Skip to content

Commit 0c4141f

Browse files
author
Simon Stone
committed
[FAB-14485] Extend BYFN to opt inc cert authorities
Add a new "-a" option to byfn.sh that optionally deploys certificate authorities (in Docker containers) for organisation 1 and 2. Change-Id: Ib58c46941aa6e8e58bac01aa3349e97d1f93b930 Signed-off-by: Simon Stone <sstone1@uk.ibm.com>
1 parent 529b83b commit 0c4141f

File tree

7 files changed

+164
-64
lines changed

7 files changed

+164
-64
lines changed

first-network/byfn.sh

Lines changed: 36 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ export VERBOSE=false
3535
# Print the usage message
3636
function printHelp() {
3737
echo "Usage: "
38-
echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-v]"
38+
echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-a] [-v]"
3939
echo " <mode> - one of 'up', 'down', 'restart', 'generate' or 'upgrade'"
4040
echo " - 'up' - bring up the network with docker-compose up"
4141
echo " - 'down' - clear the network with docker-compose down"
@@ -50,6 +50,7 @@ function printHelp() {
5050
echo " -l <language> - the chaincode language: golang (default) or node"
5151
echo " -o <consensus-type> - the consensus-type of the ordering service: solo (default), kafka, or etcdraft"
5252
echo " -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")"
53+
echo " -a - launch certificate authorities (no certificate authorities are launched by default)"
5354
echo " -v - verbose mode"
5455
echo " byfn.sh -h (print this message)"
5556
echo
@@ -156,29 +157,22 @@ function networkUp() {
156157
replacePrivateKey
157158
generateChannelArtifacts
158159
fi
160+
COMPOSE_FILES="-f ${COMPOSE_FILE}"
161+
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
162+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
163+
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
164+
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
165+
fi
166+
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
167+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
168+
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
169+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
170+
fi
159171
if [ "${IF_COUCHDB}" == "couchdb" ]; then
160-
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
161-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH up -d 2>&1
162-
docker ps -a
163-
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
164-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH up -d 2>&1
165-
docker ps -a
166-
else
167-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH up -d 2>&1
168-
docker ps -a
169-
fi
170-
else
171-
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
172-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA up -d 2>&1
173-
docker ps -a
174-
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
175-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 up -d 2>&1
176-
docker ps -a
177-
else
178-
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE up -d 2>&1
179-
docker ps -a
180-
fi
172+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
181173
fi
174+
IMAGE_TAG=$IMAGETAG docker-compose ${COMPOSE_FILES} up -d 2>&1
175+
docker ps -a
182176
if [ $? -ne 0 ]; then
183177
echo "ERROR !!!! Unable to start network"
184178
exit 1
@@ -197,7 +191,7 @@ function networkUp() {
197191
fi
198192

199193
# now run the end to end script
200-
docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE
194+
docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE $NO_CHAINCODE
201195
if [ $? -ne 0 ]; then
202196
echo "ERROR !!!! Test failed"
203197
exit 1
@@ -221,22 +215,19 @@ function upgradeNetwork() {
221215
mkdir -p $LEDGERS_BACKUP
222216

223217
export IMAGE_TAG=$IMAGETAG
218+
COMPOSE_FILES="-f ${COMPOSE_FILE}"
219+
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
220+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
221+
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
222+
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
223+
fi
224+
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
225+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
226+
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
227+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
228+
fi
224229
if [ "${IF_COUCHDB}" == "couchdb" ]; then
225-
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
226-
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH"
227-
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
228-
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH"
229-
else
230-
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH"
231-
fi
232-
else
233-
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
234-
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA"
235-
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
236-
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2"
237-
else
238-
COMPOSE_FILES="-f $COMPOSE_FILE"
239-
fi
230+
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
240231
fi
241232

242233
# removing the cli container
@@ -283,7 +274,7 @@ function upgradeNetwork() {
283274
function networkDown() {
284275
# stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3
285276
# stop kafka and zookeeper containers in case we're running with kafka consensus-type
286-
docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans
277+
docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_CA -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans
287278

