MSP - MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + ID: FarmerMSP + MSPDir: ../organizations/peerOrganizations/farmer.varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// Policies: Readers: Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Rule: "OR('FarmerMSP.admin', 'FarmerMSP.peer', 'FarmerMSP.client')" Writers: Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Rule: "OR('FarmerMSP.admin', 'FarmerMSP.client')" Admins: Type: Signature - Rule: "OR('Org1MSP.admin')" + Rule: "OR('FarmerMSP.admin')" Endorsement: Type: Signature - Rule: "OR('Org1MSP.peer')" - - &Org2 + Rule: "OR('FarmerMSP.peer')" + - &Pulper # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment - Name: Org2MSP + Name: PulperMSP # ID to load the MSP definition as - ID: Org2MSP - MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + ID: PulperMSP + MSPDir: ../organizations/peerOrganizations/pulper.varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// Policies: Readers: Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Rule: "OR('PulperMSP.admin', 'PulperMSP.peer', 'PulperMSP.client')" Writers: Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Rule: "OR('PulperMSP.admin', 'PulperMSP.client')" Admins: Type: Signature - Rule: "OR('Org2MSP.admin')" + Rule: "OR('PulperMSP.admin')" Endorsement: Type: Signature - Rule: "OR('Org2MSP.peer')" + Rule: "OR('PulperMSP.peer')" + - &Huller + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: HullerMSP + # ID to load the MSP definition as + ID: HullerMSP + MSPDir: ../organizations/peerOrganizations/huller.varion.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('HullerMSP.admin', 'HullerMSP.peer', 'HullerMSP.client')" + Writers: + Type: Signature + Rule: "OR('HullerMSP.admin', 'HullerMSP.client')" + Admins: + Type: Signature + Rule: "OR('HullerMSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('HullerMSP.peer')" + - &Export + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: ExportMSP + # ID to load the MSP definition as + ID: ExportMSP + MSPDir: ../organizations/peerOrganizations/export.varion.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('ExportMSP.admin', 'ExportMSP.peer', 'ExportMSP.client')" + Writers: + Type: Signature + Rule: "OR('ExportMSP.admin', 'ExportMSP.client')" + Admins: + Type: Signature + Rule: "OR('ExportMSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('ExportMSP.peer')" ################################################################################ # # SECTION: Capabilities @@ -237,7 +283,16 @@ Channel: &ChannelDefaults Rule: "ANY Writers" # By default, who may modify elements at this config level Admins: - Type: ImplicitMeta + Type: ImplicitMeta farmer: + - department1 + - department2 + pulper: + - department1 + huller: + - department1 + export: + - department1 + Rule: "MAJORITY Admins" # Capabilities describes the channel level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full @@ -277,36 +332,38 @@ Profiles: LeaderHeartbeatCount: 10 ConsenterMapping: - ID: 1 - Host: orderer.example.com + Host: orderer.varion.com Port: 7050 MSPID: OrdererMSP - Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/signcerts/orderer.varion.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt - ID: 2 - Host: orderer2.example.com + Host: orderer2.varion.com Port: 7052 MSPID: OrdererMSP - Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/orderer2.example.com-cert.pem - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/msp/signcerts/orderer2.varion.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt - ID: 3 - Host: orderer3.example.com + Host: orderer3.varion.com Port: 7056 MSPID: OrdererMSP - Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/signcerts/orderer3.example.com-cert.pem - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/msp/signcerts/orderer3.varion.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt - ID: 4 - Host: orderer4.example.com + Host: orderer4.varion.com Port: 7058 MSPID: OrdererMSP - Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/signcerts/orderer4.example.com-cert.pem - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + Identity: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/msp/signcerts/orderer4.varion.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt Application: <<: *ApplicationDefaults Organizations: - - *Org1 - - *Org2 + - *Farmer + - *Pulper + - *Huller + - *Export Capabilities: *ApplicationCapabilities \ No newline at end of file diff --git a/varion/compose/compose-bft-test-net.yaml b/varion/compose/compose-bft-test-net.yaml index 4ab83059..c23ccfe6 100644 --- a/varion/compose/compose-bft-test-net.yaml +++ b/varion/compose/compose-bft-test-net.yaml @@ -1,12 +1,14 @@ version: '3.7' volumes: - orderer.example.com: - orderer2.example.com: - orderer3.example.com: - orderer4.example.com: - peer0.org1.example.com: - peer0.org2.example.com: + orderer.varion.com: + orderer2.varion.com: + orderer3.varion.com: + orderer4.varion.com: + peer0.farmer.varion.com: + peer0.pulper.varion.com: + peer0.huller.varion.com: + peer0.export.varion.com: networks: test: @@ -14,8 +16,8 @@ networks: services: - orderer.example.com: - container_name: orderer.example.com + orderer.varion.com: + container_name: orderer.varion.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric @@ -41,14 +43,14 @@ services: - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer.varion.com:9443 - ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes: - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - - orderer.example.com:/var/hyperledger/production/orderer + - ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/:/var/hyperledger/orderer/tls + - orderer.varion.com:/var/hyperledger/production/orderer ports: - 7050:7050 - 7053:7053 @@ -56,8 +58,8 @@ services: networks: - test - orderer2.example.com: - container_name: orderer2.example.com + orderer2.varion.com: + container_name: orderer2.varion.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric @@ -83,14 +85,14 @@ services: - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7055 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer2.example.com:9446 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer2.varion.com:9446 - ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes: - - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls - - orderer2.example.com:/var/hyperledger/production/orderer + - ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/:/var/hyperledger/orderer/tls + - orderer2.varion.com:/var/hyperledger/production/orderer ports: - 7052:7052 - 7055:7055 @@ -98,8 +100,8 @@ services: networks: - test - orderer3.example.com: - container_name: orderer3.example.com + orderer3.varion.com: + container_name: orderer3.varion.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric @@ -125,14 +127,14 @@ services: - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7057 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer3.example.com:9447 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer3.varion.com:9447 - ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes: - - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls - - orderer3.example.com:/var/hyperledger/production/orderer + - ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/:/var/hyperledger/orderer/tls + - orderer3.varion.com:/var/hyperledger/production/orderer ports: - 7056:7056 - 7057:7057 @@ -140,8 +142,8 @@ services: networks: - test - orderer4.example.com: - container_name: orderer4.example.com + orderer4.varion.com: + container_name: orderer4.varion.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric @@ -167,14 +169,14 @@ services: - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7059 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer4.example.com:9448 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer4.varion.com:9448 - ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes: - - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls - - orderer4.example.com:/var/hyperledger/production/orderer + - ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/:/var/hyperledger/orderer/tls + - orderer4.varion.com:/var/hyperledger/production/orderer ports: - 7058:7058 - 7059:7059 @@ -182,11 +184,8 @@ services: networks: - test - - - - peer0.org1.example.com: - container_name: peer0.org1.example.com + peer0.farmer.varion.com: + container_name: peer0.farmer.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -200,22 +199,22 @@ services: - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt # Peer specific variables - - CORE_PEER_ID=peer0.org1.example.com - - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_ID=peer0.farmer.varion.com + - CORE_PEER_ADDRESS=peer0.farmer.varion.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 + - CORE_PEER_CHAINCODEADDRESS=peer0.farmer.varion.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - - CORE_PEER_LOCALMSPID=Org1MSP + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.farmer.varion.com:7051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.farmer.varion.com:7051 + - CORE_PEER_LOCALMSPID=FarmerMSP - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 + - CORE_OPERATIONS_LISTENADDRESS=peer0.farmer.varion.com:9444 - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - - peer0.org1.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com:/etc/hyperledger/fabric + - peer0.farmer.varion.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -224,8 +223,8 @@ services: networks: - test - peer0.org2.example.com: - container_name: peer0.org2.example.com + peer0.pulper.varion.com: + container_name: peer0.pulper.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -239,22 +238,22 @@ services: - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt # Peer specific variables - - CORE_PEER_ID=peer0.org2.example.com - - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 + - CORE_PEER_ID=peer0.pulper.varion.com + - CORE_PEER_ADDRESS=peer0.pulper.varion.com:9051 - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 + - CORE_PEER_CHAINCODEADDRESS=peer0.pulper.varion.com:9052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 - - CORE_PEER_LOCALMSPID=Org2MSP + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.pulper.varion.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.pulper.varion.com:9051 + - CORE_PEER_LOCALMSPID=PulperMSP - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 + - CORE_OPERATIONS_LISTENADDRESS=peer0.pulper.varion.com:9445 - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0pulper"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - - peer0.org2.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com:/etc/hyperledger/fabric + - peer0.pulper.varion.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -262,3 +261,81 @@ services: - 9445:9445 networks: - test + + peer0.huller.varion.com: + container_name: peer0.huller.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.huller.varion.com + - CORE_PEER_ADDRESS=peer0.huller.varion.com:11051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:11051 + - CORE_PEER_CHAINCODEADDRESS=peer0.huller.varion.com:11052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.huller.varion.com:11051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.huller.varion.com:11051 + - CORE_PEER_LOCALMSPID=HullerMSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.huller.varion.com:11445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com:/etc/hyperledger/fabric + - peer0.huller.varion.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 11051:11051 + - 11445:11445 + networks: + - test + + peer0.export.varion.com: + container_name: peer0.export.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.export.varion.com + - CORE_PEER_ADDRESS=peer0.export.varion.com:12051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:12051 + - CORE_PEER_CHAINCODEADDRESS=peer0.export.varion.com:12052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:12052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.export.varion.com:12051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.export.varion.com:12051 + - CORE_PEER_LOCALMSPID=ExportMSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.export.varion.com:12445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0export"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com:/etc/hyperledger/fabric + - peer0.export.varion.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 12051:12051 + - 12445:12445 + networks: + - test diff --git a/varion/compose/compose-test-net.yaml b/varion/compose/compose-test-net.yaml index dcac21b0..2754f40b 100644 --- a/varion/compose/compose-test-net.yaml +++ b/varion/compose/compose-test-net.yaml @@ -6,9 +6,11 @@ version: '3.7' volumes: - orderer.example.com: - peer0.org1.example.com: - peer0.org2.example.com: + orderer.varion.com: + peer0.farmer.varion.com: + peer0.pulper.varion.com: + peer0.huller.varion.com: + peer0.export.varion.com: networks: test: @@ -16,8 +18,8 @@ networks: services: - orderer.example.com: - container_name: orderer.example.com + orderer.varion.com: + container_name: orderer.varion.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric @@ -43,14 +45,14 @@ services: - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 - - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer.varion.com:9443 - ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes: - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - - orderer.example.com:/var/hyperledger/production/orderer + - ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/:/var/hyperledger/orderer/tls + - orderer.varion.com:/var/hyperledger/production/orderer ports: - 7050:7050 - 7053:7053 @@ -58,8 +60,8 @@ services: networks: - test - peer0.org1.example.com: - container_name: peer0.org1.example.com + peer0.farmer.varion.com: + container_name: peer0.farmer.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -73,22 +75,22 @@ services: - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt # Peer specific variables - - CORE_PEER_ID=peer0.org1.example.com - - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_ID=peer0.farmer.varion.com + - CORE_PEER_ADDRESS=peer0.farmer.varion.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 + - CORE_PEER_CHAINCODEADDRESS=peer0.farmer.varion.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.farmer.varion.com:7051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.farmer.varion.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 + - CORE_OPERATIONS_LISTENADDRESS=peer0.farmer.varion.com:9444 - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0farmer"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - - peer0.org1.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com:/etc/hyperledger/fabric + - peer0.farmer.varion.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -97,8 +99,8 @@ services: networks: - test - peer0.org2.example.com: - container_name: peer0.org2.example.com + peer0.pulper.varion.com: + container_name: peer0.pulper.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -112,22 +114,100 @@ services: - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt # Peer specific variables - - CORE_PEER_ID=peer0.org2.example.com - - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 + - CORE_PEER_ID=peer0.pulper.varion.com + - CORE_PEER_ADDRESS=peer0.pulper.varion.com:9051 - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 - - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 + - CORE_PEER_CHAINCODEADDRESS=peer0.pulper.varion.com:9052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 - - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.pulper.varion.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.pulper.varion.com:9051 - CORE_PEER_LOCALMSPID=Org2MSP - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 + - CORE_OPERATIONS_LISTENADDRESS=peer0.pulper.varion.com:9445 - CORE_METRICS_PROVIDER=prometheus - - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0pulper"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - - peer0.org2.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com:/etc/hyperledger/fabric + - peer0.pulper.varion.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 9051:9051 + - 9445:9445 + networks: + - test + + peer0.huller.varion.com: + container_name: peer0.huller.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.huller.varion.com + - CORE_PEER_ADDRESS=peer0.huller.varion.com:9051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 + - CORE_PEER_CHAINCODEADDRESS=peer0.huller.varion.com:9052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.huller.varion.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.huller.varion.com:9051 + - CORE_PEER_LOCALMSPID=Org2MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.huller.varion.com:9445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0huller"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com:/etc/hyperledger/fabric + - peer0.huller.varion.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 9051:9051 + - 9445:9445 + networks: + - test + + peer0.export.varion.com: + container_name: peer0.export.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.export.varion.com + - CORE_PEER_ADDRESS=peer0.export.varion.com:9051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 + - CORE_PEER_CHAINCODEADDRESS=peer0.export.varion.com:9052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.export.varion.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.export.varion.com:9051 + - CORE_PEER_LOCALMSPID=Org2MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.export.varion.com:9445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0export"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com:/etc/hyperledger/fabric + - peer0.export.varion.com:/var/hyperledger/production working_dir: /root command: peer node start ports: diff --git a/varion/compose/docker/docker-compose-bft-test-net.yaml b/varion/compose/docker/docker-compose-bft-test-net.yaml index 421d8e0b..1dac4256 100644 --- a/varion/compose/docker/docker-compose-bft-test-net.yaml +++ b/varion/compose/docker/docker-compose-bft-test-net.yaml @@ -5,8 +5,8 @@ version: '3.7' services: - peer0.org1.example.com: - container_name: peer0.org1.example.com + peer0.farmer.varion.com: + container_name: peer0.farmer.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -18,8 +18,34 @@ services: - ./docker/peercfg:/etc/hyperledger/peercfg - ${DOCKER_SOCK}:/host/var/run/docker.sock - peer0.org2.example.com: - container_name: peer0.org2.example.com + peer0.pulper.varion.com: + container_name: peer0.pulper.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.huller.varion.com: + container_name: peer0.huller.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.export.varion.com: + container_name: peer0.export.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric diff --git a/varion/compose/docker/docker-compose-test-net.yaml b/varion/compose/docker/docker-compose-test-net.yaml index 421d8e0b..1dac4256 100644 --- a/varion/compose/docker/docker-compose-test-net.yaml +++ b/varion/compose/docker/docker-compose-test-net.yaml @@ -5,8 +5,8 @@ version: '3.7' services: - peer0.org1.example.com: - container_name: peer0.org1.example.com + peer0.farmer.varion.com: + container_name: peer0.farmer.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric @@ -18,8 +18,34 @@ services: - ./docker/peercfg:/etc/hyperledger/peercfg - ${DOCKER_SOCK}:/host/var/run/docker.sock - peer0.org2.example.com: - container_name: peer0.org2.example.com + peer0.pulper.varion.com: + container_name: peer0.pulper.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.huller.varion.com: + container_name: peer0.huller.varion.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.export.varion.com: + container_name: peer0.export.varion.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric diff --git a/varion/compose/docker/peercfg/core.yaml b/varion/compose/docker/peercfg/core.yaml index b20e421c..9d8462cc 100644 --- a/varion/compose/docker/peercfg/core.yaml +++ b/varion/compose/docker/peercfg/core.yaml @@ -680,7 +680,7 @@ ledger: # Internally the chaincode may execute multiple CouchDB queries, # each of size internalQueryLimit. internalQueryLimit: 1000 - # Limit on the number of records per CouchDB bulk update batch + # Limit on the number of recordpulpers per CouchDB bulk update batch maxBatchUpdateSize: 1000 # Create the _global_changes system database # This is optional. Creating the global changes database will require diff --git a/varion/compose/podman/podman-compose-test-net.yaml b/varion/compose/podman/podman-compose-test-net.yaml index 8afe4149..b57292dd 100644 --- a/varion/compose/podman/podman-compose-test-net.yaml +++ b/varion/compose/podman/podman-compose-test-net.yaml @@ -6,11 +6,19 @@ version: '3.7' services: - peer0.org1.example.com: + peer0.farmer.varion.com: volumes: - ./podman/peercfg:/etc/hyperledger/peercfg - peer0.org2.example.com: + peer0.pulper.varion.com: + volumes: + - ./podman/peercfg:/etc/hyperledger/peercfg + + peer0.huller.varion.com: + volumes: + - ./podman/peercfg:/etc/hyperledger/peercfg + + peer0.export.varion.com: volumes: - ./podman/peercfg:/etc/hyperledger/peercfg diff --git a/varion/configtx/configtx.yaml b/varion/configtx/configtx.yaml index 6f783e2a..b5a7e089 100644 --- a/varion/configtx/configtx.yaml +++ b/varion/configtx/configtx.yaml @@ -22,7 +22,7 @@ Organizations: # ID to load the MSP definition as ID: OrdererMSP # MSPDir is the filesystem path which contains the MSP configuration - MSPDir: ../organizations/ordererOrganizations/example.com/msp + MSPDir: ../organizations/ordererOrganizations/varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// @@ -37,53 +37,99 @@ Organizations: Type: Signature Rule: "OR('OrdererMSP.admin')" OrdererEndpoints: - - orderer.example.com:7050 - - &Org1 + - orderer.varion.com:7050 + - &Farmer # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment - Name: Org1MSP + Name: FarmerMSP # ID to load the MSP definition as - ID: Org1MSP - MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + ID: FarmerMSP + MSPDir: ../organizations/peerOrganizations/farmer.varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// Policies: Readers: Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Rule: "OR('FarmerMSP.admin', 'FarmerMSP.peer', 'FarmerMSP.client')" Writers: Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Rule: "OR('FarmerMSP.admin', 'FarmerMSP.client')" Admins: Type: Signature - Rule: "OR('Org1MSP.admin')" + Rule: "OR('FarmerMSP.admin')" Endorsement: Type: Signature - Rule: "OR('Org1MSP.peer')" - - &Org2 + Rule: "OR('FarmerMSP.peer')" + - &Pulper # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment - Name: Org2MSP + Name: PulperMSP # ID to load the MSP definition as - ID: Org2MSP - MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + ID: PulperMSP + MSPDir: ../organizations/peerOrganizations/pulper.varion.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/// Policies: Readers: Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Rule: "OR('PulperMSP.admin', 'PulperMSP.peer', 'PulperMSP.client')" Writers: Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Rule: "OR('PulperMSP.admin', 'PulperMSP.client')" Admins: Type: Signature - Rule: "OR('Org2MSP.admin')" + Rule: "OR('PulperMSP.admin')" Endorsement: Type: Signature - Rule: "OR('Org2MSP.peer')" + Rule: "OR('PulperMSP.peer')" + - &Huller + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: HullerMSP + # ID to load the MSP definition as + ID: HullerMSP + MSPDir: ../organizations/peerOrganizations/huller.varion.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('HullerMSP.admin', 'HullerMSP.peer', 'HullerMSP.client')" + Writers: + Type: Signature + Rule: "OR('HullerMSP.admin', 'HullerMSP.client')" + Admins: + Type: Signature + Rule: "OR('HullerMSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('HullerMSP.peer')" + - &Export + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: ExportMSP + # ID to load the MSP definition as + ID: ExportMSP + MSPDir: ../organizations/peerOrganizations/export.varion.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('ExportMSP.admin', 'ExportMSP.peer', 'ExportMSP.client')" + Writers: + Type: Signature + Rule: "OR('ExportMSP.admin', 'ExportMSP.client')" + Admins: + Type: Signature + Rule: "OR('ExportMSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('ExportMSP.peer')" ################################################################################ # # SECTION: Capabilities @@ -183,7 +229,7 @@ Orderer: &OrdererDefaults # as TLS validation. The preferred way to specify orderer addresses is now # to include the OrdererEndpoints item in your org definition Addresses: - - orderer.example.com:7050 + - orderer.varion.com:7050 # Batch Timeout: The amount of time to wait before creating a batch BatchTimeout: 2s # Batch Size: Controls the number of messages batched into a block @@ -264,16 +310,16 @@ Profiles: OrdererType: etcdraft EtcdRaft: Consenters: - - Host: orderer.example.com + - Host: orderer.varion.com Port: 7050 - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ClientTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt Organizations: - *OrdererOrg Capabilities: *OrdererCapabilities Application: <<: *ApplicationDefaults Organizations: - - *Org1 - - *Org2 + - *Farmer + - *Pulper Capabilities: *ApplicationCapabilities diff --git a/varion/network.config b/varion/network.config index ec107bbe..6f908e78 100644 --- a/varion/network.config +++ b/varion/network.config @@ -17,7 +17,7 @@ CLI_DELAY=3 CHANNEL_NAME="mychannel" # default database (-s) -DATABASE="leveldb" +DATABASE="couchdb" # default org (-org) ORG=1 @@ -29,13 +29,13 @@ CC_SRC_LANGUAGE="go" CC_VERSION="1.0.1" # chaincode name defaults to "NA" (-ccn) -CC_NAME="basic" +CC_NAME="varion" # default to running the docker commands for the CCAAS (-ccaasdocker) CCAAS_DOCKER_RUN=true # chaincode path defaults to "NA" (-ccp) -CC_SRC_PATH="../asset-transfer-basic/chaincode-go" +CC_SRC_PATH="../varion-contract/chaincode-go" # endorsement policy defaults to "NA". This would allow chaincodes to use the majority default policy. (-ccep) CC_END_POLICY="NA" diff --git a/varion/network.sh b/varion/network.sh index 569cee65..6659a10f 100755 --- a/varion/network.sh +++ b/varion/network.sh @@ -167,20 +167,40 @@ function createOrgs() { fi infoln "Generating certificates using cryptogen tool" - infoln "Creating Org1 Identities" + infoln "Creating Farmer Identities" set -x - cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output="organizations" + cryptogen generate --config=./organizations/cryptogen/crypto-config-farmer.yaml --output="organizations" res=$? { set +x; } 2>/dev/null if [ $res -ne 0 ]; then fatalln "Failed to generate certificates..." fi - infoln "Creating Org2 Identities" + infoln "Creating Pulper Identities" set -x - cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output="organizations" + cryptogen generate --config=./organizations/cryptogen/crypto-config-pulper.yaml --output="organizations" + res=$? + { set +x; } 2>/dev/null + if [ $res -ne 0 ]; then + fatalln "Failed to generate certificates..." + fi + + infoln "Creating Huller Identities" + + set -x + cryptogen generate --config=./organizations/cryptogen/crypto-config-huller.yaml --output="organizations" + res=$? + { set +x; } 2>/dev/null + if [ $res -ne 0 ]; then + fatalln "Failed to generate certificates..." + fi + + infoln "Creating Export Identities" + + set -x + cryptogen generate --config=./organizations/cryptogen/crypto-config-export.yaml --output="organizations" res=$? { set +x; } 2>/dev/null if [ $res -ne 0 ]; then @@ -204,18 +224,28 @@ function createOrgs() { . organizations/cfssl/registerEnroll.sh #function_name cert-type CN org - peer_cert peer peer0.org1.example.com org1 - peer_cert admin Admin@org1.example.com org1 + peer_cert peer peer0.farmer.varion.com farmer + peer_cert admin Admin@farmer.varion.com farmer - infoln "Creating Org2 Identities" + infoln "Creating Pulper Identities" #function_name cert-type CN org - peer_cert peer peer0.org2.example.com org2 - peer_cert admin Admin@org2.example.com org2 + peer_cert peer peer0.pulper.varion.com pulper + peer_cert admin Admin@pulper.varion.com pulper + + infoln "Creating Huller Identities" + #function_name cert-type CN org + peer_cert peer peer0.huller.varion.com huller + peer_cert admin Admin@huller.varion.com huller + + infoln "Creating Export Identities" + #function_name cert-type CN org + peer_cert peer peer0.export.varion.com export + peer_cert admin Admin@export.varion.com export infoln "Creating Orderer Org Identities" #function_name cert-type CN - orderer_cert orderer orderer.example.com - orderer_cert admin Admin@example.com + orderer_cert orderer orderer.varion.com + orderer_cert admin Admin@varion.com fi @@ -228,20 +258,28 @@ function createOrgs() { while : do - if [ ! -f "organizations/fabric-ca/org1/tls-cert.pem" ]; then + if [ ! -f "organizations/fabric-ca/farmer/tls-cert.pem" ]; then sleep 1 else break fi done - infoln "Creating Org1 Identities" + infoln "Creating Farmer Identities" - createOrg1 + createFarmer - infoln "Creating Org2 Identities" + infoln "Creating Pulper Identities" - createOrg2 + createPulper + + infoln "Creating Huller Identities" + + createPulper + + infoln "Creating Export Identities" + + createPulper infoln "Creating Orderer Org Identities" @@ -249,7 +287,7 @@ function createOrgs() { fi - infoln "Generating CCP files for Org1 and Org2" + infoln "Generating CCP files for Farmer, Pulper, Huller, and Export" ./organizations/ccp-generate.sh } @@ -303,7 +341,7 @@ function networkUp() { fi } -# call the script to create the channel, join the peers of org1 and org2, +# call the script to create the channel, join the peers of farmer and pulper, # and then update the anchor peers for each organization function createChannel() { # Bring up the network if it is not already up. @@ -424,7 +462,7 @@ function networkDown() { COMPOSE_CA_FILES="-f compose/${COMPOSE_FILE_CA} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_CA}" COMPOSE_FILES="${COMPOSE_BASE_FILES} ${COMPOSE_COUCH_FILES} ${COMPOSE_CA_FILES}" - # stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3 + # stop org3 containers also in addition to farmer and pulper, in case we were running sample to add org3 COMPOSE_ORG3_BASE_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_BASE} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_BASE}" COMPOSE_ORG3_COUCH_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_COUCH} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_COUCH}" COMPOSE_ORG3_CA_FILES="-f addOrg3/compose/${COMPOSE_FILE_ORG3_CA} -f addOrg3/compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_ORG3_CA}" @@ -443,7 +481,7 @@ function networkDown() { # Don't remove the generated artifacts -- note, the ledgers are always removed if [ "$MODE" != "restart" ]; then # Bring down the network, deleting the volumes - ${CONTAINER_CLI} volume rm docker_orderer.example.com docker_peer0.org1.example.com docker_peer0.org2.example.com + ${CONTAINER_CLI} volume rm docker_orderer.varion.com docker_peer0.farmer.varion.com docker_peer0.pulper.varion.com docker_peer0.huller.varion.com docker_peer0.export.varion.com #Cleanup the chaincode containers clearContainers #Cleanup images @@ -451,8 +489,10 @@ function networkDown() { # remove orderer block and other channel configuration transactions and certs ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf system-genesis-block/*.block organizations/peerOrganizations organizations/ordererOrganizations' ## remove fabric ca artifacts - ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/org1/msp organizations/fabric-ca/org1/tls-cert.pem organizations/fabric-ca/org1/ca-cert.pem organizations/fabric-ca/org1/IssuerPublicKey organizations/fabric-ca/org1/IssuerRevocationPublicKey organizations/fabric-ca/org1/fabric-ca-server.db' - ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/org2/msp organizations/fabric-ca/org2/tls-cert.pem organizations/fabric-ca/org2/ca-cert.pem organizations/fabric-ca/org2/IssuerPublicKey organizations/fabric-ca/org2/IssuerRevocationPublicKey organizations/fabric-ca/org2/fabric-ca-server.db' + ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/farmer/msp organizations/fabric-ca/farmer/tls-cert.pem organizations/fabric-ca/farmer/ca-cert.pem organizations/fabric-ca/farmer/IssuerPublicKey organizations/fabric-ca/farmer/IssuerRevocationPublicKey organizations/fabric-ca/farmer/fabric-ca-server.db' + ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/pulper/msp organizations/fabric-ca/pulper/tls-cert.pem organizations/fabric-ca/pulper/ca-cert.pem organizations/fabric-ca/pulper/IssuerPublicKey organizations/fabric-ca/pulper/IssuerRevocationPublicKey organizations/fabric-ca/pulper/fabric-ca-server.db' + ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/huller/msp organizations/fabric-ca/huller/tls-cert.pem organizations/fabric-ca/huller/ca-cert.pem organizations/fabric-ca/huller/IssuerPublicKey organizations/fabric-ca/huller/IssuerRevocationPublicKey organizations/fabric-ca/huller/fabric-ca-server.db' + ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/export/msp organizations/fabric-ca/export/tls-cert.pem organizations/fabric-ca/export/ca-cert.pem organizations/fabric-ca/export/IssuerPublicKey organizations/fabric-ca/export/IssuerRevocationPublicKey organizations/fabric-ca/export/fabric-ca-server.db' ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf organizations/fabric-ca/ordererOrg/msp organizations/fabric-ca/ordererOrg/tls-cert.pem organizations/fabric-ca/ordererOrg/ca-cert.pem organizations/fabric-ca/ordererOrg/IssuerPublicKey organizations/fabric-ca/ordererOrg/IssuerRevocationPublicKey organizations/fabric-ca/ordererOrg/fabric-ca-server.db' ${CONTAINER_CLI} run --rm -v "$(pwd):/data" busybox sh -c 'cd /data && rm -rf addOrg3/fabric-ca/org3/msp addOrg3/fabric-ca/org3/tls-cert.pem addOrg3/fabric-ca/org3/ca-cert.pem addOrg3/fabric-ca/org3/IssuerPublicKey addOrg3/fabric-ca/org3/IssuerRevocationPublicKey addOrg3/fabric-ca/org3/fabric-ca-server.db' # remove channel and script artifacts diff --git a/varion/organizations/ccp-generate.sh b/varion/organizations/ccp-generate.sh index 7e091d0b..addf5994 100755 --- a/varion/organizations/ccp-generate.sh +++ b/varion/organizations/ccp-generate.sh @@ -26,20 +26,38 @@ function yaml_ccp { organizations/ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g' } -ORG=1 +ORG=farmer P0PORT=7051 CAPORT=7054 -PEERPEM=organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem -CAPEM=organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem +PEERPEM=organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem +CAPEM=organizations/peerOrganizations/farmer.varion.com/ca/ca.farmer.varion.com-cert.pem -echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json -echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/farmer.varion.com/connection-farmer.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/farmer.varion.com/connection-farmer.yaml -ORG=2 +ORG=pulper P0PORT=9051 CAPORT=8054 -PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem -CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem +PEERPEM=organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem +CAPEM=organizations/peerOrganizations/pulper.varion.com/ca/ca.pulper.varion.com-cert.pem -echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json -echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/pulper.varion.com/connection-pulper.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/pulper.varion.com/connection-pulper.yaml + +ORG=huller +P0PORT=9051 +CAPORT=8054 +PEERPEM=organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem +CAPEM=organizations/peerOrganizations/huller.varion.com/ca/ca.huller.varion.com-cert.pem + +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/huller.varion.com/connection-huller.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/huller.varion.com/connection-huller.yaml + +ORG=export +P0PORT=9051 +CAPORT=8054 +PEERPEM=organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem +CAPEM=organizations/peerOrganizations/export.varion.com/ca/ca.export.varion.com-cert.pem + +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/export.varion.com/connection-export.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/export.varion.com/connection-export.yaml diff --git a/varion/organizations/ccp-template.json b/varion/organizations/ccp-template.json index e945bfe9..0a8274b4 100755 --- a/varion/organizations/ccp-template.json +++ b/varion/organizations/ccp-template.json @@ -1,5 +1,5 @@ { - "name": "test-network-org${ORG}", + "name": "test-network-${ORG}", "version": "1.0.0", "client": { "organization": "Org${ORG}", @@ -15,29 +15,29 @@ "Org${ORG}": { "mspid": "Org${ORG}MSP", "peers": [ - "peer0.org${ORG}.example.com" + "peer0.${ORG}.varion.com" ], "certificateAuthorities": [ - "ca.org${ORG}.example.com" + "ca.${ORG}.varion.com" ] } }, "peers": { - "peer0.org${ORG}.example.com": { + "peer0.${ORG}.varion.com": { "url": "grpcs://localhost:${P0PORT}", "tlsCACerts": { "pem": "${PEERPEM}" }, "grpcOptions": { - "ssl-target-name-override": "peer0.org${ORG}.example.com", - "hostnameOverride": "peer0.org${ORG}.example.com" + "ssl-target-name-override": "peer0.${ORG}.varion.com", + "hostnameOverride": "peer0.${ORG}.varion.com" } } }, "certificateAuthorities": { - "ca.org${ORG}.example.com": { + "ca.${ORG}.varion.com": { "url": "https://localhost:${CAPORT}", - "caName": "ca-org${ORG}", + "caName": "ca-${ORG}", "tlsCACerts": { "pem": ["${CAPEM}"] }, diff --git a/varion/organizations/ccp-template.yaml b/varion/organizations/ccp-template.yaml index b675c186..86de77d9 100755 --- a/varion/organizations/ccp-template.yaml +++ b/varion/organizations/ccp-template.yaml @@ -1,32 +1,32 @@ --- -name: test-network-org${ORG} +name: test-network-${ORG} version: 1.0.0 client: - organization: Org${ORG} + organization: ${ORG} connection: timeout: peer: endorser: '300' organizations: Org${ORG}: - mspid: Org${ORG}MSP + mspid: ${ORG}MSP peers: - - peer0.org${ORG}.example.com + - peer0.${ORG}.varion.com certificateAuthorities: - - ca.org${ORG}.example.com + - ca.${ORG}.varion.com peers: - peer0.org${ORG}.example.com: + peer0.${ORG}.varion.com: url: grpcs://localhost:${P0PORT} tlsCACerts: pem: | ${PEERPEM} grpcOptions: - ssl-target-name-override: peer0.org${ORG}.example.com - hostnameOverride: peer0.org${ORG}.example.com + ssl-target-name-override: peer0.${ORG}.varion.com + hostnameOverride: peer0.${ORG}.varion.com certificateAuthorities: - ca.org${ORG}.example.com: + ca.${ORG}.varion.com: url: https://localhost:${CAPORT} - caName: ca-org${ORG} + caName: ca-${ORG} tlsCACerts: pem: - | diff --git a/varion/organizations/cfssl/admin-csr-template.json b/varion/organizations/cfssl/admin-csr-template.json index 5f52e3fa..3817de75 100644 --- a/varion/organizations/cfssl/admin-csr-template.json +++ b/varion/organizations/cfssl/admin-csr-template.json @@ -1,15 +1,15 @@ { "CN": "{USER}", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", "OU": "admin" } ], diff --git a/varion/organizations/cfssl/ca-orderer.json b/varion/organizations/cfssl/ca-orderer.json index d9ae6667..1dbd46b9 100644 --- a/varion/organizations/cfssl/ca-orderer.json +++ b/varion/organizations/cfssl/ca-orderer.json @@ -1,15 +1,15 @@ { - "CN": "cfssl-orderer-ca", + "CN": "varion-orderer-ca", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", "OU": "client" } ], diff --git a/varion/organizations/cfssl/ca-peer.json b/varion/organizations/cfssl/ca-peer.json index 394d8fd3..71619e6e 100644 --- a/varion/organizations/cfssl/ca-peer.json +++ b/varion/organizations/cfssl/ca-peer.json @@ -1,16 +1,16 @@ { - "CN": "cfssl-peer-ca", + "CN": "varion-peer-ca", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", - "OU": "Fabric" + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", + "OU": "Varion" } ], "hosts": [ diff --git a/varion/organizations/cfssl/client-csr-template.json b/varion/organizations/cfssl/client-csr-template.json index 1d67f7f6..62d9dbcd 100644 --- a/varion/organizations/cfssl/client-csr-template.json +++ b/varion/organizations/cfssl/client-csr-template.json @@ -1,15 +1,15 @@ { "CN": "{USER}", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", "OU": "client" } ], diff --git a/varion/organizations/cfssl/orderer-csr-template.json b/varion/organizations/cfssl/orderer-csr-template.json index 1a9af690..3cfe66e3 100644 --- a/varion/organizations/cfssl/orderer-csr-template.json +++ b/varion/organizations/cfssl/orderer-csr-template.json @@ -1,15 +1,15 @@ { "CN": "{USER}", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", "OU": "orderer" } ], diff --git a/varion/organizations/cfssl/peer-csr-template.json b/varion/organizations/cfssl/peer-csr-template.json index 09d66893..067c8dee 100644 --- a/varion/organizations/cfssl/peer-csr-template.json +++ b/varion/organizations/cfssl/peer-csr-template.json @@ -1,15 +1,15 @@ { "CN": "{USER}", "key": { - "algo": "ecdsa", - "size": 256 + "algo": "rsa", + "size": 2048 }, "names": [ { - "C": "IN", - "ST": "Delhi", - "L": "Aero city", - "O": "cfssl", + "C": "ID", + "ST": "Jakarta", + "L": "Jakarta", + "O": "varion", "OU": "peer" } ], diff --git a/varion/organizations/cfssl/registerEnroll.sh b/varion/organizations/cfssl/registerEnroll.sh index d5bac21e..ebe5a77b 100755 --- a/varion/organizations/cfssl/registerEnroll.sh +++ b/varion/organizations/cfssl/registerEnroll.sh @@ -7,20 +7,20 @@ function peer_cert() { USER=$2 ORG=$3 - mkdir -p "organizations/peerOrganizations/$ORG.example.com/ca" - mkdir -p "organizations/peerOrganizations/$ORG.example.com/msp/cacerts" - mkdir -p "organizations/peerOrganizations/$ORG.example.com/msp/tlscacerts" - mkdir -p "organizations/peerOrganizations/$ORG.example.com/peers" - mkdir -p "organizations/peerOrganizations/$ORG.example.com/tlsca" + mkdir -p "organizations/peerOrganizations/$ORG.varion.com/ca" + mkdir -p "organizations/peerOrganizations/$ORG.varion.com/msp/cacerts" + mkdir -p "organizations/peerOrganizations/$ORG.varion.com/msp/tlscacerts" + mkdir -p "organizations/peerOrganizations/$ORG.varion.com/peers" + mkdir -p "organizations/peerOrganizations/$ORG.varion.com/tlsca" - CERT_DIR=organizations/peerOrganizations/$ORG.example.com + CERT_DIR=organizations/peerOrganizations/$ORG.varion.com if [ ! -f "$CERT_DIR/ca/ca-key.pem" ]; then cfssl gencert -initca "${PWD}/organizations/cfssl/ca-peer.json" | cfssljson -bare "$CERT_DIR/ca/ca" - cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.