diff --git a/test-network/README.md b/test-network/README.md index a68c5a47a5..0807bf4024 100644 --- a/test-network/README.md +++ b/test-network/README.md @@ -1,50 +1,5 @@ ## Running the test network -Use the `./network.sh` script to stand up a simple Fabric test network. The -network has two peer peer organizations with one peer each and a single node -raft ordering service. You can also use the script to create channels, and deploy -the fabcar chaincode on those channels. The test network is being introduced in -Fabric v2.0 as the long term replacement for the `first-network` sample. +You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy the fabcar chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample. -Before you can deploy the test network, you need follow the instructions to -[Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. You may experience problems if you run the -sample using a local build. - -For more information, see `./network.sh -help` -``` -Usage: - network.sh [Flags] - - - 'up' - bring up fabric orderer and peer nodes. No channel is created - - 'up createChannel' - bring up fabric network with one channel - - 'createChannel' - create and join a channel after the network is created - - 'deployCC' - deploy the fabcar chaincode on the channel - - 'down' - clear the network with docker-compose down - - 'restart' - restart the network - - Flags: - -ca - create Certificate Authorities to generate the crypto material - -c - channel name to use (defaults to "mychannel") - -s - the database backend to use: goleveldb (default) or couchdb - -r - CLI times out after certain number of attempts (defaults to 5) - -d - delay duration in seconds (defaults to 3) - -l - the programming language of the chaincode to deploy: go (default), javascript, or java - -v - chaincode version. Must be a round number, 1, 2, 3, etc - -i - the tag to be used to launch the network (defaults to "latest") - -verbose - verbose mode - network.sh -h (print this message) - - Possible Mode and flags - network.sh up -ca -c -r -d -s -i -verbose - network.sh up createChannel -ca -c -r -d -s -i -verbose - network.sh createChannel -c -r -d -verbose - network.sh deployCC -l -v -r -d -verbose - - Taking all defaults: - network.sh up - - Examples: - network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0 - network.sh createChannel -c channelName - network.sh deployCC -l node -``` +Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. diff --git a/test-network/addOrg3/README.md b/test-network/addOrg3/README.md new file mode 100644 index 0000000000..82b1e8acc3 --- /dev/null +++ b/test-network/addOrg3/README.md @@ -0,0 +1,28 @@ +## Adding Org3 to the test network + +You can use the `addOrg3.sh` script to add another organization to the Fabric test network. The `addOrg3.sh` script generates the Org3 crypto material, creates an Org3 organization definition, and adds Org3 to a channel on the test network. + +You first need to run `./network.sh up createChannel` in the `test-network` directory before you can run the `addOrg3.sh` script. + +``` +./network.sh up createChannel +cd addOrg3 +./addOrg3.sh up +``` + +If you used `network.sh` to create a channel other than the default `mychannel`, you need pass that name to the `addorg3.sh` script. +``` +./network.sh up createChannel -c channel1 +cd addOrg3 +./addOrg3.sh up -c channel1 +``` + +You can also re-run the `addOrg3.sh` script to add Org3 to additional channels. +``` +cd .. +./network.sh createChannel -c channel2 +cd addOrg3 +./addOrg3.sh up -c channel2 +``` + +For more information, use `./addOrg3.sh -h` to see the `addOrg3.sh` help text. diff --git a/test-network/addOrg3/addOrg3.sh b/test-network/addOrg3/addOrg3.sh index 06014949e8..e43cbf340a 100755 --- a/test-network/addOrg3/addOrg3.sh +++ b/test-network/addOrg3/addOrg3.sh @@ -21,24 +21,24 @@ function printHelp () { echo " addOrg3.sh up|down|generate [-c ] [-t ] [-d ] [-f ] [-s ]" echo " addOrg3.sh -h|--help (print this message)" echo " - one of 'up', 'down', or 'generate'" - echo " - 'up' - add org3 to the sample network. You need to create a channel first." - echo " - 'down' - clear the network with docker-compose down" + echo " - 'up' - add org3 to the sample network. You need to bring up the test network and create a channel first." + echo " - 'down' - bring down the test network and org3 nodes" echo " - 'generate' - generate required certificates and org definition" - echo " -c - channel name to use (defaults to \"mychannel\")" + echo " -c - test network channel name (defaults to \"mychannel\")" + echo " -ca - Use a CA to generate the crypto material" echo " -t - CLI timeout duration in seconds (defaults to 10)" echo " -d - delay duration in seconds (defaults to 3)" - echo " -f - specify which docker-compose file use (defaults to docker-compose-cli.yaml)" echo " -s - the database backend to use: goleveldb (default) or couchdb" echo " -i - the tag to be used to launch the network (defaults to \"latest\")" - echo " -v - verbose mode" + echo " -verbose - verbose mode" echo echo "Typically, one would first generate the required certificates and " echo "genesis block, then bring up the network. e.g.:" echo echo " addOrg3.sh generate" + echo " addOrg3.sh up" echo " addOrg3.sh up -c mychannel -s couchdb" - echo " addOrg3.sh up -l node" - echo " addOrg3.sh down -c mychannel" + echo " addOrg3.sh down" echo echo "Taking all defaults:" echo " addOrg3.sh up" @@ -49,27 +49,76 @@ function printHelp () { # (x509 certs) for the new org. After we run the tool, the certs will # be put in the organizations folder with org1 and org2 -# Generates Org3 certs using cryptogen tool -function generateOrg3 (){ - which cryptogen - if [ "$?" -ne 0 ]; then - echo "cryptogen tool not found. exiting" - exit 1 +# Create Organziation crypto material using cryptogen or CAs +function generateOrg3() { + + # Create crypto material using cryptogen + if [ "$CRYPTO" == "cryptogen" ]; then + which cryptogen + if [ "$?" -ne 0 ]; then + echo "cryptogen tool not found. exiting" + exit 1 + fi + echo + echo "##########################################################" + echo "##### Generate certificates using cryptogen tool #########" + echo "##########################################################" + echo + + echo "##########################################################" + echo "############ Create Org1 Identities ######################" + echo "##########################################################" + + set -x + cryptogen generate --config=org3-crypto.yaml --output="../organizations" + res=$? + set +x + if [ $res -ne 0 ]; then + echo "Failed to generate certificates..." + exit 1 + fi + + fi + + # Create crypto material using Fabric CAs + if [ "$CRYPTO" == "Certificate Authorities" ]; then + + fabric-ca-client version > /dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "Fabric CA client not found locally, downloading..." + cd ../.. + curl -s -L "https://github.com/hyperledger/fabric-ca/releases/download/v1.4.4/hyperledger-fabric-ca-${OS_ARCH}-1.4.4.tar.gz" | tar xz || rc=$? + if [ -n "$rc" ]; then + echo "==> There was an error downloading the binary file." + echo "fabric-ca-client binary is not available to download" + else + echo "==> Done." + cd test-network/addOrg3/ + fi + fi + + echo + echo "##########################################################" + echo "##### Generate certificates using Fabric CA's ############" + echo "##########################################################" + + IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_CA_ORG3 up -d 2>&1 + + . fabric-ca/registerEnroll.sh + + sleep 10 + + echo "##########################################################" + echo "############ Create Org1 Identities ######################" + echo "##########################################################" + + createOrg3 + fi - echo - echo "###############################################################" - echo "##### Generate Org3 certificates using cryptogen tool #########" - echo "###############################################################" - set -x - cryptogen generate --config=org3-crypto.yaml --output="../organizations" - res=$? - set +x - if [ $res -ne 0 ]; then - echo "Failed to generate certificates..." - exit 1 - fi echo + echo "Generate CCP files for Org3" + ./ccp-generate.sh } # Generate channel configuration transaction @@ -80,7 +129,7 @@ function generateOrg3Definition() { exit 1 fi echo "##########################################################" - echo "######### Generating Org3 config material ###############" + echo "####### Generating Org3 organization definition #########" echo "##########################################################" export FABRIC_CFG_PATH=$PWD set -x @@ -94,24 +143,40 @@ function generateOrg3Definition() { echo } - +function Org3Up () { + # start org3 nodes + if [ "${DATABASE}" == "couchdb" ]; then + IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1 + else + IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1 + fi + if [ $? -ne 0 ]; then + echo "ERROR !!!! Unable to start Org3 network" + exit 1 + fi +} # Generate the needed certificates, the genesis block and start the network. -function networkUp () { +function addOrg3 () { + + # If the test network is not up, abort + if [ ! -d ../organizations/ordererOrganizations ]; then + echo + echo "ERROR: Please, run ./network.sh up createChannel first." + echo + exit 1 + fi + # generate artifacts if they don't exist if [ ! -d "../organizations/peerOrganizations/org3.example.com" ]; then generateOrg3 generateOrg3Definition fi - # start org3 peers - if [ "${DATABASE}" == "couchdb" ]; then - IMAGE_TAG=${IMAGETAG} docker-compose -f $COMPOSE_FILE_ORG3 -f $COMPOSE_FILE_COUCH_ORG3 up -d 2>&1 - else - IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1 - fi - if [ $? -ne 0 ]; then - echo "ERROR !!!! Unable to start Org3 network" - exit 1 + + CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-tools/) {print $1}') + if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then + echo "Bringing up network" + Org3Up fi # Use the CLI container to create the configuration transaction needed to add @@ -143,23 +208,18 @@ function networkDown () { cd .. ./network.sh down - } -# If the test network is not up, abort -if [ ! -d ../organizations/peerOrganizations ]; then - echo - echo "ERROR: Please, run network.sh first." - echo - exit 1 -fi - # Obtain the OS and Architecture string that will be used to select the correct # native binaries for your platform OS_ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}') # timeout duration - the duration the CLI should wait for a response from # another container before giving up + +# Using crpto vs CA. default is cryptogen +CRYPTO="cryptogen" + CLI_TIMEOUT=10 #default for delay CLI_DELAY=3 @@ -169,6 +229,8 @@ CHANNEL_NAME="mychannel" COMPOSE_FILE_COUCH_ORG3=docker/docker-compose-couch-org3.yaml # use this as the default docker-compose yaml definition COMPOSE_FILE_ORG3=docker/docker-compose-org3.yaml +# certificate authorities compose file +COMPOSE_FILE_CA_ORG3=docker/docker-compose-ca-org3.yaml # default image tag IMAGETAG="latest" # database @@ -176,32 +238,63 @@ DATABASE="leveldb" # Parse commandline args -MODE=$1; -shift +## Parse mode +if [[ $# -lt 1 ]] ; then + printHelp + exit 0 +else + MODE=$1 + shift +fi + +# parse flags -while getopts "h?c:t:d:f:s:l:i:v" opt; do - case "$opt" in - h|\?) - printHelp - exit 0 +while [[ $# -ge 1 ]] ; do + key="$1" + case $key in + -h ) + printHelp + exit 0 ;; - c) CHANNEL_NAME=$OPTARG + -c ) + CHANNEL_NAME="$2" + shift ;; - t) CLI_TIMEOUT=$OPTARG + -ca ) + CRYPTO="Certificate Authorities" ;; - d) CLI_DELAY=$OPTARG + -t ) + CLI_TIMEOUT="$2" + shift ;; - f) COMPOSE_FILE=$OPTARG + -d ) + CLI_DELAY="$2" + shift ;; - s) DATABASE=$OPTARG + -s ) + DATABASE="$2" + shift ;; - i) IMAGETAG=$OPTARG + -i ) + IMAGETAG=$(go env GOARCH)"-""$2" + shift ;; - v) VERBOSE=true + -verbose ) + VERBOSE=true + shift + ;; + * ) + echo + echo "Unknown flag: $key" + echo + printHelp + exit 1 ;; esac + shift done + # Determine whether starting, stopping, restarting or generating for announce if [ "$MODE" == "up" ]; then echo "Add Org3 to channel '${CHANNEL_NAME}' with '${CLI_TIMEOUT}' seconds and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE}'" @@ -217,7 +310,7 @@ fi #Create the network using docker compose if [ "${MODE}" == "up" ]; then - networkUp + addOrg3 elif [ "${MODE}" == "down" ]; then ## Clear the network networkDown elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts diff --git a/test-network/addOrg3/ccp-generate.sh b/test-network/addOrg3/ccp-generate.sh new file mode 100755 index 0000000000..a3f254f35f --- /dev/null +++ b/test-network/addOrg3/ccp-generate.