288279
# Don't remove the generated artifacts -- note, the ledgers are always removed
289280
if [ "$MODE" != "restart" ]; then
@@ -508,6 +499,8 @@ COMPOSE_FILE_ORG3=docker-compose-org3.yaml
508499
COMPOSE_FILE_KAFKA=docker-compose-kafka.yaml
509500
# two additional etcd/raft orderers
510501
COMPOSE_FILE_RAFT2=docker-compose-etcdraft2.yaml
502+
# certificate authorities compose file
503+
COMPOSE_FILE_CA=docker-compose-ca.yaml
511504
#
512505
# use golang as the default language for chaincode
513506
LANGUAGE=golang
@@ -537,7 +530,7 @@ else
537530
exit 1
538531
fi
539532

540-
while getopts "h?c:t:d:f:s:l:i:o:v" opt; do
533+
while getopts "h?c:t:d:f:s:l:i:o:av" opt; do
541534
case "$opt" in
542535
h | \?)
543536
printHelp
@@ -567,6 +560,9 @@ while getopts "h?c:t:d:f:s:l:i:o:v" opt; do
567560
o)
568561
CONSENSUS_TYPE=$OPTARG
569562
;;
563+
a)
564+
CERTIFICATE_AUTHORITIES=true
565+
;;
570566
v)
571567
VERBOSE=true
572568
;;

first-network/connection-org1.json

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
"peers": [
1818
"peer0.org1.example.com",
1919
"peer1.org1.example.com"
20+
],
21+
"certificateAuthorities": [
22+
"ca.org1.example.com"
2023
]
2124
}
2225
},
@@ -39,5 +42,17 @@
3942
"ssl-target-name-override": "peer1.org1.example.com"
4043
}
4144
}
45+
},
46+
"certificateAuthorities": {
47+
"ca.org1.example.com": {
48+
"url": "https://localhost:7054",
49+
"caName": "ca-org1",
50+
"tlsCACerts": {
51+
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
52+
},
53+
"httpOptions": {
54+
"verify": false
55+
}
56+
}
4257
}
4358
}

first-network/connection-org1.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ organizations:
1313
peers:
1414
- peer0.org1.example.com
1515
- peer1.org1.example.com
16+
certificateAuthorities:
17+
- ca.org1.example.com
1618
peers:
1719
peer0.org1.example.com:
1820
url: grpcs://localhost:7051
@@ -26,3 +28,11 @@ peers:
2628
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
2729
grpcOptions:
2830
ssl-target-name-override: peer1.org1.example.com
31+
certificateAuthorities:
32+
ca.org1.example.com:
33+
url: https://localhost:7054
34+
caName: ca-org1
35+
tlsCACerts:
36+
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
37+
httpOptions:
38+
verify: false

first-network/connection-org2.json

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
"peers": [
1818
"peer0.org2.example.com",
1919
"peer1.org2.example.com"
20+
],
21+
"certificateAuthorities": [
22+
"ca.org2.example.com"
2023
]
2124
}
2225
},
@@ -39,5 +42,17 @@
3942
"ssl-target-name-override": "peer1.org2.example.com"
4043
}
4144
}
45+
},
46+
"certificateAuthorities": {
47+
"ca.org2.example.com": {
48+
"url": "https://localhost:8054",
49+
"caName": "ca-org2",
50+
"tlsCACerts": {
51+
"path": "crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
52+
},
53+
"httpOptions": {
54+
"verify": false
55+
}
56+
}
4257
}
4358
}

first-network/connection-org2.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ organizations:
1313
peers:
1414
- peer0.org2.example.com
1515
- peer1.org2.example.com
16+
certificateAuthorities:
17+
- ca.org2.example.com
1618
peers:
1719
peer0.org2.example.com:
1820
url: grpcs://localhost:9051
@@ -26,3 +28,11 @@ peers:
2628
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
2729
grpcOptions:
2830
ssl-target-name-override: peer1.org2.example.com
31+
certificateAuthorities:
32+
ca.org2.example.com:
33+
url: https://localhost:8054
34+
caName: ca-org2
35+
tlsCACerts:
36+
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
37+
httpOptions:
38+
verify: false

