diff --git a/e2e-network/docker/test-01-v2-simple.sh b/e2e-network/docker/test-01-v2-simple.sh index 47cc0d30..4be802aa 100755 --- a/e2e-network/docker/test-01-v2-simple.sh +++ b/e2e-network/docker/test-01-v2-simple.sh @@ -10,7 +10,7 @@ export FABLO_HOME networkUp() { "$FABLO_HOME/fablo-build.sh" - (cd "$TEST_TMP" && "$FABLO_HOME/fablo.sh" init node) + (cd "$TEST_TMP" && "$FABLO_HOME/fablo.sh" init node dev) (cd "$TEST_TMP" && "$FABLO_HOME/fablo.sh" up) } @@ -21,6 +21,8 @@ dumpLogs() { } networkDown() { + echo "type anything to continue" + read -r rm -rf "$TEST_LOGS" (for name in $(docker ps --format '{{.Names}}'); do dumpLogs "$name"; done) (cd "$TEST_TMP" && "$FABLO_HOME/fablo.sh" down) @@ -53,7 +55,7 @@ trap 'networkDown ; echo "Test failed" ; exit 1' ERR SIGINT networkUp waitForContainer "orderer0.group1.orderer.example.com" "Created and started new.*my-channel1" -waitForContainer "ca.org1.example.com" "Listening on http://0.0.0.0:7054" +waitForContainer "ca.org1.example.com" "Listening on https://0.0.0.0:7054" waitForContainer "peer0.org1.example.com" "Joining gossip network of channel my-channel1 with 1 organizations" waitForContainer "peer1.org1.example.com" "Joining gossip network of channel my-channel1 with 1 organizations" waitForContainer "peer0.org1.example.com" "Learning about the configured anchor peers of Org1MSP for channel my-channel1" @@ -62,6 +64,13 @@ waitForContainer "peer0.org1.example.com" "Membership view has changed. peers we waitForContainer "peer1.org1.example.com" "Learning about the configured anchor peers of Org1MSP for channel my-channel1" waitForContainer "peer1.org1.example.com" "Membership view has changed. peers went online:.*peer0.org1.example.com:7041" +# Start chaincode in development mode +cp "$FABLO_HOME/start-dev-tls.sh" "$TEST_TMP/chaincodes/chaincode-kv-node/start-dev-tls.sh" +(cd "$TEST_TMP/chaincodes/chaincode-kv-node" && npm i && npm run start:dev:tls) + +echo "Chaincode failed to start" +exit 1 + # Test simple chaincode expectInvoke "peer0.org1.example.com" "my-channel1" "chaincode1" \ '{"Args":["KVContract:put", "name", "Willy Wonka"]}' \ diff --git a/inspect.json b/inspect.json new file mode 100644 index 00000000..2dd98bd9 --- /dev/null +++ b/inspect.json @@ -0,0 +1,232 @@ +{ + "Id": "1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35", + "Created": "2025-10-15T20:42:09.075297711Z", + "Path": "docker-entrypoint.sh", + "Args": [ + "/bin/sh", + "-c", + "\nset -e\nif [ -x /chaincode/start.sh ]; then\n\t/chaincode/start.sh --peer.address peer1.org1.example.com:7050\nelse\n\tcd /usr/local/src\n\tnpm start -- --peer.address peer1.org1.example.com:7050\nfi\n" + ], + "State": { + "Status": "running", + "Running": true, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 44951, + "ExitCode": 0, + "Error": "", + "StartedAt": "2025-10-15T20:42:09.639895753Z", + "FinishedAt": "0001-01-01T00:00:00Z" + }, + "Image": "sha256:b12d900adfcfe2e747b5ce7c345e2adadc480aed18af45c4eaa55afeb67acf16", + "ResolvConfPath": "/var/lib/docker/containers/1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35/resolv.conf", + "HostnamePath": "/var/lib/docker/containers/1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35/hostname", + "HostsPath": "/var/lib/docker/containers/1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35/hosts", + "LogPath": "/var/lib/docker/containers/1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35/1305f1e8b8af8686fece6deb41020a8cf795620c64aa2503e732d308c32b6a35-json.log", + "Name": "/dev-peer1.org1.example.com-my-channel1_chaincode1_0.0.1-aab33d7d10363632d349b01665ba35484f473aeb77bd1b622ee7ff3f8c97cc06", + "RestartCount": 