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +function one_line_pem { + echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`" +} + +function json_ccp { + local PP=$(one_line_pem $4) + local CP=$(one_line_pem $5) + sed -e "s/\${ORG}/$1/" \ + -e "s/\${P0PORT}/$2/" \ + -e "s/\${CAPORT}/$3/" \ + -e "s#\${PEERPEM}#$PP#" \ + -e "s#\${CAPEM}#$CP#" \ + ccp-template.json +} + +function yaml_ccp { + local PP=$(one_line_pem $4) + local CP=$(one_line_pem $5) + sed -e "s/\${ORG}/$1/" \ + -e "s/\${P0PORT}/$2/" \ + -e "s/\${CAPORT}/$3/" \ + -e "s#\${PEERPEM}#$PP#" \ + -e "s#\${CAPEM}#$CP#" \ + ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g' +} + +ORG=3 +P0PORT=11051 +CAPORT=11054 +PEERPEM=../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem +CAPEM=../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem + +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org3.example.com/connection-org3.yaml diff --git a/test-network/addOrg3/ccp-template.json b/test-network/addOrg3/ccp-template.json new file mode 100644 index 0000000000..b4fb3dfb45 --- /dev/null +++ b/test-network/addOrg3/ccp-template.json @@ -0,0 +1,49 @@ +{ + "name": "first-network-org${ORG}", + "version": "1.0.0", + "client": { + "organization": "Org${ORG}", + "connection": { + "timeout": { + "peer": { + "endorser": "300" + } + } + } + }, + "organizations": { + "Org${ORG}": { + "mspid": "Org${ORG}MSP", + "peers": [ + "peer0.org${ORG}.example.com" + ], + "certificateAuthorities": [ + "ca.org${ORG}.example.com" + ] + } + }, + "peers": { + "peer0.org${ORG}.example.com": { + "url": "grpcs://localhost:${P0PORT}", + "tlsCACerts": { + "pem": "${PEERPEM}" + }, + "grpcOptions": { + "ssl-target-name-override": "peer0.org${ORG}.example.com", + "hostnameOverride": "peer0.org${ORG}.example.com" + } + } + }, + "certificateAuthorities": { + "ca.org${ORG}.example.com": { + "url": "https://localhost:${CAPORT}", + "caName": "ca-org${ORG}", + "tlsCACerts": { + "pem": "${CAPEM}" + }, + "httpOptions": { + "verify": false + } + } + } +} diff --git a/test-network/addOrg3/ccp-template.yaml b/test-network/addOrg3/ccp-template.yaml new file mode 100644 index 0000000000..dec3f05930 --- /dev/null +++ b/test-network/addOrg3/ccp-template.yaml @@ -0,0 +1,34 @@ +--- +name: first-network-org${ORG} +version: 1.0.0 +client: + organization: Org${ORG} + connection: + timeout: + peer: + endorser: '300' +organizations: + Org${ORG}: + mspid: Org${ORG}MSP + peers: + - peer0.org${ORG}.example.com + certificateAuthorities: + - ca.org${ORG}.example.com +peers: + peer0.org${ORG}.example.com: + url: grpcs://localhost:${P0PORT} + tlsCACerts: + pem: | + ${PEERPEM} + grpcOptions: + ssl-target-name-override: peer0.org${ORG}.example.com + hostnameOverride: peer0.org${ORG}.example.com +certificateAuthorities: + ca.org${ORG}.example.com: + url: https://localhost:${CAPORT} + caName: ca-org${ORG} + tlsCACerts: + pem: | + ${CAPEM} + httpOptions: + verify: false diff --git a/test-network/addOrg3/docker/docker-compose-ca-org3.yaml b/test-network/addOrg3/docker/docker-compose-ca-org3.yaml new file mode 100644 index 0000000000..46822e8402 --- /dev/null +++ b/test-network/addOrg3/docker/docker-compose-ca-org3.yaml @@ -0,0 +1,22 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +services: + + ca_org3: + image: hyperledger/fabric-ca:$IMAGE_TAG + environment: + - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server + - FABRIC_CA_SERVER_CA_NAME=ca-org3 + - FABRIC_CA_SERVER_TLS_ENABLED=true + - FABRIC_CA_SERVER_PORT=11054 + ports: + - "11054:11054" + command: sh -c 'fabric-ca-server start -b admin:adminpw -d' + volumes: + - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server + container_name: ca_org3 diff --git a/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml b/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml new file mode 100644 index 0000000000..6701693501 --- /dev/null +++ b/test-network/addOrg3/fabric-ca/org3/fabric-ca-server-config.yaml @@ -0,0 +1,406 @@ +############################################################################# +# This is a configuration file for the fabric-ca-server command. +# +# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES +# ------------------------------------------------ +# Each configuration element can be overridden via command line +# arguments or environment variables. The precedence for determining +# the value of each element is as follows: +# 1) command line argument +# Examples: +# a) --port 443 +# To set the listening port +# b) --ca.keyfile ../mykey.pem +# To set the "keyfile" element in the "ca" section below; +# note the '.' separator character. +# 2) environment variable +# Examples: +# a) FABRIC_CA_SERVER_PORT=443 +# To set the listening port +# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" +# To set the "keyfile" element in the "ca" section below; +# note the '_' separator character. +# 3) configuration file +# 4) default value (if there is one) +# All default values are shown beside each element below. +# +# FILE NAME ELEMENTS +# ------------------ +# The value of all fields whose name ends with "file" or "files" are +# name or names of other files. +# For example, see "tls.certfile" and "tls.clientauth.certfiles". +# The value of each of these fields can be a simple filename, a +# relative path, or an absolute path. If the value is not an +# absolute path, it is interpretted as being relative to the location +# of this configuration file. +# +############################################################################# + +# Version of config file +version: 1.2.0 + +# Server's listening port (default: 7054) +port: 11054 + +# Enables debug logging (default: false) +debug: false + +# Size limit of an acceptable CRL in bytes (default: 512000) +crlsizelimit: 512000 + +############################################################################# +# TLS section for the server's listening port +# +# The following types are supported for client authentication: NoClientCert, +# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, +# and RequireAndVerifyClientCert. +# +# Certfiles is a list of root certificate authorities that the server uses +# when verifying client certificates. +############################################################################# +tls: + # Enable TLS (default: false) + enabled: true + # TLS for the server's listening port + certfile: + keyfile: + clientauth: + type: noclientcert + certfiles: + +############################################################################# +# The CA section contains information related to the Certificate Authority +# including the name of the CA, which should be unique for all members +# of a blockchain network. It also includes the key and certificate files +# used when issuing enrollment certificates (ECerts) and transaction +# certificates (TCerts). +# The chainfile (if it exists) contains the certificate chain which +# should be trusted for this CA, where