$ORG.example.com-cert.pem" - cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/ca/ca.$ORG.example.com-cert.pem" + cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.$ORG.varion.com-cert.pem" + cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/ca/ca.$ORG.varion.com-cert.pem" cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/cacerts/" cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/" @@ -55,24 +55,24 @@ function peer_cert() { function orderer_cert() { TYPE=$1 #orderer user - USER=$2 #orderer.example.com + USER=$2 #orderer.varion.com - mkdir -p organizations/ordererOrganizations/example.com/ca - mkdir -p organizations/ordererOrganizations/example.com/msp/cacerts - mkdir -p organizations/ordererOrganizations/example.com/msp/tlscacerts - mkdir -p organizations/ordererOrganizations/example.com/orderers - mkdir -p organizations/ordererOrganizations/example.com/tlsca + mkdir -p organizations/ordererOrganizations/varion.com/ca + mkdir -p organizations/ordererOrganizations/varion.com/msp/cacerts + mkdir -p organizations/ordererOrganizations/varion.com/msp/tlscacerts + mkdir -p organizations/ordererOrganizations/varion.com/orderers + mkdir -p organizations/ordererOrganizations/varion.com/tlsca - CERT_DIR=organizations/ordererOrganizations/example.com + CERT_DIR=organizations/ordererOrganizations/varion.com if [ ! -f "$CERT_DIR/ca/ca-key.pem" ]; then cfssl gencert -initca "${PWD}/organizations/cfssl/ca-orderer.json" | cfssljson -bare "$CERT_DIR/ca/ca" - cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.example.com-cert.pem" + cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/tlsca/tlsca.varion.com-cert.pem" cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/cacerts/" - cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/tlsca.example.com-cert.pem" + cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/msp/tlscacerts/tlsca.varion.com-cert.pem" echo 'NodeOUs: Enable: true @@ -224,10 +224,10 @@ function generate_orderer_certs() { USER=$2 for DIR in cacerts keystore signcerts tlscacerts; do - mkdir -p "organizations/ordererOrganizations/example.com/orderers/$USER/msp/$DIR" + mkdir -p "organizations/ordererOrganizations/varion.com/orderers/$USER/msp/$DIR" done - mkdir -p "organizations/ordererOrganizations/example.com/orderers/$USER/tls" + mkdir -p "organizations/ordererOrganizations/varion.com/orderers/$USER/tls" sed -e "s/{USER}/$USER/g" <"$PWD/organizations/cfssl/orderer-csr-template.json" >"$PWD/organizations/cfssl/orderer-${USER}.json" @@ -243,7 +243,7 @@ function generate_orderer_certs() { mv "$CERT_DIR/orderers/$USER/msp/signcerts/cert-key.pem" "$CERT_DIR/orderers/$USER/msp/keystore" cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/cacerts" - cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/tlscacerts/tlsca.example.com-cert.pem" + cp "$CERT_DIR/ca/ca.pem" "$CERT_DIR/orderers/$USER/msp/tlscacerts/tlsca.varion.com-cert.pem" echo 'NodeOUs: Enable: true diff --git a/varion/organizations/cryptogen/crypto-config-org2.yaml b/varion/organizations/cryptogen/crypto-config-export.yaml similarity index 93% rename from varion/organizations/cryptogen/crypto-config-org2.yaml rename to varion/organizations/cryptogen/crypto-config-export.yaml index 6298ff6d..1492ef02 100755 --- a/varion/organizations/cryptogen/crypto-config-org2.yaml +++ b/varion/organizations/cryptogen/crypto-config-export.yaml @@ -8,10 +8,10 @@ # --------------------------------------------------------------------------- PeerOrgs: # --------------------------------------------------------------------------- - # Org2 + # Export # --------------------------------------------------------------------------- - - Name: Org2 - Domain: org2.example.com + - Name: Export + Domain: export.varion.com EnableNodeOUs: true # --------------------------------------------------------------------------- # "Specs" @@ -30,8 +30,8 @@ PeerOrgs: # Org.Domain, respectively. # --------------------------------------------------------------------------- # Specs: - # - Hostname: foo # implicitly "foo.org1.example.com" - # CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above + # - Hostname: foo # implicitly "foo.org1.varion.com" + # CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above # - Hostname: bar # - Hostname: baz # --------------------------------------------------------------------------- diff --git a/varion/organizations/cryptogen/crypto-config-org1.yaml b/varion/organizations/cryptogen/crypto-config-farmer.yaml similarity index 92% rename from varion/organizations/cryptogen/crypto-config-org1.yaml rename to varion/organizations/cryptogen/crypto-config-farmer.yaml index 40738450..18a3fc16 100755 --- a/varion/organizations/cryptogen/crypto-config-org1.yaml +++ b/varion/organizations/cryptogen/crypto-config-farmer.yaml @@ -9,10 +9,10 @@ # --------------------------------------------------------------------------- PeerOrgs: # --------------------------------------------------------------------------- - # Org1 + # Farmer # --------------------------------------------------------------------------- - - Name: Org1 - Domain: org1.example.com + - Name: Farmer + Domain: farmer.varion.com EnableNodeOUs: true # --------------------------------------------------------------------------- # "Specs" @@ -30,8 +30,8 @@ PeerOrgs: # which obtains its values from the Spec.Hostname and # Org.Domain, respectively. # --------------------------------------------------------------------------- - # - Hostname: foo # implicitly "foo.org1.example.com" - # CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above + # - Hostname: foo # implicitly "foo.farmer.varion.com" + # CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above # - Hostname: bar # - Hostname: baz # --------------------------------------------------------------------------- diff --git a/varion/organizations/cryptogen/crypto-config-huller.yaml b/varion/organizations/cryptogen/crypto-config-huller.yaml new file mode 100755 index 00000000..4b5044d2 --- /dev/null +++ b/varion/organizations/cryptogen/crypto-config-huller.yaml @@ -0,0 +1,61 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# --------------------------------------------------------------------------- +# "PeerOrgs" - Definition of organizations managing peer nodes +# --------------------------------------------------------------------------- +PeerOrgs: + # --------------------------------------------------------------------------- + # Huller + # --------------------------------------------------------------------------- + - Name: Huller + Domain: huller.varion.com + EnableNodeOUs: true + # --------------------------------------------------------------------------- + # "Specs" + # --------------------------------------------------------------------------- + # Uncomment this section to enable the explicit definition of hosts in your + # configuration. Most users will want to use Template, below + # + # Specs is an array of Spec entries. Each Spec entry consists of two fields: + # - Hostname: (Required) The desired hostname, sans the domain. + # - CommonName: (Optional) Specifies the template or explicit override for + # the CN. By default, this is the template: + # + # "{{.Hostname}}.{{.Domain}}" + # + # which obtains its values from the Spec.Hostname and + # Org.Domain, respectively. + # --------------------------------------------------------------------------- + # Specs: + # - Hostname: foo # implicitly "foo.org1.varion.com" + # CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above + # - Hostname: bar + # - Hostname: baz + # --------------------------------------------------------------------------- + # "Template" + # --------------------------------------------------------------------------- + # Allows for the definition of 1 or more hosts that are created sequentially + # from a template. By default, this looks like "peer%d" from 0 to Count-1. + # You may override the number of nodes (Count), the starting index (Start) + # or the template used to construct the name (Hostname). + # + # Note: Template and Specs are not mutually exclusive. You may define both + # sections and the aggregate nodes will be created for you. Take care with + # name collisions + # --------------------------------------------------------------------------- + Template: + Count: 1 + SANS: + - localhost + # Start: 5 + # Hostname: {{.Prefix}}{{.Index}} # default + # --------------------------------------------------------------------------- + # "Users" + # --------------------------------------------------------------------------- + # Count: The number of user accounts _in addition_ to Admin + # --------------------------------------------------------------------------- + Users: + Count: 1 diff --git a/varion/organizations/cryptogen/crypto-config-orderer.yaml b/varion/organizations/cryptogen/crypto-config-orderer.yaml index e307ea2a..6bdd7d6a 100755 --- a/varion/organizations/cryptogen/crypto-config-orderer.yaml +++ b/varion/organizations/cryptogen/crypto-config-orderer.yaml @@ -11,7 +11,7 @@ OrdererOrgs: # Orderer # --------------------------------------------------------------------------- - Name: Orderer - Domain: example.com + Domain: varion.com EnableNodeOUs: true diff --git a/varion/organizations/cryptogen/crypto-config-pulper.yaml b/varion/organizations/cryptogen/crypto-config-pulper.yaml new file mode 100755 index 00000000..7bd7c45c --- /dev/null +++ b/varion/organizations/cryptogen/crypto-config-pulper.yaml @@ -0,0 +1,61 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# --------------------------------------------------------------------------- +# "PeerOrgs" - Definition of organizations managing peer nodes +# --------------------------------------------------------------------------- +PeerOrgs: + # --------------------------------------------------------------------------- + # Pulper + # --------------------------------------------------------------------------- + - Name: Pulper + Domain: pulper.varion.com + EnableNodeOUs: true + # --------------------------------------------------------------------------- + # "Specs" + # --------------------------------------------------------------------------- + # Uncomment this section to enable the explicit definition of hosts in your + # configuration. Most users will want to use Template, below + # + # Specs is an array of Spec entries. Each Spec entry consists of two fields: + # - Hostname: (Required) The desired hostname, sans the domain. + # - CommonName: (Optional) Specifies the template or explicit override for + # the CN. By default, this is the template: + # + # "{{.Hostname}}.{{.Domain}}" + # + # which obtains its values from the Spec.Hostname and + # Org.Domain, respectively. + # --------------------------------------------------------------------------- + # Specs: + # - Hostname: foo # implicitly "foo.org1.varion.com" + # CommonName: foo27.org5.varion.com # overrides Hostname-based FQDN set above + # - Hostname: bar + # - Hostname: baz + # --------------------------------------------------------------------------- + # "Template" + # --------------------------------------------------------------------------- + # Allows for the definition of 1 or more hosts that are created sequentially + # from a template. By default, this looks like "peer%d" from 0 to Count-1. + # You may override the number of nodes (Count), the starting index (Start) + # or the template used to construct the name (Hostname). + # + # Note: Template and Specs are not mutually exclusive. You may define both + # sections and the aggregate nodes will be created for you. Take care with + # name collisions + # --------------------------------------------------------------------------- + Template: + Count: 1 + SANS: + - localhost + # Start: 5 + # Hostname: {{.Prefix}}{{.Index}} # default + # --------------------------------------------------------------------------- + # "Users" + # --------------------------------------------------------------------------- + # Count: The number of user accounts _in addition_ to Admin + # --------------------------------------------------------------------------- + Users: + Count: 1 diff --git a/varion/organizations/fabric-ca/export/fabric-ca-server-config.yaml b/varion/organizations/fabric-ca/export/fabric-ca-server-config.yaml new file mode 100755 index 00000000..74d45b68 --- /dev/null +++ b/varion/organizations/fabric-ca/export/fabric-ca-server-config.yaml @@ -0,0 +1,410 @@ +############################################################################# +# This is a configuration file for the fabric-ca-server command. +# +# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES +# ------------------------------------------------ +# Each configuration element can be overridden via command line +# arguments or environment variables. The precedence for determining +# the value of each element is as follows: +# 1) command line argument +# Examples: +# a) --port 443 +# To set the listening port +# b) --ca.keyfile ../mykey.pem +# To set the "keyfile" element in the "ca" section below; +# note the '.' separator character. +# 2) environment variable +# Examples: +# a) FABRIC_CA_SERVER_PORT=443 +# To set the listening port +# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" +# To set the "keyfile" element in the "ca" section below; +# note the '_' separator character. +# 3) configuration file +# 4) default value (if there is one) +# All default values are shown beside each element below. +# +# FILE NAME ELEMENTS +# ------------------ +# The value of all fields whose name ends with "file" or "files" are +# name or names of other files. +# For example, see "tls.certfile" and "tls.clientauth.certfiles". +# The value of each of these fields can be a simple filename, a +# relative path, or an absolute path. If the value is not an +# absolute path, it is interpretted as being relative to the location +# of this configuration file. +# +############################################################################# + +# Version of config file +version: 1.2.0 + +# Server's listening port (default: 7054) +port: 7054 + +# Enables debug logging (default: false) +debug: false + +# Size limit of an acceptable CRL in bytes (default: 512000) +crlsizelimit: 512000 + +############################################################################# +# TLS section for the server's listening port +# +# The following types are supported for client authentication: NoClientCert, +# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, +# and RequireAndVerifyClientCert. +# +# Certfiles is a list of root certificate authorities that the server uses +# when verifying client certificates. +############################################################################# +tls: + # Enable TLS (default: false) + enabled: true + # TLS for the server's listening port + certfile: + keyfile: + clientauth: + type: noclientcert + certfiles: + +############################################################################# +# The CA section contains information related to the Certificate Authority +# including the name of the CA, which should be unique for all members +# of a blockchain network. It also includes the key and certificate files +# used when issuing enrollment certificates (ECerts) and transaction +# certificates (TCerts). +# The chainfile (if it exists) contains the certificate chain which +# should be trusted for this CA, where the 1st in the chain is always the +# root CA certificate. +############################################################################# +ca: + # Name of this CA + name: ExportCA + # Key file (is only used to import a private key into BCCSP) + keyfile: + # Certificate file (default: ca-cert.pem) + certfile: + # Chain file + chainfile: + +############################################################################# +# The gencrl REST endpoint is used to generate a CRL that contains revoked +# certificates. This section contains configuration options that are used +# during gencrl request processing. +############################################################################# +crl: + # Specifies expiration for the generated CRL. The number of hours + # specified by this property is added to the UTC time, the resulting time + # is used to set the 'Next Update' date of the CRL. + expiry: 24h + +############################################################################# +# The registry section controls how the fabric-ca-server does two things: +# 1) authenticates enrollment requests which contain a username and password +# (also known as an enrollment ID and secret). +# 2) once authenticated, retrieves the identity's attribute names and +# values which the fabric-ca-server optionally puts into TCerts +# which it issues for transacting on the Hyperledger Fabric blockchain. +# These attributes are useful for making access control decisions in +# chaincode. +# There are two main configuration options: +# 1) The fabric-ca-server is the registry. +# This is true if "ldap.enabled" in the ldap section below is false. +# 2) An LDAP server is the registry, in which case the fabric-ca-server +# calls the LDAP server to perform these tasks. +# This is true if "ldap.enabled" in the ldap section below is true, +# which means this "registry" section is ignored. +############################################################################# +registry: + # Maximum number of times a password/secret can be reused for enrollment + # (default: -1, which means there is no limit) + maxenrollments: -1 + + # Contains identity information which is used when LDAP is disabled + identities: + - name: admin + pass: adminpw + type: client + affiliation: "" + attrs: + hf.Registrar.Roles: "*" + hf.Registrar.DelegateRoles: "*" + hf.Revoker: true + hf.IntermediateCA: true + hf.GenCRL: true + hf.Registrar.Attributes: "*" + hf.AffiliationMgr: true + +############################################################################# +# Database section +# Supported types are: "sqlite3", "postgres", and "mysql". +# The datasource value depends on the type. +# If the type is "sqlite3", the datasource value is a file name to use +# as the database store. Since "sqlite3" is an embedded database, it +# may not be used if you want to run the fabric-ca-server in a cluster. +# To run the fabric-ca-server in a cluster, you must choose "postgres" +# or "mysql". +############################################################################# +db: + type: sqlite3 + datasource: fabric-ca-server.db + tls: + enabled: false + certfiles: + client: + certfile: + keyfile: + +############################################################################# +# LDAP section +# If LDAP is enabled, the fabric-ca-server calls LDAP to: +# 1) authenticate enrollment ID and secret (i.e. username and password) +# for enrollment requests; +# 2) To retrieve identity attributes +############################################################################# +ldap: + # Enables or disables the LDAP client (default: false) + # If this is set to true, the "registry" section is ignored. + enabled: false + # The URL of the LDAP server + url: ldap://:@:/ + # TLS configuration for the client connection to the LDAP server + tls: + certfiles: + client: + certfile: + keyfile: + # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes + attribute: + # 'names' is an array of strings containing the LDAP attribute names which are + # requested from the LDAP server for an LDAP identity's entry + names: ['uid','member'] + # The 'converters' section is used to convert an LDAP entry to the value of + # a fabric CA attribute. + # For example, the following converts an LDAP 'uid' attribute + # whose value begins with 'revoker' to a fabric CA attribute + # named "hf.Revoker" with a value of "true" (because the boolean expression + # evaluates to true). + # converters: + # - name: hf.Revoker + # value: attr("uid") =~ "revoker*" + converters: + - name: + value: + # The 'maps' section contains named maps which may be referenced by the 'map' + # function in the 'converters' section to map LDAP responses to arbitrary values. + # For example, assume a user has an LDAP attribute named 'member' which has multiple + # values which are each a distinguished name (i.e. a DN). For simplicity, assume the + # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. + # Further assume the following configuration. + # converters: + # - name: hf.Registrar.Roles + # value: map(attr("member"),"groups") + # maps: + # groups: + # - name: dn1 + # value: peer + # - name: dn2 + # value: client + # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be + # "peer,client,dn3". This is because the value of 'attr("member")' is + # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of + # "group" replaces "dn1" with "peer" and "dn2" with "client". + maps: + groups: + - name: + value: + +############################################################################# +# Affiliations section. Fabric CA server can be bootstrapped with the +# affiliations specified in this section. Affiliations are specified as maps. +# For example: +# businessunit1: +# department1: +# - team1 +# businessunit2: +# - department2 +# - department3 +# +# Affiliations are hierarchical in nature. In the above example, +# department1 (used as businessunit1.department1) is the child of businessunit1. +# team1 (used as businessunit1.department1.team1) is the child of department1. +# department2 (used as businessunit2.department2) and department3 (businessunit2.department3) +# are children of businessunit2. +# Note: Affiliations are case sensitive except for the non-leaf affiliations +# (like businessunit1, department1, businessunit2) that are specified in the configuration file, +# which are always stored in lower case. +############################################################################# +affiliations: + farmer: + - department1 + - department2 + pulper: + - department1 + huller: + - department1 + export: + - department1 + +############################################################################# +# Signing section +# +# The "default" subsection is used to sign enrollment certificates; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +# +# The "ca" profile subsection is used to sign intermediate CA certificates; +# the default expiration ("expiry" field) is "43800h" which is 5 years in hours. +# Note that "isca" is true, meaning that it issues a CA certificate. +# A maxpathlen of 0 means that the intermediate CA cannot issue other +# intermediate CA certificates, though it can still issue end entity certificates. +# (See RFC 5280, section 4.2.1.9) +# +# The "tls" profile subsection is used to sign TLS certificate requests; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +############################################################################# +signing: + default: + usage: + - digital signature + expiry: 8760h + profiles: + ca: + usage: + - cert sign + - crl sign + expiry: 43800h + caconstraint: + isca: true + maxpathlen: 0 + tls: + usage: + - signing + - key encipherment + - server auth + - client auth + - key agreement + expiry: 8760h + +########################################################################### +# Certificate Signing Request (CSR) section. +# This controls the creation of the root CA certificate. +# The expiration for the root CA certificate is configured with the +# "ca.expiry" field below, whose default value is "131400h" which is +# 15 years in hours. +# The pathlength field is used to limit CA certificate hierarchy as described +# in section 4.2.1.9 of RFC 5280. +# Examples: +# 1) No pathlength value means no limit is requested. +# 2) pathlength == 1 means a limit of 1 is requested which is the default for +# a root CA. This means the root CA can issue intermediate CA certificates, +# but these intermediate CAs may not in turn issue other CA certificates +# though they can still issue end entity certificates. +# 3) pathlength == 0 means a limit of 0 is requested; +# this is the default for an intermediate CA, which means it can not issue +# CA certificates though it can still issue end entity certificates. +########################################################################### +csr: + cn: ca.export.varion.com + names: + - C: ID + ST: "Jakarta" + L: "Jakarta" + O: export.varion.com + OU: + hosts: + - localhost + - export.varion.com + ca: + expiry: 131400h + pathlength: 1 + +############################################################################# +# BCCSP (BlockChain Crypto Service Provider) section is used to select which +# crypto library implementation to use +############################################################################# +bccsp: + default: SW + sw: + hash: SHA2 + security: 256 + filekeystore: + # The directory used for the software file-based keystore + keystore: msp/keystore + +############################################################################# +# Multi CA section +# +# Each Fabric CA server contains one CA by default. This section is used +# to configure multiple CAs in a single server. +# +# 1) --cacount +# Automatically generate non-default CAs. The names of these +# additional CAs are "ca1", "ca2", ... "caN", where "N" is +# This is particularly useful in a development environment to quickly set up +# multiple CAs. Note that, this config option is not applicable to intermediate CA server +# i.e., Fabric CA server that is started with intermediate.parentserver.url config +# option (-u command line option) +# +# 2) --cafiles +# For each CA config file in the list, generate a separate signing CA. Each CA +# config file in this list MAY contain all of the same elements as are found in +# the server config file except port, debug, and tls sections. +# +# Examples: +# fabric-ca-server start -b admin:adminpw --cacount 2 +# +# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml +# --cafiles ca/ca2/fabric-ca-server-config.yaml +# +############################################################################# + +cacount: + +cafiles: + +############################################################################# +# Intermediate CA section +# +# The relationship between servers and CAs is as follows: +# 1) A single server process may contain or function as one or more CAs. +# This is configured by the "Multi CA section" above. +# 2) Each CA is either a root CA or an intermediate CA. +# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. +# +# This section pertains to configuration of #2 and #3. +# If the "intermediate.parentserver.url" property is set, +# then this is an intermediate CA with the specified parent +# CA. +# +# parentserver section +# url - The URL of the parent server +# caname - Name of the CA to enroll within the server +# +# enrollment section used to enroll intermediate CA with parent CA +# profile - Name of the signing profile to use in issuing the certificate +# label - Label to use in HSM operations +# +# tls section for secure socket connection +# certfiles - PEM-encoded list of trusted root certificate files +# client: +# certfile - PEM-encoded certificate file for when client authentication +# is enabled on server +# keyfile - PEM-encoded key file for when client authentication +# is enabled on server +############################################################################# +intermediate: + parentserver: + url: + caname: + + enrollment: + hosts: + profile: + label: + + tls: + certfiles: + client: + certfile: + keyfile: diff --git a/varion/organizations/fabric-ca/farmer/fabric-ca-server-config.yaml b/varion/organizations/fabric-ca/farmer/fabric-ca-server-config.yaml new file mode 100755 index 00000000..7ed239fa --- /dev/null +++ b/varion/organizations/fabric-ca/farmer/fabric-ca-server-config.yaml @@ -0,0 +1,410 @@ +############################################################################# +# This is a configuration file for the fabric-ca-server command. +# +# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES +# ------------------------------------------------ +# Each configuration element can be overridden via command line +# arguments or environment variables. The precedence for determining +# the value of each element is as follows: +# 1) command line argument +# Examples: +# a) --port 443 +# To set the listening port +# b) --ca.keyfile ../mykey.pem +# To set the "keyfile" element in the "ca" section below; +# note the '.' separator character. +# 2) environment variable +# Examples: +# a) FABRIC_CA_SERVER_PORT=443 +# To set the listening port +# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" +# To set the "keyfile" element in the "ca" section below; +# note the '_' separator character. +# 3) configuration file +# 4) default value (if there is one) +# All default values are shown beside each element below. +# +# FILE NAME ELEMENTS +# ------------------ +# The value of all fields whose name ends with "file" or "files" are +# name or names of other files. +# For example, see "tls.certfile" and "tls.clientauth.certfiles". +# The value of each of these fields can be a simple filename, a +# relative path, or an absolute path. If the value is not an +# absolute path, it is interpretted as being relative to the location +# of this configuration file. +# +############################################################################# + +# Version of config file +version: 1.2.0 + +# Server's listening port (default: 7054) +port: 7054 + +# Enables debug logging (default: false) +debug: false + +# Size limit of an acceptable CRL in bytes (default: 512000) +crlsizelimit: 512000 + +############################################################################# +# TLS section for the server's listening port +# +# The following types are supported for client authentication: NoClientCert, +# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, +# and RequireAndVerifyClientCert. +# +# Certfiles is a list of root certificate authorities that the server uses +# when verifying client certificates. +############################################################################# +tls: + # Enable TLS (default: false) + enabled: true + # TLS for the server's listening port + certfile: + keyfile: + clientauth: + type: noclientcert + certfiles: + +############################################################################# +# The CA section contains information related to the Certificate Authority +# including the name of the CA, which should be unique for all members +# of a blockchain network. It also includes the key and certificate files +# used when issuing enrollment certificates (ECerts) and transaction +# certificates (TCerts). +# The chainfile (if it exists) contains the certificate chain which +# should be trusted for this CA, where the 1st in the chain is always the +# root CA certificate. +############################################################################# +ca: + # Name of this CA + name: FarmerCA + # Key file (is only used to import a private key into BCCSP) + keyfile: + # Certificate file (default: ca-cert.pem) + certfile: + # Chain file + chainfile: + +############################################################################# +# The gencrl REST endpoint is used to generate a CRL that contains revoked +# certificates. This section contains configuration options that are used +# during gencrl request processing. +############################################################################# +crl: + # Specifies expiration for the generated CRL. The number of hours + # specified by this property is added to the UTC time, the resulting time + # is used to set the 'Next Update' date of the CRL. + expiry: 24h + +############################################################################# +# The registry section controls how the fabric-ca-server does two things: +# 1) authenticates enrollment requests which contain a username and password +# (also known as an enrollment ID and secret). +# 2) once authenticated, retrieves the identity's attribute names and +# values which the fabric-ca-server optionally puts into TCerts +# which it issues for transacting on the Hyperledger Fabric blockchain. +# These attributes are useful for making access control decisions in +# chaincode. +# There are two main configuration options: +# 1) The fabric-ca-server is the registry. +# This is true if "ldap.enabled" in the ldap section below is false. +# 2) An LDAP server is the registry, in which case the fabric-ca-server +# calls the LDAP server to perform these tasks. +# This is true if "ldap.enabled" in the ldap section below is true, +# which means this "registry" section is ignored. +############################################################################# +registry: + # Maximum number of times a password/secret can be reused for enrollment + # (default: -1, which means there is no limit) + maxenrollments: -1 + + # Contains identity information which is used when LDAP is disabled + identities: + - name: admin + pass: adminpw + type: client + affiliation: "" + attrs: + hf.Registrar.Roles: "*" + hf.Registrar.DelegateRoles: "*" + hf.Revoker: true + hf.IntermediateCA: true + hf.GenCRL: true + hf.Registrar.Attributes: "*" + hf.AffiliationMgr: true + +############################################################################# +# Database section +# Supported types are: "sqlite3", "postgres", and "mysql". +# The datasource value depends on the type. +# If the type is "sqlite3", the datasource value is a file name to use +# as the database store. Since "sqlite3" is an embedded database, it +# may not be used if you want to run the fabric-ca-server in a cluster. +# To run the fabric-ca-server in a cluster, you must choose "postgres" +# or "mysql". +############################################################################# +db: + type: sqlite3 + datasource: fabric-ca-server.db + tls: + enabled: false + certfiles: + client: + certfile: + keyfile: + +############################################################################# +# LDAP section +# If LDAP is enabled, the fabric-ca-server calls LDAP to: +# 1) authenticate enrollment ID and secret (i.e. username and password) +# for enrollment requests; +# 2) To retrieve identity attributes +############################################################################# +ldap: + # Enables or disables the LDAP client (default: false) + # If this is set to true, the "registry" section is ignored. + enabled: false + # The URL of the LDAP server + url: ldap://:@:/ + # TLS configuration for the client connection to the LDAP server + tls: + certfiles: + client: + certfile: + keyfile: + # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes + attribute: + # 'names' is an array of strings containing the LDAP attribute names which are + # requested from the LDAP server for an LDAP identity's entry + names: ['uid','member'] + # The 'converters' section is used to convert an LDAP entry to the value of + # a fabric CA attribute. + # For example, the following converts an LDAP 'uid' attribute + # whose value begins with 'revoker' to a fabric CA attribute + # named "hf.Revoker" with a value of "true" (because the boolean expression + # evaluates to true). + # converters: + # - name: hf.Revoker + # value: attr("uid") =~ "revoker*" + converters: + - name: + value: + # The 'maps' section contains named maps which may be referenced by the 'map' + # function in the 'converters' section to map LDAP responses to arbitrary values. + # For example, assume a user has an LDAP attribute named 'member' which has multiple + # values which are each a distinguished name (i.e. a DN). For simplicity, assume the + # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. + # Further assume the following configuration. + # converters: + # - name: hf.Registrar.Roles + # value: map(attr("member"),"groups") + # maps: + # groups: + # - name: dn1 + # value: peer + # - name: dn2 + # value: client + # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be + # "peer,client,dn3". This is because the value of 'attr("member")' is + # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of + # "group" replaces "dn1" with "peer" and "dn2" with "client". + maps: + groups: + - name: + value: + +############################################################################# +# Affiliations section. Fabric CA server can be bootstrapped with the +# affiliations specified in this section. Affiliations are specified as maps. +# For example: +# businessunit1: +# department1: +# - team1 +# businessunit2: +# - department2 +# - department3 +# +# Affiliations are hierarchical in nature. In the above example, +# department1 (used as businessunit1.department1) is the child of businessunit1. +# team1 (used as businessunit1.department1.team1) is the child of department1. +# department2 (used as businessunit2.department2) and department3 (businessunit2.department3) +# are children of businessunit2. +# Note: Affiliations are case sensitive except for the non-leaf affiliations +# (like businessunit1, department1, businessunit2) that are specified in the configuration file, +# which are always stored in lower case. +############################################################################# +affiliations: + farmer: + - department1 + - department2 + pulper: + - department1 + huller: + - department1 + export: + - department1 + +############################################################################# +# Signing section +# +# The "default" subsection is used to sign enrollment certificates; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +# +# The "ca" profile subsection is used to sign intermediate CA certificates; +# the default expiration ("expiry" field) is "43800h" which is 5 years in hours. +# Note that "isca" is true, meaning that it issues a CA certificate. +# A maxpathlen of 0 means that the intermediate CA cannot issue other +# intermediate CA certificates, though it can still issue end entity certificates. +# (See RFC 5280, section 4.2.1.9) +# +# The "tls" profile subsection is used to sign TLS certificate requests; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +############################################################################# +signing: + default: + usage: + - digital signature + expiry: 8760h + profiles: + ca: + usage: + - cert sign + - crl sign + expiry: 43800h + caconstraint: + isca: true + maxpathlen: 0 + tls: + usage: + - signing + - key encipherment + - server auth + - client auth + - key agreement + expiry: 8760h + +########################################################################### +# Certificate Signing Request (CSR) section. +# This controls the creation of the root CA certificate. +# The expiration for the root CA certificate is configured with the +# "ca.expiry" field below, whose default value is "131400h" which is +# 15 years in hours. +# The pathlength field is used to limit CA certificate hierarchy as described +# in section 4.2.1.9 of RFC 5280. +# Examples: +# 1) No pathlength value means no limit is requested. +# 2) pathlength == 1 means a limit of 1 is requested which is the default for +# a root CA. This means the root CA can issue intermediate CA certificates, +# but these intermediate CAs may not in turn issue other CA certificates +# though they can still issue end entity certificates. +# 3) pathlength == 0 means a limit of 0 is requested; +# this is the default for an intermediate CA, which means it can not issue +# CA certificates though it can still issue end entity certificates. +########################################################################### +csr: + cn: ca.export.varion.com + names: + - C: ID + ST: "Jakarta" + L: "Jakarta" + O: export.varion.com + OU: + hosts: + - localhost + - export.varion.com + ca: + expiry: 131400h + pathlength: 1 + +############################################################################# +# BCCSP (BlockChain Crypto Service Provider) section