0, + "Driver": "overlay2", + "Platform": "linux", + "MountLabel": "", + "ProcessLabel": "", + "AppArmorProfile": "", + "ExecIDs": null, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LogConfig": { + "Type": "json-file", + "Config": { + "max-file": "5", + "max-size": "50m" + } + }, + "NetworkMode": "fablo_network_202510152041_basic", + "PortBindings": null, + "RestartPolicy": { + "Name": "", + "MaximumRetryCount": 0 + }, + "AutoRemove": false, + "VolumeDriver": "", + "VolumesFrom": null, + "CapAdd": null, + "CapDrop": null, + "CgroupnsMode": "private", + "Dns": null, + "DnsOptions": null, + "DnsSearch": null, + "ExtraHosts": null, + "GroupAdd": null, + "IpcMode": "private", + "Cgroup": "", + "Links": null, + "OomScoreAdj": 0, + "PidMode": "", + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "SecurityOpt": null, + "UTSMode": "", + "UsernsMode": "", + "ShmSize": 67108864, + "Runtime": "runc", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 2147483648, + "NanoCpus": 0, + "CgroupParent": "", + "BlkioWeight": 0, + "BlkioWeightDevice": null, + "BlkioDeviceReadBps": null, + "BlkioDeviceWriteBps": null, + "BlkioDeviceReadIOps": null, + "BlkioDeviceWriteIOps": null, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": null, + "DeviceCgroupRules": null, + "DeviceRequests": null, + "KernelMemory": 0, + "KernelMemoryTCP": 0, + "MemoryReservation": 0, + "MemorySwap": 4294967296, + "MemorySwappiness": null, + "OomKillDisable": null, + "PidsLimit": null, + "Ulimits": null, + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0, + "MaskedPaths": [ + "/proc/asound", + "/proc/acpi", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware" + ], + "ReadonlyPaths": [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + }, + "GraphDriver": { + "Data": { + "LowerDir": "/var/lib/docker/overlay2/6a95c348775de8014528a5a49e58552e1f3a16259e3dc788f786f71129789940-init/diff:/var/lib/docker/overlay2/be9383f6a128ffc483c72c83d5c66bc13d05c62e5ffd67af750a1c5bf0f9f85b/diff:/var/lib/docker/overlay2/8a51eb08f5c9f09ee3b0171488c96faf8874030e3c51ce5e7a548527edb814df/diff:/var/lib/docker/overlay2/eb6998f01685777afd04a8d9f2f99feacb563c4823a83b72a52b76dc20c4ce08/diff:/var/lib/docker/overlay2/ad518b9a67a16db87db6f3d1c8d3517cb42c35d909709c764d37652c5a0f523a/diff:/var/lib/docker/overlay2/0f5bfb71f252946d19c2f6563a75ecd43b588cde7ce7a252fdd4bf5d0a91db26/diff:/var/lib/docker/overlay2/69aea5601b2151f4e98cef8d6642668909d63fb7082874f03ee9a232fa3b479b/diff:/var/lib/docker/overlay2/fcef04739b9fff9b9ede15d1820ec4b6a0a86b17e9156449a83bb77f9cefd941/diff:/var/lib/docker/overlay2/863e6d7c01fb09eb3c1377f82a5d22aeb91ac0c1088611ede9c6fbd14da97594/diff", + "MergedDir": "/var/lib/docker/overlay2/6a95c348775de8014528a5a49e58552e1f3a16259e3dc788f786f71129789940/merged", + "UpperDir": "/var/lib/docker/overlay2/6a95c348775de8014528a5a49e58552e1f3a16259e3dc788f786f71129789940/diff", + "WorkDir": "/var/lib/docker/overlay2/6a95c348775de8014528a5a49e58552e1f3a16259e3dc788f786f71129789940/work" + }, + "Name": "overlay2" + }, + "Mounts": [], + "Config": { + "Hostname": "1305f1e8b8af", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "CORE_CHAINCODE_ID_NAME=my-channel1_chaincode1_0.0.1:aab33d7d10363632d349b01665ba35484f473aeb77bd1b622ee7ff3f8c97cc06", + "CORE_CHAINCODE_LOGGING_LEVEL=debug", + "CORE_CHAINCODE_LOGGING_SHIM=debug", + "CORE_CHAINCODE_LOGGING_FORMAT=%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}", + "CORE_PEER_TLS_ENABLED=true", + "CORE_TLS_CLIENT_KEY_PATH=/etc/hyperledger/fabric/client.key", + "CORE_TLS_CLIENT_CERT_PATH=/etc/hyperledger/fabric/client.crt", + "CORE_TLS_CLIENT_KEY_FILE=/etc/hyperledger/fabric/client_pem.key", + "CORE_TLS_CLIENT_CERT_FILE=/etc/hyperledger/fabric/client_pem.crt", + "CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/peer.crt", + "CORE_PEER_LOCALMSPID=Org1MSP", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NODE_VERSION=22.12.0", + "YARN_VERSION=1.22.22", + "CORE_CHAINCODE_BUILDLEVEL=v2.5.12" + ], + "Cmd": [ + "/bin/sh", + "-c", + "\nset -e\nif [ -x /chaincode/start.sh ]; then\n\t/chaincode/start.sh --peer.address peer1.org1.example.com:7050\nelse\n\tcd /usr/local/src\n\tnpm start -- --peer.address peer1.org1.example.com:7050\nfi\n" + ], + "Image": "dev-peer1.org1.example.com-my-channel1_chaincode1_0.0.1-aab33d7d10363632d349b01665ba35484f473aeb77bd1b622ee7ff3f8c97cc06-15d8cd9ce2e9d0f3747287695d3746e7fd48157a0bda2de43abb80a125396e83", + "Volumes": null, + "WorkingDir": "/", + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "OnBuild": null, + "Labels": { + "org.hyperledger.fabric.chaincode.type": "NODE", + "org.hyperledger.fabric.version": "v2.5.12", + "org.opencontainers.image.created": "2024-12-04T09:38:52.504Z", + "org.opencontainers.image.description": "Hyperledger Fabric Node.js Smart Contracts", + "org.opencontainers.image.licenses": "Apache-2.0", + "org.opencontainers.image.revision": "b3720d0665328c8580a686b906012de3c8466c82", + "org.opencontainers.image.source": "https://github.com/hyperledger/fabric-chaincode-node", + "org.opencontainers.image.title": "fabric-chaincode-node", + "org.opencontainers.image.url": "https://github.com/hyperledger/fabric-chaincode-node", + "org.opencontainers.image.version": "2.5.8" + } + }, + "NetworkSettings": { + "Bridge": "", + "SandboxID": "d2f9ee3390f6cf92b8df9e151a832301584b49e98a2ee9c9f03c215b8b6c8b7a", + "HairpinMode": false, + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "Ports": {}, + "SandboxKey": "/var/run/docker/netns/d2f9ee3390f6", + "SecondaryIPAddresses": null, + "SecondaryIPv6Addresses": null, + "EndpointID": "", + "Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "", + "IPPrefixLen": 0, + "IPv6Gateway": "", + "MacAddress": "", + "Networks": { + "fablo_network_202510152041_basic": { + "IPAMConfig": null, + "Links": null, + "Aliases": [ + "1305f1e8b8af" + ], + "NetworkID": "830ae2e5aafa0afb66dc6e2a332f143926326dbdbf422ad50477d9206d429090", + "EndpointID": "d7b920249955721988b31203a667489b689ee151c9714c7a1c2ea38c79a3ebca", + "Gateway": "192.168.80.1", + "IPAddress": "192.168.80.10", + "IPPrefixLen": 20, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "02:42:c0:a8:50:0a", + "DriverOpts": null + } + } + } +} \ No newline at end