Merge ef871b9bac into a2c40e6522

test-network-k8s: ghcr.io for Hyperledger images (#1416 )
Default to using ghcr.io for Hyperledger images in the k8s test network Signed-off-by: James Taylor <jamest@uk.ibm.com>
2026-06-17 07:25:10 +00:00 · 2026-05-24 13:29:20 +08:00 · 2026-05-21 11:30:24 +01:00 · 2024-01-09 11:22:38 +05:30
4 changed files with 180 additions and 1 deletions
--- a/test-network-k8s/network
+++ b/test-network-k8s/network
@ -35,7 +35,7 @@ context CLUSTER_RUNTIME               kind                  # or k3s for Rancher
 context CONTAINER_CLI                 docker                # or nerdctl for containerd
 context CONTAINER_NAMESPACE           ""                    # or "--namespace k8s.io" for containerd / nerdctl

-context FABRIC_CONTAINER_REGISTRY     hyperledger
+context FABRIC_CONTAINER_REGISTRY     ghcr.io/hyperledger
 context FABRIC_PEER_IMAGE             ${FABRIC_CONTAINER_REGISTRY}/fabric-peer:${FABRIC_VERSION}
 context COUCHDB_VERSION               3.4.2
 context NETWORK_NAME                  test-network
--- a/test-network/network.sh
+++ b/test-network/network.sh
@ -429,6 +429,25 @@ function queryChaincode() {

 }

+function renewCerts(){
+    . ./organizations/fabric-ca/reEnroll.sh
+
+    rm "${PWD}"/organizations/fabric-ca/ordererOrg/tls-cert.pem
+    docker restart ca_orderer
+    sleep 10
+    reEnrollOrderer
+
+    rm "${PWD}"/organizations/fabric-ca/org1/tls-cert.pem
+    docker restart ca_org1
+    sleep 10
+    reEnrollOrg1
+
+    rm "${PWD}"/organizations/fabric-ca/org2/tls-cert.pem
+    docker restart ca_org2
+    sleep 10
+    reEnrollOrg2
+}
+

