From fb5b9f7427beda9a7a4f943d9f86d433377f04b8 Mon Sep 17 00:00:00 2001 From: Simon Stone Date: Tue, 14 Jan 2020 13:36:33 +0000 Subject: [PATCH] Initial support for Fabric v2.0.0 (contributes to #94) Signed-off-by: Simon Stone --- azure-pipelines.yml | 17 ++--- docker/Dockerfile | 12 ++-- tasks/docker/create-orderer.yml | 12 ++-- tasks/docker/create-peer.yml | 10 +-- tasks/manage-consortium.yml | 6 +- templates/docker/configtx.yaml.j2 | 57 +++++++--------- .../fabric-channel-config-update.json.j2 | 68 ++++++++++++++++++- templates/manage-channel/fabric-msp.json.j2 | 27 ++++++++ .../manage-channel/fabric-policies.json.j2 | 66 +++++++++++++++++- .../fabric-config-envelope.json.j2 | 2 +- .../manage-consortium/fabric-msp.json.j2 | 27 ++++++++ tests/test.yml | 28 ++++---- 12 files changed, 248 insertions(+), 84 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 9eeacd0..fae3442 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -2,9 +2,6 @@ # SPDX-License-Identifier: Apache-2.0 # --- -trigger: - - master - pool: vmImage: "ubuntu-latest" @@ -22,17 +19,15 @@ steps: displayName: Install Python dependencies - script: | set -ex - mvn dependency:get -DremoteRepositories=https://nexus.hyperledger.org/content/repositories/snapshots -Dartifact=org.hyperledger.fabric:hyperledger-fabric-1.4.4-stable:linux-amd64.1.4.4-stable-SNAPSHOT:tar.gz - mvn dependency:copy -Dartifact=org.hyperledger.fabric:hyperledger-fabric-1.4.4-stable:linux-amd64.1.4.4-stable-SNAPSHOT:tar.gz -DoutputDirectory=/tmp - cd /usr/local - sudo tar xzvf /tmp/hyperledger-fabric-1.4.4-stable-linux-amd64.1.4.4-stable-SNAPSHOT.tar.gz + wget -qO fabric-bins.tar.gz https://github.com/hyperledger/fabric/releases/download/v2.0.0-beta/hyperledger-fabric-linux-amd64-2.0.0-beta.tar.gz + sudo tar xvf fabric-bins.tar.gz -C /usr/local + rm fabric-bins.tar.gz displayName: Download Fabric CLI - script: | set -ex - mvn dependency:get -DremoteRepositories=https://nexus.hyperledger.org/content/repositories/snapshots -Dartifact=org.hyperledger.fabric-ca:hyperledger-fabric-ca-1.4.4-stable:linux-amd64.1.4.4-stable-SNAPSHOT:tar.gz - mvn dependency:copy -Dartifact=org.hyperledger.fabric-ca:hyperledger-fabric-ca-1.4.4-stable:linux-amd64.1.4.4-stable-SNAPSHOT:tar.gz -DoutputDirectory=/tmp - cd /usr/local - sudo tar xzvf /tmp/hyperledger-fabric-ca-1.4.4-stable-linux-amd64.1.4.4-stable-SNAPSHOT.tar.gz + wget -qO fabric-ca-bins.tar.gz https://github.com/hyperledger/fabric-ca/releases/download/v1.4.4/hyperledger-fabric-ca-linux-amd64-1.4.4.tar.gz + sudo tar xvf fabric-ca-bins.tar.gz -C /usr/local + rm fabric-ca-bins.tar.gz displayName: Download Fabric CA CLI - script: | set -ex diff --git a/docker/Dockerfile b/docker/Dockerfile index d895a25..6251a62 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,17 +1,17 @@ # # SPDX-License-Identifier: Apache-2.0 # -FROM alpine:3.10 +FROM alpine:3.11 RUN apk add --no-cache ansible bash jq moreutils && \ pip3 install docker -RUN wget -qO docker-19.03.2.tgz https://download.docker.com/linux/static/stable/x86_64/docker-19.03.2.tgz && \ - tar xzvf docker-19.03.2.tgz --strip 1 -C /usr/local/bin docker/docker && \ - rm docker-19.03.2.tgz && \ - wget -qO /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" && \ +RUN wget -qO docker-19.03.5.tgz https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz && \ + tar xzvf docker-19.03.5.tgz --strip 1 -C /usr/local/bin docker/docker && \ + rm docker-19.03.5.tgz && \ + wget -qO /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/1.25.1/docker-compose-$(uname -s)-$(uname -m)" && \ chmod +x /usr/local/bin/docker-compose