of file diff --git a/samples/chaincodes/chaincode-kv-node/package.json b/samples/chaincodes/chaincode-kv-node/package.json index f50ae9b0..b9ac931b 100644 --- a/samples/chaincodes/chaincode-kv-node/package.json +++ b/samples/chaincodes/chaincode-kv-node/package.json @@ -9,7 +9,8 @@ "scripts": { "start": "fabric-chaincode-node start", "start:ccaas": "fabric-chaincode-node server --chaincode-address 0.0.0.0:7052 --chaincode-id \"$CHAINCODE_ID\"", - "start:dev": "fabric-chaincode-node start --peer.address \"127.0.0.1:8541\" --chaincode-id-name \"chaincode1:0.0.1\" --tls.enabled false", + "start:dev": "fabric-chaincode-node start --peer.address \"127.0.0.1:8541\" --chaincode-id \"$CHAINCODE_ID\" --tls.enabled false", + "start:dev:tls": "./start-dev-tls.sh", "start:watch": "nodemon --exec \"npm run start:dev\"", "build": "echo \"No need to build the chaincode\"", "lint": "eslint . --fix --ext .js" diff --git a/src/init/index.ts b/src/init/index.ts index b8f908de..e78a3e96 100644 --- a/src/init/index.ts +++ b/src/init/index.ts @@ -8,8 +8,11 @@ function getDefaultFabloConfig(): FabloConfigJson { $schema: `https://github.com/hyperledger-labs/fablo/releases/download/${version}/schema.json`, global: { fabricVersion: "2.5.12", - tls: false, - peerDevMode: false, + tls: true, + peerDevMode: true, + monitoring: { + loglevel: "debug", + }, }, orgs: [ { @@ -79,6 +82,10 @@ export default class InitGenerator extends Generator { super(args, opts); } + async writing(): Promise { + await this.copySampleConfig(); + } + async copySampleConfig(): Promise { let fabloConfigJson = getDefaultFabloConfig(); diff --git a/src/setup-docker/templates/fabric-docker.sh b/src/setup-docker/templates/fabric-docker.sh index 0369a66a..f032ace7 100755 --- a/src/setup-docker/templates/fabric-docker.sh +++ b/src/setup-docker/templates/fabric-docker.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -eu +set -eux FABLO_NETWORK_ROOT="$(cd "$(dirname "$0")" && pwd)" diff --git a/src/setup-docker/templates/fabric-docker/commands-generated.sh b/src/setup-docker/templates/fabric-docker/commands-generated.sh index 9e89f0a7..7302fc72 100644 --- a/src/setup-docker/templates/fabric-docker/commands-generated.sh +++ b/src/setup-docker/templates/fabric-docker/commands-generated.sh @@ -126,7 +126,7 @@ installChaincodes() { <% chaincodes.forEach((chaincode) => { -%> if [ -n "$(ls "$CHAINCODES_BASE_DIR/<%= chaincode.directory %>")" ]; then <% if (global.peerDevMode) { -%> - <%- include('commands-generated/chaincode-dev-v2.sh', { chaincode }); -%> + <%- include('commands-generated/chaincode-dev-v2.sh', { chaincode, global }); -%> <% } else { -%> local version="<%= chaincode.version %>" <%- include('commands-generated/chaincode-install-v2.sh', { chaincode, global }); -%> diff --git a/src/setup-docker/templates/fabric-docker/commands-generated/chaincode-dev-v2.sh b/src/setup-docker/templates/fabric-docker/commands-generated/chaincode-dev-v2.sh index 130691b2..d5ef8da1 100644 --- a/src/setup-docker/templates/fabric-docker/commands-generated/chaincode-dev-v2.sh +++ b/src/setup-docker/templates/fabric-docker/commands-generated/chaincode-dev-v2.sh @@ -6,6 +6,11 @@ */-%> <% chaincode.channel.orgs.forEach((org) => { -%> printHeadline "Approving '<%= chaincode.name %>' for <%= org.name %> (dev