Add CA capability to test-network-nano-bash #1209
Conversation
celder628
force-pushed
the
AddCAsToTestNetworkNanoBash
branch
3 times, most recently
from
ae83c86
to
b257d68
Compare
test-network-nano-bash/README.md
Outdated
|
|
||
| - cd to the `test-network-nano-bash` directory in each terminal window | ||
| - Instead of running the `./generate_artifacts.sh` described above, in the three CA terminals, run `./ordererca.sh`, `./org1ca.sh`, `./org2ca.sh` respectively. | ||
| - In the first orderer terminal, run `./generate_artifacts.sh "" true` to generate crypto material using the CAs and application channel genesis block and configuration transactions (calls configtxgen). The artifacts will be created in the `crypto-config` and `channel-artifacts` directories. If you are running BFT consensus then run `./generate_artifacts.sh BFT true`. All artifacts generated with the CA will conform to the same directory structure as cryptogen. |
There was a problem hiding this comment.
How about changing generate_artifacts to accept flags such as -bft and -ca? generate_artifacts.sh "" true isn't very expressive.
| # registerAndEnroll() | ||
| # | ||
| # This is a convenience method for creating enrollments and TLS certificates | ||
| # Primary purpose it to create enrollment certificates for admin identities |
There was a problem hiding this comment.
| # Primary purpose it to create enrollment certificates for admin identities | |
| # Primary purpose it to create enrollment certificates for org admin identities, and |
| # Rename the cacert to mimic cryptogen | ||
| mv ${component_dir}/msp/cacerts/localhost-${port}-ca.pem ${component_dir}/msp/cacerts/ca.${orgname:+$orgname.}example.com-cert.pem | ||
|
|
||
| # Set the cacert name and copy the config.json for NodeOU |
There was a problem hiding this comment.
CA cert doesn't use NodeOUs right?
There was a problem hiding this comment.
You're right. This is not needed for the admin cert. Removing this line.
| # createEnrollment() | ||
| # | ||
| # This is a convenience method for creating enrollments only | ||
| # Primary purpose it to create enrollment certificates for CAs |
There was a problem hiding this comment.
| # Primary purpose it to create enrollment certificates for CAs | |
| # Primary purpose it to create enrollment certificates for CA admins. |
| ###################################################################################### | ||
| # Create the certificates for Org1 | ||
| ###################################################################################### |
There was a problem hiding this comment.
For simplicity nano doesn't switch between "admin" and "client" users, it just uses the "admin" user all the time.
However, since this is an educational sample, it is probably worthwhile to create the "client" users for Org1 and Org2.
Also, it may be easier to understand if the "admin" and "client" enrollments are both done here in the respective org section, especially since the title of this section is "Create the certificates for Org1", which for educational purposes should include all the org certs - admin, client, and peers.
There was a problem hiding this comment.
Added client enrollments to the script.
test-network-nano-bash/README.md
Outdated
|  | ||
|
|
||
| - cd to the `test-network-nano-bash` directory in each terminal window | ||
| - Instead of running the `./generate_artifacts.sh` described above, in the three CA terminals, run `./ordererca.sh`, `./org1ca.sh`, `./org2ca.sh` respectively. |
There was a problem hiding this comment.
| - Instead of running the `./generate_artifacts.sh` described above, in the three CA terminals, run `./ordererca.sh`, `./org1ca.sh`, `./org2ca.sh` respectively. | |
| - Before running `./generate_artifacts.sh`, in the three CA terminals, run `./ordererca.sh`, `./org1ca.sh`, `./org2ca.sh` respectively. |
There was a problem hiding this comment.
I have reworded this. It should make sense now:
- Before running the ./generate_artifacts.sh -cain the first orderer terminal, run./ordererca.sh, ./org1ca.sh, ./org2ca.sh in the repsective terminals.
This change adds: - shell scripts to start CAs for each org - optional flag (-c) to network.sh to start CAs - generate crypto material in the same format as cryptogen using the CAs - describe how to start the CAs using terminals Signed-off-by: Chris Elder <celder@chriss-mbp.raleigh.ibm.com>
celder628
force-pushed
the
AddCAsToTestNetworkNanoBash
branch
from
b257d68
to
26c69cc
Compare
This change adds: