diff --git a/first-network/byfn.sh b/first-network/byfn.sh index 044390461d..41ed1b8a8e 100755 --- a/first-network/byfn.sh +++ b/first-network/byfn.sh @@ -41,7 +41,7 @@ function printHelp() { echo " - 'down' - clear the network with docker-compose down" echo " - 'restart' - restart the network" echo " - 'generate' - generate required certificates and genesis block" - echo " - 'upgrade' - upgrade the network from version 1.1.x to 1.2.x" + echo " - 'upgrade' - upgrade the network from version 1.2.x to 1.3.x" echo " -c - channel name to use (defaults to \"mychannel\")" echo " -t - CLI timeout duration in seconds (defaults to 10)" echo " -d - delay duration in seconds (defaults to 3)" @@ -172,62 +172,66 @@ function networkUp() { fi } -# Upgrade the network components which are at version 1.1.x to 1.2.x +# Upgrade the network components which are at version 1.2.x to 1.3.x # Stop the orderer and peers, backup the ledger for orderer and peers, cleanup chaincode containers and images # and relaunch the orderer and peers with latest tag function upgradeNetwork() { - docker inspect -f '{{.Config.Volumes}}' orderer.example.com | grep -q '/var/hyperledger/production/orderer' - if [ $? -ne 0 ]; then - echo "ERROR !!!! This network does not appear to be using volumes for its ledgers, did you start from fabric-samples >= v1.1.x?" - exit 1 - fi - - LEDGERS_BACKUP=./ledgers-backup - - # create ledger-backup directory - mkdir -p $LEDGERS_BACKUP - - export IMAGE_TAG=$IMAGETAG - if [ "${IF_COUCHDB}" == "couchdb" ]; then - COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH" - else - COMPOSE_FILES="-f $COMPOSE_FILE" - fi - - # removing the cli container - docker-compose $COMPOSE_FILES stop cli - docker-compose $COMPOSE_FILES up -d --no-deps cli - - echo "Upgrading orderer" - docker-compose $COMPOSE_FILES stop orderer.example.com - docker cp -a orderer.example.com:/var/hyperledger/production/orderer $LEDGERS_BACKUP/orderer.example.com - docker-compose $COMPOSE_FILES up -d --no-deps orderer.example.com + if [[ "$IMAGETAG" == *"1.3"* ]] || [[ $IMAGETAG == "latest" ]]; then + docker inspect -f '{{.Config.Volumes}}' orderer.example.com | grep -q '/var/hyperledger/production/orderer' + if [ $? -ne 0 ]; then + echo "ERROR !!!! This network does not appear to be using volumes for its ledgers, did you start from fabric-samples >= v1.2.x?" + exit 1 + fi - for PEER in peer0.org1.example.com peer1.org1.example.com peer0.org2.example.com peer1.org2.example.com; do - echo "Upgrading peer $PEER" + LEDGERS_BACKUP=./ledgers-backup - # Stop the peer and backup its ledger - docker-compose $COMPOSE_FILES stop $PEER - docker cp -a $PEER:/var/hyperledger/production $LEDGERS_BACKUP/$PEER/ + # create ledger-backup directory + mkdir -p $LEDGERS_BACKUP - # Remove any old containers and images for this peer - CC_CONTAINERS=$(docker ps | grep dev-$PEER | awk '{print $1}') - if [ -n "$CC_CONTAINERS" ]; then - docker rm -f $CC_CONTAINERS - fi - CC_IMAGES=$(docker images | grep dev-$PEER | awk '{print $1}') - if [ -n "$CC_IMAGES" ]; then - docker rmi -f $CC_IMAGES + export IMAGE_TAG=$IMAGETAG + if [ "${IF_COUCHDB}" == "couchdb" ]; then + COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH" + else + COMPOSE_FILES="-f $COMPOSE_FILE" fi - # Start the peer again - docker-compose $COMPOSE_FILES up -d --no-deps $PEER - done - - docker exec cli scripts/upgrade_to_v12.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE - if [ $? -ne 0 ]; then - echo "ERROR !!!! Test failed" - exit 1 + # removing the cli container + docker-compose $COMPOSE_FILES stop cli + docker-compose $COMPOSE_FILES up -d --no-deps cli + + echo "Upgrading orderer" + docker-compose $COMPOSE_FILES stop orderer.example.com + docker cp -a orderer.example.com:/var/hyperledger/production/orderer $LEDGERS_BACKUP/orderer.example.com + docker-compose $COMPOSE_FILES up -d --no-deps orderer.example.com + + for PEER in peer0.org1.example.com peer1.org1.example.com peer0.org2.example.com peer1.org2.example.com; do + echo "Upgrading peer $PEER" + + # Stop the peer and backup its ledger + docker-compose $COMPOSE_FILES stop $PEER + docker cp -a $PEER:/var/hyperledger/production $LEDGERS_BACKUP/$PEER/ + + # Remove any old containers and images for this peer + CC_CONTAINERS=$(docker ps | grep dev-$PEER | awk '{print $1}') + if [ -n "$CC_CONTAINERS" ]; then + docker rm -f $CC_CONTAINERS + fi + CC_IMAGES=$(docker images | grep dev-$PEER | awk '{print $1}') + if [ -n "$CC_IMAGES" ]; then + docker rmi -f $CC_IMAGES + fi + + # Start the peer again + docker-compose $COMPOSE_FILES up -d --no-deps $PEER + done + + docker exec cli scripts/upgrade_to_v13.