mode)" "U1F60E" + <% if (global.tls) { -%> + echo "Generating chaincode dev certificates for <%= chaincode.name %>..." + echo "FABLO_NETWORK_ROOT: $FABLO_NETWORK_ROOT" + certsGenerateCCaaS "$FABLO_NETWORK_ROOT/fabric-config/crypto-config/" "<%= chaincode.name %>" "<%= org.domain %>" "<%= chaincode.name %>" "<%= org.headPeer.fullAddress %>" + <% } -%> chaincodeApprove <% -%> "<%= org.cli.address %>" <% -%> "<%= org.headPeer.fullAddress %>" <% -%> @@ -15,7 +20,7 @@ "<%= chaincode.channel.ordererHead.fullAddress %>" <% -%> "<%- chaincode.endorsement || '' %>" <% -%> "false" <% -%> - "" <% -%> + "<%= !global.tls ? '' : `crypto-orderer/tlsca.${chaincode.channel.ordererHead.domain}-cert.pem` %>" <% -%> "<%= chaincode.privateDataConfigFile || '' %>" <% -%> "" <% -%> "" @@ -30,7 +35,7 @@ chaincodeCommit <% -%> "<%= chaincode.channel.ordererHead.fullAddress %>" <% -%> "<%- chaincode.endorsement || '' %>" <% -%> "false" <% -%> - "" <% -%> + "<%= !global.tls ? '' : `crypto-orderer/tlsca.${chaincode.channel.ordererHead.domain}-cert.pem` %>" <% -%> "<%= chaincode.channel.orgs.map((o) => o.headPeer.fullAddress).join(',') %>" <% -%> - "" <% -%> + "<%= !global.tls ? '' : chaincode.channel.orgs.map(o => `crypto-peer/${o.headPeer.address}/tls/ca.crt`).join(',') %>" <% -%> "<%= chaincode.privateDataConfigFile || '' %>" diff --git a/src/validate/index.ts b/src/validate/index.ts index 644a92b0..f4d5de5b 100644 --- a/src/validate/index.ts +++ b/src/validate/index.ts @@ -146,7 +146,7 @@ class ValidateGenerator extends Generator { this._validateChaincodes(capabilities, networkConfig.chaincodes); this._validateExplorer(networkConfig.global, networkConfig.orgs); this._validateExplorerWithFabricVersion(networkConfig.global, networkConfig.orgs); - this._validateDevMode(networkConfig.global); + // this._validateDevMode(networkConfig.global); this._verifyFabricVersion(networkConfig.global); } diff --git a/start-dev-tls-docker.sh b/start-dev-tls-docker.sh new file mode 100755 index 00000000..3376bdf9 --- /dev/null +++ b/start-dev-tls-docker.sh @@ -0,0 +1,101 @@ +#!/bin/bash +set -euo pipefail + +# Get absolute paths - the script should be run from the chaincode directory +CURRENT_DIR="$(pwd)" +CRYPTO_CONFIG_DIR="${CURRENT_DIR}/../../fablo-target/fabric-config/crypto-config" +TLS_DIR="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls" + +export CORE_PEER_LOCALMSPID=Org1MSP +export CORE_PEER_A + +# Set up TLS environment variables for chaincode +export CORE_PEER_TLS_ENABLED=true +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt +# export CORE_TLS_CLIENT_KEY_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key +# export CORE_TLS_CLIENT_CERT_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt +# export CORE_TLS_CLIENT_KEY_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key +# export CORE_TLS_CLIENT_CERT_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt +# export CORE_PEER_TLS_ROOTCERT_FILE="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" +# export CORE_TLS_CLIENT_KEY_PATH_RAW="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key" +# export CORE_TLS_CLIENT_CERT_PATH_RAW="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt" + +export CORE_PEER_TLS_ROOTCERT_FILE="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/peer.crt" +export CORE_TLS_CLIENT_KEY_PATH_RAW="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/client.key" +export CORE_TLS_CLIENT_CERT_PATH_RAW="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/client.crt" + +export CORE_TLS_CLIENT_KEY_PATH=$CORE_TLS_CLIENT_KEY_PATH_RAW.b64 +cat $CORE_TLS_CLIENT_KEY_PATH_RAW | base64 > $CORE_TLS_CLIENT_KEY_PATH + +export CORE_TLS_CLIENT_CERT_PATH=$CORE_TLS_CLIENT_CERT_PATH_RAW.b64 +cat $CORE_TLS_CLIENT_CERT_PATH_RAW | base64 > $CORE_TLS_CLIENT_CERT_PATH + +echo "CORE_PEER_TLS_ENABLED: ${CORE_PEER_TLS_ENABLED}" +echo "CORE_PEER_TLS_ROOTCERT_FILE: ${CORE_PEER_TLS_ROOTCERT_FILE}" +echo "CORE_TLS_CLIENT_KEY_PATH: ${CORE_TLS_CLIENT_KEY_PATH}" +echo "CORE_TLS_CLIENT_CERT_PATH: ${CORE_TLS_CLIENT_CERT_PATH}" + +echo "Content of client cert:" +head -n 5 "${CORE_TLS_CLIENT_CERT_PATH}" +echo "..." +echo "Content of client key:" +head -n 5 "${CORE_TLS_CLIENT_KEY_PATH}" +echo "..." +echo "Content of root cert:" +head -n 5 "${CORE_PEER_TLS_ROOTCERT_FILE}" +echo "..." + +export GRPC_TRACE=all +export GRPC_VERBOSITY=DEBUG + +CORE_PEER_LOCALMSPID=Org1MSP + +PEER_ADDRESS="localhost:8541" +# PEER_ADDRESS="peer0.org1.example.com:8541" + +# Start the chaincode with TLS enabled +# npx fabric-chaincode-node start \ +# --peer.address "${PEER_ADDRESS}" \ +# --chaincode-id-name "chaincode1:0.0.1" \ +# --ssl-target-name-override "peer0.org1.example.com" + +# Clean up any existing container +docker rm -f peer0-org1-chaincode1-dev 2>/dev/null || true + +# Start chaincode in Docker container using fabric-nodeenv 2.5 +echo "Starting chaincode in Docker container..." +docker run -d \ + --name peer0-org1-chaincode1-dev \ + --network test-01-v2-simple.sh.tmpdir2_basic \ + -e CORE_PEER_LOCALMSPID=Org1MSP \ + -e CORE_PEER_TLS_ENABLED=true \ + -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/chaincode/tls/peer.crt \ + -e CORE_TLS_CLIENT_KEY_PATH=/opt/chaincode/tls/client.key.b64 \ + -e CORE_TLS_CLIENT_CERT_PATH=/opt/chaincode/tls/client.crt.b64 \ + -e GRPC_TRACE=all \ + -e GRPC_VERBOSITY=DEBUG \ + -v "${CURRENT_DIR}:/opt/chaincode" \ + -v "${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls:/opt/chaincode/tls" \ + -w /opt/chaincode \ + hyperledger/fabric-nodeenv:2.5 \ + sh -c " + # Generate base64 encoded certificates inside container + cat /opt/chaincode/tls/client.key | base64 > /opt/chaincode/tls/client.key.b64 + cat /opt/chaincode/tls/client.crt | base64 > /opt/chaincode/tls/client.crt.b64 + + # Install dependencies and start chaincode + npm install + npx fabric-chaincode-node start \ + --peer.address 'peer0.org1.example.com:8541' \ + --chaincode-id-name 'chaincode1:0.0.1' \ + --ssl-target-name-override 'peer0.org1.example.com' + " + +echo "Chaincode container started. Use 'docker logs peer0-org1-chaincode1-dev' to view logs." +echo "Use 'docker stop peer0-org1-chaincode1-dev' to stop the chaincode." + +# localhost:7041 => Error: 12 UNIMPLEMENTED: unknown service protos.ChaincodeSupport +# localhost:8041 => Error: 14 UNAVAILABLE: No connection established. Last error: 004C49F901000000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number +# localhost:8541 => Error: 14 UNAVAILABLE: No connection established. Last error: unable to verify the first certificate (2025-10-15T21:58:41.795Z) \ No newline at end of file diff --git a/start-dev-tls.sh b/start-dev-tls.sh new file mode 100755 index 00000000..ebbfce4a --- /dev/null +++ b/start-dev-tls.sh @@ -0,0 +1,66 @@ +#!/bin/bash +set -euo pipefail + +# Get absolute paths - the script should be run from the chaincode directory +CURRENT_DIR="$(pwd)" +CRYPTO_CONFIG_DIR="${CURRENT_DIR}/../../fablo-target/fabric-config/crypto-config" +TLS_DIR="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls" + +export CORE_PEER_LOCALMSPID=Org1MSP +export CORE_PEER_A + +# Set up TLS environment variables for chaincode +export CORE_PEER_TLS_ENABLED=true +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt +# export CORE_TLS_CLIENT_KEY_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key +# export CORE_TLS_CLIENT_CERT_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt +# export CORE_PEER_TLS_ROOTCERT_FILE=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt +# export CORE_TLS_CLIENT_KEY_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key +# export CORE_TLS_CLIENT_CERT_PATH=${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt +# export CORE_PEER_TLS_ROOTCERT_FILE="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" +# export CORE_TLS_CLIENT_KEY_PATH_RAW="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key" +# export CORE_TLS_CLIENT_CERT_PATH_RAW="${CRYPTO_CONFIG_DIR}/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt" + +export CORE_PEER_TLS_ROOTCERT_FILE="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/peer.crt" +export CORE_TLS_CLIENT_KEY_PATH_RAW="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/client.key" +export CORE_TLS_CLIENT_CERT_PATH_RAW="${CRYPTO_CONFIG_DIR}/ccaas/chaincode1/tls/client.crt" + +export CORE_TLS_CLIENT_KEY_PATH=$CORE_TLS_CLIENT_KEY_PATH_RAW.b64 +cat $CORE_TLS_CLIENT_KEY_PATH_RAW | base64 > $CORE_TLS_CLIENT_KEY_PATH + +export CORE_TLS_CLIENT_CERT_PATH=$CORE_TLS_CLIENT_CERT_PATH_RAW.b64 +cat $CORE_TLS_CLIENT_CERT_PATH_RAW | base64 > $CORE_TLS_CLIENT_CERT_PATH + +echo "CORE_PEER_TLS_ENABLED: ${CORE_PEER_TLS_ENABLED}" +echo "CORE_PEER_TLS_ROOTCERT_FILE: ${CORE_PEER_TLS_ROOTCERT_FILE}" +echo "CORE_TLS_CLIENT_KEY_PATH: ${CORE_TLS_CLIENT_KEY_PATH}" +echo "CORE_TLS_CLIENT_CERT_PATH: ${CORE_TLS_CLIENT_CERT_PATH}" + +echo "Content of client cert:" +head -n 5 "${CORE_TLS_CLIENT_CERT_PATH}" +echo "..." +echo "Content of client key:" +head -n 5 "${CORE_TLS_CLIENT_KEY_PATH}" +echo "..." +echo "Content of root cert:" +head -n 5 "${CORE_PEER_TLS_ROOTCERT_FILE}" +echo "..." + +export GRPC_TRACE=all +export GRPC_VERBOSITY=DEBUG + +CORE_PEER_LOCALMSPID=Org1MSP + +PEER_ADDRESS="localhost:8541" +# PEER_ADDRESS="peer0.org1.example.com:8541" + +# Start the chaincode with TLS enabled +npx fabric-chaincode-node start \ + --peer.address "${PEER_ADDRESS}" \ + --chaincode-id-name "chaincode1:0.0.1" \ + --ssl-target-name-override "peer0.org1.example.com" + +# localhost:7041 => Error: 12 UNIMPLEMENTED: unknown service protos.ChaincodeSupport +# localhost:8041 => Error: 14 UNAVAILABLE: No connection established. Last error: 004C49F901000000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number +# localhost:8541 => Error: 14 UNAVAILABLE: No connection established. Last error: unable to verify the first certificate (2025-10-15T21:58:41.795Z) \ No newline at end of file