Merge c5f953ba88 into a2c40e6522

Default to using ghcr.io for Hyperledger images in the k8s test network

Signed-off-by: James Taylor <jamest@uk.ibm.com>

test-network-k8s/network

@@ -35,7 +35,7 @@ context CLUSTER_RUNTIME               kind                  # or k3s for Rancher
 context CONTAINER_CLI                 docker                # or nerdctl for containerd
 context CONTAINER_NAMESPACE           ""                    # or "--namespace k8s.io" for containerd / nerdctl
 
-context FABRIC_CONTAINER_REGISTRY     hyperledger
+context FABRIC_CONTAINER_REGISTRY     ghcr.io/hyperledger
 context FABRIC_PEER_IMAGE             ${FABRIC_CONTAINER_REGISTRY}/fabric-peer:${FABRIC_VERSION}
 context COUCHDB_VERSION               3.4.2
 context NETWORK_NAME                  test-network

test-network/addOrg3/addOrg3.sh

@@ -281,4 +281,4 @@ elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts
 else
   printHelp
   exit 1
-fi
+fi

test-network/addOrg3/ccp-generate.sh

@@ -33,4 +33,4 @@ PEERPEM=../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.exa
 CAPEM=../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
 
 echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.json
-echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml

test-network/addOrg3/ccp-template.yaml

@@ -32,4 +32,4 @@ certificateAuthorities:
         - |
           ${CAPEM}
     httpOptions:
-      verify: false
+      verify: false

test-network/addOrg3/compose/compose-ca-org3.yaml

@@ -22,4 +22,4 @@ services:
     command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
     volumes:
       - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
-    container_name: ca_org3
+    container_name: ca_org3

test-network/addOrg3/compose/compose-couch-org3.yaml

@@ -37,4 +37,4 @@ services:
     depends_on:
       - couchdb4
     networks:
-      - test
+      - test

test-network/addOrg3/compose/compose-org3.yaml

@@ -48,4 +48,4 @@ services:
     ports:
       - 11051:11051
     networks:
-      - test
+      - test

test-network/addOrg3/compose/docker/docker-compose-ca-org3.yaml

@@ -1,4 +1,4 @@
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
-#
+#

test-network/addOrg3/compose/docker/docker-compose-couch-org3.yaml

@@ -1,4 +1,4 @@
 # Copyright IBM Corp. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
-#
+#

test-network/addOrg3/compose/docker/docker-compose-org3.yaml

@@ -19,4 +19,4 @@ services:
       - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
     volumes:
       - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock

test-network/addOrg3/compose/docker/peercfg/core.yaml

@@ -774,4 +774,4 @@ metrics:
         writeInterval: 10s
 
         # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:

test-network/addOrg3/compose/podman/peercfg/core.yaml

@@ -774,4 +774,4 @@ metrics:
         writeInterval: 10s
 
         # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:

test-network/addOrg3/compose/podman/podman-compose-ca-org3.yaml

@@ -22,4 +22,4 @@ services:
     command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
     volumes:
       - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server
-    container_name: ca_org3
+    container_name: ca_org3

test-network/addOrg3/compose/podman/podman-compose-couch-org3.yaml

@@ -37,4 +37,4 @@ services:
     depends_on:
       - couchdb4
     networks:
-      - test
+      - test

test-network/addOrg3/compose/podman/podman-compose-org3.yaml

@@ -46,4 +46,4 @@ services:
     ports:
       - 11051:11051
     networks:
-      - test
+      - test

test-network/addOrg3/configtx.yaml

@@ -35,4 +35,4 @@ Organizations:
                 Rule: "OR('Org3MSP.admin')"
             Endorsement:
                 Type: Signature
-                Rule: "OR('Org3MSP.peer')"
+                Rule: "OR('Org3MSP.peer')"

test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml

@@ -405,4 +405,4 @@ intermediate:
     certfiles:
     client:
       certfile:
-      keyfile:
+      keyfile:

test-network/addOrg3/fabric-ca/registerEnroll.sh

@@ -84,4 +84,4 @@ function createOrg3 {
   { set +x; } 2>/dev/null
 
   cp "${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml" "${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml"
-}
+}

test-network/addOrg3/org3-crypto.yaml

@@ -18,4 +18,4 @@ PeerOrgs:
       SANS:
         - localhost
     Users:
-      Count: 1
+      Count: 1

test-network/compose/compose-bft-test-net.yaml

@@ -259,4 +259,4 @@ services:
       - 9051:9051
       - 9445:9445
     networks:
-      - test
+      - test

test-network/compose/compose-ca.yaml

@@ -67,4 +67,4 @@ services:
       - ../organizations/fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server
     container_name: ca_orderer
     networks:
-      - test
+      - test

test-network/compose/compose-couch.yaml

@@ -64,4 +64,4 @@ services:
       - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
       - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
     depends_on:
-      - couchdb1
+      - couchdb1

test-network/compose/compose-test-net.yaml

@@ -132,4 +132,4 @@ services:
       - 9051:9051
       - 9445:9445
     networks:
-      - test
+      - test

test-network/compose/docker/docker-compose-bft-test-net.yaml

@@ -28,4 +28,4 @@ services:
       - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
     volumes:
       - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock

test-network/compose/docker/docker-compose-test-net.yaml

@@ -28,4 +28,4 @@ services:
       - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
     volumes:
       - ./docker/peercfg:/etc/hyperledger/peercfg
-      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock

test-network/compose/docker/peercfg/core.yaml

@@ -774,4 +774,4 @@ metrics:
         writeInterval: 10s
 
         # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:

test-network/compose/podman/peercfg/core.yaml

@@ -774,4 +774,4 @@ metrics:
         writeInterval: 10s
 
         # prefix is prepended to all emitted statsd metrics
-        prefix:
+        prefix:

test-network/compose/podman/podman-compose-test-net.yaml

@@ -11,4 +11,3 @@ services:
   peer0.org2.example.com:
     volumes:
       - ./podman/peercfg:/etc/hyperledger/peercfg
-

test-network/configtx/configtx.yaml

@@ -276,4 +276,4 @@ Profiles:
       Organizations:
         - *Org1
         - *Org2
-      Capabilities: *ApplicationCapabilities
+      Capabilities: *ApplicationCapabilities

test-network/monitordocker.sh

@@ -30,4 +30,4 @@ docker run -d --rm --name="logspout" \
 	--network  ${DOCKER_NETWORK} \
 	gliderlabs/logspout
 sleep 3
-curl http://127.0.0.1:${PORT}/logs
+curl http://127.0.0.1:${PORT}/logs

test-network/network.config

@@ -55,4 +55,3 @@ CC_INVOKE_CONSTRUCTOR=''{\"Args\":[\"InitLedger\"]}''
 # Default constructor for testing a chaincode query (-cciq)
 CC_QUERY_CONSTRUCTOR=''{\"Args\":[\"GetAllAssets\"]}''
 
-

test-network/network.sh

@@ -678,7 +678,10 @@ elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "invoke" ]; then
   invokeChaincode
 elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "query" ]; then
   queryChaincode
+elif [ "$MODE" == "renew" ]; then
+  infoln "Renewing certificates"
+  ./scripts/renewCerts.sh
 else
   printHelp
   exit 1
-fi
+fi

test-network/organizations/ccp-generate.sh

@@ -42,4 +42,4 @@ PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.exampl
 CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
 
 echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json
-echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml
+echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml

test-network/organizations/ccp-template.yaml

@@ -32,4 +32,4 @@ certificateAuthorities:
         - |
           ${CAPEM}
     httpOptions:
-      verify: false
+      verify: false

test-network/organizations/cfssl/registerEnroll.sh

@@ -273,4 +273,4 @@ function generate_orderer_certs() {
     mv "$CERT_DIR/orderers/$USER/tls/server.pem" "$CERT_DIR/orderers/$USER/tls/server.crt"
     mv "$CERT_DIR/orderers/$USER/tls/server-key.pem" "$CERT_DIR/orderers/$USER/tls/server.key"
     rm "$PWD/organizations/cfssl/orderer-${USER}.json"
-}
+}

test-network/organizations/cryptogen/crypto-config-org1.yaml

@@ -58,4 +58,4 @@ PeerOrgs:
     # Count: The number of user accounts _in addition_ to Admin
     # ---------------------------------------------------------------------------
     Users:
-      Count: 1
+      Count: 1

test-network/organizations/cryptogen/crypto-config-org2.yaml

@@ -58,4 +58,4 @@ PeerOrgs:
     # Count: The number of user accounts _in addition_ to Admin
     # ---------------------------------------------------------------------------
     Users:
-      Count: 1
+      Count: 1

test-network/organizations/fabric-ca/ordererOrg/fabric-ca-server-config.yaml

@@ -403,4 +403,4 @@ intermediate:
     certfiles:
     client:
       certfile:
-      keyfile:
+      keyfile:

test-network/organizations/fabric-ca/org1/fabric-ca-server-config.yaml

@@ -403,4 +403,4 @@ intermediate:
     certfiles:
     client:
       certfile:
-      keyfile:
+      keyfile:

test-network/organizations/fabric-ca/org2/fabric-ca-server-config.yaml

@@ -403,4 +403,4 @@ intermediate:
     certfiles:
     client:
       certfile:
-      keyfile:
+      keyfile:

test-network/organizations/fabric-ca/registerEnroll.sh

@@ -251,4 +251,4 @@ function createOrderer() {
   { set +x; } 2>/dev/null
 
   cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"
-}
+}

test-network/prometheus-grafana/docker-compose.yaml

@@ -63,4 +63,4 @@ services:
 networks:
   default:
     external: true
-    name: fabric_test
+    name: fabric_test

test-network/scripts/configUpdate.sh

@@ -67,4 +67,4 @@ signConfigtxAsPeerOrg() {
   set -x
   peer channel signconfigtx -f "${CONFIGTXFILE}"
   { set +x; } 2>/dev/null
-}
+}

test-network/scripts/createChannel.sh

@@ -124,4 +124,4 @@ setAnchorPeer 1
 infoln "Setting anchor peer for org2..."
 setAnchorPeer 2
 
-successln "Channel '$CHANNEL_NAME' joined"
+successln "Channel '$CHANNEL_NAME' joined"

test-network/scripts/deployCC.sh

@@ -115,4 +115,4 @@ else
   chaincodeInvokeInit 1 2
 fi
 
-exit 0
+exit 0

test-network/scripts/deployCCAAS.sh

@@ -220,4 +220,4 @@ else
   chaincodeInvokeInit 1 2
 fi
 
-exit 0
+exit 0

test-network/scripts/envVar.sh

@@ -86,4 +86,4 @@ verifyResult() {
   if [ $1 -ne 0 ]; then
     fatalln "$2"
   fi
-}
+}

test-network/scripts/org3-scripts/joinChannel.sh

@@ -73,4 +73,4 @@ infoln "Setting anchor peer for org3..."
 setAnchorPeer 3
 
 successln "Channel '$CHANNEL_NAME' joined"
-successln "Org3 peer successfully added to network"
+successln "Org3 peer successfully added to network"

test-network/scripts/org3-scripts/updateChannelConfig.sh

@@ -53,4 +53,4 @@ set -x
 peer channel update -f ${TEST_NETWORK_HOME}/channel-artifacts/org3_update_in_envelope.pb -c ${CHANNEL_NAME} -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA"
 { set +x; } 2>/dev/null
 
-successln "Config transaction to add org3 to network submitted"
+successln "Config transaction to add org3 to network submitted"

test-network/scripts/packageCC.sh

@@ -98,4 +98,4 @@ packageChaincode() {
 ## package the chaincode
 packageChaincode
 