the 1st in the chain is always the +# root CA certificate. +############################################################################# +ca: + # Name of this CA + name: Org3CA + # Key file (is only used to import a private key into BCCSP) + keyfile: + # Certificate file (default: ca-cert.pem) + certfile: + # Chain file + chainfile: + +############################################################################# +# The gencrl REST endpoint is used to generate a CRL that contains revoked +# certificates. This section contains configuration options that are used +# during gencrl request processing. +############################################################################# +crl: + # Specifies expiration for the generated CRL. The number of hours + # specified by this property is added to the UTC time, the resulting time + # is used to set the 'Next Update' date of the CRL. + expiry: 24h + +############################################################################# +# The registry section controls how the fabric-ca-server does two things: +# 1) authenticates enrollment requests which contain a username and password +# (also known as an enrollment ID and secret). +# 2) once authenticated, retrieves the identity's attribute names and +# values which the fabric-ca-server optionally puts into TCerts +# which it issues for transacting on the Hyperledger Fabric blockchain. +# These attributes are useful for making access control decisions in +# chaincode. +# There are two main configuration options: +# 1) The fabric-ca-server is the registry. +# This is true if "ldap.enabled" in the ldap section below is false. +# 2) An LDAP server is the registry, in which case the fabric-ca-server +# calls the LDAP server to perform these tasks. +# This is true if "ldap.enabled" in the ldap section below is true, +# which means this "registry" section is ignored. +############################################################################# +registry: + # Maximum number of times a password/secret can be reused for enrollment + # (default: -1, which means there is no limit) + maxenrollments: -1 + + # Contains identity information which is used when LDAP is disabled + identities: + - name: admin + pass: adminpw + type: client + affiliation: "" + attrs: + hf.Registrar.Roles: "*" + hf.Registrar.DelegateRoles: "*" + hf.Revoker: true + hf.IntermediateCA: true + hf.GenCRL: true + hf.Registrar.Attributes: "*" + hf.AffiliationMgr: true + +############################################################################# +# Database section +# Supported types are: "sqlite3", "postgres", and "mysql". +# The datasource value depends on the type. +# If the type is "sqlite3", the datasource value is a file name to use +# as the database store. Since "sqlite3" is an embedded database, it +# may not be used if you want to run the fabric-ca-server in a cluster. +# To run the fabric-ca-server in a cluster, you must choose "postgres" +# or "mysql". +############################################################################# +db: + type: sqlite3 + datasource: fabric-ca-server.db + tls: + enabled: false + certfiles: + client: + certfile: + keyfile: + +############################################################################# +# LDAP section +# If LDAP is enabled, the fabric-ca-server calls LDAP to: +# 1) authenticate enrollment ID and secret (i.e. username and password) +# for enrollment requests; +# 2) To retrieve identity attributes +############################################################################# +ldap: + # Enables or disables the LDAP client (default: false) + # If this is set to true, the "registry" section is ignored. + enabled: false + # The URL of the LDAP server + url: ldap://:@:/ + # TLS configuration for the client connection to the LDAP server + tls: + certfiles: + client: + certfile: + keyfile: + # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes + attribute: + # 'names' is an array of strings containing the LDAP attribute names which are + # requested from the LDAP server for an LDAP identity's entry + names: ['uid','member'] + # The 'converters' section is used to convert an LDAP entry to the value of + # a fabric CA attribute. + # For example, the following converts an LDAP 'uid' attribute + # whose value begins with 'revoker' to a fabric CA attribute + # named "hf.Revoker" with a value of "true" (because the boolean expression + # evaluates to true). + # converters: + # - name: hf.Revoker + # value: attr("uid") =~ "revoker*" + converters: + - name: + value: + # The 'maps' section contains named maps which may be referenced by the 'map' + # function in the 'converters' section to map LDAP responses to arbitrary values. + # For example, assume a user has an LDAP attribute named 'member' which has multiple + # values which are each a distinguished name (i.e. a DN). For simplicity, assume the + # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. + # Further assume the following configuration. + # converters: + # - name: hf.Registrar.Roles + # value: map(attr("member"),"groups") + # maps: + # groups: + # - name: dn1 + # value: peer + # - name: dn2 + # value: client + # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be + # "peer,client,dn3". This is because the value of 'attr("member")' is + # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of + # "group" replaces "dn1" with "peer" and "dn2" with "client". + maps: + groups: + - name: + value: + +############################################################################# +# Affiliations section. Fabric CA server can be bootstrapped with the +# affiliations specified in this section. Affiliations are specified as maps. +# For example: +# businessunit1: +# department1: +# - team1 +# businessunit2: +# - department2 +# - department3 +# +# Affiliations are hierarchical in nature. In the above example, +# department1 (used as businessunit1.department1) is the child of businessunit1. +# team1 (used as businessunit1.department1.team1) is the child of department1. +# department2 (used as businessunit2.department2) and department3 (businessunit2.department3) +# are children of businessunit2. +# Note: Affiliations are case sensitive except for the non-leaf affiliations +# (like businessunit1, department1, businessunit2) that are specified in the configuration file, +# which are always stored in lower case. +############################################################################# +affiliations: + org1: + - department1 + - department2 + org2: + - department1 + +############################################################################# +# Signing section +# +# The "default" subsection is used to sign enrollment certificates; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +# +# The "ca" profile subsection is used to sign intermediate CA certificates; +# the default expiration ("expiry" field) is "43800h" which is 5 years in hours. +# Note that "isca" is true, meaning that it issues a CA certificate. +# A maxpathlen of 0 means that the intermediate CA cannot issue other +# intermediate CA certificates, though it can still issue end entity certificates. +# (See RFC 5280, section 4.2.1.9) +# +# The "tls" profile subsection is used to sign TLS certificate requests; +# the default expiration ("expiry" field) is "8760h", which is 1 year in hours. +############################################################################# +signing: + default: + usage: + - digital signature + expiry: 8760h + profiles: + ca: + usage: + - cert sign + - crl sign + expiry: 43800h + caconstraint: + isca: true + maxpathlen: 0 + tls: + usage: + - signing + - key encipherment + - server auth + - client auth + - key agreement + expiry: 8760h + +########################################################################### +# Certificate Signing Request (CSR) section. +# This controls the creation of the root CA certificate. +# The expiration for the root CA certificate is configured with the +# "ca.expiry" field below, whose default value is "131400h" which is +# 15 years in hours. +# The pathlength field is used to limit CA certificate hierarchy as described +# in section 4.2.1.9 of RFC 5280. +# Examples: +# 1) No pathlength value means no limit is requested. +# 2) pathlength == 1 means a limit of 1 is requested which is the default for +# a root CA. This means the root CA can issue intermediate CA certificates, +# but these intermediate CAs may not in turn issue other CA certificates +# though they can still issue end entity certificates. +# 3) pathlength == 0 means a limit of 0 is requested; +# this is the default for an intermediate CA, which means it can not issue +# CA certificates though it can still issue end entity certificates. +########################################################################### +csr: + cn: ca.org3.example.com + names: + - C: US + ST: "North Carolina" + L: "Raleigh" + O: org3.example.com + OU: + hosts: + - localhost + - org3.example.com + ca: + expiry: 131400h + pathlength: 1 + +############################################################################# +# BCCSP (BlockChain Crypto Service Provider) section is used to select which +# crypto library implementation to use +############################################################################# +bccsp: + default: SW + sw: + hash: SHA2 + security: 256 + filekeystore: + # The directory used for the software file-based keystore + keystore: msp/keystore + +############################################################################# +# Multi CA section +# +# Each Fabric CA server contains one CA by default. This section is used +# to configure multiple CAs in a single server. +# +# 1) --cacount +# Automatically generate non-default CAs. The names of these +# additional CAs are "ca1", "ca2", ... "caN", where "N" is +# This is particularly useful in a development environment to quickly set up +# multiple CAs. Note that, this config option is not applicable to intermediate CA server +# i.e., Fabric CA server that is started with intermediate.parentserver.url config +# option (-u command line option) +# +# 2) --cafiles +# For each CA config file in the list, generate a separate signing CA. Each CA +# config file in this list MAY contain all of the same elements as are found in +# the server config file except port, debug, and tls sections. +# +# Examples: +# fabric-ca-server start -b admin:adminpw --cacount 2 +# +# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml +# --cafiles ca/ca2/fabric-ca-server-config.yaml +# +############################################################################# + +cacount: + +cafiles: + +############################################################################# +# Intermediate CA section +# +# The relationship between servers and CAs is as follows: +# 1) A single server process may contain or function as one or more CAs. +# This is configured by the "Multi CA section" above. +# 2) Each CA is either a root CA or an intermediate CA. +# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. +# +# This section pertains to configuration of #2 and #3. +# If the "intermediate.parentserver.url" property is set, +# then this is an intermediate CA with the specified parent +# CA. +# +# parentserver section +# url - The URL of the parent server +# caname - Name of the CA to enroll within the server +# +# enrollment section used to enroll intermediate CA with parent CA +# profile - Name of the signing profile to use in issuing the certificate +# label - Label to use in HSM operations +# +# tls section for secure socket connection +# certfiles - PEM-encoded list of trusted root certificate files +# client: +# certfile - PEM-encoded certificate file for when client authentication +# is enabled on server +# keyfile - PEM-encoded key file for when client authentication +# is enabled on server +############################################################################# +intermediate: + parentserver: + url: + caname: + + enrollment: + hosts: + profile: + label: + + tls: + certfiles: + client: + certfile: + keyfile: diff --git a/test-network/addOrg3/fabric-ca/registerEnroll.sh b/test-network/addOrg3/fabric-ca/registerEnroll.sh new file mode 100644 index 0000000000..f20fcf5053 --- /dev/null +++ b/test-network/addOrg3/fabric-ca/registerEnroll.sh @@ -0,0 +1,108 @@ + + +function createOrg3 { + + echo + echo "Enroll the CA admin" + echo + mkdir -p ../organizations/peerOrganizations/org3.example.com/ + + export FABRIC_CA_CLIENT_HOME=${PWD}/../organizations/peerOrganizations/org3.example.com/ +# rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml +# rm -rf $FABRIC_CA_CLIENT_HOME/msp + + set -x + fabric-ca-client enroll -u https://admin:adminpw@localhost:11054 --caname ca-org3 --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + echo 'NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/localhost-11054-ca-org3.