Skip to content

Commit

Permalink
[FAB-14485] Extend BYFN to opt inc cert authorities
Browse files Browse the repository at this point in the history 
Add a new "-a" option to byfn.sh that optionally deploys
certificate authorities (in Docker containers) for
organisation 1 and 2.

Change-Id: Ib58c46941aa6e8e58bac01aa3349e97d1f93b930
Signed-off-by: Simon Stone <sstone1@uk.ibm.com>
  • Loading branch information
Simon Stone committed Apr 24, 2019
1 parent 529b83b commit 0c4141f
Show file tree
Hide file tree
Showing 7 changed files with 164 additions and 64 deletions.
76 changes: 36 additions & 40 deletions first-network/byfn.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ export VERBOSE=false
# Print the usage message
function printHelp() {
echo "Usage: "
echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-v]"
echo " byfn.sh <mode> [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-l <language>] [-o <consensus-type>] [-i <imagetag>] [-a] [-v]"
echo " <mode> - one of 'up', 'down', 'restart', 'generate' or 'upgrade'"
echo " - 'up' - bring up the network with docker-compose up"
echo " - 'down' - clear the network with docker-compose down"
Expand All @@ -50,6 +50,7 @@ function printHelp() {
echo " -l <language> - the chaincode language: golang (default) or node"
echo " -o <consensus-type> - the consensus-type of the ordering service: solo (default), kafka, or etcdraft"
echo " -i <imagetag> - the tag to be used to launch the network (defaults to \"latest\")"
echo " -a - launch certificate authorities (no certificate authorities are launched by default)"
echo " -v - verbose mode"
echo " byfn.sh -h (print this message)"
echo
Expand Down Expand Up @@ -156,29 +157,22 @@ function networkUp() {
replacePrivateKey
generateChannelArtifacts
fi
COMPOSE_FILES="-f ${COMPOSE_FILE}"
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
fi
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
fi
if [ "${IF_COUCHDB}" == "couchdb" ]; then
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH up -d 2>&1
docker ps -a
fi
else
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA up -d 2>&1
docker ps -a
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 up -d 2>&1
docker ps -a
else
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE up -d 2>&1
docker ps -a
fi
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
fi
IMAGE_TAG=$IMAGETAG docker-compose ${COMPOSE_FILES} up -d 2>&1
docker ps -a
if [ $? -ne 0 ]; then
echo "ERROR !!!! Unable to start network"
exit 1
Expand All @@ -197,7 +191,7 @@ function networkUp() {
fi

# now run the end to end script
docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE
docker exec cli scripts/script.sh $CHANNEL_NAME $CLI_DELAY $LANGUAGE $CLI_TIMEOUT $VERBOSE $NO_CHAINCODE
if [ $? -ne 0 ]; then
echo "ERROR !!!! Test failed"
exit 1
Expand All @@ -221,22 +215,19 @@ function upgradeNetwork() {
mkdir -p $LEDGERS_BACKUP

export IMAGE_TAG=$IMAGETAG
COMPOSE_FILES="-f ${COMPOSE_FILE}"
if [ "${CERTIFICATE_AUTHORITIES}" == "true" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_CA}"
export BYFN_CA1_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org1.example.com/ca && ls *_sk)
export BYFN_CA2_PRIVATE_KEY=$(cd crypto-config/peerOrganizations/org2.example.com/ca && ls *_sk)
fi
if [ "${CONSENSUS_TYPE}" == "kafka" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_KAFKA}"
elif [ "${CONSENSUS_TYPE}" == "etcdraft" ]; then
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_RAFT2}"
fi
if [ "${IF_COUCHDB}" == "couchdb" ]; then
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_COUCH"
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_COUCH"
else
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH"
fi
else
if [ "$CONSENSUS_TYPE" == "kafka" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_KAFKA"
elif [ "$CONSENSUS_TYPE" == "etcdraft" ]; then
COMPOSE_FILES="-f $COMPOSE_FILE -f $COMPOSE_FILE_RAFT2"
else
COMPOSE_FILES="-f $COMPOSE_FILE"
fi
COMPOSE_FILES="${COMPOSE_FILES} -f ${COMPOSE_FILE_COUCH}"
fi

# removing the cli container
Expand Down Expand Up @@ -283,7 +274,7 @@ function upgradeNetwork() {
function networkDown() {
# stop org3 containers also in addition to org1 and org2, in case we were running sample to add org3
# stop kafka and zookeeper containers in case we're running with kafka consensus-type
docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans
docker-compose -f $COMPOSE_FILE -f $COMPOSE_FILE_COUCH -f $COMPOSE_FILE_KAFKA -f $COMPOSE_FILE_RAFT2 -f $COMPOSE_FILE_CA -f $COMPOSE_FILE_ORG3 down --volumes --remove-orphans

