diff --git a/bootstrap.gcp.sh b/bootstrap.gcp.sh index 626364b..3247672 100755 --- a/bootstrap.gcp.sh +++ b/bootstrap.gcp.sh @@ -167,6 +167,7 @@ printMessage "pod/o0-hlf-ord" $res # Currently, it seems that META-INFO is missing, and it will fail to init chaincode; if using couchdb # while there is no real need for coudchdb, will fall back to goleveldb. +# DISABLED; CANNOT REMOVE #helm install p0o1db -n n1 -f ./releases/org1/p0o1db-hlf-couchdb.gcp.yaml ./hlf-couchdb #sleep 5 #set -x @@ -187,7 +188,6 @@ printMessage "pod/p0o1-hlf-peer" $res helm install g1 -n n1 -f ./releases/org1/g1-gupload.gcp.yaml ./gupload - export POD_CLI1=$(kubectl get pods --namespace n1 -l "app=orgadmin,release=admin1" -o jsonpath="{.items[0].metadata.name}") preventEmptyValue "pod unavailable" $POD_CLI1 diff --git a/bootstrap.org2.gcp.sh b/bootstrap.org2.gcp.sh index 5683892..3ff456f 100755 --- a/bootstrap.org2.gcp.sh +++ b/bootstrap.org2.gcp.sh @@ -1,4 +1,3 @@ - #!/bin/bash . ./scripts/setup.sh @@ -7,11 +6,6 @@ SECONDS=0 ./scripts/rm-secret.n2.sh rm ./download/*.crt -# Note: Manually deploy PV -#kubectl -n n2 create -f ../releases/org2/volumes/pvc-org2.gcp.yaml -#kubectl -n n2 create -f ../releases/org2/volumes/pvc-p0o2.gcp.yaml -# printMessage "create pv/pvc for org2" $? - helm install admin2 -n n2 -f ./releases/org2/admin2-orgadmin.gcp.yaml ./orgadmin printMessage "install admin2" $? @@ -26,7 +20,7 @@ export POD_PSQL2=$(kubectl get pods -n n2 -l "app.kubernetes.io/name=postgresql- kubectl wait --for=condition=Ready --timeout 180s pod/$POD_PSQL2 -n n2 res=$? set +x -printMessage "pod/$POD_PSQL1" $res +printMessage "pod/$POD_PSQL2" $res sleep 30 @@ -74,6 +68,7 @@ printMessage "job/crypto-rca2-cryptogen" $res ./scripts/create-secret.rca2.sh printMessage "create secret rca2" $? +# DISABLED; CANNOT REMOVE #helm install p0o2db -n n2 -f ./releases/org2/p0o2db-hlf-couchdb.gcp.yaml ./hlf-couchdb #set -x #export POD_P0O2DB=$(kubectl get pods -n n2 -l "app=hlf-couchdb,release=p0o2db" -o jsonpath="{.items[0].metadata.name}") @@ -87,89 +82,119 @@ preventEmptyValue "pod unavailable" $POD_CLI2 sleep 5 -helm install g2 -n n2 -f ./releases/org2/g2-gupload.gcp.yaml ./gupload - -##################################################################### -### OUT OF BAND -##################################################################### +echo "#####################################################################" +echo "### OUT OF BAND PROCESS" +echo "#####################################################################" echo "# ORG1: Out-of-band process: Manually send p0o1.crt from org2 to org1" export POD_RCA2=$(kubectl get pods -n n2 -l "app=hlf-ca,release=rca2" -o jsonpath="{.items[0].metadata.name}") preventEmptyValue "pod unavailable" $POD_RCA2 -set -x -kubectl -n n2 exec $POD_RCA2 -c ca -- cat ./Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem > ./download/p0o2.crt -res=$? -set +x -printMessage "download /Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem from n2" $res - -set -x -kubectl -n n1 create secret generic peer0.org2.net-tls --from-file=tls.crt=./download/p0o2.crt -res=$? -set +x -printMessage "create secret peer0.org2.net-tls for n1" $res +# CAN REMOVE +# 0. peer0.org2.net-tls for n1 +#set -x +#kubectl -n n2 exec $POD_RCA2 -c ca -- cat ./Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem > ./download/p0o2.crt +#res=$? +#set +x +#printMessage "download /Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem from n2" $res +#set -x +#kubectl -n n1 create secret generic peer0.org2.net-tls --from-file=tls.crt=./download/p0o2.crt +#res=$? +#set +x +#printMessage "create secret peer0.org2.net-tls for n1" $res -#### echo "# ORG2: Out-of-band process: Manually send p0o2.crt from org1 to org2" export POD_RCA1=$(kubectl get pods -n n1 -l "app=hlf-ca,release=rca1" -o jsonpath="{.items[0].metadata.name}") preventEmptyValue "pod unavailable" $POD_RCA1 -set -x -kubectl -n n1 exec $POD_RCA1 -c ca -- cat ./Org1MSP/peer0.org1.net/tls-msp/signcerts/cert.pem > ./download/p0o1.crt -res=$? -set +x -printMessage "download Org1MSP/peer0.org1.net/tls-msp/signcerts/cert.pem from n1" $res - -set -x -kubectl -n n2 create secret generic peer0.org1.net-tls --from-file=tls.crt=./download/p0o1.crt -res=$? -set +x -printMessage "create secret peer0.org1.net-tls for n2" $res +# CAN REMOVE +#set -x +#kubectl -n n1 exec $POD_RCA1 -c ca -- cat ./Org1MSP/peer0.org1.net/tls-msp/signcerts/cert.pem > ./download/p0o1.crt +#res=$? +#set +x +#printMessage "download Org1MSP/peer0.org1.net/tls-msp/signcerts/cert.pem from n1" $res +# +#set -x +#kubectl -n n2 create secret generic peer0.org1.net-tls --from-file=tls.crt=./download/p0o1.crt +#res=$? +#set +x +#printMessage "create secret peer0.org1.net-tls for n2" $res export POD_RCA0=$(kubectl get pods -n n0 -l "app=hlf-ca,release=rca0" -o jsonpath="{.items[0].metadata.name}") preventEmptyValue "pod unavailable" $POD_RCA0 +echo "# 1. create orderer0.org0.com-tlssigncert for n2" set -x kubectl -n n0 exec $POD_RCA0 -c ca -- cat ./Org0MSP/orderer0.org0.com/tls-msp/signcerts/cert.pem > ./download/orderer0.crt res=$? set +x printMessage "download Org0MSP/orderer0.org0.com/tls-msp/signcerts/cert.pem from n0" $res - set -x kubectl -n n2 create secret generic orderer0.org0.com-tlssigncert --from-file=cert.pem=./download/orderer0.crt res=$? set +x printMessage "create secret orderer0.org0.com-tlssigncert for n2" $res +echo "# 2. create orderer0.org0.com-tlsrootcert for n2" set -x kubectl -n n0 exec $POD_RCA0 -c ca -- cat ./Org0MSP/orderer0.org0.com/tls-msp/tlscacerts/tls-tlsca0-hlf-ca-7054.pem > ./download/orderer0-tlsroot.crt res=$? set +x printMessage "download Org0MSP/orderer0.org0.com/tls-msp/tlscacerts/tls-tlsca0-hlf-ca-n0-svc-cluster-local-7054.pem from n0" $res - set -x kubectl -n n2 create secret generic orderer0.org0.com-tlsrootcert --from-file=tlscacert.pem=./download/orderer0-tlsroot.crt res=$? set +x printMessage "create secret orderer0.org0.com-tlsrootcert for n2" $res +echo "# 3. create secret org0-tls-ca-cert for n2" set -x kubectl -n n0 exec $POD_RCA0 -c ca -- sh -c "cat ./Org0MSP/msp/tlscacerts/tls-ca-cert.pem" > ./download/org0tlscacert.crt res=$? set +x printMessage "download Org0MSP/msp/tlscacerts/tls-ca-cert.pem from n0" $res - set -x kubectl -n n2 create secret generic org0-tls-ca-cert --from-file=tlscacert.pem=./download/org0tlscacert.crt res=$? set +x printMessage "create secret org0-tls-ca-cert for n2" $res -##################################################################### -### END: OUT OF BAND -##################################################################### + +echo "# 4. create org1-tls-ca-cert for n2" +set -x +kubectl -n n1 exec $POD_RCA1 -c ca -- cat ./Org1MSP/msp/tlscacerts/tls-ca-cert.pem > ./download/org1tlscacert.crt +res=$? +set +x +printMessage "download Org1MSP/msp/tlscacerts/tls-ca-cert.pem from n1" $res +set -x +kubectl -n n2 create secret generic org1-tls-ca-cert --from-file=tls.crt=./download/org1tlscacert.crt +res=$? +set +x +printMessage "create secret org1-tls-ca-cert for n2" $res + +echo "# 5. create org2-tls-ca-cert for n2" +set -x +kubectl -n n2 exec $POD_RCA2 -c ca -- cat ./Org2MSP/msp/tlscacerts/tls-ca-cert.pem > ./download/org2tlscacert.crt +res=$? +set +x +printMessage "download Org2MSP/msp/tlscacerts/tls-ca-cert.pem from n2" $res +set -x +kubectl -n n1 create secret generic org2-tls-ca-cert --from-file=tls.crt=./download/org2tlscacert.crt +res=$? +set +x +printMessage "create secret org2-tls-ca-cert for n1" $res +set -x +kubectl -n n2 create secret generic org2-tls-ca-cert --from-file=tls.crt=./download/org2tlscacert.crt +res=$? +set +x +printMessage "create secret org2-tls-ca-cert for n2" $res +echo "#####################################################################" +echo "### END: OUT OF BAND" +echo "#####################################################################" + +echo "### Install g2-gupload" +helm install g2 -n n2 -f ./releases/org2/g2-gupload.gcp.yaml ./gupload # After all secrets are available helm install p0o2 -n n2 -f ./releases/org2/p0o2-hlf-peer.gcp.yaml ./hlf-peer - set -x export POD_P0O2=$(kubectl get pods -n n2 -l "app=hlf-peer,release=p0o2" -o jsonpath="{.items[0].metadata.name}") kubectl wait --for=condition=Ready --timeout 180s pod/$POD_P0O2 -n n2 @@ -179,10 +204,9 @@ printMessage "pod/p0o2-hlf-peer" $res sleep 10 -### MULTIPLE ORGS WORKFLOW -## org1 admin tasks +echo "###### MULTIPLE ORGS WORKFLOW ###" +echo "### Org1 fetch current block" helm install fetch1 -n n1 -f ./releases/org1/fetchsend-hlf-operator.yaml ./hlf-operator - set -x kubectl wait --for=condition=complete --timeout 120s job/fetch1-hlf-operator--fetch-send -n n1 res=$? @@ -191,7 +215,7 @@ printMessage "job/fetch1-hlf-operator" $res sleep 10 -## org2 admin tasks +echo "### Org2 prepares add-org update-channel-envelope" helm install neworg2 -n n2 -f ./releases/org2/neworgsend-hlf-operator.yaml ./hlf-operator set -x @@ -202,9 +226,8 @@ printMessage "job/neworg2-hlf-operator" $res sleep 10 -## org1 admin tasks +echo "### Org1 sign the updatechannel block" helm install upch1 -n n1 -f ./releases/org1/upch1-hlf-operator.yaml ./hlf-operator - set -x kubectl wait --for=condition=complete --timeout 120s job/upch1-hlf-operator--updatechannel -n n1 res=$? @@ -213,14 +236,49 @@ printMessage "job/upch1-hlf-operator" $res sleep 10 -## org2 admin tasks +echo "### Org2 join channel" helm install joinch2 -n n2 -f ./releases/org2/joinch2-hlf-operator.yaml ./hlf-operator - set -x kubectl wait --for=condition=complete --timeout 120s job/joinch2-hlf-operator--joinchannel -n n2 res=$? set +x printMessage "job/joinch2-hlf-operator" $res +export POD_CLI2=$(kubectl get pods --namespace n2 -l "app=orgadmin,release=admin2" -o jsonpath="{.items[0].metadata.name}") +preventEmptyValue "pod unavailable" $POD_CLI1 + +echo "### Update anchor peer; package & install chaincode" +helm install installcc2a -n n2 -f ./releases/org2/installcc-a.hlf-operator.yaml ./hlf-operator +set -x +kubectl wait --for=condition=complete --timeout 300s job/installcc2a-hlf-operator--bootstrap -n n2 +res=$? +set +x +printMessage "job/install chaincode part1" $res + +set -x +export CCID=$(kubectl -n n2 exec $POD_CLI2 -- cat /var/hyperledger/crypto-config/channel-artifacts/packageid.txt) +res=$? +set +x +printMessage "retrieve CCID" $res + +echo "### Launch chaincode container" +helm install eventstore -n n2 --set ccid=$CCID -f ./releases/org2/eventstore-hlf-cc.gcp.yaml ./hlf-cc +set -x +export POD_CC2=$(kubectl get pods -n n2 -l "app=hlf-cc,release=eventstore" -o jsonpath="{.items[0].metadata.name}") +kubectl wait --for=condition=Ready --timeout 180s pod/$POD_CC2 -n n2 +res=$? +set +x +printMessage "pod/eventstore chaincode" $res + +sleep 10 + +echo "### Approach chaincode and run smoke test" +helm install installcc2b -n n2 -f ./releases/org2/installcc-b.hlf-operator.yaml ./hlf-operator +set -x +kubectl wait --for=condition=complete --timeout 180s job/installcc2b-hlf-operator--bootstrap -n n2 +res=$? +set +x +printMessage "job/install chaincode part2" $res + duration=$SECONDS printf "${GREEN}$(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed.\n\n${NC}" diff --git a/hlf-operator/templates/NOTES.txt b/hlf-operator/templates/NOTES.txt index 2e0ac44..70c7eb6 100644 --- a/hlf-operator/templates/NOTES.txt +++ b/hlf-operator/templates/NOTES.txt @@ -1,4 +1,16 @@ Job will perform: +{{-if .Values.fetchSend.enabled }} + - fetch current channel config, and send config.json to other org +{{- end }} +{{-if .Values.neworgSend.enabled }} + - create new org update, and send to other org +{{- end }} +{{-if .Values.updateChannel.enabled }} + - update channel +{{- end }} +{{-if .Values.joinChannel.enabled }} + - join channel +{{- end }} {{- if .Values.bootstrap.tasks.create_channel.enabled }} - create channel {{- end }} diff --git a/hlf-operator/templates/job--bootstrap.yaml b/hlf-operator/templates/job--bootstrap.yaml index f0ac6dc..a41a8f1 100644 --- a/hlf-operator/templates/job--bootstrap.yaml +++ b/hlf-operator/templates/job--bootstrap.yaml @@ -39,9 +39,18 @@ spec: - name: org0-tls-ca-cert secret: secretName: {{ .Values.bootstrap.secret.tlscacert }} + {{- if .Values.bootstrap.tasks.dev_invoke.enabled }} + {{- range .Values.bootstrap.tasks.dev_invoke.targets }} + - name: {{ .name }} + secret: + secretName: {{ .name }} + {{- end }} + {{- end }} + {{- if .Values.bootstrap.secret.channeltx }} - name: channel-tx secret: secretName: {{ .Values.bootstrap.secret.channeltx }} + {{- end }} - name: collection-json configMap: name: {{ include "hlf-operator.fullname" . }}--cli @@ -129,7 +138,7 @@ spec: set +x printMessage "cp block" $res set -x - jq ".channel_group.groups.Application.groups.Org1MSP.values += {\"AnchorPeers\":{\"mod_policy\":\"Admins\",\"value\":{\"anchor_peers\":[{\"host\":\"peer0.org1.net\",\"port\":15443}]},\"version\":\"0\"}}" $DIR/config_copy.json > $DIR/modified_config.json + jq ".channel_group.groups.Application.groups.{{ .Values.bootstrap.tasks.update_anchor_peer.mspId }}.values += {\"AnchorPeers\":{\"mod_policy\":\"Admins\",\"value\":{\"anchor_peers\":[{\"host\":\"{{ .Values.bootstrap.tasks.update_anchor_peer.host }}\",\"port\":{{ .Values.bootstrap.tasks.update_anchor_peer.port }}}]},\"version\":\"0\"}}" $DIR/config_copy.json > $DIR/modified_config.json res=$? set +x printMessage "jq add anchorpeer" $res @@ -227,6 +236,9 @@ spec: -o ${ORDERER_URL} -C ${CHANNEL_NAME} \ --tls --cafile ${ORDERER_CA} \ --name {{ .Values.bootstrap.chaincode.id }} \ + {{- if .Values.bootstrap.tasks.approve_chaincode.signaturePolicy }} + --signature-policy {{ .Values.bootstrap.tasks.approve_chaincode.signaturePolicy }} \ + {{- end }} --version {{ .Values.bootstrap.chaincode.version }} \ --package-id $(sed -n "/{{ .Values.bootstrap.chaincode.id }}v{{ .Values.bootstrap.chaincode.version }}/{s/^Package ID: //; s/, Label:.*$//; p;}" $DIR/log-installed.txt) \ --init-required \ @@ -354,10 +366,18 @@ spec: - name: setup-script mountPath: /script/setup.sh subPath: setup.sh + {{- if .Values.bootstrap.secret.channeltx }} - name: channel-tx mountPath: {{ .Values.global.workingDir }}/crypto-config/channel-artifacts/channeltx + {{- end }} - name: org0-tls-ca-cert mountPath: {{ .Values.global.workingDir }}/crypto-config/channel-artifacts/org0-tls-ca-cert + {{- if .Values.bootstrap.tasks.dev_invoke.enabled }} + {{- range .Values.bootstrap.tasks.dev_invoke.targets }} + - name: {{ .name }} + mountPath: {{ $.Values.global.workingDir }}/crypto-config/channel-artifacts/{{ .name }} + {{- end }} + {{- end }} - name: collection-json mountPath: /builders/packaging/connection.json subPath: connection.json diff --git a/hlf-operator/templates/job--neworg-send.yaml b/hlf-operator/templates/job--neworg-send.yaml index d6fee3f..a377106 100755 --- a/hlf-operator/templates/job--neworg-send.yaml +++ b/hlf-operator/templates/job--neworg-send.yaml @@ -148,7 +148,6 @@ spec: ######## # Step 9: gupload to obtain signature ######## - sleep 3h printHeader "Gupload to remote server" set -x /var/gupload/gupload upload --cacert /var/gupload/cert/tls.crt --label {{ .Values.neworgSend.label }} --file $TMP/config_update_in_envelope.pb --filename config_update_in_envelope.pb \ diff --git a/hlf-operator/values.yaml b/hlf-operator/values.yaml index d85665a..9470e18 100644 --- a/hlf-operator/values.yaml +++ b/hlf-operator/values.yaml @@ -38,7 +38,8 @@ bootstrap: pvcName: pvc-org1 secret: tlscacert: org0-tls-ca-cert - channeltx: channeltx + # Default should be no channelTx + # channeltx: channeltx chaincode: id: eventstore contract: eventstore @@ -53,6 +54,9 @@ bootstrap: enabled: false update_anchor_peer: enabled: false + mspId: Org1MSP + host: peer0.org1.net + port: 15443 package_chaincode: enabled: false install_chaincode: @@ -84,8 +88,9 @@ bootstrap: dev_invoke: enabled: false targets: - - peerAddress: p0o1-hlf-peer:7051 - tlsRootCertFiles: /var/hyperledger/crypto-config/Org1MSP/peer0.org1.net/tls-msp/tlscacerts/tls-tlsca1-hlf-ca-n1-svc-cluster-local-7054.pem + - peerAddress: peer0.org1.net:15443 + tlsRootCertFiles: /var/hyperledger/crypto-config/Org1MSP/peer0.org1.net/tls-msp/tlscacerts/tls-tlsca1-hlf-ca-7054.pem + name: org1-tls-ca-cert dev_query: enabled: false @@ -185,8 +190,3 @@ joinChannel: signSend: enabled: false -####################### -### Param for package chaincode and send to other org -####################### -packageccSend: - enabled: false diff --git a/orgadmin/templates/configmap--configtx.yaml b/orgadmin/templates/configmap--configtx.yaml index f2404cd..467f5de 100644 --- a/orgadmin/templates/configmap--configtx.yaml +++ b/orgadmin/templates/configmap--configtx.yaml @@ -62,8 +62,11 @@ data: Type: ImplicitMeta Rule: "MAJORITY Admins" LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" + Type: Signature + Rule: "AND('Org1MSP.member')" + # LifecycleEndorsement: + # Type: ImplicitMeta + # Rule: "MAJORITY Endorsement" Endorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" diff --git a/releases/org1/bootstrap-a.gcp.yaml b/releases/org1/bootstrap-a.gcp.yaml index 6887bac..97b9c81 100644 --- a/releases/org1/bootstrap-a.gcp.yaml +++ b/releases/org1/bootstrap-a.gcp.yaml @@ -51,6 +51,9 @@ bootstrap: enabled: true update_anchor_peer: enabled: true + mspId: Org1MSP + host: peer0.org1.net + port: 15443 package_chaincode: enabled: true install_chaincode: diff --git a/releases/org1/bootstrap-b.gcp.yaml b/releases/org1/bootstrap-b.gcp.yaml index c457ef7..177557b 100644 --- a/releases/org1/bootstrap-b.gcp.yaml +++ b/releases/org1/bootstrap-b.gcp.yaml @@ -60,6 +60,7 @@ bootstrap: approve_chaincode: enabled: true sequence: 1 + # signaturePolicy: "AND(\"Org1MSP.member\")" queryapproved: enabled: true checkcommitreadiness: @@ -83,6 +84,7 @@ bootstrap: enabled: true targets: - peerAddress: peer0.org1.net:15443 - tlsRootCertFiles: /var/hyperledger/crypto-config/Org1MSP/peer0.org1.net/tls-msp/tlscacerts/tls-tlsca1-hlf-ca-7054.pem + tlsRootCertFiles: /var/hyperledger/crypto-config/channel-artifacts/org1-tls-ca-cert/tls.crt + name: org1-tls-ca-cert dev_query: enabled: true diff --git a/releases/org1/fetchsend-hlf-operator.yaml b/releases/org1/fetchsend-hlf-operator.yaml index fc6478c..958bf36 100644 --- a/releases/org1/fetchsend-hlf-operator.yaml +++ b/releases/org1/fetchsend-hlf-operator.yaml @@ -42,7 +42,8 @@ fetchSend: pvcName: pvc-gupload1 secret: org0tlscacert: org0-tls-ca-cert - peerTlscacert: peer0.org2.net-tls + peerTlscacert: org2-tls-ca-cert +# peerTlscacert: peer0.org2.net-tls label: o1_channel_config address: url: gupload.org2.net diff --git a/releases/org2/eventstore-hlf-cc.gcp.yaml b/releases/org2/eventstore-hlf-cc.gcp.yaml new file mode 100644 index 0000000..3011122 --- /dev/null +++ b/releases/org2/eventstore-hlf-cc.gcp.yaml @@ -0,0 +1,5 @@ +global: + TZ: Asia/Hong_Kong + +image: "ghcr.io/rtang03/eventstore:0.0.4" +ccid: "eventstorev1:1690e452d040fce92201149e0a384f465791d279b9cfb75961d131e42b6194ca" diff --git a/releases/org2/installcc-a.hlf-operator.yaml b/releases/org2/installcc-a.hlf-operator.yaml new file mode 100644 index 0000000..0b9ebde --- /dev/null +++ b/releases/org2/installcc-a.hlf-operator.yaml @@ -0,0 +1,77 @@ +global: + logging: info + workingDir: /var/hyperledger + mspId: Org2MSP + config: + setupsh: admin2-orgadmin--setupsh + coreyaml: admin2-orgadmin--core + guploadImage: ghcr.io/rtang03/gupload:0.0.7 + channel: + name: loanapp + +config: + peer: + #Provide the name of the peer as per deployment yaml. + #Eg. name: peer0 + id: p0o2-hlf-peer + peerTlsCaCert: /var/hyperledger/crypto-config/Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem + #Provide the address of the peer who creates the channel and port to be mentioned is grpc cluster IP port + #Eg. address: peer0.org1-example-com:7051 + address: p0o2-hlf-peer:7051 + target: p0o2-hlf-peer + orderer: + #Provide the address for orderer + address: orderer0.org0.com:15443 + +####################### +### Param for bootstrap +####################### +bootstrap: + enabled: true + hostAlias: + - hostnames: + - peer0.org2.net + - orderer0.org0.com + ip: 35.202.107.80 + pvcName: pvc-org2 + secret: + tlscacert: org0-tls-ca-cert + chaincode: + id: eventstore + contract: eventstore + version: 1 + lang: node + tasks: + create_channel: + enabled: false + join_channel: + enabled: false + getchannnelinfo: + enabled: false + update_anchor_peer: + enabled: true + mspId: Org2MSP + host: peer0.org2.net + port: 15443 + package_chaincode: + enabled: true + install_chaincode: + enabled: true + queryinstalled: + enabled: true + approve_chaincode: + enabled: false + queryapproved: + enabled: false + checkcommitreadiness: + enabled: false + commit_chaincode: + enabled: false + querycommitted: + enabled: false + init_chaincode: + enabled: false + dev_invoke: + enabled: false + dev_query: + enabled: false diff --git a/releases/org2/installcc-b.hlf-operator.yaml b/releases/org2/installcc-b.hlf-operator.yaml new file mode 100644 index 0000000..a7b7185 --- /dev/null +++ b/releases/org2/installcc-b.hlf-operator.yaml @@ -0,0 +1,83 @@ +global: + logging: info + workingDir: /var/hyperledger + mspId: Org2MSP + config: + setupsh: admin2-orgadmin--setupsh + coreyaml: admin2-orgadmin--core + guploadImage: ghcr.io/rtang03/gupload:0.0.7 + channel: + name: loanapp + +config: + peer: + #Provide the name of the peer as per deployment yaml. + #Eg. name: peer0 + id: p0o2-hlf-peer + peerTlsCaCert: /var/hyperledger/crypto-config/Org2MSP/peer0.org2.net/tls-msp/signcerts/cert.pem + #Provide the address of the peer who creates the channel and port to be mentioned is grpc cluster IP port + #Eg. address: peer0.org1-example-com:7051 + address: p0o2-hlf-peer:7051 + target: p0o2-hlf-peer + orderer: + #Provide the address for orderer + address: orderer0.org0.com:15443 + +####################### +### Param for bootstrap +####################### +bootstrap: + enabled: true + hostAlias: + - hostnames: + - peer0.org1.net + - peer0.org2.net + - orderer0.org0.com + ip: 35.202.107.80 + pvcName: pvc-org2 + secret: + tlscacert: org0-tls-ca-cert + chaincode: + id: eventstore + contract: eventstore + version: 1 + lang: node + tasks: + create_channel: + enabled: false + join_channel: + enabled: false + getchannnelinfo: + enabled: false + update_anchor_peer: + enabled: false + package_chaincode: + enabled: false + install_chaincode: + enabled: false + queryinstalled: + enabled: false + approve_chaincode: + enabled: true + sequence: 1 + queryapproved: + enabled: true + checkcommitreadiness: + enabled: false + commit_chaincode: + enabled: false + querycommitted: + enabled: false + init_chaincode: + enabled: false + dev_invoke: + enabled: true + targets: + - peerAddress: peer0.org1.net:15443 + tlsRootCertFiles: /var/hyperledger/crypto-config/channel-artifacts/org1-tls-ca-cert/tls.crt + name: org1-tls-ca-cert + - peerAddress: peer0.org2.net:15443 + tlsRootCertFiles: /var/hyperledger/crypto-config/channel-artifacts/org2-tls-ca-cert/tls.crt + name: org2-tls-ca-cert + dev_query: + enabled: true diff --git a/releases/org2/neworgsend-hlf-operator.yaml b/releases/org2/neworgsend-hlf-operator.yaml index 9861687..ee690cc 100644 --- a/releases/org2/neworgsend-hlf-operator.yaml +++ b/releases/org2/neworgsend-hlf-operator.yaml @@ -40,7 +40,7 @@ neworgSend: pvcName: pvc-gupload2 secret: tlscacert: org0-tls-ca-cert - peerTlscacert: peer0.org1.net-tls + peerTlscacert: org1-tls-ca-cert # peer0.org1.net-tls configtx: mspId: Org2MSP anchorPeer: peer0.org2.net diff --git a/releases/org3/eventstore.se1.yaml b/releases/org3/eventstore.se1.yaml new file mode 100644 index 0000000..e69de29 diff --git a/releases/org3/eventstore.se2.yaml b/releases/org3/eventstore.se2.yaml new file mode 100644 index 0000000..a1a2558 --- /dev/null +++ b/releases/org3/eventstore.se2.yaml @@ -0,0 +1,29 @@ +#apiVersion: networking.istio.io/v1alpha3 +#kind: VirtualService +#metadata: +# name: eventstore-hlf-cc +# namespace: n2 +#spec: +# hosts: +# - eventstore-hlf-cc +# http: +# - route: +# - destination: +# host: eventstore-hlf-cc.n1.svc.cluster.local +# port: +# number: 443 +--- +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: eventstore-hlf-cc + namespace: n2 +spec: + hosts: + - chaincode.org1.net + location: MESH_EXTERNAL + ports: + - number: 15443 + name: https + protocol: TLS + resolution: NONE diff --git a/scripts/create-secret.rca1.sh b/scripts/create-secret.rca1.sh index f04182f..1071327 100755 --- a/scripts/create-secret.rca1.sh +++ b/scripts/create-secret.rca1.sh @@ -108,3 +108,15 @@ preventEmptyValue "./Org1MSP/ca/server/msp/keystore/key.pem" $KEY kubectl -n n1 create secret generic rcaorg1-tls --from-literal=tls.crt="$CERT" --from-literal=tls.key="$KEY" printMessage "create secret rcaorg1-tls" $? + +echo "######## 12. Create secret org1-tls-ca-cert for smoke test devinvoke during bootstrap" +set -x +kubectl -n n1 exec $POD_RCA1 -c ca -- cat ./Org1MSP/msp/tlscacerts/tls-ca-cert.pem > ./download/org1tlscacert.crt +res=$? +set +x +printMessage "download Org1MSP/msp/tlscacerts/tls-ca-cert.pem from n1" $res +set -x +kubectl -n n1 create secret generic org1-tls-ca-cert --from-file=tls.crt=./download/org1tlscacert.crt +res=$? +set +x +printMessage "create secret org1-tls-ca-cert for n1" $res diff --git a/scripts/helm-uninstall.org2.sh b/scripts/helm-uninstall.org2.sh index 588bb54..e9ce13a 100755 --- a/scripts/helm-uninstall.org2.sh +++ b/scripts/helm-uninstall.org2.sh @@ -10,3 +10,6 @@ helm uninstall -n n2 p0o2 #helm uninstall -n n2 p0o2db helm uninstall -n n2 rca2 helm uninstall -n n2 tlsca2 +helm uninstall -n n2 installcc2a +helm uninstall -n n2 installcc2b +helm uninstall -n n2 eventstore diff --git a/scripts/rm-secret.n1.sh b/scripts/rm-secret.n1.sh index 2837f8f..7a31539 100755 --- a/scripts/rm-secret.n1.sh +++ b/scripts/rm-secret.n1.sh @@ -29,4 +29,6 @@ kubectl -n n0 delete secret org1-cacerts ## Optional ## When additional org join the network, it shall later add more tls certs. +# TODO: below should remove kubectl -n n1 delete secret peer0.org2.net-tls +kubectl -n n1 delete secret org2-tls-ca-cert diff --git a/scripts/rm-secret.n2.sh b/scripts/rm-secret.n2.sh index b8d7004..a14d039 100755 --- a/scripts/rm-secret.n2.sh +++ b/scripts/rm-secret.n2.sh @@ -13,3 +13,5 @@ kubectl -n n2 delete secret orderer0.org0.com-tlssigncert kubectl -n n2 delete secret org0-tls-ca-cert ## created via out-of-band process kubectl -n n2 delete secret peer0.org1.net-tls +kubectl -n n2 delete secret org1-tls-ca-cert +kubectl -n n2 delete secret org2-tls-ca-cert