mirror of
https://github.com/hyperledger/fabric-samples.git
synced 2026-06-17 15:35:09 +00:00
7ee1bf793d
* Enable TLS on asset-transfer-basic external chaincode 1. Introduce environment variables to enable or disable TLS at runtime. Also, introduce environment variables which carries the server key, cert and the client machine's root CA cert information. 2. Read the environment variables to decide with appropriate assumptions on default values to work as is today. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com> * Update the chaincode.env with new options 1. Introduce four new environment variables to the default chaincode environment file. 2. Add two new environment files for easy/automation running of the external chaincodes for different organizations. Note that when TLS enabled, the package contents will change. So each organization will have their own package ID generated unlike earlier. Also, there will be two chaincode containers running instead of one for the given example. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com> * Add docker compose file for running chaincodes The file will build and run the chaincode on the fly. Also, it will make use of the available files which is configured by the user as part of execution. This will help in bringup/bringdown of the chaincode containers. In addition, it will help in updating the environment variables on the go. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com> * Introduce crypto directory and ignore the pem contents The directory is used by the docker-compose file for automation. Instructions in the README.md file will suffice the filling up of required files in this directory. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com> * Instructions on TLS enabled external chaincode server 1. Add instructions to generate a chaincode server TLS parameters. 2. Add instructions on different parameters that peer node expects and the chaincode expects. 3. Add instructions on steps to be followed in asset-transfer -basic to work with iTLS enabled exteral chaincode. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com> * Enable chaincode to work without TLS as well 1. Root certificate is an optional parameter supplied for chaincode to verify the peer's connection in response. 2. If TLS is enabled, then specify the key and cert parameters. Do not expect it otherwise. Signed-off-by: S m, Aruna <arun.s.m.cse@gmail.com>
24 lines
1.1 KiB
Bash
24 lines
1.1 KiB
Bash
# CHAINCODE_SERVER_ADDRESS must be set to the host and port where the peer can
|
|
# connect to the chaincode server
|
|
CHAINCODE_SERVER_ADDRESS=asset-transfer-basic.org2.example.com:9999
|
|
|
|
# CHAINCODE_ID must be set to the Package ID that is assigned to the chaincode
|
|
# on install. The `peer lifecycle chaincode queryinstalled` command can be
|
|
# used to get the ID after install if required
|
|
CHAINCODE_ID=basic_1.0:e8f9052385e3763ecf5635591155da05d8efbb6905ccbfc1c7229eb6bd28df1b
|
|
|
|
# Optional parameters that will be used for TLS connection between peer node
|
|
# and the chaincode.
|
|
# TLS is disabled by default, uncomment the following line to enable TLS connection
|
|
CHAINCODE_TLS_DISABLED=false
|
|
|
|
# Following variables will be ignored if TLS is not enabled.
|
|
# They need to be in PEM format
|
|
CHAINCODE_TLS_KEY=/crypto/key2.pem
|
|
CHAINCODE_TLS_CERT=/crypto/cert2.pem
|
|
|
|
# The following variable will be used by the chaincode server to verify the
|
|
# connection from the peer node.
|
|
# Note that when this is set a single chaincode server cannot be shared
|
|
# across organizations unless their root CA is same.
|
|
CHAINCODE_CLIENT_CA_CERT=/crypto/rootcert2.pem
|