RUN mkdir /lib64 && \ ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 && \ - wget -qO fabric-bins.tar.gz https://github.com/hyperledger/fabric/releases/download/v1.4.4/hyperledger-fabric-linux-amd64-1.4.4.tar.gz && \ + wget -qO fabric-bins.tar.gz https://github.com/hyperledger/fabric/releases/download/v2.0.0-beta/hyperledger-fabric-linux-amd64-2.0.0-beta.tar.gz && \ tar xvf fabric-bins.tar.gz -C /usr/local && \ wget -qO fabric-ca-bins.tar.gz https://github.com/hyperledger/fabric-ca/releases/download/v1.4.4/hyperledger-fabric-ca-linux-amd64-1.4.4.tar.gz && \ tar xvf fabric-ca-bins.tar.gz -C /usr/local && \ diff --git a/tasks/docker/create-orderer.yml b/tasks/docker/create-orderer.yml index 77bdec8..87fe524 100644 --- a/tasks/docker/create-orderer.yml +++ b/tasks/docker/create-orderer.yml @@ -95,17 +95,17 @@ - name: Start orderer container docker_container: name: "{{ orderer.docker.name }}" - image: hyperledger/fabric-orderer:1.4.4 + image: hyperledger/fabric-orderer:2.0.0-beta networks: - name: "{{ infrastructure.docker.network }}" networks_cli_compatible: yes env: - ORDERER_GENERAL_GENESISMETHOD: file - ORDERER_GENERAL_GENESISFILE: /var/hyperledger/production/genesis.block + ORDERER_GENERAL_BOOTSTRAPMETHOD: file + ORDERER_GENERAL_BOOTSTRAPFILE: /var/hyperledger/production/genesis.block ORDERER_GENERAL_LISTENADDRESS: 0.0.0.0 ORDERER_GENERAL_LISTENPORT: "{{ orderer.docker.port }}" ORDERER_GENERAL_LOCALMSPID: "{{ organization.msp.id }}" - ORDERER_GENERAL_SYSTEMCHANNEL: testchainid + ORDERER_GENERAL_SYSTEMCHANNEL: system-channel ORDERER_GENERAL_TLS_ENABLED: "{{ 'true' if orderer.tls.enabled else 'false' }}" ORDERER_OPERATIONS_LISTENADDRESS: 0.0.0.0:{{ orderer.docker.operations_port }} ORDERER_OPERATIONS_TLS_ENABLED: "{{ 'true' if orderer.tls.enabled else 'false' }}" @@ -178,7 +178,7 @@ - name: Test for orderer genesis block in orderer container command: > - docker exec {{ orderer.docker.name }} test -d /var/hyperledger/production/orderer/chains/testchainid + docker exec {{ orderer.docker.name }} test -d /var/hyperledger/production/orderer/chains/system-channel register: check_orderer_genesis_block failed_when: False changed_when: False @@ -194,7 +194,7 @@ configtxgen -configPath {{ tempdir.path }} -profile Solo - -channelID testchainid + -channelID system-channel -outputBlock {{ tempdir.path }}/genesis.block when: check_orderer_genesis_block.rc != 0 diff --git a/tasks/docker/create-peer.yml b/tasks/docker/create-peer.yml index 319d6ad..393901e 100644 --- a/tasks/docker/create-peer.yml +++ b/tasks/docker/create-peer.yml @@ -123,7 +123,7 @@ - name: Start peer container docker_container: name: "{{ peer.docker.name }}" - image: hyperledger/fabric-peer:1.4.4 + image: hyperledger/fabric-peer:2.0.0-beta networks: - name: "{{ infrastructure.docker.network }}" networks_cli_compatible: yes @@ -137,10 +137,10 @@ CORE_PEER_GOSSIP_EXTERNALENDPOINT: "{{ peer.docker.name }}:{{ peer.docker.port }}" CORE_PEER_TLS_ENABLED: "{{ 'true' if peer.tls.enabled else 'false' }}" CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE: "{{ infrastructure.docker.network }}" - CORE_CHAINCODE_BUILDER: hyperledger/fabric-ccenv:1.4.4 - CORE_CHAINCODE_GOLANG_RUNTIME: hyperledger/fabric-baseos:0.4.18 - CORE_CHAINCODE_JAVA_RUNTIME: hyperledger/fabric-javaenv:1.4.4 - CORE_CHAINCODE_NODE_RUNTIME: hyperledger/fabric-baseimage:0.4.18 + CORE_CHAINCODE_BUILDER: hyperledger/fabric-ccenv:2.0.0-beta + CORE_CHAINCODE_GOLANG_RUNTIME: hyperledger/fabric-baseos:2.0.0-beta + CORE_CHAINCODE_JAVA_RUNTIME: hyperledger/fabric-javaenv:2.0.0-beta + CORE_CHAINCODE_NODE_RUNTIME: hyperledger/fabric-nodeenv:2.0.0-beta CORE_LEDGER_STATE_STATEDATABASE: "{{ 'CouchDB' if peer.database_type is defined and peer.database_type == 'couchdb' else 'goleveldb' }}" CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS: "{{ peer.docker.couchdb.name + ':5984' if peer.database_type is defined and peer.database_type == 'couchdb' else '' diff --git a/tasks/manage-consortium.yml b/tasks/manage-consortium.yml index 7df4cae..5615d66 100644 --- a/tasks/manage-consortium.yml +++ b/tasks/manage-consortium.yml @@ -7,7 +7,7 @@ peer channel fetch config {{ tempdir.path }}/config_block.pb -o {{ ibp[orderer.id].hostname }}:{{ ibp[orderer.id].port }} - -c testchainid + -c system-channel {{ '--tls' if ibp[orderer.id].protocol == 'grpcs' else '' }} {{ '--cafile "' + ibp[orderer.id].pem + '"' if ibp[orderer.id].protocol == 'grpcs' else '' }} {{ '--ordererTLSHostnameOverride ' + ibp[orderer.id].internal_hostname if ibp[orderer.id].internal_hostname is defined else '' }} @@ -58,7 +58,7 @@ - name: Compute system channel configuration update command: > configtxlator compute_update - --channel_id=testchainid + --channel_id=system-channel --original={{ tempdir.path }}/config.pb --updated={{ tempdir.path }}/updated_config.pb --output={{ tempdir.path }}/config_update.pb @@ -96,7 +96,7 @@ peer channel update -f {{ tempdir.path }}/config_update_as_envelope.pb -o {{ ibp[orderer.id].hostname }}:{{ ibp[orderer.id].port }} - -c testchainid + -c system-channel {{ '--tls' if ibp[orderer.id].protocol == 'grpcs' else '' }} {{ '--cafile "' + ibp[orderer.id].pem + '"' if ibp[orderer.id].protocol == 'grpcs' else '' }} {{ '--ordererTLSHostnameOverride ' + ibp[orderer.id].internal_hostname if ibp[orderer.id].internal_hostname is defined else '' }} diff --git a/templates/docker/configtx.yaml.j2 b/templates/docker/configtx.yaml.j2 index 9e1cb98..28ffdba 100644 --- a/templates/docker/configtx.yaml.j2 +++ b/templates/docker/configtx.yaml.j2 @@ -44,6 +44,9 @@ Organizations: Admins: Type: Signature Rule: "OR('{{ organization.msp.id }}.admin')" + Endorsement: + Type: Signature + Rule: "OR('{{ organization.msp.id }}.peer')" ################################################################################ # @@ -69,52 +72,34 @@ Capabilities: # supported by both. # Set the value of the capability to true to require it. Channel: &ChannelCapabilities - # V1.4.3 for Channel is a catchall flag for behavior which has been - # determined to be desired for all orderers and peers running at the v1.4.3 + # V2.0 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v2.0.0 # level, but which would be incompatible with orderers and peers from # prior releases. - # Prior to enabling V1.4.3 channel capabilities, ensure that all - # orderers and peers on a channel are at v1.4.3 or later. - V1_4_3: true - # V1.3 for Channel enables the new non-backwards compatible - # features and fixes of fabric v1.3 - V1_3: false - # V1.1 for Channel enables the new non-backwards compatible - # features and fixes of fabric v1.1 - V1_1: false + # Prior to enabling V2.