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE + if [ $? -ne 0 ]; then + echo "ERROR !!!! Test failed" + exit 1 + fi + else + echo "ERROR !!!! Pass the v1.3.x image tag" fi } @@ -528,7 +532,7 @@ elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts elif [ "${MODE}" == "restart" ]; then ## Restart the network networkDown networkUp -elif [ "${MODE}" == "upgrade" ]; then ## Upgrade the network from version 1.1.x to 1.2.x +elif [ "${MODE}" == "upgrade" ]; then ## Upgrade the network from version 1.2.x to 1.3.x upgradeNetwork else printHelp diff --git a/first-network/configtx.yaml b/first-network/configtx.yaml index e55efb05a3..24826c074f 100644 --- a/first-network/configtx.yaml +++ b/first-network/configtx.yaml @@ -27,6 +27,20 @@ Organizations: # MSPDir is the filesystem path which contains the MSP configuration MSPDir: crypto-config/ordererOrganizations/example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + - &Org1 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment @@ -37,6 +51,21 @@ Organizations: MSPDir: crypto-config/peerOrganizations/org1.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + + # leave this flag set to true. AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only @@ -54,6 +83,20 @@ Organizations: MSPDir: crypto-config/peerOrganizations/org2.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only @@ -84,11 +127,11 @@ Capabilities: # Channel capabilities apply to both the orderers and the peers and must be # supported by both. Set the value of the capability to true to require it. Global: &ChannelCapabilities - # V1.1 for Global is a catchall flag for behavior which has been - # determined to be desired for all orderers and peers running v1.0.x, + # V1.3 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running < v1.3.0, # but the modification of which would cause incompatibilities. Users # should leave this flag set to true. - V1_1: true + V1_3: true # Orderer capabilities apply only to the orderers, and may be safely # manipulated without concern for upgrading peers. Set the value of the @@ -104,11 +147,9 @@ Capabilities: # manipulated without concern for upgrading orderers. Set the value of the # capability to true to require it. Application: &ApplicationCapabilities - # V1.2 for Application is a catchall flag for behavior which has been - # determined to be desired for all peers running v1.0.x, but the - # modification of which would cause incompatibilities. Users should - # leave this flag set to true. - V1_2: true + # V1.2 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.3 + V1_3: true ################################################################################ # @@ -124,6 +165,20 @@ Application: &ApplicationDefaults # the application side of the network Organizations: + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + ################################################################################ # # SECTION: Orderer @@ -169,6 +224,57 @@ Orderer: &OrdererDefaults # the orderer side of the network Organizations: + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" + +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities + ################################################################################ # # Profile @@ -180,8 +286,7 @@ Orderer: &OrdererDefaults Profiles: TwoOrgsOrdererGenesis: - Capabilities: - <<: *ChannelCapabilities + <<: *ChannelDefaults Orderer: <<: *OrdererDefaults Organizations: diff --git a/first-network/scripts/capabilities.json b/first-network/scripts/capabilities.json index 3acfab9908..5c3f3e0e08 100644 --- a/first-network/scripts/capabilities.json +++ b/first-network/scripts/capabilities.json @@ -2,8 +2,8 @@ "mod_policy": "Admins", "value": { "capabilities": { - "V1_2": {} + "V1_3": {} } }, "version": "0" -} \ No newline at end of file +} diff --git a/first-network/scripts/upgrade_to_v12.sh b/first-network/scripts/upgrade_to_v13.sh similarity index 68% rename from first-network/scripts/upgrade_to_v12.sh rename to first-network/scripts/upgrade_to_v13.sh index 79d4600afd..905cec1bb8 100755 --- a/first-network/scripts/upgrade_to_v12.sh +++ b/first-network/scripts/upgrade_to_v13.sh @@ -7,7 +7,7 @@ echo "\___ \ | | / _ \ | |_) | | | " echo " ___) | | | / ___ \ | _ < | | " echo "|____/ |_| /_/ \_\ |_| \_\ |_| " echo -echo "Upgrade your first network (BYFN) from v1.1.x to v1.2.x end-to-end test" +echo "Upgrade your first network (BYFN) from v1.2.x to v1.3.x end-to-end test" echo CHANNEL_NAME="$1" DELAY="$2" @@ -48,19 +48,35 @@ addCapabilityToChannel() { # Modify the correct section of the config based on capabilities group if [ $GROUP == "application" ]; then jq -s '.[0] * {"channel_group":{"groups":{"Application": {"values": {"Capabilities": .[1]}}}}}' config.json ./scripts/capabilities.json >modified_config.json + elif [ $GROUP == "channel" ]; then + jq -s '.[0] * {"channel_group":{"values": {"Capabilities": .[1]}}}' config.json ./scripts/capabilities.json > modified_config.json fi # Create a config updated for this channel based on the differences between config.json and modified_config.json # write the output to config_update_in_envelope.pb createConfigUpdate "$CH_NAME" config.json modified_config.json config_update_in_envelope.pb - # Sign, and set the correct identity for submission. - if [ $GROUP == "application" ]; then - # Modifying the application group requires a majority of application admins to sign. - # Sign with PeerOrg1.Admin - signConfigtxAsPeerOrg 1 config_update_in_envelope.pb - # Prepare to sign the update as the PeerOrg2.Admin - setGlobals 0 2 + if [ $CH_NAME != "testchainid" ] ; then + # Sign, and set the correct identity for submission. + if [ $GROUP == "application" ]; then + # Modifying the application group requires a majority of application admins to sign. + # Sign with PeerOrg1.Admin + signConfigtxAsPeerOrg 1 config_update_in_envelope.pb + # Prepare to sign the update as the PeerOrg2.Admin + setGlobals 0 2 + elif [ $GROUP == "channel" ]; then + # Modifying the channel group requires a majority of application admins and the orderer admin to sign. + # Sign with PeerOrg1.Admin + signConfigtxAsPeerOrg 1 config_update_in_envelope.pb + # Sign with PeerOrg2.Admin + signConfigtxAsPeerOrg 2 config_update_in_envelope.pb + # Prepare to sign the update as the OrdererOrg.Admin + setOrdererGlobals + fi + else + # For the orderer system channel, only the orderer admin needs sign + # which will be attached during the update + setOrdererGlobals fi if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then @@ -78,12 +94,17 @@ addCapabilityToChannel() { echo "===================== Config update for \"$GROUP\" on \"$CH_NAME\" is completed ===================== " } +sleep $DELAY + +#Config update for /Channel for testchainid +echo "Config update for /Channel on \"testchainid\"" +addCapabilityToChannel testchainid channel sleep $DELAY -#Config update for /Channel/Application -echo "Config update for /Channel/Application on \"$CHANNEL_NAME\"" -addCapabilityToChannel "$CHANNEL_NAME" application +#Config update for /Channel +echo "Config update for /Channel on \"$CHANNEL_NAME\"" +addCapabilityToChannel "$CHANNEL_NAME" channel sleep $DELAY @@ -91,9 +112,17 @@ sleep $DELAY echo "Querying chaincode on org1/peer0..." chaincodeQuery 0 1 90 +sleep $DELAY + +#Config update for /Channel/Application +echo "Config update for /Channel/Application on \"$CHANNEL_NAME\"" +addCapabilityToChannel "$CHANNEL_NAME" application + +sleep $DELAY + #Invoke on chaincode on Peer0/Org1 echo "Sending invoke transaction on org1/peer0..." -chaincodeInvoke 0 1 +chaincodeInvoke 0 1 0 2 sleep $DELAY @@ -103,7 +132,7 @@ chaincodeQuery 0 1 80 ##Invoke on chaincode on Peer0/Org2 echo "Sending invoke transaction on org2/peer0..." -chaincodeInvoke 0 2 +chaincodeInvoke 0 2 0 1 sleep $DELAY