Merge pull request hyperledger#3 from jkneubuh/feature/tldr

Feature/tldr

test-network-k8s/kube/org0/org0-ecert-ca.yaml

@@ -32,6 +32,8 @@ spec:
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/signcerts/cert.pem"
             - name: FABRIC_CA_SERVER_TLS_KEYFILE
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/keystore/key.pem"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/kube/org0/org0-tls-ca.yaml

@@ -28,6 +28,8 @@ spec:
               value: "false"
             - name: FABRIC_CA_SERVER_HOME
               value: "/var/hyperledger/fabric-tls-ca-server"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/kube/org1/org1-cc-asset-transfer-basic.yaml

@@ -28,7 +28,7 @@ spec:
 
             # todo: load with an envFrom and a dynamic config map with the ID.
             - name: CHAINCODE_ID
-              value: basic_1.0:e47a28f7406718bb0c6cefb00a6a6167099bf2d426e802d417f54c32d1a1ea1b
+              value: {{CC_PACKAGE_ID}}
           ports:
             - containerPort: 9999
 

test-network-k8s/kube/org1/org1-ecert-ca.yaml

@@ -32,6 +32,8 @@ spec:
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/signcerts/cert.pem"
             - name: FABRIC_CA_SERVER_TLS_KEYFILE
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/keystore/key.pem"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/kube/org1/org1-tls-ca.yaml

@@ -28,6 +28,8 @@ spec:
               value: "false"
             - name: FABRIC_CA_SERVER_HOME
               value: "/var/hyperledger/fabric-tls-ca-server"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/kube/org2/org2-ecert-ca.yaml

@@ -32,6 +32,8 @@ spec:
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/signcerts/cert.pem"
             - name: FABRIC_CA_SERVER_TLS_KEYFILE
               value: "/var/hyperledger/fabric-ca-client/tls-ca/rcaadmin/msp/keystore/key.pem"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/kube/org2/org2-tls-ca.yaml

@@ -28,6 +28,8 @@ spec:
               value: "false"
             - name: FABRIC_CA_SERVER_HOME
               value: "/var/hyperledger/fabric-tls-ca-server"
+            - name: FABRIC_CA_CLIENT_HOME
+              value: "/var/hyperledger/fabric-ca-client"
           ports:
             - containerPort: 443
           volumeMounts:

test-network-k8s/network.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+#
+# Copyright IBM Corp All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# todo: better handling for input parameters.
+# todo: skip storage volume init if deploying to a remote / cloud cluster (ICP IKS ROKS etc...)
+# todo: up / down / channel / chaincode / resty / ...
+# todo: refactor - lots of for-org-in-0-to-2-...
+# todo: refactor - break up by section (kind, network, channel, chaincode, application, ...)
+# todo: find a better technique for passing input commands to a remote kube exec
+# todo: find any technique to pass errors out of remote kubectl into the driver script
+# todo: register tls csr.hosts w/ kube DNS domain .NS.svc.cluster.local 
+# todo: user:pass auth for tls and ecert bootstrap admins.  here and in the server-config.yaml
+# todo: set tls.certfiles= ... arg in deployment env / yaml
+# todo: readiness / liveliness to probe /cainfo.  Don't sleep after launching CAs
+# todo: exec kubectl not kubectl
+# todo: refactor chaincode install to support other chaincode routines
+# todo: use localhost:5000 docker registry to avoid loading images into the kind image plane
+# todo: actually compile the chaincode archive, rather than reading a pre-canned one from chaincode/*.tgz (use sha256 to get CC ID)
+# todo: improve the mechanism for introducing CC_PACKAGE_ID into the service scope (currently sed)
+# todo: set up an nginx ingress controller for kind
+# todo: consider using templates for boilerplate network nodes (orderers, peers, ...)
+
+CLUSTER_NAME=${TEST_NETWORK_KIND_CLUSTER_NAME:-kind}
+NS=${TEST_NETWORK_KUBE_NAMESPACE:-test-network}
+CHANNEL_NAME=${TEST_NETWORK_CHANNEL_NAME:-mychannel}
+
+# todo: more complicated config, as these bleed into the yaml descriptors (sed? kustomize? helm (no)? tkn?...)
+TLSADMIN_AUTH=${TEST_NETWORK_TLSADMIN_AUTH:-tlsadmin:tlsadminpw}
+RCAADMIN_AUTH=rcaadmin:rcaadminpw
+FABRIC_VERSION=2.3.2
+
+function print_help() {
+  echo todo: help output, parse mode, flags, env, etc.
+}
+
+function network_up() {
+
+  # Kube config
+  init_namespace
+  init_storage_volumes
+  load_org_config
+
+  # Network TLS CAs
+  launch_TLS_CAs
+  enroll_bootstrap_TLS_CA_users
+
+  # Network ECert CAs
+  register_enroll_ECert_CA_bootstrap_users
+  launch_ECert_CAs
+  enroll_bootstrap_ECert_CA_users
+
+  # Test Network
+  create_local_MSP 
+  launch_orderers
+  launch_peers
+}
+
+function network_down() {
+
+  kubectl -n $NS exec deploy/org0-admin-cli -- /bin/bash -c "rm -rf /var/hyperledger"
+  kubectl -n $NS exec deploy/org1-admin-cli -- /bin/bash -c "rm -rf /var/hyperledger"
+  kubectl -n $NS exec deploy/org2-admin-cli -- /bin/bash -c "rm -rf /var/hyperledger"
+
+  kubectl -n $NS delete deployment --all 
+  kubectl -n $NS delete pod --all
+  kubectl -n $NS delete service --all
+  kubectl -n $NS delete configmap --all
+  kubectl -n $NS delete secret --all
+  kubectl -n $NS delete jobs --all
+}
+
+
+#. scripts/util.sh
+. scripts/kind_init.sh
+. scripts/fabric_config.sh
+. scripts/fabric_CAs.sh
+. scripts/test_network.sh
+. scripts/channel.sh
+. scripts/chaincode.sh
+
+## Parse mode
+if [[ $# -lt 1 ]] ; then
+  print_help
+  exit 0
+else
+  MODE=$1
+  shift
+fi
+
+set -x
+
+if [ "${MODE}" == "kind" ]; then
+  kind_init
+
+elif [ "${MODE}" == "up" ]; then
+  network_up
+  channel_up
+  chaincode_up
+  # rest_easy
+
+elif [ "${MODE}" == "down" ]; then
+  network_down
+
+else
+  exit 1
+fi
+
+{ set +x; } 2>/dev/null
+
+
+
+