is used to select which +# crypto library implementation to use +############################################################################# +bccsp: + default: SW + sw: + hash: SHA2 + security: 256 + filekeystore: + # The directory used for the software file-based keystore + keystore: msp/keystore + +############################################################################# +# Multi CA section +# +# Each Fabric CA server contains one CA by default. This section is used +# to configure multiple CAs in a single server. +# +# 1) --cacount +# Automatically generate non-default CAs. The names of these +# additional CAs are "ca1", "ca2", ... "caN", where "N" is +# This is particularly useful in a development environment to quickly set up +# multiple CAs. Note that, this config option is not applicable to intermediate CA server +# i.e., Fabric CA server that is started with intermediate.parentserver.url config +# option (-u command line option) +# +# 2) --cafiles +# For each CA config file in the list, generate a separate signing CA. Each CA +# config file in this list MAY contain all of the same elements as are found in +# the server config file except port, debug, and tls sections. +# +# Examples: +# fabric-ca-server start -b admin:adminpw --cacount 2 +# +# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml +# --cafiles ca/ca2/fabric-ca-server-config.yaml +# +############################################################################# + +cacount: + +cafiles: + +############################################################################# +# Intermediate CA section +# +# The relationship between servers and CAs is as follows: +# 1) A single server process may contain or function as one or more CAs. +# This is configured by the "Multi CA section" above. +# 2) Each CA is either a root CA or an intermediate CA. +# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. +# +# This section pertains to configuration of #2 and #3. +# If the "intermediate.parentserver.url" property is set, +# then this is an intermediate CA with the specified parent +# CA. +# +# parentserver section +# url - The URL of the parent server +# caname - Name of the CA to enroll within the server +# +# enrollment section used to enroll intermediate CA with parent CA +# profile - Name of the signing profile to use in issuing the certificate +# label - Label to use in HSM operations +# +# tls section for secure socket connection +# certfiles - PEM-encoded list of trusted root certificate files +# client: +# certfile - PEM-encoded certificate file for when client authentication +# is enabled on server +# keyfile - PEM-encoded key file for when client authentication +# is enabled on server +############################################################################# +intermediate: + parentserver: + url: + caname: + + enrollment: + hosts: + profile: + label: + + tls: + certfiles: + client: + certfile: + keyfile: diff --git a/varion/organizations/fabric-ca/huller/fabric-ca-server-config.yaml b/varion/organizations/fabric-ca/huller/fabric-ca-server-config.yaml new file mode 100755 index 00000000..d1d7e802 --- /dev/null +++ b/varion/organizations/fabric-ca/huller/fabric-ca-server-config.yaml @@ -0,0 +1,410 @@ +############################################################################# +# This is a configuration file for the fabric-ca-server command. +# +# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES +# ------------------------------------------------ +# Each configuration element can be overridden via command line +# arguments or environment variables. The precedence for determining +# the value of each element is as follows: +# 1) command line argument +# Examples: +# a) --port 443 +# To set the listening port +# b) --ca.keyfile ../mykey.pem +# To set the "keyfile" element in the "ca" section below; +# note the '.' separator character. +# 2) environment variable +# Examples: +# a) FABRIC_CA_SERVER_PORT=443 +# To set the listening port +# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" +# To set the "keyfile" element in the "ca" section below; +# note the '_' separator character. +# 3) configuration file +# 4) default value (if there is one) +# All default values are shown beside each element below. +# +# FILE NAME ELEMENTS +# ------------------ +# The value of all fields whose name ends with "file" or "files" are +# name or names of other files. +# For example, see "tls.certfile" and "tls.clientauth.certfiles". +# The value of each of these fields can be a simple filename, a +# relative path, or an absolute path. If the value is not an +# absolute path, it is interpretted as being relative to the location +# of this configuration file. +# +############################################################################# + +# Version of config file +version: 1.2.0 + +# Server's listening port (default: 7054) +port: 7054 + +# Enables debug logging (default: false) +debug: false + +# Size limit of an acceptable CRL in bytes (default: 512000) +crlsizelimit: 512000 + +############################################################################# +# TLS section for the server's listening port +# +# The following types are supported for client authentication: NoClientCert, +# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, +# and RequireAndVerifyClientCert. +# +# Certfiles is a list of root certificate authorities that the server uses +# when verifying client certificates. +############################################################################# +tls: + # Enable TLS (default: false) + enabled: true + # TLS for the server's listening port + certfile: + keyfile: + clientauth: + type: noclientcert + certfiles: + +############################################################################# +# The CA section contains information related to the Certificate Authority +# including the name of the CA, which should be unique for all members +# of a blockchain network. It also includes the key and certificate files +# used when issuing enrollment certificates (ECerts) and transaction +# certificates (TCerts). +# The chainfile (if it exists) contains the certificate chain which +# should be trusted for this CA, where the 1st in the chain is always the +# root CA certificate. +############################################################################# +ca: + # Name of this CA + name: HullerCA + # Key file (is only used to import a private key into BCCSP) + keyfile: + # Certificate file (default: ca-cert.pem) + certfile: + # Chain file + chainfile: + +############################################################################# +# The gencrl REST endpoint is used to generate a CRL that contains revoked +# certificates. This section contains configuration options that are used +# during gencrl request processing. +############################################################################# +crl: + # Specifies expiration for the generated CRL. The number of hours + # specified by this property is added to the UTC time, the resulting time + # is used to set the 'Next Update' date of the CRL. + expiry: 24h + +############################################################################# +# The registry section controls how the fabric-ca-server does two things: +# 1) authenticates enrollment requests which contain a username and password +# (also known as an enrollment ID and secret). +# 2) once authenticated, retrieves the identity's attribute names and +# values which the fabric-ca-server optionally puts into TCerts +# which it issues for transacting on the Hyperledger Fabric blockchain. +# These attributes are useful for making access control decisions in +# chaincode. +# There are two main configuration options: +# 1) The fabric-ca-server is the registry. +# This is true if "ldap.enabled" in the ldap section below is false. +# 2) An LDAP server is the registry, in which case the fabric-ca-server +# calls the LDAP server to perform these tasks. +# This is true if "ldap.enabled" in the ldap section below is true, +# which means this "registry" section is ignored. +############################################################################# +registry: + # Maximum number of times a password/secret can be reused for enrollment + # (default: -1, which means there is no limit) + maxenrollments: -1 + + # Contains identity information which is used when LDAP is disabled + identities: + - name: admin + pass: adminpw + type: client + affiliation: "" + attrs: + hf.Registrar.Roles: "*" + hf.Registrar.DelegateRoles: "*" + hf.Revoker: true + hf.IntermediateCA: true + hf.GenCRL: true + hf.Registrar.Attributes: "*" + hf.AffiliationMgr: true + +############################################################################# +# Database section +# Supported types are: "sqlite3", "postgres", and "mysql". +# The datasource value depends on the type. +# If the type is "sqlite3", the datasource value is a file name to use +# as the database store. Since "sqlite3" is an embedded database, it +# may not be used if you want to run the fabric-ca-server in a cluster. +# To run the fabric-ca-server in a cluster, you must choose "postgres" +# or "mysql". +############################################################################# +db: + type: sqlite3 + datasource: fabric-ca-server.db + tls: + enabled: false + certfiles: + client: + certfile: + keyfile: + +############################################################################# +# LDAP section +# If LDAP is enabled, the fabric-ca-server calls LDAP to: +# 1) authenticate enrollment ID and secret (i.e. username and password) +# for enrollment requests; +# 2) To retrieve identity attributes +############################################################################# +ldap: + # Enables or disables the LDAP client (default: false) + # If this is set to true, the "registry" section is ignored. + enabled: false + # The URL of the LDAP server + url: ldap://:@:/ + # TLS configuration for the client connection to the LDAP server + tls: + certfiles: + client: + certfile: + keyfile: + # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes + attribute: + # 'names' is an array of strings containing the LDAP attribute names which are + # requested from the LDAP server for an LDAP identity's entry + names: ['uid','member'] + # The 'converters' section is used to convert an LDAP entry to the value of + # a fabric CA attribute. + # For example, the following converts an LDAP 'uid' attribute + # whose value begins with 'revoker' to a fabric CA attribute + # named "hf.Revoker" with a value of "true" (because the boolean expression + # evaluates to true). + # converters: + # - name: hf.Revoker + # value: attr("uid") =~ "revoker*" + converters: + - name: + value: + # The 'maps' section contains named maps which may be referenced by the 'map' + # function in the 'converters' section to map LDAP responses to arbitrary values. + # For example, assume a user has an LDAP attribute named 'member' which has multiple + # values which are each a distinguished name (i.e. a DN). For simplicity, assume the + # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. + # Further assume the following configuration. + # converters: + # - name: hf.Registrar.Roles + # value: map(attr("member"),"groups") + # maps: + # groups: + # - name: dn1 + # value: peer + # - name: dn2 + # value: client + # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be + # "peer,client,dn3". This is because the value of 'attr("member")' is + # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of + # "group" replaces "dn1" with "peer" and "dn2" with "client". + maps: + groups: + - name: + value: + +############################################################################# +# Affiliations section. Fabric CA server can be bootstrapped with the +# affiliations specified in this section. Affiliations are specified as maps. +# For example: +# businessunit1: +# department1: +# - team1 +# businessunit2: +# - department2 +# - department3 +# +# Affiliations are hierarchical in nature. In the above example, +# department1 (used as businessunit1.department1) is the child of businessunit1. +# team1 (used as businessunit1.department1.team1) is the child of department1. +# department2 (used as businessunit2.department2) and department3 (businessunit2.department3) +# are children of businessunit2. +# Note: Affiliations are case sensitive except for the non-leaf affiliations +# (like businessunit1, department1, businessunit2) that are specified in the configuration file, +# which are always stored in lower case. +############################################################################# +affiliations: + farmer: + - department1 + - department2 + pulper: + - department1 + huller: + - department1 + export: + - department1 + +############################################################################# +# Signing section +# +# The "default" subsection is used to sign enrollment certificates; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +# +# The "ca" profile subsection is used to sign intermediate CA certificates; +# the default expiration ("expiry" field) is "43800h" which is 5 years in hours. +# Note that "isca" is true, meaning that it issues a CA certificate. +# A maxpathlen of 0 means that the intermediate CA cannot issue other +# intermediate CA certificates, though it can still issue end entity certificates. +# (See RFC 5280, section 4.2.1.9) +# +# The "tls" profile subsection is used to sign TLS certificate requests; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +############################################################################# +signing: + default: + usage: + - digital signature + expiry: 8760h + profiles: + ca: + usage: + - cert sign + - crl sign + expiry: 43800h + caconstraint: + isca: true + maxpathlen: 0 + tls: + usage: + - signing + - key encipherment + - server auth + - client auth + - key agreement + expiry: 8760h + +########################################################################### +# Certificate Signing Request (CSR) section. +# This controls the creation of the root CA certificate. +# The expiration for the root CA certificate is configured with the +# "ca.expiry" field below, whose default value is "131400h" which is +# 15 years in hours. +# The pathlength field is used to limit CA certificate hierarchy as described +# in section 4.2.1.9 of RFC 5280. +# Examples: +# 1) No pathlength value means no limit is requested. +# 2) pathlength == 1 means a limit of 1 is requested which is the default for +# a root CA. This means the root CA can issue intermediate CA certificates, +# but these intermediate CAs may not in turn issue other CA certificates +# though they can still issue end entity certificates. +# 3) pathlength == 0 means a limit of 0 is requested; +# this is the default for an intermediate CA, which means it can not issue +# CA certificates though it can still issue end entity certificates. +########################################################################### +csr: + cn: ca.huller.varion.com + names: + - C: ID + ST: "Jakarta" + L: "Jakarta" + O: huller.varion.com + OU: + hosts: + - localhost + - huller.varion.com + ca: + expiry: 131400h + pathlength: 1 + +############################################################################# +# BCCSP (BlockChain Crypto Service Provider) section is used to select which +# crypto library implementation to use +############################################################################# +bccsp: + default: SW + sw: + hash: SHA2 + security: 256 + filekeystore: + # The directory used for the software file-based keystore + keystore: msp/keystore + +############################################################################# +# Multi CA section +# +# Each Fabric CA server contains one CA by default. This section is used +# to configure multiple CAs in a single server. +# +# 1) --cacount +# Automatically generate non-default CAs. The names of these +# additional CAs are "ca1", "ca2", ... "caN", where "N" is +# This is particularly useful in a development environment to quickly set up +# multiple CAs. Note that, this config option is not applicable to intermediate CA server +# i.e., Fabric CA server that is started with intermediate.parentserver.url config +# option (-u command line option) +# +# 2) --cafiles +# For each CA config file in the list, generate a separate signing CA. Each CA +# config file in this list MAY contain all of the same elements as are found in +# the server config file except port, debug, and tls sections. +# +# Examples: +# fabric-ca-server start -b admin:adminpw --cacount 2 +# +# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml +# --cafiles ca/ca2/fabric-ca-server-config.yaml +# +############################################################################# + +cacount: + +cafiles: + +############################################################################# +# Intermediate CA section +# +# The relationship between servers and CAs is as follows: +# 1) A single server process may contain or function as one or more CAs. +# This is configured by the "Multi CA section" above. +# 2) Each CA is either a root CA or an intermediate CA. +# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. +# +# This section pertains to configuration of #2 and #3. +# If the "intermediate.parentserver.url" property is set, +# then this is an intermediate CA with the specified parent +# CA. +# +# parentserver section +# url - The URL of the parent server +# caname - Name of the CA to enroll within the server +# +# enrollment section used to enroll intermediate CA with parent CA +# profile - Name of the signing profile to use in issuing the certificate +# label - Label to use in HSM operations +# +# tls section for secure socket connection +# certfiles - PEM-encoded list of trusted root certificate files +# client: +# certfile - PEM-encoded certificate file for when client authentication +# is enabled on server +# keyfile - PEM-encoded key file for when client authentication +# is enabled on server +############################################################################# +intermediate: + parentserver: + url: + caname: + + enrollment: + hosts: + profile: + label: + + tls: + certfiles: + client: + certfile: + keyfile: diff --git a/varion/organizations/fabric-ca/pulper/fabric-ca-server-config.yaml b/varion/organizations/fabric-ca/pulper/fabric-ca-server-config.yaml new file mode 100755 index 00000000..96b19422 --- /dev/null +++ b/varion/organizations/fabric-ca/pulper/fabric-ca-server-config.yaml @@ -0,0 +1,410 @@ +############################################################################# +# This is a configuration file for the fabric-ca-server command. +# +# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES +# ------------------------------------------------ +# Each configuration element can be overridden via command line +# arguments or environment variables. The precedence for determining +# the value of each element is as follows: +# 1) command line argument +# Examples: +# a) --port 443 +# To set the listening port +# b) --ca.keyfile ../mykey.pem +# To set the "keyfile" element in the "ca" section below; +# note the '.' separator character. +# 2) environment variable +# Examples: +# a) FABRIC_CA_SERVER_PORT=443 +# To set the listening port +# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" +# To set the "keyfile" element in the "ca" section below; +# note the '_' separator character. +# 3) configuration file +# 4) default value (if there is one) +# All default values are shown beside each element below. +# +# FILE NAME ELEMENTS +# ------------------ +# The value of all fields whose name ends with "file" or "files" are +# name or names of other files. +# For example, see "tls.certfile" and "tls.clientauth.certfiles". +# The value of each of these fields can be a simple filename, a +# relative path, or an absolute path. If the value is not an +# absolute path, it is interpretted as being relative to the location +# of this configuration file. +# +############################################################################# + +# Version of config file +version: 1.2.0 + +# Server's listening port (default: 7054) +port: 7054 + +# Enables debug logging (default: false) +debug: false + +# Size limit of an acceptable CRL in bytes (default: 512000) +crlsizelimit: 512000 + +############################################################################# +# TLS section for the server's listening port +# +# The following types are supported for client authentication: NoClientCert, +# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, +# and RequireAndVerifyClientCert. +# +# Certfiles is a list of root certificate authorities that the server uses +# when verifying client certificates. +############################################################################# +tls: + # Enable TLS (default: false) + enabled: true + # TLS for the server's listening port + certfile: + keyfile: + clientauth: + type: noclientcert + certfiles: + +############################################################################# +# The CA section contains information related to the Certificate Authority +# including the name of the CA, which should be unique for all members +# of a blockchain network. It also includes the key and certificate files +# used when issuing enrollment certificates (ECerts) and transaction +# certificates (TCerts). +# The chainfile (if it exists) contains the certificate chain which +# should be trusted for this CA, where the 1st in the chain is always the +# root CA certificate. +############################################################################# +ca: + # Name of this CA + name: PulperCA + # Key file (is only used to import a private key into BCCSP) + keyfile: + # Certificate file (default: ca-cert.pem) + certfile: + # Chain file + chainfile: + +############################################################################# +# The gencrl REST endpoint is used to generate a CRL that contains revoked +# certificates. This section contains configuration options that are used +# during gencrl request processing. +############################################################################# +crl: + # Specifies expiration for the generated CRL. The number of hours + # specified by this property is added to the UTC time, the resulting time + # is used to set the 'Next Update' date of the CRL. + expiry: 24h + +############################################################################# +# The registry section controls how the fabric-ca-server does two things: +# 1) authenticates enrollment requests which contain a username and password +# (also known as an enrollment ID and secret). +# 2) once authenticated, retrieves the identity's attribute names and +# values which the fabric-ca-server optionally puts into TCerts +# which it issues for transacting on the Hyperledger Fabric blockchain. +# These attributes are useful for making access control decisions in +# chaincode. +# There are two main configuration options: +# 1) The fabric-ca-server is the registry. +# This is true if "ldap.enabled" in the ldap section below is false. +# 2) An LDAP server is the registry, in which case the fabric-ca-server +# calls the LDAP server to perform these tasks. +# This is true if "ldap.enabled" in the ldap section below is true, +# which means this "registry" section is ignored. +############################################################################# +registry: + # Maximum number of times a password/secret can be reused for enrollment + # (default: -1, which means there is no limit) + maxenrollments: -1 + + # Contains identity information which is used when LDAP is disabled + identities: + - name: admin + pass: adminpw + type: client + affiliation: "" + attrs: + hf.Registrar.Roles: "*" + hf.Registrar.DelegateRoles: "*" + hf.Revoker: true + hf.IntermediateCA: true + hf.GenCRL: true + hf.Registrar.Attributes: "*" + hf.AffiliationMgr: true + +############################################################################# +# Database section +# Supported types are: "sqlite3", "postgres", and "mysql". +# The datasource value depends on the type. +# If the type is "sqlite3", the datasource value is a file name to use +# as the database store. Since "sqlite3" is an embedded database, it +# may not be used if you want to run the fabric-ca-server in a cluster. +# To run the fabric-ca-server in a cluster, you must choose "postgres" +# or "mysql". +############################################################################# +db: + type: sqlite3 + datasource: fabric-ca-server.db + tls: + enabled: false + certfiles: + client: + certfile: + keyfile: + +############################################################################# +# LDAP section +# If LDAP is enabled, the fabric-ca-server calls LDAP to: +# 1) authenticate enrollment ID and secret (i.e. username and password) +# for enrollment requests; +# 2) To retrieve identity attributes +############################################################################# +ldap: + # Enables or disables the LDAP client (default: false) + # If this is set to true, the "registry" section is ignored. + enabled: false + # The URL of the LDAP server + url: ldap://:@:/ + # TLS configuration for the client connection to the LDAP server + tls: + certfiles: + client: + certfile: + keyfile: + # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes + attribute: + # 'names' is an array of strings containing the LDAP attribute names which are + # requested from the LDAP server for an LDAP identity's entry + names: ['uid','member'] + # The 'converters' section is used to convert an LDAP entry to the value of + # a fabric CA attribute. + # For example, the following converts an LDAP 'uid' attribute + # whose value begins with 'revoker' to a fabric CA attribute + # named "hf.Revoker" with a value of "true" (because the boolean expression + # evaluates to true). + # converters: + # - name: hf.Revoker + # value: attr("uid") =~ "revoker*" + converters: + - name: + value: + # The 'maps' section contains named maps which may be referenced by the 'map' + # function in the 'converters' section to map LDAP responses to arbitrary values. + # For example, assume a user has an LDAP attribute named 'member' which has multiple + # values which are each a distinguished name (i.e. a DN). For simplicity, assume the + # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. + # Further assume the following configuration. + # converters: + # - name: hf.Registrar.Roles + # value: map(attr("member"),"groups") + # maps: + # groups: + # - name: dn1 + # value: peer + # - name: dn2 + # value: client + # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be + # "peer,client,dn3". This is because the value of 'attr("member")' is + # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of + # "group" replaces "dn1" with "peer" and "dn2" with "client". + maps: + groups: + - name: + value: + +############################################################################# +# Affiliations section. Fabric CA server can be bootstrapped with the +# affiliations specified in this section. Affiliations are specified as maps. +# For example: +# businessunit1: +# department1: +# - team1 +# businessunit2: +# - department2 +# - department3 +# +# Affiliations are hierarchical in nature. In the above example, +# department1 (used as businessunit1.department1) is the child of businessunit1. +# team1 (used as businessunit1.department1.team1) is the child of department1. +# department2 (used as businessunit2.department2) and department3 (businessunit2.department3) +# are children of businessunit2. +# Note: Affiliations are case sensitive except for the non-leaf affiliations +# (like businessunit1, department1, businessunit2) that are specified in the configuration file, +# which are always stored in lower case. +############################################################################# +affiliations: + farmer: + - department1 + - department2 + pulper: + - department1 + huller: + - department1 + export: + - department1 + +############################################################################# +# Signing section +# +# The "default" subsection is used to sign enrollment certificates; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +# +# The "ca" profile subsection is used to sign intermediate CA certificates; +# the default expiration ("expiry" field) is "43800h" which is 5 years in hours. +# Note that "isca" is true, meaning that it issues a CA certificate. +# A maxpathlen of 0 means that the intermediate CA cannot issue other +# intermediate CA certificates, though it can still issue end entity certificates. +# (See RFC 5280, section 4.2.1.9) +# +# The "tls" profile subsection is used to sign TLS certificate requests; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +############################################################################# +signing: + default: + usage: + - digital signature + expiry: 8760h + profiles: + ca: + usage: + - cert sign + - crl sign + expiry: 43800h + caconstraint: + isca: true + maxpathlen: 0 + tls: + usage: + - signing + - key encipherment + - server auth + - client auth + - key agreement + expiry: 8760h + +########################################################################### +# Certificate Signing Request (CSR) section. +# This controls the creation of the root CA certificate. +# The expiration for the root CA certificate is configured with the +# "ca.expiry" field below, whose default value is "131400h" which is +# 15 years in hours. +# The pathlength field is used to limit CA certificate hierarchy as described +# in section 4.2.1.9 of RFC 5280. +# Examples: +# 1) No pathlength value means no limit is requested. +# 2) pathlength == 1 means a limit of 1 is requested which is the default for +# a root CA. This means the root CA can issue intermediate CA certificates, +# but these intermediate CAs may not in turn issue other CA certificates +# though they can still issue end entity certificates. +# 3) pathlength == 0 means a limit of 0 is requested; +# this is the default for an intermediate CA, which means it can not issue +# CA certificates though it can still issue end entity certificates. +########################################################################### +csr: + cn: ca.pulper.varion.com + names: + - C: ID + ST: "Jakarta" + L: "Jakarta" + O: pulper.varion.com + OU: + hosts: + - localhost + - pulper.varion.com + ca: + expiry: 131400h + pathlength: 1 + +############################################################################# +# BCCSP (BlockChain Crypto Service Provider) section is used to select which +# crypto library implementation to use +############################################################################# +bccsp: + default: SW + sw: + hash: SHA2 + security: 256 + filekeystore: + # The directory used for the software file-based keystore + keystore: msp/keystore + +############################################################################# +# Multi CA section +# +# Each Fabric CA server contains one CA by default. This section is used +# to configure multiple CAs in a single server. +# +# 1) --cacount +# Automatically generate non-default CAs. The names of these +# additional CAs are "ca1", "ca2", ... "caN", where "N" is +# This is particularly useful in a development environment to quickly set up +# multiple CAs. Note that, this config option is not applicable to intermediate CA server +# i.e., Fabric CA server that is started with intermediate.parentserver.url config +# option (-u command line option) +# +# 2) --cafiles +# For each CA config file in the list, generate a separate signing CA. Each CA +# config file in this list MAY contain all of the same elements as are found in +# the server config file except port, debug, and tls sections. +# +# Examples: +# fabric-ca-server start -b admin:adminpw --cacount 2 +# +# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml +# --cafiles ca/ca2/fabric-ca-server-config.yaml +# +############################################################################# + +cacount: + +cafiles: + +############################################################################# +# Intermediate CA section +# +# The relationship between servers and CAs is as follows: +# 1) A single server process may contain or function as one or more CAs. +# This is configured by the "Multi CA section" above. +# 2) Each CA is either a root CA or an intermediate CA. +# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. +# +# This section pertains to configuration of #2 and #3. +# If the "intermediate.parentserver.url" property is set, +# then this is an intermediate CA with the specified parent +# CA. +# +# parentserver section +# url - The URL of the parent server +# caname - Name of the CA to enroll within the server +# +# enrollment section used to enroll intermediate CA with parent CA +# profile - Name of the signing profile to use in issuing the certificate +# label - Label to use in HSM operations +# +# tls section for secure socket connection +# certfiles - PEM-encoded list of trusted root certificate files +# client: +# certfile - PEM-encoded certificate file for when client authentication +# is enabled on server +# keyfile - PEM-encoded key file for when client authentication +# is enabled on server +############################################################################# +intermediate: + parentserver: + url: + caname: + + enrollment: + hosts: + profile: + label: + + tls: + certfiles: + client: + certfile: + keyfile: diff --git a/varion/organizations/fabric-ca/registerEnroll.sh b/varion/organizations/fabric-ca/registerEnroll.sh index 178db6cf..48eed51f 100755 --- a/varion/organizations/fabric-ca/registerEnroll.sh +++ b/varion/organizations/fabric-ca/registerEnroll.sh @@ -1,182 +1,354 @@ #!/bin/bash -function createOrg1() { +function createFarmer() { infoln "Enrolling the CA admin" - mkdir -p organizations/peerOrganizations/org1.example.com/ + mkdir -p organizations/peerOrganizations/farmer.varion.com/ - export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/ + export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/farmer.varion.com/ set -x - fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-farmer --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null echo 'NodeOUs: Enable: true ClientOUIdentifier: - Certificate: cacerts/localhost-7054-ca-org1.pem + Certificate: cacerts/localhost-7054-ca-farmer.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: - Certificate: cacerts/localhost-7054-ca-org1.pem + Certificate: cacerts/localhost-7054-ca-farmer.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: - Certificate: cacerts/localhost-7054-ca-org1.pem + Certificate: cacerts/localhost-7054-ca-farmer.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: - Certificate: cacerts/localhost-7054-ca-org1.pem - OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" + Certificate: cacerts/localhost-7054-ca-farmer.pem + OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" # Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories - # Copy org1's CA cert to org1's /msp/tlscacerts directory (for use in the channel MSP definition) - mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts" - cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt" + # Copy farmer's CA cert to farmer's /msp/tlscacerts directory (for use in the channel MSP definition) + mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/tlscacerts" + cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/tlscacerts/ca.crt" - # Copy org1's CA cert to org1's /tlsca directory (for use by clients) - mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca" - cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem" + # Copy farmer's CA cert to farmer's /tlsca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/tlsca" + cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem" - # Copy org1's CA cert to org1's /ca directory (for use by clients) - mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca" - cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem" + # Copy farmer's CA cert to farmer's /ca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/farmer.varion.com/ca" + cp "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" "${PWD}/organizations/peerOrganizations/farmer.varion.com/ca/ca.farmer.varion.com-cert.pem" infoln "Registering peer0" set -x - fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client register --caname ca-farmer --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null infoln "Registering user" set -x - fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client register --caname ca-farmer --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null infoln "Registering the org admin" set -x - fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client register --caname ca-farmer --id.name farmeradmin --id.secret farmeradminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null infoln "Generating the peer0 msp" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/msp/config.yaml" infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.farmer.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config - cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" - cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt" - cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/ca.crt" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/server.crt" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/farmer.varion.com/peers/peer0.farmer.varion.com/tls/server.key" infoln "Generating the user msp" set -x - fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/User1@farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/User1@farmer.varion.com/msp/config.yaml" infoln "Generating the org admin msp" set -x - fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" + fabric-ca-client enroll -u https://farmeradmin:farmeradminpw@localhost:7054 --caname ca-farmer -M "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/farmer/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/farmer.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp/config.yaml" } -function createOrg2() { +function createPulper() { infoln "Enrolling the CA admin" - mkdir -p organizations/peerOrganizations/org2.example.com/ + mkdir -p organizations/peerOrganizations/pulper.varion.com/ - export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/ + export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/pulper.varion.com/ set -x - fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-pulper --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null echo 'NodeOUs: Enable: true ClientOUIdentifier: - Certificate: cacerts/localhost-8054-ca-org2.pem + Certificate: cacerts/localhost-8054-ca-pulper.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: - Certificate: cacerts/localhost-8054-ca-org2.pem + Certificate: cacerts/localhost-8054-ca-pulper.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: - Certificate: cacerts/localhost-8054-ca-org2.pem + Certificate: cacerts/localhost-8054-ca-pulper.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: - Certificate: cacerts/localhost-8054-ca-org2.pem - OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" + Certificate: cacerts/localhost-8054-ca-pulper.pem + OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" # Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories - # Copy org2's CA cert to org2's /msp/tlscacerts directory (for use in the channel MSP definition) - mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts" - cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt" + # Copy pulper's CA cert to pulper's /msp/tlscacerts directory (for use in the channel MSP definition) + mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/tlscacerts" + cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/tlscacerts/ca.crt" - # Copy org2's CA cert to org2's /tlsca directory (for use by clients) - mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca" - cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem" + # Copy pulper's CA cert to pulper's /tlsca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/tlsca" + cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem" - # Copy org2's CA cert to org2's /ca directory (for use by clients) - mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca" - cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem" + # Copy pulper's CA cert to pulper's /ca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/pulper.varion.com/ca" + cp "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" "${PWD}/organizations/peerOrganizations/pulper.varion.com/ca/ca.pulper.varion.com-cert.pem" infoln "Registering peer0" set -x - fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client register --caname ca-pulper --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null infoln "Registering user" set -x - fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client register --caname ca-pulper --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null infoln "Registering the org admin" set -x - fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client register --caname ca-pulper --id.name pulperadmin --id.secret pulperadminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null infoln "Generating the peer0 msp" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/msp/config.yaml" infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x - fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.pulper.