 # Tear down running network
 function networkDown() {
@ -678,6 +697,8 @@ elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "invoke" ]; then
  invokeChaincode
 elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "query" ]; then
  queryChaincode
+elif [ "$MODE" == "renewCerts" ]; then
+  renewCerts
 else
  printHelp
  exit 1
--- a/test-network/organizations/fabric-ca/reEnroll.sh
+++ b/test-network/organizations/fabric-ca/reEnroll.sh
@ -0,0 +1,157 @@
+#!/bin/bash
+
+function reEnrollOrg1() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/peerOrganizations/org1.example.com/
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy org1's CA cert to org1's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"
+
+  # Copy org1's CA cert to org1's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
+
+  # Copy org1's CA cert to org1's /ca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca"
+  cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"
+
+
+  infoln "Generating the peer0 msp"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml"
+
+  infoln "Generating the peer0-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt"
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"
+
+  infoln "Generating the user msp"
+  set -x
+  fabric-ca-client reenroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml"
+
+  infoln "Generating the org admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml"
+}
+
+function reEnrollOrg2() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/peerOrganizations/org2.example.com/
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy org2's CA cert to org2's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt"
+
+  # Copy org2's CA cert to org2's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
+
+  # Copy org2's CA cert to org2's /ca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca"
+  cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"
+
+  infoln "Generating the peer0 msp"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml"
+
+  infoln "Generating the peer0-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the peer's tls directory that are referenced by peer startup config
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt"
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"
+
+  infoln "Generating the user msp"
+  set -x
+  fabric-ca-client reenroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml"
+
+  infoln "Generating the org admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml"
+}
+
+function reEnrollOrderer() {
+  infoln "Re-enrolling the CA admin"
+  mkdir -p organizations/ordererOrganizations/example.com
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
+
+  set -x
+  fabric-ca-client reenroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy orderer org's CA cert to orderer org's /msp/tlscacerts directory (for use in the channel MSP definition)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
+
+  # Copy orderer org's CA cert to orderer org's /tlsca directory (for use by clients)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
+  cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
+
+  infoln "Generating the orderer msp"
+  set -x
+  fabric-ca-client reenroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"
+
+  infoln "Generating the orderer-tls certificates"
+  set -x
+  fabric-ca-client reenroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  # Copy the tls CA cert, server cert, server keystore to well known file names in the orderer's tls directory that are referenced by orderer startup config
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
+
+  # Copy orderer org's CA cert to orderer's /msp/tlscacerts directory (for use in the orderer MSP definition)
+  mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
+  cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
+
+  infoln "Generating the admin msp"
+  set -x
+  fabric-ca-client reenroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" --csr.keyrequest.reusekey
+  { set +x; } 2>/dev/null
+
+  cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"
+}
--- a/test-network/scripts/utils.sh
+++ b/test-network/scripts/utils.sh
@ -198,6 +198,7 @@ function printHelp() {
    println "   network.sh createChannel -c channelName"
    println "   network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-javascript/ -ccl javascript"
    println "   network.sh deployCC -ccn mychaincode -ccp ./user/mychaincode -ccv 1 -ccl javascript"
+    println "   network.sh renewCerts"
    println
    println " NOTE: Default settings can be changed in network.config"
  fi
Author	SHA1	Message	Date
Aditya Joshi	0585f6fae7	Merge `ef871b9bac` into `a2c40e6522`	2026-05-24 13:29:20 +08:00
James Taylor	a2c40e6522	test-network-k8s: ghcr.io for Hyperledger images (#1416 ) Some checks failed Test Network BFT Orderer 🍟 / basic (java, cryptogen) (push) Has been cancelled Details Test Network BFT Orderer 🍟 / basic (javascript, ca) (push) Has been cancelled Details Test Network BFT Orderer 🍟 / basic (javascript, cryptogen) (push) Has been cancelled Details Test Network BFT Orderer 🍟 / basic (typescript, ca) (push) Has been cancelled Details Test Network BFT Orderer 🍟 / basic (typescript, cryptogen) (push) Has been cancelled Details Test Network Events 💡 / events (go, events) (push) Has been cancelled Details Test Network Events 💡 / events (java, events) (push) Has been cancelled Details Test Network Events 💡 / events (javascript, events) (push) Has been cancelled Details Test Network HSM 🍏 / hsm (go) (push) Has been cancelled Details Test Network HSM 🍏 / hsm (java) (push) Has been cancelled Details Test Network HSM 🍏 / hsm (javascript) (push) Has been cancelled Details Test Network HSM 🍏 / hsm (typescript) (push) Has been cancelled Details Kubernetes Test Network 🍒 / ccaas-java (push) Has been cancelled Details Kubernetes Test Network 🍒 / ccaas-external (push) Has been cancelled Details Kubernetes Test Network 🍒 / k8s-builder (push) Has been cancelled Details Kubernetes Test Network 🍒 / multi-namespace (push) Has been cancelled Details Kubernetes Test Network 🍒 / bft-orderer (push) Has been cancelled Details Test Network Ledger 🥑 / basic (go, ledger) (push) Has been cancelled Details Test Network Ledger 🥑 / basic (javascript, ledger) (push) Has been cancelled Details Test Network Ledger 🥑 / basic (typescript, ledger) (push) Has been cancelled Details Test Network Off Chain 🍔 / off-chain (go) (push) Has been cancelled Details Test Network Off Chain 🍔 / off-chain (java) (push) Has been cancelled Details Test Network Off Chain 🍔 / off-chain (javascript) (push) Has been cancelled Details Test Network Off Chain 🍔 / off-chain (typescript) (push) Has been cancelled Details Test Network Private 🔒 / private (go, private) (push) Has been cancelled Details Test Network Private 🔒 / private (java, private) (push) Has been cancelled Details Test Network Private 🔒 / private (typescript, private) (push) Has been cancelled Details Test Network SBE 🎵 / SBE (java, sbe) (push) Has been cancelled Details Test Network SBE 🎵 / SBE (typescript, sbe) (push) Has been cancelled Details Test Network Secured 🔔 / secured (go, secured) (push) Has been cancelled Details Default to using ghcr.io for Hyperledger images in the k8s test network Signed-off-by: James Taylor <jamest@uk.ibm.com>	2026-05-21 11:30:24 +01:00
Aditya Joshi	ef871b9bac	added sample for certifiate renewal in test-network Signed-off-by: Aditya Joshi <adityaprakashjoshi1@gmail.com>	2024-01-09 11:22:38 +05:30