-exit 0
+exit 0

test-network/scripts/pkgcc.sh

@@ -104,4 +104,4 @@ tar -C "$tempdir/pkg" -czf "$label.tgz" metadata.json code.tar.gz
 rm -Rf "$tempdir"
 
 packageid="${label}:$(shasum -a 256 audit-trail.tgz | cut -d ' ' -f1)"
-echo ${packageid}
+echo ${packageid}

test-network/scripts/renewCerts.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Copyright IBM Corp All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This script is used to renew certificates in the test network.
+# It re-enrolls the identities using the Fabric CA.
+
+. scripts/utils.sh
+
+function renewOrg1() {
+  infoln "Renewing Org1 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
+
+  # Remove existing MSP and TLS - this is important to avoid 'malformed serial number'
+  # and other parsing errors when fabric-ca-client tries to use old certs for auth.
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  # Re-enroll everything
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg1
+}
+
+function renewOrg2() {
+  infoln "Renewing Org2 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg2
+}
+
+function renewOrderer() {
+  infoln "Renewing Orderer certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/orderers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrderer
+}
+
+# Check if CAs are running
+if [ $(docker ps -q --filter name=ca_org1 --filter status=running | wc -l) -eq 0 ]; then
+  fatalln "Fabric CAs must be running to renew certificates. Please run './network.sh up -ca' first."
+fi
+
+renewOrg1
+renewOrg2
+renewOrderer
+
+infoln "Certificates renewed successfully. You may need to restart your network nodes (peer/orderer) to pick up the new certificates."

test-network/scripts/setAnchorPeer.sh

@@ -64,4 +64,4 @@ setGlobals $ORG
 
 createAnchorPeerUpdate 
 
-updateAnchorPeer 
+updateAnchorPeer 

test-network/scripts/utils.sh

@@ -143,8 +143,15 @@ function printHelp() {
     println "   network.sh cc invoke -c channel1 -ccic '{\"Args\":[\"CreateAsset\",\"asset1\",\"red\",\"10\",\"fred\",\"500\"]}'"
     println "   network.sh cc query -c channel1 -ccqc '{\"Args\":[\"ReadAsset\",\"asset1\"]}'"
     println
+    println
     println " NOTE: Default settings can be changed in network.config"
     println
+  elif [ "$USAGE" == "renew" ]; then
+    println "Usage: "
+    println "  network.sh \033[0;32mrenew\033[0m"
+    println
+    println "    Example:"
+    println "      network.sh renew"
   else
     println "Usage: "
     println "  network.sh <Mode> [Flags]"
@@ -156,6 +163,7 @@ function printHelp() {
     println "      \033[0;32mdeployCC\033[0m - Deploy a chaincode to a channel (defaults to asset-transfer-basic)"
     println "      \033[0;32mcc\033[0m - chaincode functions, use \"network.sh cc -h\" for options"
     println "      \033[0;32mdown\033[0m - Bring down the network"
+    println "      \033[0;32mrenew\033[0m - Renew certificates for the network"
     println
     println "    Flags:"
     println "    Used with \033[0;32mnetwork.sh prereq\033[0m"
@@ -262,4 +270,4 @@ function fatalln() {
 export -f errorln
 export -f successln
 export -f infoln
-export -f warnln
+export -f warnln

test-network/setOrgEnv.sh

@@ -56,4 +56,4 @@ echo "CORE_PEER_MSPCONFIGPATH=${CORE_PEER_MSPCONFIGPATH}"
 echo "CORE_PEER_ADDRESS=${CORE_PEER_ADDRESS}"
 echo "CORE_PEER_TLS_ROOTCERT_FILE=${CORE_PEER_TLS_ROOTCERT_FILE}"
 
-echo "CORE_PEER_LOCALMSPID=${CORE_PEER_LOCALMSPID}"
+echo "CORE_PEER_LOCALMSPID=${CORE_PEER_LOCALMSPID}"