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config - cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt" - cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt" - cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/ca.crt" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/server.crt" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/pulper.varion.com/peers/peer0.pulper.varion.com/tls/server.key" infoln "Generating the user msp" set -x - fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/User1@pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/User1@pulper.varion.com/msp/config.yaml" infoln "Generating the org admin msp" set -x - fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" + fabric-ca-client enroll -u https://pulperadmin:pulperadminpw@localhost:8054 --caname ca-pulper -M "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/pulper/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml" + cp "${PWD}/organizations/peerOrganizations/pulper.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp/config.yaml" +} + +function createHuller() { + infoln "Enrolling the CA admin" + mkdir -p organizations/peerOrganizations/huller.varion.com/ + + export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/huller.varion.com/ + + set -x + fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-huller --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + echo 'NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/localhost-8054-ca-huller.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/localhost-8054-ca-huller.pem + OrganizationalUnitIdentifier: peer + AdminOUIdentifier: + Certificate: cacerts/localhost-8054-ca-huller.pem + OrganizationalUnitIdentifier: admin + OrdererOUIdentifier: + Certificate: cacerts/localhost-8054-ca-huller.pem + OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" + + # Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories + + # Copy huller's CA cert to huller's /msp/tlscacerts directory (for use in the channel MSP definition) + mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/tlscacerts" + cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/tlscacerts/ca.crt" + + # Copy huller's CA cert to huller's /tlsca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/tlsca" + cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem" + + # Copy huller's CA cert to huller's /ca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/huller.varion.com/ca" + cp "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" "${PWD}/organizations/peerOrganizations/huller.varion.com/ca/ca.huller.varion.com-cert.pem" + + infoln "Registering peer0" + set -x + fabric-ca-client register --caname ca-huller --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Registering user" + set -x + fabric-ca-client register --caname ca-huller --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Registering the org admin" + set -x + fabric-ca-client register --caname ca-huller --id.name hulleradmin --id.secret hulleradminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Generating the peer0 msp" + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/msp/config.yaml" + + infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.huller.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/ca.crt" + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/server.crt" + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/huller.varion.com/peers/peer0.huller.varion.com/tls/server.key" + + infoln "Generating the user msp" + set -x + fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/users/User1@huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/users/User1@huller.varion.com/msp/config.yaml" + + infoln "Generating the org admin msp" + set -x + fabric-ca-client enroll -u https://hulleradmin:hulleradminpw@localhost:8054 --caname ca-huller -M "${PWD}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/huller/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/huller.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp/config.yaml" +} + +function createExport() { + infoln "Enrolling the CA admin" + mkdir -p organizations/peerOrganizations/export.varion.com/ + + export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/export.varion.com/ + + set -x + fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-export --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + echo 'NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/localhost-8054-ca-export.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/localhost-8054-ca-export.pem + OrganizationalUnitIdentifier: peer + AdminOUIdentifier: + Certificate: cacerts/localhost-8054-ca-export.pem + OrganizationalUnitIdentifier: admin + OrdererOUIdentifier: + Certificate: cacerts/localhost-8054-ca-export.pem + OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" + + # Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories + + # Copy export's CA cert to export's /msp/tlscacerts directory (for use in the channel MSP definition) + mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/msp/tlscacerts" + cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/msp/tlscacerts/ca.crt" + + # Copy export's CA cert to export's /tlsca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/tlsca" + cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem" + + # Copy export's CA cert to export's /ca directory (for use by clients) + mkdir -p "${PWD}/organizations/peerOrganizations/export.varion.com/ca" + cp "${PWD}/organizations/fabric-ca/export/ca-cert.pem" "${PWD}/organizations/peerOrganizations/export.varion.com/ca/ca.export.varion.com-cert.pem" + + infoln "Registering peer0" + set -x + fabric-ca-client register --caname ca-export --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Registering user" + set -x + fabric-ca-client register --caname ca-export --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Registering the org admin" + set -x + fabric-ca-client register --caname ca-export --id.name exportadmin --id.secret exportadminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + infoln "Generating the peer0 msp" + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/msp/config.yaml" + + infoln "Generating the peer0-tls certificates, use --csr.hosts to specify Subject Alternative Names" + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls" --enrollment.profile tls --csr.hosts peer0.export.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config + cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/ca.crt" + cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/server.crt" + cp "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/export.varion.com/peers/peer0.export.varion.com/tls/server.key" + + infoln "Generating the user msp" + set -x + fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/users/User1@export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/users/User1@export.varion.com/msp/config.yaml" + + infoln "Generating the org admin msp" + set -x + fabric-ca-client enroll -u https://exportadmin:exportadminpw@localhost:8054 --caname ca-export -M "${PWD}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/export/ca-cert.pem" + { set +x; } 2>/dev/null + + cp "${PWD}/organizations/peerOrganizations/export.varion.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp/config.yaml" } function createOrderer() { infoln "Enrolling the CA admin" - mkdir -p organizations/ordererOrganizations/example.com + mkdir -p organizations/ordererOrganizations/varion.com - export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com + export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/varion.com set -x fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" @@ -195,17 +367,17 @@ function createOrderer() { OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/localhost-9054-ca-orderer.pem - OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" + OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml" # Since the CA serves as both the organization CA and TLS CA, copy the org's root cert that was generated by CA startup into the org level ca and tlsca directories # Copy orderer org's CA cert to orderer org's /msp/tlscacerts directory (for use in the channel MSP definition) - mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts" - cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem" + mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/msp/tlscacerts" + cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/varion.com/msp/tlscacerts/tlsca.varion.com-cert.pem" # Copy orderer org's CA cert to orderer org's /tlsca directory (for use by clients) - mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca" - cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem" + mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/tlsca" + cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem" infoln "Registering orderer" set -x @@ -219,29 +391,29 @@ function createOrderer() { infoln "Generating the orderer msp" set -x - fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" + fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml" + cp "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/config.yaml" infoln "Generating the orderer-tls certificates, use --csr.hosts to specify Subject Alternative Names" set -x - fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" + fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls" --enrollment.profile tls --csr.hosts orderer.varion.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" { set +x; } 2>/dev/null # Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config - cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt" - cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt" - cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key" + cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/ca.crt" + cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt" + cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.key" # Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition) - mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts" - cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" + mkdir -p "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/tlscacerts" + cp "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/msp/tlscacerts/tlsca.varion.com-cert.pem" infoln "Generating the admin msp" set -x - fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" + fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/varion.com/users/Admin@varion.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" { set +x; } 2>/dev/null - cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml" + cp "${PWD}/organizations/ordererOrganizations/varion.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/varion.com/users/Admin@varion.com/msp/config.yaml" } diff --git a/varion/scripts/ccutils.sh b/varion/scripts/ccutils.sh index bc7f3bb0..8c845b89 100644 --- a/varion/scripts/ccutils.sh +++ b/varion/scripts/ccutils.sh @@ -12,8 +12,8 @@ function installChaincode() { fi { set +x; } 2>/dev/null cat log.txt - verifyResult $res "Chaincode installation on peer0.org${ORG} has failed" - successln "Chaincode is installed on peer0.org${ORG}" + verifyResult $res "Chaincode installation on peer0.${ORG} has failed" + successln "Chaincode is installed on peer0.${ORG}" } # queryInstalled PEER ORG @@ -25,8 +25,8 @@ function queryInstalled() { res=$? { set +x; } 2>/dev/null cat log.txt - verifyResult $res "Query installed on peer0.org${ORG} has failed" - successln "Query installed successful on peer0.org${ORG} on channel" + verifyResult $res "Query installed on peer0.${ORG} has failed" + successln "Query installed successful on peer0.${ORG} on channel" } # approveForMyOrg VERSION PEER ORG @@ -34,12 +34,12 @@ function approveForMyOrg() { ORG=$1 setGlobals $ORG set -x - peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --package-id ${PACKAGE_ID} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt + peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --package-id ${PACKAGE_ID} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt res=$? { set +x; } 2>/dev/null cat log.txt - verifyResult $res "Chaincode definition approved on peer0.org${ORG} on channel '$CHANNEL_NAME' failed" - successln "Chaincode definition approved on peer0.org${ORG} on channel '$CHANNEL_NAME'" + verifyResult $res "Chaincode definition approved on peer0.${ORG} on channel '$CHANNEL_NAME' failed" + successln "Chaincode definition approved on peer0.${ORG} on channel '$CHANNEL_NAME'" } # checkCommitReadiness VERSION PEER ORG @@ -47,14 +47,14 @@ function checkCommitReadiness() { ORG=$1 shift 1 setGlobals $ORG - infoln "Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'..." + infoln "Checking the commit readiness of the chaincode definition on peer0.${ORG} on channel '$CHANNEL_NAME'..." local rc=1 local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do sleep $DELAY - infoln "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG}, Retry after $DELAY seconds." + infoln "Attempting to check the commit readiness of the chaincode definition on peer0.${ORG}, Retry after $DELAY seconds." set -x peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name ${CC_NAME} --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} --output json >&log.txt res=$? @@ -67,9 +67,9 @@ function checkCommitReadiness() { done cat log.txt if test $rc -eq 0; then - infoln "Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME'" + infoln "Checking the commit readiness of the chaincode definition successful on peer0.${ORG} on channel '$CHANNEL_NAME'" else - fatalln "After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID!" + fatalln "After $MAX_RETRY attempts, Check commit readiness result on peer0.${ORG} is INVALID!" fi } @@ -83,11 +83,11 @@ function commitChaincodeDefinition() { # peer (if join was successful), let's supply it directly as we know # it using the "-o" option set -x - peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} "${PEER_CONN_PARMS[@]}" --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt + peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" --channelID $CHANNEL_NAME --name ${CC_NAME} "${PEER_CONN_PARMS[@]}" --version ${CC_VERSION} --sequence ${CC_SEQUENCE} ${INIT_REQUIRED} ${CC_END_POLICY} ${CC_COLL_CONFIG} >&log.txt res=$? { set +x; } 2>/dev/null cat log.txt - verifyResult $res "Chaincode definition commit failed on peer0.org${ORG} on channel '$CHANNEL_NAME' failed" + verifyResult $res "Chaincode definition commit failed on peer0.${ORG} on channel '$CHANNEL_NAME' failed" successln "Chaincode definition committed on channel '$CHANNEL_NAME'" } @@ -96,14 +96,14 @@ function queryCommitted() { ORG=$1 setGlobals $ORG EXPECTED_RESULT="Version: ${CC_VERSION}, Sequence: ${CC_SEQUENCE}, Endorsement Plugin: escc, Validation Plugin: vscc" - infoln "Querying chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'..." + infoln "Querying chaincode definition on peer0.${ORG} on channel '$CHANNEL_NAME'..." local rc=1 local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do sleep $DELAY - infoln "Attempting to Query committed status on peer0.org${ORG}, Retry after $DELAY seconds." + infoln "Attempting to Query committed status on peer0.${ORG}, Retry after $DELAY seconds." set -x peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name ${CC_NAME} >&log.txt res=$? @@ -114,9 +114,9 @@ function queryCommitted() { done cat log.txt if test $rc -eq 0; then - successln "Query chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME'" + successln "Query chaincode definition successful on peer0.${ORG} on channel '$CHANNEL_NAME'" else - fatalln "After $MAX_RETRY attempts, Query chaincode definition result on peer0.org${ORG} is INVALID!" + fatalln "After $MAX_RETRY attempts, Query chaincode definition result on peer0.${ORG} is INVALID!" fi } @@ -137,7 +137,7 @@ function chaincodeInvokeInit() { # it using the "-o" option set -x infoln "invoke fcn call:${fcn_call}" - peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" -C $CHANNEL_NAME -n ${CC_NAME} "${PEER_CONN_PARMS[@]}" --isInit -c ${fcn_call} >&log.txt + peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com --tls --cafile "$ORDERER_CA" -C $CHANNEL_NAME -n ${CC_NAME} "${PEER_CONN_PARMS[@]}" --isInit -c ${fcn_call} >&log.txt res=$? { set +x; } 2>/dev/null let rc=$res @@ -151,14 +151,14 @@ function chaincodeInvokeInit() { function chaincodeQuery() { ORG=$1 setGlobals $ORG - infoln "Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'..." + infoln "Querying on peer0.${ORG} on channel '$CHANNEL_NAME'..." local rc=1 local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do sleep $DELAY - infoln "Attempting to Query peer0.org${ORG}, Retry after $DELAY seconds." + infoln "Attempting to Query peer0.${ORG}, Retry after $DELAY seconds." set -x peer chaincode query -C $CHANNEL_NAME -n ${CC_NAME} -c '{"Args":["org.hyperledger.fabric:GetMetadata"]}' >&log.txt res=$? @@ -168,9 +168,9 @@ function chaincodeQuery() { done cat log.txt if test $rc -eq 0; then - successln "Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME'" + successln "Query successful on peer0.${ORG} on channel '$CHANNEL_NAME'" else - fatalln "After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID!" + fatalln "After $MAX_RETRY attempts, Query result on peer0.${ORG} is INVALID!" fi } @@ -233,7 +233,7 @@ queryInstalledOnPeer() { # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do #sleep $DELAY - #infoln "Attempting to list on peer0.org${ORG}, Retry after $DELAY seconds." + #infoln "Attempting to list on peer0.${ORG}, Retry after $DELAY seconds." peer lifecycle chaincode queryinstalled >&log.txt res=$? let rc=$res @@ -250,7 +250,7 @@ queryCommittedOnChannel() { # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do #sleep $DELAY - #infoln "Attempting to list on peer0.org${ORG}, Retry after $DELAY seconds." + #infoln "Attempting to list on peer0.${ORG}, Retry after $DELAY seconds." peer lifecycle chaincode querycommitted -C $CHANNEL >&log.txt res=$? let rc=$res @@ -293,14 +293,14 @@ chaincodeInvoke() { CC_NAME=$3 CC_INVOKE_CONSTRUCTOR=$4 - infoln "Invoking on peer0.org${ORG} on channel '$CHANNEL_NAME'..." + infoln "Invoking on peer0.${ORG} on channel '$CHANNEL_NAME'..." local rc=1 local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do sleep $DELAY - infoln "Attempting to Invoke on peer0.org${ORG}, Retry after $DELAY seconds." + infoln "Attempting to Invoke on peer0.${ORG}, Retry after $DELAY seconds." set -x peer chaincode invoke -o localhost:7050 -C $CHANNEL_NAME -n ${CC_NAME} -c ${CC_INVOKE_CONSTRUCTOR} --tls --cafile $ORDERER_CA --peerAddresses localhost:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses localhost:9051 --tlsRootCertFiles $PEER0_ORG2_CA >&log.txt res=$? @@ -310,9 +310,9 @@ chaincodeInvoke() { done cat log.txt if test $rc -eq 0; then - successln "Invoke successful on peer0.org${ORG} on channel '$CHANNEL_NAME'" + successln "Invoke successful on peer0.${ORG} on channel '$CHANNEL_NAME'" else - fatalln "After $MAX_RETRY attempts, Invoke result on peer0.org${ORG} is INVALID!" + fatalln "After $MAX_RETRY attempts, Invoke result on peer0.${ORG} is INVALID!" fi } @@ -322,14 +322,14 @@ chaincodeQuery() { CC_NAME=$3 CC_QUERY_CONSTRUCTOR=$4 - infoln "Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'..." + infoln "Querying on peer0.${ORG} on channel '$CHANNEL_NAME'..." local rc=1 local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; do sleep $DELAY - infoln "Attempting to Query peer0.org${ORG}, Retry after $DELAY seconds." + infoln "Attempting to Query peer0.${ORG}, Retry after $DELAY seconds." set -x peer chaincode query -C $CHANNEL_NAME -n ${CC_NAME} -c ${CC_QUERY_CONSTRUCTOR} >&log.txt res=$? @@ -339,8 +339,8 @@ chaincodeQuery() { done cat log.txt if test $rc -eq 0; then - successln "Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME'" + successln "Query successful on peer0.${ORG} on channel '$CHANNEL_NAME'" else - fatalln "After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID!" + fatalln "After $MAX_RETRY attempts, Query result on peer0.