first-network/docker-compose-ca.yaml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
# Copyright IBM Corp. All Rights Reserved.
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
#
5+
6+
version: '2'
7+
8+
networks:
9+
byfn:
10+
11+
services:
12+
ca0:
13+
image: hyperledger/fabric-ca:$IMAGE_TAG
14+
environment:
15+
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
16+
- FABRIC_CA_SERVER_CA_NAME=ca-org1
17+
- FABRIC_CA_SERVER_TLS_ENABLED=true
18+
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
19+
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
20+
- FABRIC_CA_SERVER_PORT=7054
21+
ports:
22+
- "7054:7054"
23+
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
24+
volumes:
25+
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
26+
container_name: ca_peerOrg1
27+
networks:
28+
- byfn
29+
30+
ca1:
31+
image: hyperledger/fabric-ca:$IMAGE_TAG
32+
environment:
33+
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
34+
- FABRIC_CA_SERVER_CA_NAME=ca-org2
35+
- FABRIC_CA_SERVER_TLS_ENABLED=true
36+
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
37+
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY}
38+
- FABRIC_CA_SERVER_PORT=8054
39+
ports:
40+
- "8054:8054"
41+
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY} -b admin:adminpw -d'
42+
volumes:
43+
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
44+
container_name: ca_peerOrg2
45+
networks:
46+
- byfn

scripts/Jenkins_Scripts/byfn_eyfn.sh

Lines changed: 32 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -69,29 +69,37 @@ if [ $1 != 0 ]; then
6969
fi
7070
}
7171

72-
echo "############## BYFN,EYFN DEFAULT CHANNEL TEST ###################"
73-
echo "#################################################################"
74-
echo y | ./byfn.sh -m down
75-
echo y | ./byfn.sh -m up -t 60
76-
copy_logs $? default-channel
77-
echo y | ./eyfn.sh -m up -t 60
78-
copy_logs $? default-channel
79-
echo y | ./eyfn.sh -m down
80-
echo
72+
echo "############## BYFN,EYFN DEFAULT CHANNEL TEST ###################"
73+
echo "#################################################################"
74+
echo y | ./byfn.sh -m down
75+
echo y | ./byfn.sh -m up -t 60
76+
copy_logs $? default-channel
77+
echo y | ./eyfn.sh -m up -t 60
78+
copy_logs $? default-channel
79+
echo y | ./eyfn.sh -m down
80+
echo
81+
82+
echo "############### BYFN,EYFN CUSTOM CHANNEL WITH COUCHDB TEST ##############"
83+
echo "#########################################################################"
84+
echo y | ./byfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
85+
copy_logs $? custom-channel-couch couchdb
86+
echo y | ./eyfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
87+
copy_logs $? custom-channel-couch
88+
echo y | ./eyfn.sh -m down
89+
echo
8190

82-
echo "############### BYFN,EYFN CUSTOM CHANNEL WITH COUCHDB TEST ##############"
83-
echo "#########################################################################"
84-
echo y | ./byfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
85-
copy_logs $? custom-channel-couch couchdb
86-
echo y | ./eyfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
87-
copy_logs $? custom-channel-couch
88-
echo y | ./eyfn.sh -m down
89-
echo
91+
echo "############### BYFN,EYFN WITH NODE Chaincode. TEST ################"
92+
echo "####################################################################"
93+
echo y | ./byfn.sh -m up -l node -t 60
94+
copy_logs $? default-channel-node
95+
echo y | ./eyfn.sh -m up -l node -t 60
96+
copy_logs $? default-channel-node
97+
echo y | ./eyfn.sh -m down
98+
echo
9099

91-
echo "############### BYFN,EYFN WITH NODE Chaincode. TEST ################"
92-
echo "####################################################################"
93-
echo y | ./byfn.sh -m up -l node -t 60
94-
copy_logs $? default-channel-node
95-
echo y | ./eyfn.sh -m up -l node -t 60
96-
copy_logs $? default-channel-node
97-
echo y | ./eyfn.sh -m down
100+
echo "############### BYFN WITH CA TEST ################"
101+
echo "##################################################"
102+
echo y | ./byfn.sh -m up -a
103+
copy_logs $? default-channel-ca
104+
echo y | ./byfn.sh -m down -a
105+
echo

0 commit comments

Comments
 (0)