Hyperledger Fabric 2.3 + Improvements (#15)

* Add optional service monitor to CA and orderer * Admin hosts for the orderer and resources * Rremove ca_Controller & suite * Add SignCACert and TlsCACert to the status for peer
hyperledger-bevel · Jun 13, 2021 · 0931960 · 0931960
1 parent e7ed1ce
commit 0931960
Show file tree

Hide file tree

Showing 99 changed files with 5,812 additions and 2,816 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,6 @@ RUN \
 
 COPY CREDITS /licenses/CREDITS
 COPY LICENSE /licenses/LICENSE
-COPY LICENSE /licenses/LICENSE
 LABEL name="HLF Operator" \
       vendor="Kung Fu Software <dviejo@kungfusoftware.es>" \
       maintainer="Kung Fu Software <dviejo@kungfusoftware.es>" \

diff --git a/README.md b/README.md
@@ -24,11 +24,6 @@ title: Getting started
 - [ ] More parametrization on the Fabric CA
 - [ ] More parametrization on the Fabric Ordering services
 
-## Ideas for the future
-
-- [ ] Install chaincode in peer using Custom Resource Definitions
-- [ ] Manage channel configuration using Custom Resource Definitions
-
 ## Getting started
 
 ### Requirements
@@ -63,7 +58,7 @@ helm install hlf-operator ./chart/hlf-operator
 
 
 ```bash
-kubectl krew install hlf 
+kubectl krew install hlf
 ```
 
 ## Deploy a Peer Organization
@@ -84,7 +79,7 @@ kubectl hlf ca register --name=org1-ca --user=peer --secret=peerpw --type=peer \
 
  ```bash
 
-kubectl hlf peer create --storage-class=standard --enroll-id=peer --mspid=Org1MSP \
+kubectl hlf peer create --storage-class= --enroll-id=peer --mspid=Org1MSP \
         --enroll-pw=peerpw --capacity=5Gi --name=org1-peer0 --ca-name=org1-ca.default
 kubectl wait --timeout=180s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all
 ```
@@ -102,33 +97,31 @@ kubectl hlf ca register --name=ord-ca --user=orderer --secret=ordererpw \
 
 ```
 
-### Deploying the Ordering service
+### Deploying the Orderer nodes node
 
 ```bash
-kubectl hlf ordservice create  --storage-class=standard --enroll-id=orderer --mspid=OrdererMSP \
-    --enroll-pw=ordererpw --capacity=2Gi --name=ordservice --ca-name=ord-ca.default \
-    --system-channel testchainid --num-orderers=1
-kubectl wait --timeout=180s --for=condition=Running fabricorderingservices.hlf.kungfusoftware.es --all
+kubectl hlf ordnode create  --storage-class=standard --enroll-id=orderer --mspid=OrdererMSP \
+    --enroll-pw=ordererpw --capacity=2Gi --name=ord-node1 --ca-name=ord-ca.default
+kubectl wait --timeout=180s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all
 ```
 
 ## Preparing a connection string for the ordering service
 ```bash
 kubectl hlf inspect --output ordservice.yaml -o OrdererMSP
 kubectl hlf ca register --name=ord-ca --user=admin --secret=adminpw \
-    --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=Ord2MSP
+    --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=OrdererMSP
+
+kubectl hlf channel generate --output=demo.block --name=demo --organizations Org1MSP --ordererOrganizations OrdererMSP
 
-kubectl hlf ca enroll --name=ord-ca --user=admin --secret=adminpw --mspid Ord2MSP \
-        --ca-name ca  --output admin-ordservice.yaml 
 
+kubectl hlf ca enroll --name=ord-ca --namespace=default --user=admin --secret=adminpw --mspid OrdererMSP \
+        --ca-name tlsca  --output admin-tls-ordservice.yaml 
+
+kubectl hlf ordnode join --block=demo.block --name=ord-node1 --namespace=default --identity=admin-tls-ordservice.yaml
 ```
 > IMPORTANT!!: **Add user from admin-ordservice.yaml to ordservice.yaml** if not, following commands will not work
 
-## Create a consortium
-```bash
-kubectl hlf consortiums create --name=Default --system-channel-id="testchainid" \
-    --config=ordservice.yaml --orderer-org=ordservice.default --user=admin \
-    -p=org1-peer0.default
-```
+
 ## Preparing a connection string for the peer
 ```bash
 kubectl hlf ca register --name=org1-ca --user=admin --secret=adminpw --type=admin \
@@ -142,24 +135,21 @@ kubectl hlf inspect --output org1.yaml -o Org1MSP -o OrdererMSP
 ```
 
 > IMPORTANT!!: **Add user from peer-org1.yaml to org1.yaml** if not, following commands will not work
-## Create a channel
-```bash
 
-kubectl hlf channel create --name=ch1 --config=org1.yaml \
-    --admin-org=org1-peer0.default --user=admin \
-    -p=org1-peer0.default --ordering-service=ordservice.default \
-    --consortium=Default
+## Inspect the channel
+```bash
+kubectl hlf channel inspect --channel=demo --config=org1.yaml \
+    --user=admin -p=org1-peer0.default > demo.json
 ```
-
 ## Add anchor peer
 ```bash
-kubectl hlf channel addanchorpeer --channel=ch1 --config=org1.yaml \
+kubectl hlf channel addanchorpeer --channel=demo --config=org1.yaml \
     --user=admin --peer=org1-peer0.default 
 
 ```
 ## Join channel
 ```bash
-kubectl hlf channel join --name=ch1 --config=org1.yaml \
+kubectl hlf channel join --name=demo --config=org1.yaml \
     --user=admin -p=org1-peer0.default
 
 ```
@@ -170,15 +160,18 @@ In case of error, you may need to add the following to the org1.yaml configurati
 ```yaml
 channels:
   _default:
+    orderers:
+      - ord-node1.default
     peers:
       "org1-peer0.default":
-          endorsingPeer: true
-          chaincodeQuery: true
-          ledgerQuery: true
-          eventSource: true
+        endorsingPeer: true
+        chaincodeQuery: true
+        ledgerQuery: true
+        eventSource: true
+
 ```
 ```bash
-kubectl hlf channel top --channel=ch1 --config=org1.yaml \
+kubectl hlf channel top --channel=demo --config=org1.yaml \
     --user=admin -p=org1-peer0.default
 ```
 
@@ -198,40 +191,40 @@ kubectl hlf chaincode queryinstalled --config=org1.yaml --user=admin --peer=org1
 ## Approve chaincode
 ```bash
 kubectl hlf chaincode approveformyorg --config=org1.yaml --user=admin --peer=org1-peer0.default \
-    --package-id=fabcar:db8d009f7e2e9fa4a40ddfd6b7e603d3177b126d18cdbeabcf8481f9a6de519f \
+    --package-id=fabcar:0c616be7eebace4b3c2aa0890944875f695653dbf80bef7d95f3eed6667b5f40 \
     --version "1.0" --sequence 1 --name=fabcar \
-    --policy="OR('Org1MSP.member')" --channel=ch1
+    --policy="OR('Org1MSP.member')" --channel=demo
 ```
 
 ## Commit chaincode
 ```bash
 kubectl hlf chaincode commit --config=org1.yaml --user=admin --peer=org1-peer0.default \
     --version "1.0" --sequence 1 --name=fabcar \
-    --policy="OR('Org1MSP.member')" --channel=ch1
+    --policy="OR('Org1MSP.member')" --channel=demo
 ```
 
 
 ## Invoke a transaction in the ledger
 ```bash
 kubectl hlf chaincode invoke --config=org1.yaml \
     --user=admin --peer=org1-peer0.default \
-    --chaincode=fabcar --channel=ch1 \
+    --chaincode=fabcar --channel=demo \
     --fcn=initLedger -a '[]'
 ```
 
 ## Query the ledger
 ```bash
 kubectl hlf chaincode query --config=org1.yaml \
     --user=admin --peer=org1-peer0.default \
-    --chaincode=fabcar --channel=ch1 \
+    --chaincode=fabcar --channel=demo \
     --fcn=QueryAllCars -a '[]'
 ```
 
 At this point, you should have:
 
 - Ordering service with 3 nodes and a CA
 - Peer organization with a peer and a CA
-- A channel **ch1**
+- A channel **demo**
 - A chaincode install in peer0
 - A chaincode approved and committed
 
@@ -240,7 +233,7 @@ If something went wrong or didn't work, please, open an issue.
 ### Cleanup the environment
 
 ```bash
-kubectl delete fabricorderingservices.hlf.kungfusoftware.es --all-namespaces --all
+kubectl delete fabricorderernodes.hlf.kungfusoftware.es --all-namespaces --all
 kubectl delete fabricpeers.hlf.kungfusoftware.es --all-namespaces --all
 kubectl delete fabriccas.hlf.kungfusoftware.es --all-namespaces --all
 ```
diff --git a/admin-ordservice.yaml b/admin-ordservice.yaml
@@ -0,0 +1,24 @@
+cert:
+  pem: |
+    -----BEGIN CERTIFICATE-----
+    MIICUzCCAfmgAwIBAgIUKQi9dNBm4bm9b3rhoKTmhpqC/iMwCgYIKoZIzj0EAwIw
+    ajELMAkGA1UEBhMCRVMxETAPBgNVBAcTCEFsaWNhbnRlMREwDwYDVQQJEwhBbGlj
+    YW50ZTEZMBcGA1UEChMQS3VuZyBGdSBTb2Z0d2FyZTENMAsGA1UECxMEVGVjaDEL
+    MAkGA1UEAxMCY2EwHhcNMjEwNDA2MjMxODAwWhcNMjIwNDA2MjMyMzAwWjAgMQ4w
+    DAYDVQQLEwVhZG1pbjEOMAwGA1UEAxMFYWRtaW4wWTATBgcqhkjOPQIBBggqhkjO
+    PQMBBwNCAAQi3p9/fg2lHV/ajuHm7fqxFNsJjJfmHVxSHyRA3mtU0yq2Dy4yk8XO
+    10MIZO4zUpMopUEcVqnxdLZhdF0HC7Eoo4HGMIHDMA4GA1UdDwEB/wQEAwIHgDAM
+    BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT+rhCMGDKWggyAVGYcfwMlh85v4TArBgNV
+    HSMEJDAigCANZVwJvrQUz0XSDzwxmRqjfE0NAYlFR5sUUPo0QT5GxDBXBggqAwQF
+    BgcIAQRLeyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1l
+    bnRJRCI6ImFkbWluIiwiaGYuVHlwZSI6ImFkbWluIn19MAoGCCqGSM49BAMCA0gA
+    MEUCIQDoXUDT38MS/xeVjvzGqOGo7TA+S8aGYgkk3Dwv56g1owIgZmzsrJSIX9RM
+    ZoTWUPpx02bng88r4tE6HPSfKfFao5k=
+    -----END CERTIFICATE-----
+key:
+  pem: |
+    -----BEGIN PRIVATE KEY-----
+    MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3c1d3CWFK2t/xmZH
+    88l6sUjZ/EXCZahQTYC2ml7mhfahRANCAAQi3p9/fg2lHV/ajuHm7fqxFNsJjJfm
+    HVxSHyRA3mtU0yq2Dy4yk8XO10MIZO4zUpMopUEcVqnxdLZhdF0HC7Eo
+    -----END PRIVATE KEY-----