${ORG} is INVALID!" fi } \ No newline at end of file diff --git a/varion/scripts/configUpdate.sh b/varion/scripts/configUpdate.sh index 63586031..11928033 100755 --- a/varion/scripts/configUpdate.sh +++ b/varion/scripts/configUpdate.sh @@ -26,7 +26,7 @@ fetchChannelConfig() { infoln "Fetching the most recent configuration block for the channel" set -x - peer channel fetch config ${TEST_NETWORK_HOME}/channel-artifacts/config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL --tls --cafile "$ORDERER_CA" + peer channel fetch config ${TEST_NETWORK_HOME}/channel-artifacts/config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com -c $CHANNEL --tls --cafile "$ORDERER_CA" { set +x; } 2>/dev/null infoln "Decoding config block to JSON and isolating config to ${OUTPUT}" diff --git a/varion/scripts/createChannel.sh b/varion/scripts/createChannel.sh index 8f7980d4..4c9167b4 100755 --- a/varion/scripts/createChannel.sh +++ b/varion/scripts/createChannel.sh @@ -119,15 +119,23 @@ createChannel $BFT successln "Channel '$CHANNEL_NAME' created" ## Join all the peers to the channel -infoln "Joining org1 peer to the channel..." -joinChannel 1 -infoln "Joining org2 peer to the channel..." -joinChannel 2 +infoln "Joining farmer peer to the channel..." +joinChannel farmer +infoln "Joining pulper peer to the channel..." +joinChannel pulper +infoln "Joining huller peer to the channel..." +joinChannel huller +infoln "Joining export peer to the channel..." +joinChannel export ## Set the anchor peers for each org in the channel -infoln "Setting anchor peer for org1..." -setAnchorPeer 1 -infoln "Setting anchor peer for org2..." -setAnchorPeer 2 +infoln "Setting anchor peer for farmer..." +setAnchorPeer farmer +infoln "Setting anchor peer for pulper..." +setAnchorPeer pulper +infoln "Setting anchor peer for huller..." +setAnchorPeer huller +infoln "Setting anchor peer for export..." +setAnchorPeer export successln "Channel '$CHANNEL_NAME' joined" diff --git a/varion/scripts/deployCC.sh b/varion/scripts/deployCC.sh index 31e66925..25f1e664 100755 --- a/varion/scripts/deployCC.sh +++ b/varion/scripts/deployCC.sh @@ -73,46 +73,56 @@ checkPrereqs PACKAGE_ID=$(peer lifecycle chaincode calculatepackageid ${CC_NAME}.tar.gz) -## Install chaincode on peer0.org1 and peer0.org2 -infoln "Installing chaincode on peer0.org1..." -installChaincode 1 -infoln "Install chaincode on peer0.org2..." -installChaincode 2 +## Install chaincode on peer0.farmer, peer0.pulper, peer0.huller, and peer0.export +infoln "Install chaincode on peer0.farmer..." +installChaincode farmer +infoln "Install chaincode on peer0.pulper..." +installChaincode pulper +infoln "Install chaincode on peer0.huller..." +installChaincode huller +infoln "Install chaincode on peer0.export..." +installChaincode export resolveSequence ## query whether the chaincode is installed -queryInstalled 1 +queryInstalled farmer ## approve the definition for org1 -approveForMyOrg 1 +approveForMyOrg farmer ## check whether the chaincode definition is ready to be committed -## expect org1 to have approved and org2 not to -checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": false" -checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": false" +## expect farmer to have approved and pulper not to +checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": false" +checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": false" ## now approve also for org2 -approveForMyOrg 2 +approveForMyOrg pulper ## check whether the chaincode definition is ready to be committed ## expect them both to have approved -checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": true" -checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": true" +checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": true" +checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": true" + +approveForMyOrg huller +approveForMyOrg export + ## now that we know for sure both orgs have approved, commit the definition -commitChaincodeDefinition 1 2 +commitChaincodeDefinition farmer pulper huller export ## query on both orgs to see that the definition committed successfully -queryCommitted 1 -queryCommitted 2 +queryCommitted farmer +queryCommitted pulper +queryCommitted huller +queryCommitted export ## Invoke the chaincode - this does require that the chaincode have the 'initLedger' ## method defined if [ "$CC_INIT_FCN" = "NA" ]; then infoln "Chaincode initialization is not required" else - chaincodeInvokeInit 1 2 + chaincodeInvokeInit farmer pulper huller export fi exit 0 diff --git a/varion/scripts/deployCCAAS.sh b/varion/scripts/deployCCAAS.sh index bc36d589..0f8e71b4 100755 --- a/varion/scripts/deployCCAAS.sh +++ b/varion/scripts/deployCCAAS.sh @@ -136,13 +136,23 @@ startDockerContainer() { if [ "$CCAAS_DOCKER_RUN" = "true" ]; then infoln "Starting the Chaincode-as-a-Service docker container..." set -x - ${CONTAINER_CLI} run --rm -d --name peer0org1_${CC_NAME}_ccaas \ + ${CONTAINER_CLI} run --rm -d --name peer0farmer_${CC_NAME}_ccaas \ --network fabric_test \ -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ ${CC_NAME}_ccaas_image:latest - ${CONTAINER_CLI} run --rm -d --name peer0org2_${CC_NAME}_ccaas \ + ${CONTAINER_CLI} run --rm -d --name peer0pulper_${CC_NAME}_ccaas \ + --network fabric_test \ + -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ + -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ + ${CC_NAME}_ccaas_image:latest + ${CONTAINER_CLI} run --rm -d --name peer0huller_${CC_NAME}_ccaas \ + --network fabric_test \ + -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ + -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ + ${CC_NAME}_ccaas_image:latest + ${CONTAINER_CLI} run --rm -d --name peer0export_${CC_NAME}_ccaas \ --network fabric_test \ -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ @@ -155,12 +165,22 @@ startDockerContainer() { else infoln "Not starting docker containers; these are the commands we would have run" - infoln " ${CONTAINER_CLI} run --rm -d --name peer0org1_${CC_NAME}_ccaas \ + infoln " ${CONTAINER_CLI} run --rm -d --name peer0farmer_${CC_NAME}_ccaas \ --network fabric_test \ -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ ${CC_NAME}_ccaas_image:latest" - infoln " ${CONTAINER_CLI} run --rm -d --name peer0org2_${CC_NAME}_ccaas \ + infoln " ${CONTAINER_CLI} run --rm -d --name peer0pulper_${CC_NAME}_ccaas \ + --network fabric_test \ + -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ + -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ + ${CC_NAME}_ccaas_image:latest" + infoln " ${CONTAINER_CLI} run --rm -d --name peer0huller_${CC_NAME}_ccaas \ + --network fabric_test \ + -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ + -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ + ${CC_NAME}_ccaas_image:latest" + infoln " ${CONTAINER_CLI} run --rm -d --name peer0export_${CC_NAME}_ccaas \ --network fabric_test \ -e CHAINCODE_SERVER_ADDRESS=0.0.0.0:${CCAAS_SERVER_PORT} \ -e CHAINCODE_ID=$PACKAGE_ID -e CORE_CHAINCODE_ID_NAME=$PACKAGE_ID \ @@ -176,38 +196,43 @@ buildDockerImages packageChaincode ## Install chaincode on peer0.org1 and peer0.org2 -infoln "Installing chaincode on peer0.org1..." -installChaincode 1 -infoln "Install chaincode on peer0.org2..." -installChaincode 2 +infoln "Installing chaincode on peer0.farmer..." +installChaincode farmer +infoln "Install chaincode on peer0.pulper..." +installChaincode pulper resolveSequence ## query whether the chaincode is installed -queryInstalled 1 +queryInstalled farmer ## approve the definition for org1 -approveForMyOrg 1 +approveForMyOrg farmer ## check whether the chaincode definition is ready to be committed -## expect org1 to have approved and org2 not to -checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": false" -checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": false" +## expect farmer to have approved and pulper not to +checkCommitReadiness 1 "\"FarmerMSP\": true" "\"PulperMSP\": falpulperse" +checkCommitReadiness 2 "\"FarmerMSP\": true" "\"PulperMSP\": false" ## now approve also for org2 -approveForMyOrg 2 +approveForMyOrg pulper ## check whether the chaincode definition is ready to be committed ## expect them both to have approved -checkCommitReadiness 1 "\"Org1MSP\": true" "\"Org2MSP\": true" -checkCommitReadiness 2 "\"Org1MSP\": true" "\"Org2MSP\": true" +checkCommitReadiness farmer "\"FarmerMSP\": true" "\"PulperMSP\": true" +checkCommitReadiness pulper "\"FarmerMSP\": true" "\"PulperMSP\": true" + +approveForMyOrg huller +approveForMyOrg export ## now that we know for sure both orgs have approved, commit the definition -commitChaincodeDefinition 1 2 +commitChaincodeDefinition farmer pulper huller export ## query on both orgs to see that the definition committed successfully -queryCommitted 1 -queryCommitted 2 +queryCommitted farmer +queryCommitted pulper +queryCommitted huller +queryCommitted export # start the container startDockerContainer @@ -217,7 +242,7 @@ startDockerContainer if [ "$CC_INIT_FCN" = "NA" ]; then infoln "Chaincode initialization is not required" else - chaincodeInvokeInit 1 2 + chaincodeInvokeInit farmer pulper huller export fi exit 0 diff --git a/varion/scripts/envVar.sh b/varion/scripts/envVar.sh index a446c9b3..00b133e1 100755 --- a/varion/scripts/envVar.sh +++ b/varion/scripts/envVar.sh @@ -18,10 +18,11 @@ TEST_NETWORK_HOME=${TEST_NETWORK_HOME:-${PWD}} . ${TEST_NETWORK_HOME}/scripts/utils.sh export CORE_PEER_TLS_ENABLED=true -export ORDERER_CA=${TEST_NETWORK_HOME}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem -export PEER0_ORG1_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem -export PEER0_ORG2_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem -export PEER0_ORG3_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem +export ORDERER_CA=${TEST_NETWORK_HOME}/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem +export PEER0_FARMER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem +export PEER0_PULPER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem +export PEER0_HULLER_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem +export PEER0_EXPORT_CA=${TEST_NETWORK_HOME}/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem # Set environment variables for the peer org setGlobals() { @@ -32,21 +33,26 @@ setGlobals() { USING_ORG="${OVERRIDE_ORG}" fi infoln "Using organization ${USING_ORG}" - if [ $USING_ORG -eq 1 ]; then - export CORE_PEER_LOCALMSPID=Org1MSP - export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA - export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp + if [ $USING_ORG -eq "farmer" ]; then + export CORE_PEER_LOCALMSPID=FarmerMSP + export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_FARMER_CA + export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp export CORE_PEER_ADDRESS=localhost:7051 - elif [ $USING_ORG -eq 2 ]; then - export CORE_PEER_LOCALMSPID=Org2MSP - export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA - export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp + elif [ $USING_ORG -eq "pulper" ]; then + export CORE_PEER_LOCALMSPID=PulperMSP + export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_PULPER_CA + export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/pulper.varion.com/users/Admin@farmer.varion.com/msp export CORE_PEER_ADDRESS=localhost:9051 - elif [ $USING_ORG -eq 3 ]; then - export CORE_PEER_LOCALMSPID=Org3MSP - export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG3_CA - export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp + elif [ $USING_ORG -eq "huller" ]; then + export CORE_PEER_LOCALMSPID=HullerMSP + export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_HULLER_CA + export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp export CORE_PEER_ADDRESS=localhost:11051 + elif [ $USING_ORG -eq "export" ]; then + export CORE_PEER_LOCALMSPID=ExportMSP + export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_EXPORT_CA + export CORE_PEER_MSPCONFIGPATH=${TEST_NETWORK_HOME}/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp + export CORE_PEER_ADDRESS=localhost:12051 else errorln "ORG Unknown" fi @@ -64,7 +70,7 @@ parsePeerConnectionParameters() { PEERS="" while [ "$#" -gt 0 ]; do setGlobals $1 - PEER="peer0.org$1" + PEER="peer0.$1" ## Set peer addresses if [ -z "$PEERS" ] then @@ -74,7 +80,7 @@ parsePeerConnectionParameters() { fi PEER_CONN_PARMS=("${PEER_CONN_PARMS[@]}" --peerAddresses $CORE_PEER_ADDRESS) ## Set path to TLS certificate - CA=PEER0_ORG$1_CA + CA=PEER0_$1_CA TLSINFO=(--tlsRootCertFiles "${!CA}") PEER_CONN_PARMS=("${PEER_CONN_PARMS[@]}" "${TLSINFO[@]}") # shift by one to get to the next organization diff --git a/varion/scripts/orderer.sh b/varion/scripts/orderer.sh index e18a89c9..1621d00e 100644 --- a/varion/scripts/orderer.sh +++ b/varion/scripts/orderer.sh @@ -4,7 +4,7 @@ channel_name=$1 export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt /dev/null 2>&1 -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key /dev/null 2>&1 +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer.varion.com/tls/server.key /dev/null 2>&1 osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/varion/scripts/orderer2.sh b/varion/scripts/orderer2.sh index 978aab2d..f2164d24 100755 --- a/varion/scripts/orderer2.sh +++ b/varion/scripts/orderer2.sh @@ -4,7 +4,7 @@ channel_name=$1 export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt /dev/null 2>&1 -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key > /dev/null 2>&1 +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer2.varion.com/tls/server.key > /dev/null 2>&1 osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7055 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/varion/scripts/orderer3.sh b/varion/scripts/orderer3.sh index 8b216eba..171f52f4 100644 --- a/varion/scripts/orderer3.sh +++ b/varion/scripts/orderer3.sh @@ -4,7 +4,7 @@ channel_name=$1 export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt /dev/null 2>&1 -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key > /dev/null 2>&1 +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer3.varion.com/tls/server.key > /dev/null 2>&1 osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7057 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/varion/scripts/orderer4.sh b/varion/scripts/orderer4.sh index 3c572770..a2363d06 100644 --- a/varion/scripts/orderer4.sh +++ b/varion/scripts/orderer4.sh @@ -4,7 +4,7 @@ channel_name=$1 export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt /dev/null 2>&1 -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key > /dev/null 2>&1 +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/varion.com/orderers/orderer4.varion.com/tls/server.key > /dev/null 2>&1 osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7059 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/varion/scripts/setAnchorPeer.sh b/varion/scripts/setAnchorPeer.sh index 15f7ad2e..25c192cb 100755 --- a/varion/scripts/setAnchorPeer.sh +++ b/varion/scripts/setAnchorPeer.sh @@ -7,8 +7,8 @@ # import utils # test network home var targets to test network folder -# the reason we use a var here is considering with org3 specific folder -# when invoking this for org3 as test-network/scripts/org3-scripts +# the reason we use a var here is considering with huller specific folder +# when invoking this for huller as test-network/scripts/huller-scripts # the value is changed from default as $PWD(test-network) # to .. as relative path to make the import works TEST_NETWORK_HOME=${TEST_NETWORK_HOME:-${PWD}} @@ -20,17 +20,20 @@ createAnchorPeerUpdate() { infoln "Fetching channel config for channel $CHANNEL_NAME" fetchChannelConfig $ORG $CHANNEL_NAME ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}config.json - infoln "Generating anchor peer update transaction for Org${ORG} on channel $CHANNEL_NAME" + infoln "Generating anchor peer update transaction for ${ORG} on channel $CHANNEL_NAME" - if [ $ORG -eq 1 ]; then - HOST="peer0.org1.example.com" + if [ $ORG -eq "farmer" ]; then + HOST="peer0.farmer.varion.com" PORT=7051 - elif [ $ORG -eq 2 ]; then - HOST="peer0.org2.example.com" + elif [ $ORG -eq "pulper" ]; then + HOST="peer0.pulper.varion.com" PORT=9051 - elif [ $ORG -eq 3 ]; then - HOST="peer0.org3.example.com" + elif [ $ORG -eq "huller" ]; then + HOST="peer0.huller.varion.com" PORT=11051 + elif [ $ORG -eq "export" ]; then + HOST="peer0.export.varion.com" + PORT=12051 else errorln "Org${ORG} unknown" fi @@ -50,7 +53,7 @@ createAnchorPeerUpdate() { } updateAnchorPeer() { - peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA" >&log.txt + peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.varion.com -c $CHANNEL_NAME -f ${TEST_NETWORK_HOME}/channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA" >&log.txt res=$? cat log.txt verifyResult $res "Anchor peer update failed" diff --git a/varion/setOrgEnv.sh b/varion/setOrgEnv.sh index 2b78921b..666e9f31 100755 --- a/varion/setOrgEnv.sh +++ b/varion/setOrgEnv.sh @@ -6,7 +6,7 @@ # default to using Org1 -ORG=${1:-Org1} +ORG=${farmer:-Org1} # Exit on first error, print all commands. set -e @@ -15,42 +15,58 @@ set -o pipefail # Where am I? DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" -ORDERER_CA=${DIR}/test-network/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem -PEER0_ORG1_CA=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem -PEER0_ORG2_CA=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem -PEER0_ORG3_CA=${DIR}/test-network/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem +ORDERER_CA=${DIR}/test-network/organizations/ordererOrganizations/varion.com/tlsca/tlsca.varion.com-cert.pem +PEER0_FARMER_CA=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem +PEER0_PULPER_CA=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem +PEER0_HULLER_CA=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem +PEER0_EXPORT_CA=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem -if [[ ${ORG,,} == "org1" || ${ORG,,} == "digibank" ]]; then +if [[ ${ORG,,} == "farmer" ]]; then - CORE_PEER_LOCALMSPID=Org1MSP - CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp + CORE_PEER_LOCALMSPID=FarmerMSP + CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/users/Admin@farmer.varion.com/msp CORE_PEER_ADDRESS=localhost:7051 - CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem + CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/farmer.varion.com/tlsca/tlsca.farmer.varion.com-cert.pem -elif [[ ${ORG,,} == "org2" || ${ORG,,} == "magnetocorp" ]]; then +elif [[ ${ORG,,} == "pulper" ]]; then - CORE_PEER_LOCALMSPID=Org2MSP - CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp + CORE_PEER_LOCALMSPID=PulperMSP + CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/users/Admin@pulper.varion.com/msp CORE_PEER_ADDRESS=localhost:9051 - CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem + CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/pulper.varion.com/tlsca/tlsca.pulper.varion.com-cert.pem + +elif [[ ${ORG,,} == "huller" ]]; then + + CORE_PEER_LOCALMSPID=HullerMSP + CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/users/Admin@huller.varion.com/msp + CORE_PEER_ADDRESS=localhost:9051 + CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/huller.varion.com/tlsca/tlsca.huller.varion.com-cert.pem + +elif [[ ${ORG,,} == "export" ]]; then + + CORE_PEER_LOCALMSPID=ExportMSP + CORE_PEER_MSPCONFIGPATH=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/users/Admin@export.varion.com/msp + CORE_PEER_ADDRESS=localhost:9051 + CORE_PEER_TLS_ROOTCERT_FILE=${DIR}/test-network/organizations/peerOrganizations/export.varion.com/tlsca/tlsca.export.varion.com-cert.pem else - echo "Unknown \"$ORG\", please choose Org1/Digibank or Org2/Magnetocorp" - echo "For example to get the environment variables to set upa Org2 shell environment run: ./setOrgEnv.sh Org2" + echo "Unknown \"$ORG\", please choose Farmer, Pulper, Huller, or Export" + echo "For varion to get the environment variables to set upa Pulper shell environment run: ./setOrgEnv.sh Pulper" echo echo "This can be automated to set them as well with:" echo - echo 'export $(./setOrgEnv.sh Org2 | xargs)' + echo 'export $(./setOrgEnv.sh Pulper | xargs)' exit 1 fi # output the variables that need to be set echo "CORE_PEER_TLS_ENABLED=true" echo "ORDERER_CA=${ORDERER_CA}" -echo "PEER0_ORG1_CA=${PEER0_ORG1_CA}" -echo "PEER0_ORG2_CA=${PEER0_ORG2_CA}" -echo "PEER0_ORG3_CA=${PEER0_ORG3_CA}" +echo "PEER0_FARMER_CA=${PEER0_FARMER_CA}" +echo "PEER0_PULPER_CA=${PEER0_PULPER_CA}" +echo "PEER0_HULLER_CA=${PEER0_HULLER_CA}" +echo "PEER0_EXPORT_CA=${PEER0_EXPORT_CA}" echo "CORE_PEER_MSPCONFIGPATH=${CORE_PEER_MSPCONFIGPATH}" echo "CORE_PEER_ADDRESS=${CORE_PEER_ADDRESS}"