# Don't remove the generated artifacts -- note, the ledgers are always removed
if [ "$MODE" != "restart" ]; then
Expand Down Expand Up @@ -508,6 +499,8 @@ COMPOSE_FILE_ORG3=docker-compose-org3.yaml
COMPOSE_FILE_KAFKA=docker-compose-kafka.yaml
# two additional etcd/raft orderers
COMPOSE_FILE_RAFT2=docker-compose-etcdraft2.yaml
# certificate authorities compose file
COMPOSE_FILE_CA=docker-compose-ca.yaml
#
# use golang as the default language for chaincode
LANGUAGE=golang
Expand Down Expand Up @@ -537,7 +530,7 @@ else
exit 1
fi

while getopts "h?c:t:d:f:s:l:i:o:v" opt; do
while getopts "h?c:t:d:f:s:l:i:o:av" opt; do
case "$opt" in
h | \?)
printHelp
Expand Down Expand Up @@ -567,6 +560,9 @@ while getopts "h?c:t:d:f:s:l:i:o:v" opt; do
o)
CONSENSUS_TYPE=$OPTARG
;;
a)
CERTIFICATE_AUTHORITIES=true
;;
v)
VERBOSE=true
;;
Expand Down
15 changes: 15 additions & 0 deletions first-network/connection-org1.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
}
},
Expand All @@ -39,5 +42,17 @@
"ssl-target-name-override": "peer1.org1.example.com"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
}
}
10 changes: 10 additions & 0 deletions first-network/connection-org1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ organizations:
peers:
- peer0.org1.example.com
- peer1.org1.example.com
certificateAuthorities:
- ca.org1.example.com
peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
Expand All @@ -26,3 +28,11 @@ peers:
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
grpcOptions:
ssl-target-name-override: peer1.org1.example.com
certificateAuthorities:
ca.org1.example.com:
url: https://localhost:7054
caName: ca-org1
tlsCACerts:
path: crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
httpOptions:
verify: false
15 changes: 15 additions & 0 deletions first-network/connection-org2.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
]
}
},
Expand All @@ -39,5 +42,17 @@
"ssl-target-name-override": "peer1.org2.example.com"
}
}
},
"certificateAuthorities": {
"ca.org2.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org2",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
}
}
10 changes: 10 additions & 0 deletions first-network/connection-org2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ organizations:
peers:
- peer0.org2.example.com
- peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
peers:
peer0.org2.example.com:
url: grpcs://localhost:9051
Expand All @@ -26,3 +28,11 @@ peers:
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
grpcOptions:
ssl-target-name-override: peer1.org2.example.com
certificateAuthorities:
ca.org2.example.com:
url: https://localhost:8054
caName: ca-org2
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
httpOptions:
verify: false
46 changes: 46 additions & 0 deletions first-network/docker-compose-ca.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

networks:
byfn:

services:
ca0:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg1
networks:
- byfn

ca1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:8054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA2_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg2
networks:
- byfn
56 changes: 32 additions & 24 deletions scripts/Jenkins_Scripts/byfn_eyfn.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,29 +69,37 @@ if [ $1 != 0 ]; then
fi
}

echo "############## BYFN,EYFN DEFAULT CHANNEL TEST ###################"
echo "#################################################################"
echo y | ./byfn.sh -m down
echo y | ./byfn.sh -m up -t 60
copy_logs $? default-channel
echo y | ./eyfn.sh -m up -t 60
copy_logs $? default-channel
echo y | ./eyfn.sh -m down
echo
echo "############## BYFN,EYFN DEFAULT CHANNEL TEST ###################"
echo "#################################################################"
echo y | ./byfn.sh -m down
echo y | ./byfn.sh -m up -t 60
copy_logs $? default-channel
echo y | ./eyfn.sh -m up -t 60
copy_logs $? default-channel
echo y | ./eyfn.sh -m down
echo

echo "############### BYFN,EYFN CUSTOM CHANNEL WITH COUCHDB TEST ##############"
echo "#########################################################################"
echo y | ./byfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
copy_logs $? custom-channel-couch couchdb
echo y | ./eyfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
copy_logs $? custom-channel-couch
echo y | ./eyfn.sh -m down
echo

echo "############### BYFN,EYFN CUSTOM CHANNEL WITH COUCHDB TEST ##############"
echo "#########################################################################"
echo y | ./byfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
copy_logs $? custom-channel-couch couchdb
echo y | ./eyfn.sh -m up -c custom-channel-couchdb -s couchdb -t 75 -d 15
copy_logs $? custom-channel-couch
echo y | ./eyfn.sh -m down
echo
echo "############### BYFN,EYFN WITH NODE Chaincode. TEST ################"
echo "####################################################################"
echo y | ./byfn.sh -m up -l node -t 60
copy_logs $? default-channel-node
echo y | ./eyfn.sh -m up -l node -t 60
copy_logs $? default-channel-node
echo y | ./eyfn.sh -m down
echo

echo "############### BYFN,EYFN WITH NODE Chaincode. TEST ################"
echo "####################################################################"
echo y | ./byfn.sh -m up -l node -t 60
copy_logs $? default-channel-node
echo y | ./eyfn.sh -m up -l node -t 60
copy_logs $? default-channel-node
echo y | ./eyfn.sh -m down
echo "############### BYFN WITH CA TEST ################"
echo "##################################################"
echo y | ./byfn.sh -m up -a
copy_logs $? default-channel-ca
echo y | ./byfn.sh -m down -a
echo

0 comments on commit 0c4141f

Please sign in to comment.