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/localhost-11054-ca-org3.pem + OrganizationalUnitIdentifier: peer + AdminOUIdentifier: + Certificate: cacerts/localhost-11054-ca-org3.pem + OrganizationalUnitIdentifier: admin + OrdererOUIdentifier: + Certificate: cacerts/localhost-11054-ca-org3.pem + OrganizationalUnitIdentifier: orderer' > ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml + + echo + echo "Register peer0" + echo + set -x + fabric-ca-client register --caname ca-org3 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + echo + echo "Register user" + echo + set -x + fabric-ca-client register --caname ca-org3 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + echo + echo "Register the org admin" + echo + set -x + fabric-ca-client register --caname ca-org3 --id.name org3admin --id.secret org3adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + mkdir -p ../organizations/peerOrganizations/org3.example.com/peers + mkdir -p ../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com + + echo + echo "## Generate the peer0 msp" + echo + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --csr.hosts peer0.org3.example.com --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml + + echo + echo "## Generate the peer0-tls certificates" + echo + set -x + fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/signcerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/keystore/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key + + mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts/ca.crt + + mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem + + mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/ca + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/cacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem + + mkdir -p ../organizations/peerOrganizations/org3.example.com/users + mkdir -p ../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com + + echo + echo "## Generate the user msp" + echo + set -x + fabric-ca-client enroll -u https://user1:user1pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + mkdir -p ../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com + + echo + echo "## Generate the org admin msp" + echo + set -x + fabric-ca-client enroll -u https://org3admin:org3adminpw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem + set +x + + cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml + +} diff --git a/test-network/docker/docker-compose-ca.yaml b/test-network/docker/docker-compose-ca.yaml index 967ec02a31..55457b853f 100644 --- a/test-network/docker/docker-compose-ca.yaml +++ b/test-network/docker/docker-compose-ca.yaml @@ -7,7 +7,7 @@ version: '2' services: - ca0: + ca_org1: image: hyperledger/fabric-ca:$IMAGE_TAG environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server @@ -21,7 +21,7 @@ services: - ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server container_name: ca_org1 - ca1: + ca_org2: image: hyperledger/fabric-ca:$IMAGE_TAG environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server @@ -35,7 +35,7 @@ services: - ../organizations/fabric-ca/org2:/etc/hyperledger/fabric-ca-server container_name: ca_org2 - ca2: + ca_orderer: image: hyperledger/fabric-ca:$IMAGE_TAG environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server diff --git a/test-network/network.sh b/test-network/network.sh index 277f38b698..8534e88547 100755 --- a/test-network/network.sh +++ b/test-network/network.sh @@ -50,9 +50,9 @@ function printHelp() { echo " network.sh up" echo echo " Examples:" - echo " network.sh up createChannel -ca -c mychannel -s couchdb -i 1.4.0" + echo " network.sh up createChannel -ca -c mychannel -s couchdb -i 2.0.0-beta" echo " network.sh createChannel -c channelName" - echo " network.sh deployCC -l node" + echo " network.sh deployCC -l javascript" } # Obtain CONTAINER_IDS and remove them @@ -350,8 +350,7 @@ function createChannel() { ## Bring up the network if it is not arleady up. - CONTAINER_IDS=$(docker ps -a | awk '($2 ~ /fabric-peer/) {print $1}') - if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" == " " ]; then + if [ ! -d "organizations/peerOrganizations" ]; then echo "Bringing up network" networkUp fi @@ -371,14 +370,6 @@ function createChannel() { ## Call the script to isntall and instantiate a chaincode on the channel function deployCC() { - if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then - echo Vendoring Go dependencies ... - pushd ../chaincode/fabcar/go - GO111MODULE=on go mod vendor - popd - echo Finished vendoring Go dependencies - fi - scripts/deployCC.sh $CHANNEL_NAME $CC_RUNTIME_LANGUAGE $VERSION $CLI_DELAY $MAX_RETRY $VERBOSE if [ $? -ne 0 ]; then @@ -410,6 +401,9 @@ function networkDown() { rm -rf organizations/fabric-ca/org1/msp organizations/fabric-ca/org1/tls-cert.pem organizations/fabric-ca/org1/ca-cert.pem organizations/fabric-ca/org1/IssuerPublicKey organizations/fabric-ca/org1/IssuerRevocationPublicKey organizations/fabric-ca/org1/fabric-ca-server.db rm -rf organizations/fabric-ca/org2/msp organizations/fabric-ca/org2/tls-cert.pem organizations/fabric-ca/org2/ca-cert.pem organizations/fabric-ca/org2/IssuerPublicKey organizations/fabric-ca/org2/IssuerRevocationPublicKey organizations/fabric-ca/org2/fabric-ca-server.db rm -rf organizations/fabric-ca/ordererOrg/msp organizations/fabric-ca/ordererOrg/tls-cert.pem organizations/fabric-ca/ordererOrg/ca-cert.pem organizations/fabric-ca/ordererOrg/IssuerPublicKey organizations/fabric-ca/ordererOrg/IssuerRevocationPublicKey organizations/fabric-ca/ordererOrg/fabric-ca-server.db + rm -rf addOrg3/fabric-ca/org3/msp addOrg3/fabric-ca/org3/tls-cert.pem addOrg3/fabric-ca/org3/ca-cert.pem addOrg3/fabric-ca/org3/IssuerPublicKey addOrg3/fabric-ca/org3/IssuerRevocationPublicKey addOrg3/fabric-ca/org3/fabric-ca-server.db + + # remove channel and script artifacts rm -rf channel-artifacts log.txt fabcar.tar.gz fabcar @@ -479,7 +473,6 @@ while [[ $# -ge 1 ]] ; do printHelp exit 0 ;; - -c ) CHANNEL_NAME="$2" shift diff --git a/test-network/organizations/ccp-generate.sh b/test-network/organizations/ccp-generate.sh index 1d072ea797..40f523957c 100755 --- a/test-network/organizations/ccp-generate.sh +++ b/test-network/organizations/ccp-generate.sh @@ -5,24 +5,22 @@ function one_line_pem { } function json_ccp { - local PP=$(one_line_pem $5) - local CP=$(one_line_pem $6) + local PP=$(one_line_pem $4) + local CP=$(one_line_pem $5) sed -e "s/\${ORG}/$1/" \ -e "s/\${P0PORT}/$2/" \ - -e "s/\${P1PORT}/$3/" \ - -e "s/\${CAPORT}/$4/" \ + -e "s/\${CAPORT}/$3/" \ -e "s#\${PEERPEM}#$PP#" \ -e "s#\${CAPEM}#$CP#" \ organizations/ccp-template.json } function yaml_ccp { - local PP=$(one_line_pem $5) - local CP=$(one_line_pem $6) + local PP=$(one_line_pem $4) + local CP=$(one_line_pem $5) sed -e "s/\${ORG}/$1/" \ -e "s/\${P0PORT}/$2/" \ - -e "s/\${P1PORT}/$3/" \ - -e "s/\${CAPORT}/$4/" \ + -e "s/\${CAPORT}/$3/" \ -e "s#\${PEERPEM}#$PP#" \ -e "s#\${CAPEM}#$CP#" \ organizations/ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g' @@ -30,20 +28,18 @@ function yaml_ccp { ORG=1 P0PORT=7051 -P1PORT=8051 CAPORT=7054 PEERPEM=organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem CAPEM=organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem -echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json -echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org1.example.com/connection-org1.yaml ORG=2 P0PORT=9051 -P1PORT=10051 CAPORT=8054 PEERPEM=organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem CAPEM=organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem -echo "$(json_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json -echo "$(yaml_ccp $ORG $P0PORT $P1PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml +echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.json +echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > organizations/peerOrganizations/org2.example.com/connection-org2.yaml diff --git a/test-network/organizations/ccp-template.json b/test-network/organizations/ccp-template.json index 243f0ccdcd..b4fb3dfb45 100644 --- a/test-network/organizations/ccp-template.json +++ b/test-network/organizations/ccp-template.json @@ -15,8 +15,7 @@ "Org${ORG}": { "mspid": "Org${ORG}MSP", "peers": [ - "peer0.org${ORG}.example.com", - "peer1.org${ORG}.example.com" + "peer0.org${ORG}.example.com" ], "certificateAuthorities": [ "ca.org${ORG}.example.com" @@ -33,16 +32,6 @@ "ssl-target-name-override": "peer0.org${ORG}.example.com", "hostnameOverride": "peer0.org${ORG}.example.com" } - }, - "peer1.org${ORG}.example.com": { - "url": "grpcs://localhost:${P1PORT}", - "tlsCACerts": { - "pem": "${PEERPEM}" - }, - "grpcOptions": { - "ssl-target-name-override": "peer1.org${ORG}.example.com", - "hostnameOverride": "peer1.org${ORG}.example.com" - } } }, "certificateAuthorities": { diff --git a/test-network/organizations/ccp-template.yaml b/test-network/organizations/ccp-template.yaml index 35333d9975..dec3f05930 100644 --- a/test-network/organizations/ccp-template.yaml +++ b/test-network/organizations/ccp-template.yaml @@ -12,7 +12,6 @@ organizations: mspid: Org${ORG}MSP peers: - peer0.org${ORG}.example.com - - peer1.org${ORG}.example.com certificateAuthorities: - ca.org${ORG}.example.com peers: @@ -24,14 +23,6 @@ peers: grpcOptions: ssl-target-name-override: peer0.org${ORG}.example.com hostnameOverride: peer0.org${ORG}.example.com - peer1.org${ORG}.example.com: - url: grpcs://localhost:${P1PORT} - tlsCACerts: - pem: | - ${PEERPEM} - grpcOptions: - ssl-target-name-override: peer1.org${ORG}.example.com - hostnameOverride: peer1.org${ORG}.example.com certificateAuthorities: ca.org${ORG}.example.com: url: https://localhost:${CAPORT} diff --git a/test-network/scripts/createChannel.sh b/test-network/scripts/createChannel.sh index d9f6e153ea..27667fdac8 100755 --- a/test-network/scripts/createChannel.sh +++ b/test-network/scripts/createChannel.sh @@ -9,7 +9,6 @@ VERBOSE="$4" : ${DELAY:="3"} : ${MAX_RETRY:="5"} : ${VERBOSE:="false"} -COUNTER=1 # import utils . scripts/envVar.sh @@ -54,8 +53,8 @@ createChannel() { # Poll in case the raft leader is not set yet local rc=1 - if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then - COUNTER=$(expr $COUNTER + 1) + local COUNTER=1 + while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then set -x @@ -68,12 +67,12 @@ createChannel() { res=$? set +x fi - test $res -eq 0 || let rc=1 - else - COUNTER=1 - fi + let rc=$res + COUNTER=$(expr $COUNTER + 1) + done cat log.txt verifyResult $res "Channel creation failed" + echo echo "===================== Channel '$CHANNEL_NAME' created ===================== " echo } @@ -83,19 +82,17 @@ joinChannel() { ORG=$1 setGlobals $ORG local rc=1 + local COUNTER=1 ## Sometimes Join takes time, hence retry - if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then - COUNTER=$(expr $COUNTER + 1) + while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY set -x peer channel join -b ./channel-artifacts/$CHANNEL_NAME.block >&log.txt res=$? set +x - test $res -eq 0 || let rc=1 - else - COUNTER=1 - echo "peer0.org${ORG} failed to join the channel, Retry after $DELAY seconds" - fi + let rc=$res + COUNTER=$(expr $COUNTER + 1) + done cat log.txt echo verifyResult $res "After $MAX_RETRY attempts, peer0.org${ORG} has failed to join channel '$CHANNEL_NAME' " diff --git a/test-network/scripts/deployCC.sh b/test-network/scripts/deployCC.sh index da35021af5..b1a60aa2bc 100755 --- a/test-network/scripts/deployCC.sh +++ b/test-network/scripts/deployCC.sh @@ -12,19 +12,33 @@ VERBOSE="$6" : ${MAX_RETRY:="5"} : ${VERBOSE:="false"} CC_RUNTIME_LANGUAGE=`echo "$CC_RUNTIME_LANGUAGE" | tr [:upper:] [:lower:]` -COUNTER=1 FABRIC_CFG_PATH=$PWD/../config/ -if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ]; then +if [ "$CC_RUNTIME_LANGUAGE" = "go" -o "$CC_RUNTIME_LANGUAGE" = "golang" ] ; then CC_RUNTIME_LANGUAGE=golang CC_SRC_PATH="../chaincode/fabcar/go/" + + echo Vendoring Go dependencies ... + pushd ../chaincode/fabcar/go + GO111MODULE=on go mod vendor + popd + echo Finished vendoring Go dependencies + elif [ "$CC_RUNTIME_LANGUAGE" = "javascript" ]; then CC_RUNTIME_LANGUAGE=node # chaincode runtime language is node.js CC_SRC_PATH="../chaincode/fabcar/javascript/" + elif [ "$CC_RUNTIME_LANGUAGE" = "java" ]; then CC_RUNTIME_LANGUAGE=java - CC_SRC_PATH="../chaincode/fabcar/java/" + CC_SRC_PATH="../chaincode/fabcar/java/build/install/fabcar" + + echo Compiling Java code ... + pushd ../chaincode/fabcar/java + ./gradlew installDist + popd + echo Finished compiling Java code + else echo The chaincode language ${CC_RUNTIME_LANGUAGE} is not supported by this script echo Supported chaincode languages are: go, javascript, java @@ -83,7 +97,7 @@ approveForMyOrg() { ORG=$1 setGlobals $ORG - if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then + if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then set -x peer lifecycle chaincode approveformyorg -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar --version ${VERSION} --init-required --package-id ${PACKAGE_ID} --sequence ${VERSION} --waitForEvent >&log.txt set +x @@ -98,32 +112,6 @@ approveForMyOrg() { echo } -# commitChaincodeDefinition VERSION PEER ORG (PEER ORG)... -commitChaincodeDefinition() { - parsePeerConnectionParameters $@ - res=$? - verifyResult $res "Invoke transaction failed on channel '$CHANNEL_NAME' due to uneven number of peer and org parameters " - - # while 'peer chaincode' command can get the orderer endpoint from the - # peer (if join was successful), let's supply it directly as we know - # it using the "-o" option - if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ]; then - set -x - peer lifecycle chaincode commit -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt - res=$? - set +x - else - set -x - peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt - res=$? - set +x - fi - cat log.txt - verifyResult $res "Chaincode definition commit failed on peer0.org${ORG} on channel '$CHANNEL_NAME' failed" - echo "===================== Chaincode definition committed on channel '$CHANNEL_NAME' ===================== " - echo -} - # checkCommitReadiness VERSION PEER ORG checkCommitReadiness() { ORG=$1 @@ -131,27 +119,26 @@ checkCommitReadiness() { setGlobals $ORG echo "===================== Checking the commit readiness of the chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== " local rc=1 + local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY - if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then - COUNTER=$(expr $COUNTER + 1) + while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY echo "Attempting to check the commit readiness of the chaincode definition on peer0.org${ORG} secs" set -x peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --output json --init-required >&log.txt res=$? set +x - test $res -eq 0 || let rc=1 - else - COUNTER=1 - fi + #test $res -eq 0 || continue + let rc=0 for var in "$@" do - grep "$var" log.txt &>/dev/null || let rc=1 + grep "$var" log.txt &>/dev/null || let rc=1 done - echo + COUNTER=$(expr $COUNTER + 1) + done cat log.txt - if test $rc -eq 1; then + if test $rc -eq 0; then echo "===================== Checking the commit readiness of the chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== " else echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Check commit readiness result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!" @@ -161,6 +148,32 @@ checkCommitReadiness() { fi } +# commitChaincodeDefinition VERSION PEER ORG (PEER ORG)... +commitChaincodeDefinition() { + parsePeerConnectionParameters $@ + res=$? + verifyResult $res "Invoke transaction failed on channel '$CHANNEL_NAME' due to uneven number of peer and org parameters " + + # while 'peer chaincode' command can get the orderer endpoint from the + # peer (if join was successful), let's supply it directly as we know + # it using the "-o" option + if [ -z "$CORE_PEER_TLS_ENABLED" -o "$CORE_PEER_TLS_ENABLED" = "false" ] ; then + set -x + peer lifecycle chaincode commit -o localhost:7050 --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt + res=$? + set +x + else + set -x + peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name fabcar $PEER_CONN_PARMS --version ${VERSION} --sequence ${VERSION} --init-required >&log.txt + res=$? + set +x + fi + cat log.txt + verifyResult $res "Chaincode definition commit failed on peer0.org${ORG} on channel '$CHANNEL_NAME' failed" + echo "===================== Chaincode definition committed on channel '$CHANNEL_NAME' ===================== " + echo +} + # queryCommitted ORG queryCommitted() { ORG=$1 @@ -168,27 +181,27 @@ queryCommitted() { EXPECTED_RESULT="Version: ${VERSION}, Sequence: ${VERSION}, Endorsement Plugin: escc, Validation Plugin: vscc" echo "===================== Querying chaincode definition on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== " local rc=1 + local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY - if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then - COUNTER=$(expr $COUNTER + 1) + while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY echo "Attempting to Query committed status on peer0.org${ORG}, Retry after $DELAY seconds." set -x peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name fabcar >&log.txt res=$? set +x - test $res -eq 0 || let rc=1 - else - COUNTER=1 - fi + test $res -eq 0 && VALUE=$(cat log.txt | grep -o '^Version: [0-9], Sequence: [0-9], Endorsement Plugin: escc, Validation Plugin: vscc') + test "$VALUE" = "$EXPECTED_RESULT" && let rc=0 + COUNTER=$(expr $COUNTER + 1) + done echo cat log.txt - if test $rc -eq 1; then + if test $rc -eq 0; then echo "===================== Query chaincode definition successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== " + echo else echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query chaincode definition result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!" - echo "================== ERROR !!! FAILED to execute End-2-End Scenario ==================" echo exit 1 fi @@ -249,27 +262,26 @@ chaincodeQuery() { setGlobals $ORG echo "===================== Querying on peer0.org${ORG} on channel '$CHANNEL_NAME'... ===================== " local rc=1 + local COUNTER=1 # continue to poll # we either get a successful response, or reach MAX RETRY - if [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ]; then - COUNTER=$(expr $COUNTER + 1) + while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY echo "Attempting to Query peer0.org${ORG} ...$(($(date +%s) - starttime)) secs" set -x peer chaincode query -C $CHANNEL_NAME -n fabcar -c '{"Args":["queryAllCars"]}' >&log.txt res=$? set +x - test $res -eq 0 || let rc=1 - else - COUNTER=1 - fi + let rc=$res + COUNTER=$(expr $COUNTER + 1) + done echo cat log.txt - if test $rc -eq 1; then + if test $rc -eq 0; then echo "===================== Query successful on peer0.org${ORG} on channel '$CHANNEL_NAME' ===================== " + echo else echo "!!!!!!!!!!!!!!! After $MAX_RETRY attempts, Query result on peer0.org${ORG} is INVALID !!!!!!!!!!!!!!!!" - echo "================== ERROR !!! FAILED to execute End-2-End Scenario ==================" echo exit 1 fi diff --git a/test-network/scripts/org3-scripts/step2org3.sh b/test-network/scripts/org3-scripts/step2org3.sh index 7b65b7e87e..ade5f3f2e1 100755 --- a/test-network/scripts/org3-scripts/step2org3.sh +++ b/test-network/scripts/org3-scripts/step2org3.sh @@ -12,7 +12,7 @@ # echo -echo "========= Getting Org3 on to your first network ========= " +echo "========= Getting Org3 on to your test network ========= " echo CHANNEL_NAME="$1" DELAY="$2" @@ -62,7 +62,7 @@ joinChannelWithRetry 3 echo "===================== peer0.org3 joined channel '$CHANNEL_NAME' ===================== " echo -echo "========= Finished adding Org3 to your first network! ========= " +echo "========= Finished adding Org3 to your test network! ========= " echo exit 0