test-network-k8s/scripts/chaincode.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+#
+# Copyright IBM Corp All Rights Reserved
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# todo: refactor to support multiple chaincode routines, not just basic-asset-transfer
+# todo: use local registry and build/tag/push to avoid docker hub and the kind image plane.
+
+# Create a docker image for the chaincode-as-a-service endpoint and load into the kind image plane.
+function build_chaincode_image() {
+  docker build \
+    -t hyperledger/asset-transfer-basic \
+    ../asset-transfer-basic/chaincode-external
+
+  kind load docker-image hyperledger/asset-transfer-basic
+}
+
+function package_chaincode_for() {
+  local org=$1
+
+  # Copy the chaincode archive from the local host to the org admin
+  tar cf - chaincode/ | kubectl -n $NS exec -i deploy/${org}-admin-cli -- tar xvf -
+}
+
+function install_chaincode_for() {
+  local org=$1
+
+  # Install the chaincode
+  echo 'set -x
+  export CORE_PEER_ADDRESS='${org}'-peer1:7051
+  peer lifecycle chaincode install chaincode/asset-transfer-basic.tgz
+  ' | kubectl -n $NS exec deploy/${org}-admin-cli -i -- /bin/bash
+}
+
+function launch_chaincode_service() {
+  local org=$1
+  local cc_id=$2
+
+  # The chaincode endpoint needs to have the generated chaincode ID available in the environment.
+  # This could be from a config map, a secret, or by directly editing the deployment spec.  Here we'll keep
+  # things simple by using sed to substitute a value into a yaml template.
+  cat kube/${org}/${org}-cc-asset-transfer-basic.yaml \
+    | sed 's/{{CC_PACKAGE_ID}}/'${cc_id}'/' \
+    | kubectl -n $NS apply -f -
+
+  kubectl -n $NS rollout status deploy/${org}-cc-asset-transfer-basic
+}
+
+function activate_chaincode_for() {
+  local org=$1
+  local cc_id=$2
+
+  echo 'set -x 
+  export CORE_PEER_ADDRESS='${org}'-peer1:7051
+  
+  peer lifecycle \
+    chaincode approveformyorg \
+    --channelID '${CHANNEL_NAME}' \
+    --name basic \
+    --version 1 \
+    --package-id '${cc_id}' \
+    --sequence 1 \
+    -o org0-orderer1:6050 \
+    --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem
+  
+  peer lifecycle \
+    chaincode commit \
+    --channelID '${CHANNEL_NAME}' \
+    --name basic \
+    --version 1 \
+    --sequence 1 \
+    -o org0-orderer1:6050 \
+    --tls --cafile /var/hyperledger/fabric/organizations/ordererOrganizations/org0.example.com/msp/tlscacerts/org0-tls-ca.pem
+  ' | kubectl -n $NS exec deploy/${org}-admin-cli -i -- /bin/bash
+}
+
+function deploy_chaincode() {
+
+  package_chaincode_for org1
+  install_chaincode_for org1
+
+  # todo from sha256 cc-archive.tgz or install STDOUT
+  CC_PACKAGE_ID=basic_1.0:e47a28f7406718bb0c6cefb00a6a6167099bf2d426e802d417f54c32d1a1ea1b
+
+  launch_chaincode_service org1 $CC_PACKAGE_ID
+  activate_chaincode_for org1 $CC_PACKAGE_ID
+}
+
+function chaincode_up() {
+  set -x
+
+  build_chaincode_image
+  deploy_chaincode
+
+  set +x
+}