[fabic] Create configtx and genesis files using just helm

**Primary Changes** 1. Deploy fabric 2.5.4 without a channel using helm charts. 2. Deploy fabric 2.2.2 without a channel using helm charts. 3. Add new job platforms/hyperledger-fabric/charts/fabric-genesis 4. Deploy with Ansible pending 5. Update README.md files is pending **Changes in charts** platforms/hyperledger-fabric/charts/fabric-ca-server platforms/hyperledger-fabric/charts/fabric-cacerts-gen platforms/hyperledger-fabric/charts/fabric-catools platforms/hyperledger-fabric/charts/fabric-cli platforms/hyperledger-fabric/charts/fabric-genesis platforms/hyperledger-fabric/charts/fabric-orderernode platforms/hyperledger-fabric/charts/fabric-peernode fixes #2536 Signed-off-by: mgCepeda <marina.gomez.cepeda@accenture.com>
hyperledger · Apr 23, 2024 · b2097ef · b2097ef
1 parent 8cb9c5c
commit b2097ef
Show file tree

Hide file tree

Showing 28 changed files with 1,459 additions and 122 deletions.
diff --git a/platforms/hyperledger-fabric/charts/README.md b/platforms/hyperledger-fabric/charts/README.md
@@ -17,7 +17,7 @@ global:
     kubernetesUrl: "https://yourkubernetes.com" # Provide the k8s URL, ignore if not using Hashicorp Vault
   vault:
     type: hashicorp # choose from hashicorp | kubernetes
-    network: besu   # must be besu for these charts
+    network: fabric  # must be fabric for these charts
     # Following are necessary only when hashicorp vault is used.
     address: http://vault.url:8200
     authPath: supplychain
@@ -40,6 +40,8 @@ global:
   helm dependency update fabric-peernode
   ```
 
+### Deploy fabric 2.5.4
+
 ### _Without Proxy or Vault_
 
 ### To setup Orderer organization
@@ -74,10 +76,10 @@ helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./va
 cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files
 
 # Install the Peers
-helm install peer0 ./fabric-peernode --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/peer.yaml
+helm install peer0-carrier ./fabric-peernode --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/peer.yaml
 ```
 
-### _With Ambassador proxy and Vault_
+### _With Haproxy proxy and Vault_
 
 ### To setup Orderer organization
 
@@ -111,14 +113,14 @@ kubectl --namespace supplychain-net get configmap orderer-tls-cacert -o jsonpath
 cd ../..
 helm dependency update fabric-ca-server
 
-helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/ca-server.yaml
+helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/ca-server.yaml
 
 # To use a custom peer configuration, copy core.yaml file into ./fabric-peernode/files
 # This step is optional
 cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files
 
 # Install the Peers
-helm install peer0 ./fabric-peernode --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/peer.yaml
+helm install peer0-carrier ./fabric-peernode --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/peer.yaml
 ```
 
 ### Clean-up
@@ -130,6 +132,125 @@ helm uninstall --namespace supplychain-net orderer2
 helm uninstall --namespace supplychain-net orderer3
 helm uninstall --namespace supplychain-net supplychain-ca
 
-helm uninstall --namespace carrier-net peer0
+helm uninstall --namespace carrier-net peer0-carrier
 helm uninstall --namespace carrier-net carrier-ca
-```
+```
+
+### Deploy fabric 2.2.2
+
+### _Without Proxy or Vault_
+
+### Create crypomaterials for each organization
+```bash
+kubectl create namespace supplychain-net 
+
+helm install supplychain-ca ./fabric-ca-server --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/ca-server.yaml
+
+kubectl create namespace carrier-net 
+
+# Get the Orderer tls certificate and place in fabric-catools/files
+cd ./fabric-catools/files
+kubectl --namespace supplychain-net get configmap orderer-tls-cacert -o jsonpath='{.data.cacert}' > orderer.crt
+
+# Before installing, we must use the dependencies again, due to the addition of the file in the files folder
+cd ../..
+helm dependency update fabric-ca-server
+
+helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/ca-server.yaml
+```
+### Generate genesis file
+```bash
+# Obtain certificates and the configuration file of each peer organization, place in fabric-genesis/files
+cd ./fabric-genesis/files
+kubectl --namespace carrier-net get configmap admin-msp -o json > carrier.json
+kubectl --namespace carrier-net get configmap msp-config-file -o json > carrier-config-file.json
+
+# Install Genesis
+cd ../..
+helm install genesis ./fabric-genesis --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/genesis.yaml
+```
+
+### Deploy fabric Orderers and Peers nodes
+```bash
+# Install the Orderers
+helm install orderer1 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml
+helm install orderer2 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml
+helm install orderer3 ./fabric-orderernode --namespace supplychain-net --values ./values/noproxy-and-novault/ordererOrganization/orderer.yaml
+
+# To use a custom peer configuration, copy core.yaml file into ./fabric-peernode/files
+# This step is optional
+cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files
+
+# Install the Peers
+helm install peer0-carrier ./fabric-peernode --namespace carrier-net --values ./values/noproxy-and-novault/peerOrganization/peer.yaml
+```
+
+### _With Haproxy proxy and Vault_
+
+### Create crypomaterials for each organization
+
+Replace the `global.vault.address`, `global.cluster.kubernetesUrl` and `global.proxy.externalUrlSuffix` in all the files in `./values/proxy-and-vault/` folder.
+
+```bash
+kubectl create namespace supplychain-net 
+
+kubectl -n supplychain-net create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+helm install supplychain-ca ./fabric-ca-server --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/ca-server.yaml
+
+kubectl create namespace carrier-net 
+
+kubectl -n carrier-net create secret generic roottoken --from-literal=token=<VAULT_ROOT_TOKEN>
+
+# Get the Orderer tls certificate and place in fabric-catools/files
+cd ./fabric-catools/files
+kubectl --namespace supplychain-net get configmap orderer-tls-cacert -o jsonpath='{.data.cacert}' > orderer.crt
+
+# Before installing, we must use the dependencies again, due to the addition of the file in the files folder
+cd ../..
+helm dependency update fabric-ca-server
+
+helm install carrier-ca ./fabric-ca-server --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/ca-server.yaml
+```
+
+### Generate genesis file
+```bash
+# Obtain certificates and the configuration file of each peer organization, place in fabric-genesis/files
+cd ./fabric-genesis/files
+kubectl --namespace carrier-net get configmap admin-msp -o json > carrier.json
+kubectl --namespace carrier-net get configmap msp-config-file -o json > carrier-config-file.json
+
+# Install Genesis
+cd ../..
+helm install genesis ./fabric-genesis --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/genesis.yaml
+```
+
+### Deploy fabric Orderers and Peers nodes
+```bash
+# Install the Orderers
+helm install orderer1 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml
+helm install orderer2 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml
+helm install orderer3 ./fabric-orderernode --namespace supplychain-net --values ./values/proxy-and-vault/ordererOrganization/orderer.yaml
+
+# To use a custom peer configuration, copy core.yaml file into ./fabric-peernode/files
+# This step is optional
+cp /home/bevel/build/peer0-core.yaml ./fabric-peernode/files
+
+# Install the Peers
+helm install peer0-carrier ./fabric-peernode --namespace carrier-net --values ./values/proxy-and-vault/peerOrganization/peer.yaml
+```
+
+### Clean-up
+
+To clean up, just uninstall the helm releases.
+```bash
+helm uninstall --namespace supplychain-net orderer1
+helm uninstall --namespace supplychain-net orderer2
+helm uninstall --namespace supplychain-net orderer3
+helm uninstall --namespace carrier-net peer0-carrier
+
+helm uninstall --namespace supplychain-net genesis
+
+helm uninstall --namespace supplychain-net supplychain-ca
+helm uninstall --namespace carrier-net carrier-ca
+```
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/ca-job-cleanup.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/ca-job-cleanup.yaml
@@ -121,5 +121,9 @@ spec:
                 echo "Deleting orderer-tls-cacert configmap in k8s ..."
                 kubectl delete configmap --namespace {{ .Release.Namespace }} orderer-tls-cacert
               fi
+              if kubectl get configmap --namespace {{ .Release.Namespace }} admin-msp &> /dev/null; then
+                echo "Deleting admin-msp configmap in k8s ..."
+                kubectl delete configmap --namespace {{ .Release.Namespace }} admin-msp
+              fi
 {{- end}}
 
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml
@@ -136,9 +136,26 @@ spec:
           echo "${user}" >> ${MOUNT_PATH}/user_cred
 
 {{- else }}
-          kubectl get secret ca-certs --namespace {{ .Release.Namespace }} --output="jsonpath={.data.ca-${COMPONENT_NAME}-key}" | base64 -d > ${MOUNT_PATH}/server.key
-          kubectl get secret ca-certs --namespace {{ .Release.Namespace }} --output="jsonpath={.data.ca-${COMPONENT_NAME}-cert}" | base64 -d > ${MOUNT_PATH}/server.crt
-          kubectl get secret ca-credentials --namespace {{ .Release.Namespace }} -o json | jq '.data.user' | tr -d '"' | base64 -d > ${MOUNT_PATH}/user_cred
+          KUBENETES_SECRET=$(kubectl get secret ca-certs --namespace ${COMPONENT_NAME} -o json)
+          if  [ "$KUBENETES_SECRET" = "" ]; then
+            echo "Certficates absent in kuberenetes secrets"
+            exit 1
+          else
+            CA_KEY=$(echo "$KUBENETES_SECRET" | jq -r ".data.\"ca-${COMPONENT_NAME}-key\""  | base64 -d)
+            CA_CERT=$(echo "$KUBENETES_SECRET" | jq -r ".data.\"ca-${COMPONENT_NAME}-cert\""  | base64 -d)
+            echo "${CA_KEY}" > ${MOUNT_PATH}/server.key
+            echo "${CA_CERT}" > ${MOUNT_PATH}/server.crt
+          fi
+
+          KUBENETES_SECRET=$(kubectl get secret ca-credentials --namespace ${COMPONENT_NAME} -o json)
+          if  [ "$KUBENETES_SECRET" = "" ]; then
+            echo "Certficates absent in kuberenetes secrets"
+            exit 1
+          else
+            CA_USER=$(echo "$KUBENETES_SECRET" | jq -r '.data.user'  | base64 -d)
+            echo "${CA_USER}" > ${MOUNT_PATH}/user_cred
+          fi
+
 {{- end }}            
         volumeMounts:
         - name: certificates
@@ -198,4 +215,4 @@ spec:
         {{- if (not (empty .Values.server.configpath)) }}
         - name: {{ .Release.Name }}-config-volume
           mountPath: /custom-config/
-        {{- end }}
+        {{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml
@@ -13,6 +13,9 @@ global:
   cluster:
     provider: aws  # choose from: minikube | aws | azure | gcp
     cloudNativeServices: false # only 'false' is implemented
+    #Provide the kubernetes host url
+    #Eg. kubernetesUrl: https://10.3.8.5:8443
+    kubernetesUrl: 
   vault:
     #Provide the type of vault
     #Eg. type: hashicorp
@@ -44,12 +47,12 @@ global:
 
 cacerts:
   ca:
-  #Provide organization's name
-  orgName: supplychain
-  #Provide the subject of the services ca organization's
-  #Eg. subject: "/C=GB/ST=London/L=London/O=Carrier/CN=carrier-net"
-  subject: /C=GB/ST=London/L=London/O=Orderer
-  # Flag to ensure the certificates secrets are removed on helm uninstall
+    #Provide organization's name
+    orgName: supplychain
+    #Provide the subject of the services ca organization's
+    #Eg. subject: "/C=GB/ST=London/L=London/O=Carrier/CN=carrier-net"
+    subject: /C=GB/ST=London/L=London/O=Orderer
+    # Flag to ensure the certificates secrets are removed on helm uninstall
 
 catools:
   orgData:
@@ -83,7 +86,7 @@ catools:
 
   #Provide peer's names
   peers:
-    - peer0
+    - peer0-carrier
 
   users: 
     # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
@@ -148,6 +151,12 @@ service:
       #Eg. clusterIpPort: 7054
       clusterIpPort: 7054
 
+settings:
+  # Flag to ensure certificates configmaps are removed on helm uninstall
+  removeOrdererTlsOnDelete: true
+  # Flag to ensure the certificates secrets are removed on helm uninstall
+  removeCertsOnDelete: true
+
 labels:
   service: []
   pvc: []

diff --git a/platforms/hyperledger-fabric/charts/fabric-cacerts-gen/values.yaml b/platforms/hyperledger-fabric/charts/fabric-cacerts-gen/values.yaml
@@ -13,9 +13,6 @@ global:
   cluster:
     provider: aws  # choose from: minikube | aws | azure | gcp
     cloudNativeServices: false # only 'false' is implemented
-    #Provide the kubernetes host url
-    #Eg. kubernetesUrl: https://10.3.8.5:8443
-    kubernetesUrl: 
   vault:
     #Provide the type of vault
     #Eg. type: hashicorp