Merge c5f953ba88 into a2c40e6522

Default to using ghcr.io for Hyperledger images in the k8s test network

Signed-off-by: James Taylor <jamest@uk.ibm.com>

test-network-k8s/network

@@ -35,7 +35,7 @@ context CLUSTER_RUNTIME               kind                  # or k3s for Rancher
 context CONTAINER_CLI                 docker                # or nerdctl for containerd
 context CONTAINER_NAMESPACE           ""                    # or "--namespace k8s.io" for containerd / nerdctl
 
-context FABRIC_CONTAINER_REGISTRY     hyperledger
+context FABRIC_CONTAINER_REGISTRY     ghcr.io/hyperledger
 context FABRIC_PEER_IMAGE             ${FABRIC_CONTAINER_REGISTRY}/fabric-peer:${FABRIC_VERSION}
 context COUCHDB_VERSION               3.4.2
 context NETWORK_NAME                  test-network

test-network/compose/podman/podman-compose-test-net.yaml

@@ -11,4 +11,3 @@ services:
   peer0.org2.example.com:
     volumes:
       - ./podman/peercfg:/etc/hyperledger/peercfg
-

test-network/network.config

@@ -55,4 +55,3 @@ CC_INVOKE_CONSTRUCTOR=''{\"Args\":[\"InitLedger\"]}''
 # Default constructor for testing a chaincode query (-cciq)
 CC_QUERY_CONSTRUCTOR=''{\"Args\":[\"GetAllAssets\"]}''
 
-

test-network/network.sh

@@ -678,6 +678,9 @@ elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "invoke" ]; then
   invokeChaincode
 elif [ "$MODE" == "cc" ] && [ "$SUBCOMMAND" == "query" ]; then
   queryChaincode
+elif [ "$MODE" == "renew" ]; then
+  infoln "Renewing certificates"
+  ./scripts/renewCerts.sh
 else
   printHelp
   exit 1

test-network/scripts/renewCerts.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Copyright IBM Corp All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This script is used to renew certificates in the test network.
+# It re-enrolls the identities using the Fabric CA.
+
+. scripts/utils.sh
+
+function renewOrg1() {
+  infoln "Renewing Org1 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
+
+  # Remove existing MSP and TLS - this is important to avoid 'malformed serial number'
+  # and other parsing errors when fabric-ca-client tries to use old certs for auth.
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  # Re-enroll everything
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg1
+}
+
+function renewOrg2() {
+  infoln "Renewing Org2 certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/peers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrg2
+}
+
+function renewOrderer() {
+  infoln "Renewing Orderer certificates"
+
+  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
+
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/msp"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tls"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/ca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/tlsca"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/orderers"
+  rm -rf "${FABRIC_CA_CLIENT_HOME}/users"
+
+  . organizations/fabric-ca/registerEnroll.sh
+  createOrderer
+}
+
+# Check if CAs are running
+if [ $(docker ps -q --filter name=ca_org1 --filter status=running | wc -l) -eq 0 ]; then
+  fatalln "Fabric CAs must be running to renew certificates. Please run './network.sh up -ca' first."
+fi
+
+renewOrg1
+renewOrg2
+renewOrderer
+
+infoln "Certificates renewed successfully. You may need to restart your network nodes (peer/orderer) to pick up the new certificates."

test-network/scripts/utils.sh

@@ -143,8 +143,15 @@ function printHelp() {
     println "   network.sh cc invoke -c channel1 -ccic '{\"Args\":[\"CreateAsset\",\"asset1\",\"red\",\"10\",\"fred\",\"500\"]}'"
     println "   network.sh cc query -c channel1 -ccqc '{\"Args\":[\"ReadAsset\",\"asset1\"]}'"
     println
+    println
     println " NOTE: Default settings can be changed in network.config"
     println
+  elif [ "$USAGE" == "renew" ]; then
+    println "Usage: "
+    println "  network.sh \033[0;32mrenew\033[0m"
+    println
+    println "    Example:"
+    println "      network.sh renew"
   else
     println "Usage: "
     println "  network.sh <Mode> [Flags]"
@@ -156,6 +163,7 @@ function printHelp() {
     println "      \033[0;32mdeployCC\033[0m - Deploy a chaincode to a channel (defaults to asset-transfer-basic)"
     println "      \033[0;32mcc\033[0m - chaincode functions, use \"network.sh cc -h\" for options"
     println "      \033[0;32mdown\033[0m - Bring down the network"
+    println "      \033[0;32mrenew\033[0m - Renew certificates for the network"
     println
     println "    Flags:"
     println "    Used with \033[0;32mnetwork.sh prereq\033[0m"