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v2.0.0 or later. + V2_0: true # Orderer capabilities apply only to the orderers, and may be safely # used with prior release peers. # Set the value of the capability to true to require it. Orderer: &OrdererCapabilities - # V1.4.2 for Orderer is a catchall flag for behavior which has been - # determined to be desired for all orderers running at the v1.4.2 + # V1.1 for Orderer is a catchall flag for behavior which has been + # determined to be desired for all orderers running at the v1.1.x # level, but which would be incompatible with orderers from prior releases. - # Prior to enabling V1.4.2 orderer capabilities, ensure that all - # orderers on a channel are at v1.4.2 or later. - V1_4_2: true - # V1.1 for Orderer enables the new non-backwards compatible - # features and fixes of fabric v1.1 - V1_1: false + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on a channel are at v2.0.0 or later. + V2_0: true # Application capabilities apply only to the peer network, and may be safely # used with prior release orderers. # Set the value of the capability to true to require it. Application: &ApplicationCapabilities - # V1.4.2 for Application enables the new non-backwards compatible - # features and fixes of fabric v1.4.2 - V1_4_2: true - # V1.3 for Application enables the new non-backwards compatible - # features and fixes of fabric v1.3. - V1_3: false - # V1.2 for Application enables the new non-backwards compatible - # features and fixes of fabric v1.2 (note, this need not be set if - # later version capabilities are set) - V1_2: false - # V1.1 for Application enables the new non-backwards compatible - # features and fixes of fabric v1.1 (note, this need not be set if - # later version capabilities are set). - V1_1: false + # V2.0 for Application enables the new non-backwards compatible + # features and fixes of fabric v2.0. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on a channel are at v2.0.0 or later. + V2_0: true ################################################################################ # @@ -210,6 +195,12 @@ Application: &ApplicationDefaults Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" # Capabilities describes the application level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full diff --git a/templates/manage-channel/fabric-channel-config-update.json.j2 b/templates/manage-channel/fabric-channel-config-update.json.j2 index 908c065..6902fe0 100644 --- a/templates/manage-channel/fabric-channel-config-update.json.j2 +++ b/templates/manage-channel/fabric-channel-config-update.json.j2 @@ -61,7 +61,7 @@ } }, "Readers": { - "mod_policy": "Readers", + "mod_policy": "Admins", "policy": { "type": 1, "value": { @@ -92,7 +92,69 @@ } }, "Writers": { - "mod_policy": "Writers", + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + {% for member in channel.members %} + { + "signed_by": {{ loop.index0 }} + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + }, + "identities": [ + {% for member in channel.members %} + { + "principal_classification": "ROLE", + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + } + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + } + }, + "LifecycleEndorsement": { + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + {% for member in channel.members %} + { + "signed_by": {{ loop.index0 }} + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + }, + "identities": [ + {% for member in channel.members %} + { + "principal_classification": "ROLE", + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + } + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + } + }, + "Endorsement": { + "mod_policy": "Admins", "policy": { "type": 1, "value": { @@ -128,7 +190,7 @@ "mod_policy": "Admins", "value": { "capabilities": { - "V1_4_2": {} + "V2_0": {} } } } diff --git a/templates/manage-channel/fabric-msp.json.j2 b/templates/manage-channel/fabric-msp.json.j2 index 79484dc..ae760dc 100644 --- a/templates/manage-channel/fabric-msp.json.j2 +++ b/templates/manage-channel/fabric-msp.json.j2 @@ -83,6 +83,33 @@ } } } + }, + "Endorsement": { + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "identities": [ + { + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + }, + "principal_classification": "ROLE" + } + ], + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + { + "signed_by": 0 + } + ] + } + } + } + } } }, "values": { diff --git a/templates/manage-channel/fabric-policies.json.j2 b/templates/manage-channel/fabric-policies.json.j2 index 0ac19e2..eda8dda 100644 --- a/templates/manage-channel/fabric-policies.json.j2 +++ b/templates/manage-channel/fabric-policies.json.j2 @@ -32,7 +32,7 @@ } }, "Readers": { - "mod_policy": "Readers", + "mod_policy": "Admins", "policy": { "type": 1, "value": { @@ -63,7 +63,69 @@ } }, "Writers": { - "mod_policy": "Writers", + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + {% for member in channel.members %} + { + "signed_by": {{ loop.index0 }} + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + }, + "identities": [ + {% for member in channel.members %} + { + "principal_classification": "ROLE", + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + } + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + } + }, + "LifecycleEndorsement": { + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + {% for member in channel.members %} + { + "signed_by": {{ loop.index0 }} + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + }, + "identities": [ + {% for member in channel.members %} + { + "principal_classification": "ROLE", + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + } + }{%- if not loop.last -%},{% endif %} + {% endfor %} + ] + } + } + }, + "Endorsement": { + "mod_policy": "Admins", "policy": { "type": 1, "value": { diff --git a/templates/manage-consortium/fabric-config-envelope.json.j2 b/templates/manage-consortium/fabric-config-envelope.json.j2 index f650949..112e297 100644 --- a/templates/manage-consortium/fabric-config-envelope.json.j2 +++ b/templates/manage-consortium/fabric-config-envelope.json.j2 @@ -3,7 +3,7 @@ "payload":{ "header":{ "channel_header":{ - "channel_id":"testchainid", + "channel_id":"system-channel", "type":2 } }, diff --git a/templates/manage-consortium/fabric-msp.json.j2 b/templates/manage-consortium/fabric-msp.json.j2 index 79484dc..ae760dc 100644 --- a/templates/manage-consortium/fabric-msp.json.j2 +++ b/templates/manage-consortium/fabric-msp.json.j2 @@ -83,6 +83,33 @@ } } } + }, + "Endorsement": { + "mod_policy": "Admins", + "policy": { + "type": 1, + "value": { + "identities": [ + { + "principal": { + "msp_identifier": "{{ member.msp.id }}", + "role": "MEMBER" + }, + "principal_classification": "ROLE" + } + ], + "rule": { + "n_out_of": { + "n": 1, + "rules": [ + { + "signed_by": 0 + } + ] + } + } + } + } } }, "values": { diff --git a/tests/test.yml b/tests/test.yml index bad0be0..7ff4cbb 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -190,20 +190,20 @@ - *Org2Peer2 anchor_peers: - *Org2Peer1 - contracts: - - name: fabcar - version: 1.0.0 - package: "{{ playbook_dir }}/fabcar@1.0.0.cds" - channels: - - <<: *Channel1 - endorsement_policy: "AND('Org1MSP.peer','Org2MSP.peer')" - endorsing_members: - - <<: *Org1 - endorsing_peers: - - <<: *Org1Peer1 - - <<: *Org2 - endorsing_peers: - - <<: *Org2Peer1 + # contracts: + # - name: fabcar + # version: 1.0.0 + # package: "{{ playbook_dir }}/fabcar@1.0.0.cds" + # channels: + # - <<: *Channel1 + # endorsement_policy: "AND('Org1MSP.peer','Org2MSP.peer')" + # endorsing_members: + # - <<: *Org1 + # endorsing_peers: + # - <<: *Org1Peer1 + # - <<: *Org2 + # endorsing_peers: + # - <<: *Org2Peer1 gateways: - name: Org1 gateway organization: