diff --git a/docs/source/guides/networkyaml-fabric.md b/docs/source/guides/networkyaml-fabric.md
index 673545154f94..01214320c22d 100644
--- a/docs/source/guides/networkyaml-fabric.md
+++ b/docs/source/guides/networkyaml-fabric.md
@@ -73,7 +73,6 @@ The fields under `env` section are
| proxy | Choice of the Cluster Ingress controller. Currently supports 'haproxy' for production/inter-cluster and 'none' for single cluster |
| retry_count | Retry count for the checks. |
|external_dns | If the cluster has the external DNS service, this has to be set `enabled` so that the hosted zone is automatically updated. |
-|annotations| Use this to pass additional annotations to the `service`, `deployment` and `pvc` elements of Kubernetes|
|labels| Use this to pass additional labels to the `service`, `deployment` and `pvc` elements of Kubernetes|
@@ -120,7 +119,7 @@ orderers
The snapshot of the `orderers` section with example values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:46:64"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:46:61"
```
The fields under the each `orderer` are
@@ -131,7 +130,6 @@ The fields under the each `orderer` are
| type | For Fabric, `orderer` is the only valid type of orderers. |
| org_name | Name of the organization to which this orderer belongs to |
| uri | Orderer URL which is accessible by all Peers. This must include the port even when running on 443 |
-| certificate | Path to orderer certificate. For inital network setup, ensure that the directory is present, the file need not be present. For adding a new organization, ensure that the file is the crt file of the orderer of the existing network. |
@@ -141,7 +139,7 @@ channels
The snapshot of channels section with its fields and sample values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:66:149"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:63:158"
```
The fields under the `channel` are
@@ -190,7 +188,7 @@ In the sample configuration example, we have five organization under the `organi
The snapshot of an organization field with sample values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:154:171"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:160:176"
```
Each `organization` under the `organizations` section has the following fields.
@@ -202,11 +200,10 @@ Each `organization` under the `organizations` section has the following fields.
| state | State of the organization |
| location | Location of the organization |
| subject | Subject format can be referred at [OpenSSL Subject](https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html) |
-| type | This field can be orderer/peer |
| external_url_suffix | Public url suffix of the cluster. |
| org_status | `new` (for inital setup) or `existing` (for add new org) |
-| orderer_org | Ordering service provider. It should only be added to peer organizations |
-| ca_data | Contains the certificate authority url (dont include port if running on 443) and certificate path; this has not been implemented yet |
+| orderer_org | Ordering service provider. |
+| ca_data | Contains the certificate path; this has not been implemented yet |
| cloud_provider | Cloud provider of the Kubernetes cluster for this organization. This field can be aws, azure, gcp or minikube |
| aws | When the organization cluster is on AWS |
| k8s | Kubernetes cluster deployment variables.|
@@ -217,7 +214,7 @@ Each `organization` under the `organizations` section has the following fields.
For the aws and k8s field the snapshot with sample values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:172:181"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:178:188"
```
The `aws` field under each organization contains: (This will be ignored if cloud_provider is not 'aws')
@@ -238,7 +235,7 @@ The `k8s` field under each organization contains
For gitops fields the snapshot from the sample configuration file with the example values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:189:201"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:190:208"
```
The gitops field under each organization contains
@@ -259,7 +256,7 @@ The gitops field under each organization contains
For Hyperledger Fabric, you can also generate different user certificates and pass the names and attributes in the specific section for `users`. This is only applicable if using Fabric CA. An example is below:
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:288:294"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:331:337"
```
The fields under `user` are
@@ -275,7 +272,7 @@ The services field for each organization under `organizations` section of Fabric
Each organization will have a CA service under the service field. The snapshot of CA service with example values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:203:211"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:212:218"
```
The fields under `ca` service are
@@ -288,10 +285,10 @@ The fields under `ca` service are
| grpc.port | Grpc port number |
-Each organization with type as peer will have a peers service. The snapshot of peers service with example values is below
+Example of peer service. Below is a snapshot of the peer service with example values.
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:304:338"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:347:380"
```
The fields under `peer` service are
@@ -302,7 +299,6 @@ The fields under `peer` service are
| type | Type can be `anchor` and `nonanchor` for Peer |
| gossippeeraddress | Gossip address of another peer in the same Organization, including port. If there is only one peer, then use that peer address. Can be internal if the peer is hosted in the same Kubernetes cluster. |
| peerAddress | External address of this peer, including port. Must be the HAProxy qualified address. If using single cluster, this can be internal address. |
-| certificate | Path where the Peer's CA certificate will be stored. |
| cli | Optional field. If `enabled` will deploy the CLI pod for this Peer. Default is `disabled`. |
| configpath | This field is mandatory for using external chaincode. This is the path where a custom core.yaml will be used for the peer. |
| grpc.port | Grpc port |
@@ -339,7 +335,7 @@ The chaincodes section contains the list of chaincode for the peer, the fields u
The organization with orderer type will have concensus service. The snapshot of consensus service with example values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:213:214"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:220:221"
```
The fields under `consensus` service are
@@ -351,10 +347,10 @@ The fields under `consensus` service are
| replicas | Only for `kafka`. Replica count of the brokers |
| grpc.port | Only for `kafka`. Grpc port of consensus service |
-The organization with orderer type will have orderers service. The snapshot of orderers service with example values is below
+Example of ordering service. The snapshot of orderers service with example values is below
```yaml
---8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:215:239"
+--8<-- "platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml:222:246"
```
The fields under `orderer` service are
diff --git a/platforms/hyperledger-fabric/charts/fabric-catools/templates/deployment.yaml b/platforms/hyperledger-fabric/charts/fabric-catools/templates/deployment.yaml
new file mode 100644
index 000000000000..17f6b3f89c1b
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-catools/templates/deployment.yaml
@@ -0,0 +1,569 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "fabric-catools.name" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ include "fabric-catools.name" . }}
+ app.kubernetes.io/component: ca-tools
+ app.kubernetes.io/part-of: {{ include "fabric-catools.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ {{ include "labels.deployment" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ include "fabric-catools.name" . }}
+ app.kubernetes.io/component: ca-tools
+ app.kubernetes.io/part-of: {{ include "fabric-catools.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ include "fabric-catools.name" . }}
+ app.kubernetes.io/component: ca-tools
+ app.kubernetes.io/part-of: {{ include "fabric-catools.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ {{ include "labels.deployment" . | nindent 6 }}
+ spec:
+ serviceAccountName: {{ $.Values.global.serviceAccountName }}
+ {{- if .Values.global.vault.imageSecretName }}
+ imagePullSecrets:
+ - name: {{ $.Values.global.vault.imageSecretName }}
+ {{- end }}
+ volumes:
+ - name: ca-tools-pv
+ persistentVolumeClaim:
+ claimName: ca-tools-pvc
+ - name: ca-tools-crypto-pv
+ persistentVolumeClaim:
+ claimName: ca-tools-crypto-pvc
+ - name: certcheck
+ emptyDir:
+ medium: Memory
+ - name: generate-crypto
+ configMap:
+ name: crypto-scripts-cm
+ defaultMode: 0775
+ items:
+ - key: generate-crypto-orderer.sh
+ path: generate-crypto-orderer.sh
+ - name: generate-orderer-crypto
+ configMap:
+ name: crypto-scripts-cm
+ defaultMode: 0775
+ items:
+ - key: orderer-script.sh
+ path: orderer-script.sh
+ - name: generate-crypto-peer
+ configMap:
+ name: crypto-scripts-cm
+ defaultMode: 0775
+ items:
+ - key: generate-crypto-peer.sh
+ path: generate-crypto-peer.sh
+ - name: generate-crypto-add-peer
+ configMap:
+ name: crypto-scripts-cm
+ defaultMode: 0775
+ items:
+ - key: generate-crypto-add-peer.sh
+ path: generate-crypto-add-peer.sh
+ - name: generate-user-crypto
+ configMap:
+ name: crypto-scripts-cm
+ defaultMode: 0775
+ items:
+ - key: generate-user-crypto.sh
+ path: generate-user-crypto.sh
+ - name: store-vault-orderer
+ configMap:
+ name: orderer-script-store-vault
+ defaultMode: 0775
+ items:
+ - key: store-vault-orderer.sh
+ path: store-vault-orderer.sh
+ - name: store-vault-peer
+ configMap:
+ name: peer-script-store-vault
+ defaultMode: 0775
+ items:
+ - key: store-vault-peer.sh
+ path: store-vault-peer.sh
+ - name: store-vault-users
+ configMap:
+ name: users-script-store-vault
+ defaultMode: 0775
+ items:
+ - key: store-vault-users.sh
+ path: store-vault-users.sh
+ - name: none-config
+ configMap:
+ name: msp-config-file
+ defaultMode: 0775
+ items:
+ - key: none-config.yaml
+ path: none-config.yaml
+ - name: no-none-config
+ configMap:
+ name: msp-config-file
+ defaultMode: 0775
+ items:
+ - key: no-none-config.yaml
+ path: no-none-config.yaml
+ {{- $file := .Files.Get "files/orderer.crt" }}
+ {{ if and (eq $.Values.orgData.type "peer") $file }}
+ - name: orderer-tls-cacert
+ configMap:
+ name: orderer-tls-cacert
+ defaultMode: 0775
+ items:
+ - key: orderer.crt
+ path: orderer.crt
+ {{- end }}
+ - name: scripts-volume
+ configMap:
+ name: bevel-vault-script
+ - name: package-manager
+ configMap:
+ name: package-manager
+ initContainers:
+ - name: init-check-certificates
+ image: {{ $.Values.image.alpineUtils }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: VAULT_ADDR
+ value: {{ $.Values.global.vault.address }}
+ - name: VAULT_APP_ROLE
+ value: {{ $.Values.global.vault.role }}
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ $.Values.global.vault.authPath }}
+ - name: VAULT_TYPE
+ value: {{ $.Values.global.vault.type }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ - name: COMPONENT_TYPE
+ value: "{{ $.Values.orgData.type }}"
+ - name: COMPONENT_NAME
+ value: {{ .Release.Namespace }}
+ - name: ORG_NAME_EXT
+ value: {{ $.Values.orgData.orgName }}
+ - name: PROXY
+ value: {{ .Values.global.proxy.provider }}
+ - name: ORDERERS_NAMES
+ value: "{{ $.Values.orderers | join " " -}}"
+ - name: PEERS_NAMES
+ value: "{{ $.Values.peers | join " " -}}"
+ - name: USERS_IDENTITIES
+ value: "{{ $.Values.users.usersIdentities | join " " -}}"
+ - name: MOUNT_PATH
+ value: "/certcheck"
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/usr/bin/env sh
+
+ mkdir -p ${MOUNT_PATH}
+ OUTPUT_PATH="/crypto-config/${COMPONENT_TYPE}Organizations/${COMPONENT_NAME}"
+ mkdir -p ${OUTPUT_PATH}/ca
+ mkdir -p /root/ca-tools/${ORG_NAME_EXT}
+
+{{- if eq .Values.global.vault.type "hashicorp" }}
+ . /scripts/bevel-vault.sh
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/ca"
+
+ # Get ca cert
+ ca_cert=$(echo ${VAULT_SECRET} | jq -r ".[\"ca.${COMPONENT_NAME}-cert.pem\"]")
+ echo "${ca_cert}" > ${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}-cert.pem
+
+ # Get ca key
+ ca_key=$(echo ${VAULT_SECRET} | jq -r ".[\"${COMPONENT_NAME}-CA.key\"]")
+ echo "${ca_key}" > ${OUTPUT_PATH}/ca/${COMPONENT_NAME}-CA.key
+
+ function checkSecret {
+ key=$1
+ key_formatted=$(echo $key | tr - /)
+ file_name=$2
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/${key_formatted}"
+ if [ "$SECRETS_AVAILABLE" == "yes" ]
+ then
+ echo "Certificates present in vault"
+ touch ${MOUNT_PATH}/present_${file_name}.txt
+ else
+ echo "Certficates absent in vault. Ignore error warning."
+ touch ${MOUNT_PATH}/absent_${file_name}.txt
+ fi
+ }
+{{- else }}
+
+ kubectl get secret ca-certs --namespace {{ .Release.Namespace }} --output="jsonpath={.data.ca-${COMPONENT_NAME}-cert}" | base64 -d > ${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}-cert.pem
+ kubectl get secret ca-certs --namespace {{ .Release.Namespace }} --output="jsonpath={.data.ca-${COMPONENT_NAME}-key}" | base64 -d > ${OUTPUT_PATH}/ca/${COMPONENT_NAME}-CA.key
+
+ function checkSecret {
+ key=$1
+ file_name=$2
+ kubectl get secret ${key} --namespace ${COMPONENT_NAME} -o json > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "Certficates absent in kuberenetes secrets. Ignore error warning."
+ touch ${MOUNT_PATH}/absent_${file_name}.txt
+ else
+ echo "Certficates present in kuberenetes secrets. Ignore error warning."
+ touch ${MOUNT_PATH}/present_${file_name}.txt
+ fi
+ }
+{{- end }}
+
+ checkSecret admin-msp msp
+ checkSecret admin-tls tls
+
+ if [ "$COMPONENT_TYPE" = "orderer" ]; then
+ SERVICES_NAMES=$ORDERERS_NAMES;
+ fi;
+
+ if [ "$COMPONENT_TYPE" = "peer" ]; then
+ SERVICES_NAMES=$PEERS_NAMES;
+ fi;
+
+ for SERVICE in $SERVICES_NAMES
+ do
+ # Check if orderer/peer msp already created
+ if [ "$COMPONENT_TYPE" = "peer" ]; then
+ SERVICE_NAME="${SERVICE%%,*}"
+ checkSecret ${SERVICE_NAME}-msp msp_${SERVICE_NAME}
+ fi;
+
+ if [ "$COMPONENT_TYPE" = "orderer" ]; then
+ SERVICE_NAME="${SERVICE}"
+ checkSecret ${SERVICE_NAME}-msp msp_${SERVICE_NAME}
+ fi;
+
+ # Check if orderer/peer msp already created
+ if [ "$COMPONENT_TYPE" = "peer" ]; then
+ SERVICE_NAME="${SERVICE%%,*}"
+ checkSecret ${SERVICE_NAME}-tls tls_${SERVICE_NAME}
+ fi;
+
+ if [ "$COMPONENT_TYPE" = "orderer" ]; then
+ SERVICE_NAME="${SERVICE}"
+ checkSecret ${SERVICE_NAME}-tls tls_${SERVICE_NAME}
+ fi;
+
+ done
+
+ if [ $COMPONENT_TYPE == 'peer' ];
+ then
+ # Check if msp config file already created
+ checkSecret msp-config config_file
+ checkSecret orderer-tls orderer_tls_cert
+ fi;
+
+ if [ "$USERS_IDENTITIES" ]
+ then
+ for user_identity in $USERS_IDENTITIES
+ do
+ # Check if users tls already created
+ checkSecret ${user_identity}-tls tls_${user_identity}
+ # Check if users msp already created for users
+ checkSecret ${user_identity}-msp msp_${user_identity}
+ done
+ fi
+ volumeMounts:
+ - name: ca-tools-pv
+ mountPath: /root/ca-tools
+ - name: ca-tools-crypto-pv
+ mountPath: /crypto-config
+ - name: certcheck
+ mountPath: /certcheck
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ containers:
+ - name: ca-tools
+ image: "{{ .Values.image.caTools }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: COMPONENT_TYPE
+ value: {{ $.Values.orgData.type }}
+ - name: COMPONENT_NAME
+ value: {{ .Release.Namespace }}
+ - name: ORG_NAME_EXT
+ value: {{ $.Values.orgData.orgName }}
+ - name: REFRESH_CERTS
+ value: "{{ $.Values.checks.refreshCertValue }}"
+ - name: ADD_PEER
+ value: "{{ $.Values.checks.addPeerValue }}"
+ - name: ORDERERS_NAMES
+ value: "{{ $.Values.orderers | join " " -}}"
+ - name: PEERS_NAMES
+ value: "{{ $.Values.peers | join " " -}}"
+ - name: PEERS_COUNT
+ value: "{{ len $.Values.peers }}"
+ - name: USERS
+ value: {{ $.Values.users.usersList | toJson | b64enc }}
+ - name: USERS_ANSIBLE
+ value: {{ $.Values.users.usersListAnsible }}
+ - name: USERS_IDENTITIES
+ value: "{{ $.Values.users.usersIdentities | join " " -}}"
+ - name: SUBJECT
+ value: {{ .Values.orgData.componentSubject }}
+ - name: CERT_SUBJECT
+ value: {{ .Values.orgData.certSubject }}
+ - name: CA_URL
+ value: {{ .Release.Name }}.{{ .Release.Namespace }}:7054
+ - name: EXTERNAL_URL_SUFFIX
+ value: {{ .Values.global.proxy.externalUrlSuffix }}
+ - name: PROXY
+ value: {{ .Values.global.proxy.provider }}
+ - name: MOUNT_PATH
+ value: "/certcheck"
+ command: ["sh", "-c"]
+ args:
+ - |-
+ . /scripts/package-manager.sh
+ # Define the packages to install
+ packages_to_install="jq"
+ install_packages "$packages_to_install"
+
+ if [ "$COMPONENT_TYPE" = "orderer" ]; then
+ if [ -e ${MOUNT_PATH}/absent_msp.txt ]; then
+ ORG_CYPTO_FOLDER="/crypto-config/ordererOrganizations/${COMPONENT_NAME}/users/Admin@${COMPONENT_NAME}"
+ ORG_CYPTO_ORDERER_FOLDER="/crypto-config/ordererOrganizations/${COMPONENT_NAME}/orderers"
+
+ SK_NAME=$(find ${ORG_CYPTO_FOLDER}/msp/keystore/ -name "*_sk")
+ if [ -n "$SK_NAME" ]; then
+ rm ${ORG_CYPTO_FOLDER}/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/admin/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/admin/tls/keystore/*_sk
+ fi;
+
+ # Generate crypto material for organization orderers (admin)
+ cd /root/ca-tools/${ORG_NAME_EXT}
+ ./generate-crypto-orderer.sh
+ fi;
+
+ # Generate crypto material for organization orderers (for each orderer)
+ for ORDERER_NAME in $ORDERERS_NAMES
+ do
+ if [ -e ${MOUNT_PATH}/absent_msp_${ORDERER_NAME}.txt ]; then
+ echo "need to execute scripts for ${ORDERER_NAME}"
+ SK_NAME=$(find ${ORG_CYPTO_ORDERER_FOLDER}/${ORDERER_NAME}.${COMPONENT_NAME}/msp/keystore/ -name "*_sk")
+ if [ -n "$SK_NAME" ]; then
+ rm ${ORG_CYPTO_ORDERER_FOLDER}/${ORDERER_NAME}.${COMPONENT_NAME}/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/cas/orderers/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/cas/orderers/tls/keystore/*_sk
+ fi;
+ cd /root/ca-tools/${ORG_NAME_EXT}
+ ./orderer-script.sh ${ORDERER_NAME}
+ fi;
+ done
+ fi;
+
+ if [ "$COMPONENT_TYPE" = "peer" ]; then
+
+ for PEER in $PEERS_NAMES
+ do
+ PEER_NAME="${PEER%%,*}"
+
+ if [ -e ${MOUNT_PATH}/absent_msp.txt ] || [ -e ${MOUNT_PATH}/absent_msp_${PEER_NAME}.txt ] || [ "$REFRESH_CERTS" = "true" ]; then
+
+ ORG_CYPTO_FOLDER="/crypto-config/peerOrganizations/${COMPONENT_NAME}/users/Admin@${COMPONENT_NAME}"
+
+ SK_NAME=$(find ${ORG_CYPTO_FOLDER}/msp/keystore/ -name "*_sk")
+ if [ -n "$SK_NAME" ]; then
+ rm ${ORG_CYPTO_FOLDER}/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/admin/msp/keystore/*_sk
+ rm /root/ca-tools/${ORG_NAME_EXT}/admin/tls/keystore/*_sk
+ fi;
+
+ # Generate crypto material for organization peers
+ cd /root/ca-tools/${ORG_NAME_EXT}
+ if [ "$ADD_PEER" = "false" ]; then
+ ./generate-crypto-peer.sh
+ break
+ else
+ ./generate-crypto-add-peer.sh
+ break
+ fi;
+ fi;
+ done
+
+ # Generate crypto material for users
+ for USER in $USERS_IDENTITIES
+ do
+ if ([ "$USERS_IDENTITIES" ] && [ -e ${MOUNT_PATH}/absent_msp_${USER}.txt ]) || [ "$REFRESH_CERTS" = "true" ]
+ then
+ cd /root/ca-tools/${ORG_NAME_EXT}
+ if [ -z "$USERS_ANSIBLE" ];
+ then
+ ./generate-user-crypto.sh peer ${USERS}
+ else
+ ./generate-user-crypto.sh peer ${USERS_ANSIBLE}
+ fi
+ break
+ fi;
+ done
+ fi;
+
+ # this command creates the indicator of the completion of scripts
+ touch ${MOUNT_PATH}/flag_finish.txt
+ tail -f /dev/null
+ volumeMounts:
+ - name: ca-tools-pv
+ mountPath: /root/ca-tools
+ - name: ca-tools-crypto-pv
+ mountPath: /crypto-config
+ - name: certcheck
+ mountPath: /certcheck
+ - name: generate-crypto
+ mountPath: /root/ca-tools/{{ $.Values.orgData.orgName }}/generate-crypto-orderer.sh
+ subPath: generate-crypto-orderer.sh
+ - name: generate-orderer-crypto
+ mountPath: /root/ca-tools/{{ $.Values.orgData.orgName }}/orderer-script.sh
+ subPath: orderer-script.sh
+ - name: generate-crypto-peer
+ mountPath: /root/ca-tools/{{ $.Values.orgData.orgName }}/generate-crypto-peer.sh
+ subPath: generate-crypto-peer.sh
+ - name: generate-crypto-add-peer
+ mountPath: /root/ca-tools/{{ $.Values.orgData.orgName }}/generate-crypto-add-peer.sh
+ subPath: generate-crypto-add-peer.sh
+ - name: generate-user-crypto
+ mountPath: /root/ca-tools/{{ $.Values.orgData.orgName }}/generate-user-crypto.sh
+ subPath: generate-user-crypto.sh
+ - name: package-manager
+ mountPath: /scripts/package-manager.sh
+ subPath: package-manager.sh
+ - name: store-vault
+ image: {{ $.Values.image.alpineUtils }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: VAULT_ADDR
+ value: {{ $.Values.global.vault.address }}
+ - name: VAULT_APP_ROLE
+ value: {{ $.Values.global.vault.role }}
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ $.Values.global.vault.authPath }}
+ - name: VAULT_TYPE
+ value: {{ $.Values.global.vault.type }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ - name: ORG_NAME_EXT
+ value: {{ $.Values.orgData.orgName }}
+ - name: COMPONENT_TYPE
+ value: {{ $.Values.orgData.type }}
+ - name: COMPONENT_NAME
+ value: {{ .Release.Namespace }}
+ - name: REFRESH_CERTS
+ value: "{{ $.Values.checks.refreshCertValue }}"
+ - name: PROXY
+ value: {{ .Values.global.proxy.provider }}
+ - name: EXTERNAL_URL_SUFFIX
+ value: {{ .Values.global.proxy.externalUrlSuffix }}
+ - name: ORDERERS_NAMES
+ value: "{{ $.Values.orderers | join " " -}}"
+ - name: PEERS_NAMES
+ value: "{{ $.Values.peers | join " " -}}"
+ - name: USERS_IDENTITIES
+ value: "{{ $.Values.users.usersIdentities | join " " -}}"
+ - name: MOUNT_PATH
+ value: "/certcheck"
+ command: ["sh", "-c"]
+ args:
+ - |-
+ . /scripts/package-manager.sh
+ # Define the packages to install
+ packages_to_install="jq curl bash kubectl"
+ install_packages "$packages_to_install"
+
+ while ! [ -f ${MOUNT_PATH}/flag_finish.txt ]
+ do
+ echo 'Waiting for completion of scripts'
+ sleep 2s
+ done
+
+ ls
+ if [ -e /${MOUNT_PATH}/flag_finish.txt ]; then
+ if [ "$COMPONENT_TYPE" = "orderer" ]; then
+ # Generate crypto material for organization orderers
+ cd /scripts/orderer
+ ./store-vault-orderer.sh
+ fi;
+
+ if [ "$COMPONENT_TYPE" = "peer" ]; then
+ # Generate crypto material for organization peers
+ cd /scripts/peer
+ ./store-vault-peer.sh
+ if [ "$USERS_IDENTITIES" ]
+ then
+ cd /scripts/peer
+ ./store-vault-users.sh
+ fi;
+ fi;
+ fi;
+
+ # Raises an error if any certificate has not been stored correctly
+ if [ -e /certcheck/certs_not_found.txt ]; then
+ exit 1
+ fi
+ tail -f /dev/null
+ volumeMounts:
+ - name: ca-tools-pv
+ mountPath: /root/ca-tools
+ - name: ca-tools-crypto-pv
+ mountPath: /crypto-config
+ - name: certcheck
+ mountPath: /certcheck
+ - name: store-vault-orderer
+ mountPath: /scripts/orderer/store-vault-orderer.sh
+ subPath: store-vault-orderer.sh
+ - name: store-vault-peer
+ mountPath: /scripts/peer/store-vault-peer.sh
+ subPath: store-vault-peer.sh
+ - name: store-vault-users
+ mountPath: /scripts/peer/store-vault-users.sh
+ subPath: store-vault-users.sh
+ {{ if and (eq $.Values.orgData.type "peer") (ne $.Values.global.proxy.provider "none") }}
+ - name: no-none-config
+ mountPath: /crypto-config/peerOrganizations/{{ .Release.Namespace }}/msp/config.yaml
+ subPath: no-none-config.yaml
+ {{ end }}
+ {{ if and (eq $.Values.orgData.type "peer") (eq $.Values.global.proxy.provider "none") }}
+ - name: none-config
+ mountPath: /crypto-config/peerOrganizations/{{ .Release.Namespace }}/msp/config.yaml
+ subPath: none-config.yaml
+ {{ end }}
+ {{- $file := .Files.Get "files/orderer.crt" }}
+ {{ if and (eq $.Values.orgData.type "peer") $file }}
+ - name: orderer-tls-cacert
+ mountPath: /tlscerts/orderer.crt
+ subPath: orderer.crt
+ {{- end }}
+ - name: package-manager
+ mountPath: /scripts/package-manager.sh
+ subPath: package-manager.sh
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
diff --git a/platforms/hyperledger-fabric/charts/fabric-catools/templates/job.yaml b/platforms/hyperledger-fabric/charts/fabric-catools/templates/job.yaml
index 89834782edeb..87ee6cffb764 100644
--- a/platforms/hyperledger-fabric/charts/fabric-catools/templates/job.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-catools/templates/job.yaml
@@ -116,8 +116,6 @@ spec:
value: "{{ .Values.settings.addPeerValue }}"
- name: USERS
value: {{ .Values.users.usersList | toJson | b64enc }}
- - name: USERS_ANSIBLE
- value: {{ .Values.users.usersListAnsible }}
- name: REFRESH_CERT_VALUE
value: "{{ .Values.settings.refreshCertValue }}"
{{- if eq .Values.global.vault.type "hashicorp" }}
@@ -246,14 +244,8 @@ spec:
checkSecrets users {{ .identity }}-msp
checkSecrets users {{ .identity }}-tls
{{ end }}
- # Generate crypto material for users
cd /root/ca-tools/org
- if [ -z "$USERS_ANSIBLE" ];
- then
- ./generate-user-crypto.sh peer ${USERS}
- else
- ./generate-user-crypto.sh peer ${USERS_ANSIBLE}
- fi
+ ./generate-user-crypto.sh peer ${USERS}
# Save the generated certificates for peers and users
cd /scripts/peer
diff --git a/platforms/hyperledger-fabric/charts/fabric-catools/values.yaml b/platforms/hyperledger-fabric/charts/fabric-catools/values.yaml
index 82f43b89efc4..3486449ec78d 100644
--- a/platforms/hyperledger-fabric/charts/fabric-catools/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-catools/values.yaml
@@ -51,7 +51,7 @@ image:
orgData:
#Provide the CA URL for the organization without https
#Eg. caAddress: ca.example.com
- caAddress:
+ caAddress: ""
#Provide the CA Admin User for the organization
#Eg. caAdminUser: admin
caAdminUser: supplychain-admin
@@ -69,12 +69,24 @@ orgData:
componentSubject: "O=Orderer,L=51.50/-0.13/London,C=GB"
users:
- # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ # Eg.
+ # usersList:
+ # - user:
+ # identity: user1
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
+ # - user:
+ # identity: user2
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
usersList:
- - identity: user1
- attributes:
- - key: "hf.Revoker"
- value: "true"
+ # - identity: user1
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
# - identity: user2
# attributes:
# - key: "hf.Revoker"
diff --git a/platforms/hyperledger-fabric/charts/fabric-genesis/templates/job.yaml b/platforms/hyperledger-fabric/charts/fabric-genesis/templates/job.yaml
index a34f6b8e6f9f..29e5e4e47aa6 100644
--- a/platforms/hyperledger-fabric/charts/fabric-genesis/templates/job.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-genesis/templates/job.yaml
@@ -118,6 +118,7 @@ spec:
}
. /scripts/package-manager.sh
# Define the packages to install
+ apt-get update --allow-releaseinfo-change
packages_to_install="jq curl wget"
install_packages "$packages_to_install"
# Download kubectl binary
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
index e21f9822794f..340039eb82c9 100644
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
@@ -81,12 +81,24 @@ certs:
users:
# Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ # Eg.
+ # usersList:
+ # - user:
+ # identity: user1
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
+ # - user:
+ # identity: user2
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
usersList:
- - user:
- identity: user1
- attributes:
- - key: "hf.Revoker"
- value: "true"
+ # - user:
+ # identity: user1
+ # attributes:
+ # - key: "hf.Revoker"
+ # value: "true"
#Base64 encoded list of users
#Eg. IC0gdXNlcjoKICAgICAgICAgIGlkZW50aXR5OiB1c2VyMQogICAgICAgICAgYXR0cmlidXRlczoKICAgICAgICAgICAgLSBrZXk6IGtleTEKICAgICAgIgICAgICAgIC0ga2V5OiBrZXkyCiAgICAgICAgICAgICAgdmFsdWU6IHZhbHVlMgogICAgICAgIC0gdXNlcjoKICAgICAgICAgIGlkZW50aXR5OiB1c2VyMgogICAgICAgICAgYXR0cmlidXRlczoKICAgICAgICAgICAgLSBrZXk6IGtleTEKICAgICAgICAgICAgICB2YWx1ZTogdmFsdWUxCiAgICAgICAgICAgIC0ga2V5OiBrZXkzCiAgICAgICAgICAgICAgdmFsdWU6IHZhbHVlMw==
usersListAnsible:
diff --git a/platforms/hyperledger-fabric/configuration/cleanup.yaml b/platforms/hyperledger-fabric/configuration/cleanup.yaml
index d547684f5751..6aa928980925 100644
--- a/platforms/hyperledger-fabric/configuration/cleanup.yaml
+++ b/platforms/hyperledger-fabric/configuration/cleanup.yaml
@@ -34,10 +34,9 @@
name: "delete/genesis"
vars:
component_name: "{{ item.name | lower }}-net"
- sys_channel_name: "syschannel"
loop: "{{ network['organizations'] }}"
when:
- - item.type == "orderer"
+ - item.services.orderers is defined and item.services.orderers | length > 0
- network.env.type != 'operator'
- include_role:
diff --git a/platforms/hyperledger-fabric/configuration/deploy-network.yaml b/platforms/hyperledger-fabric/configuration/deploy-network.yaml
index 00f2cece7d0d..d0e1af5147ac 100644
--- a/platforms/hyperledger-fabric/configuration/deploy-network.yaml
+++ b/platforms/hyperledger-fabric/configuration/deploy-network.yaml
@@ -29,79 +29,45 @@
include_role:
name: "create/namespace"
vars:
- component_name: "{{ item.name | lower }}-net"
- component_type_name: "{{ item.type | lower }}"
- kubernetes: "{{ item.k8s }}"
- release_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
-
- # Setup script for Vault and OS Package Manager
- - name: "Setup script for Vault and OS Package Manager"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/setup/scripts"
- vars:
- namespace: "{{ org.name | lower }}-net"
+ component_name: "{{ org.name | lower }}-net"
kubernetes: "{{ org.k8s }}"
+ release_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: org
-
- # Setup Vault-Kubernetes accesses and Regcred for docker registry
- - name: Setup Vault Kubernetes for each organization
- include_role:
- name: "{{playbook_dir}}/../../shared/configuration/roles/setup/vault_kubernetes"
+
+ # Create necessary secrets
+ - name: "Create k8s secrets"
+ include_role:
+ name: create/secrets
vars:
- name: "{{ org.name | lower }}"
- component_name: "{{ org.name | lower }}-vaultk8s-job"
- component_type: "{{ org.type | lower }}"
component_ns: "{{ org.name | lower }}-net"
- component_auth: "{{ org.k8s.cluster_id | default('')}}{{ network.env.type }}{{ name }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
- gitops: "{{ org.gitops }}"
loop: "{{ network['organizations'] }}"
loop_control:
loop_var: org
-
- # Create Storageclass
- - name: Create storageclass for each organization
- include_role:
- name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
- vars:
- org_name: "{{ org.name | lower }}"
- sc_name: "{{ org_name }}-bevel-storageclass"
- region: "{{ org.k8s.region | default('eu-west-1') }}"
- loop: "{{ network['organizations'] }}"
- loop_control:
- loop_var: org
-
+ when:
+ - org.org_status is not defined or org.org_status == 'new'
+
# Create CA Server helm-value files and check-in
- name: Create CA server for each organization
include_role:
name: "create/ca_server"
vars:
- component_name: "{{ item.name | lower}}-net"
- component: "{{ item.name | lower}}"
- component_type: "{{ item.type | lower}}"
- component_services: "{{ item.services }}"
- sc_name: "{{ component }}-bevel-storageclass"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- ca: "{{ item.services.ca }}"
+ component_ns: "{{ org.name | lower}}-net"
+ component: "{{ org.name | lower}}"
+ component_services: "{{ org.services }}"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ ca: "{{ org.services.ca }}"
docker_url: "{{ network.docker.url }}"
- gitops: "{{ item.gitops }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
- when: item.services.ca is defined
-
- # Create generate_crypto script for each organization
- - name: Create generate_crypto.sh for each organization
- include_role:
- name: "create/crypto_script"
- vars:
- component_type: "{{ item.type | lower }}"
- orderers: "{{ item.services.orderers }}"
+ gitops: "{{ org.gitops }}"
+ values_dir: "./build/{{ component_ns }}"
loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when: org.services.ca is defined
#Creating a pause so that the client certificates are valid
# You can continue if the CA-server pods are running for more than 5 minutes
@@ -109,96 +75,28 @@
prompt: "Sleeping... so that the client certificates are valid"
minutes: 6
- # Create CA Tools helm-value files and check-in
- - name: Create CA tools for each organization
- include_role:
- name: "create/ca_tools/orderer"
- vars:
- component_name: "{{ item.name | lower }}-net"
- component: "{{ item.name | lower }}"
- component_type: "{{ item.type | lower }}"
- component_services: "{{ item.services }}"
- sc_name: "{{ component }}-bevel-storageclass"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- ca: "{{ item.services.ca }}"
- docker_url: "{{ network.docker.url }}"
- gitops: "{{ item.gitops }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
- when: item.type == 'orderer'
-
- # Create CA Tools helm-value files and check-in
- - name: Create CA tools for each organization
- include_role:
- name: "create/ca_tools/peer"
- vars:
- component_name: "{{ item.name | lower}}-net"
- component: "{{ item.name | lower}}"
- component_type: "{{ item.type | lower}}"
- component_services: "{{ item.services }}"
- orderer_org: "{{ item.orderer_org | lower }}"
- sc_name: "{{ component }}-bevel-storageclass"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- ca: "{{ item.services.ca }}"
- docker_url: "{{ network.docker.url }}"
- gitops: "{{ item.gitops }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
- when: item.type == 'peer'
-
- # Creating channel artifacts and putting them in vault
- # This role creates configtx.yaml file as the requirements mentioned in network.yaml
- # which is then consumed by configtxgen tool
- - name: Create configtx.yaml
- include_role:
- name: "create/configtx"
- vars:
- config_file: "./build/configtx.yaml"
- when: add_new_org == 'false' and '2.5.' not in network.version
-
- # This role generate genesis block and channeltx
- - name: Create channel artifacts for all channels
- include_role:
- name: "create/channel_artifacts"
- vars:
- build_path: "./build"
- channel_name: "{{ item.channel_name | lower}}"
- profile_name: "{{ item.channel_name }}"
- fetch_certs: "false"
- loop: "{{ network['channels'] }}"
- when: add_new_org == 'false' and '2.5.' not in network.version
-
- - name: "Create genesis block"
- include_role:
- name: "create/genesis"
- vars:
- build_path: "./build"
- genesis: "{{ item.genesis }}"
- sys_channel_name: "syschannel"
- loop: "{{ network['channels'] }}"
- when: add_new_org == 'false' and '2.5.' not in network.version
-
# This role creates value file for zk-kafka (if kafka consensus is chosen) and orderer
- name: Create all orderers
include_role:
name: "create/orderers"
vars:
build_path: "./build"
- namespace: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- component_services: "{{ item.services }}"
- vault: "{{ item.vault }}"
+ namespace: "{{ org.name | lower}}-net"
+ org_name: "{{ org.name | lower }}"
+ component_services: "{{ org.services }}"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
sys_channel_name: "syschannel"
- git_protocol: "{{ item.gitops.git_protocol }}"
- git_url: "{{ item.gitops.git_url }}"
- git_branch: "{{ item.gitops.branch }}"
+ git_protocol: "{{ org.gitops.git_protocol }}"
+ git_url: "{{ org.gitops.git_url }}"
+ git_branch: "{{ org.gitops.branch }}"
docker_url: "{{ network.docker.url }}"
- charts_dir: "{{ item.gitops.chart_source }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
- when: item.type == 'orderer'
+ loop_control:
+ loop_var: org
+ when: org.services.orderers is defined and org.services.orderers | length > 0
# This role creates the value file for peers of organisations and write couch db credentials
# to the vault.
@@ -207,30 +105,31 @@
name: "create/peers"
vars:
build_path: "./build"
- namespace: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- component_services: "{{ item.services }}"
- vault: "{{ item.vault }}"
- git_protocol: "{{ item.gitops.git_protocol }}"
- git_url: "{{ item.gitops.git_url }}"
- git_branch: "{{ item.gitops.branch }}"
+ namespace: "{{ org.name | lower}}-net"
+ component_type: "{{ org.type | lower}}"
+ component_services: "{{ org.services }}"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ git_protocol: "{{ org.gitops.git_protocol }}"
+ git_url: "{{ org.gitops.git_url }}"
+ git_branch: "{{ org.gitops.branch }}"
docker_url: "{{ network.docker.url }}"
- charts_dir: "{{ item.gitops.chart_source }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
- when: item.type == 'peer'
+ loop_control:
+ loop_var: org
+ when: org.services.peers is defined and org.services.peers | length > 0
- # Create CLI pod for peers with cli option enabled
- - name: Create CLI pod for each peer with it enabled
- include_role:
- name: "create/cli_pod"
+ - name: "Create genesis block"
+ include_role:
+ name: "create/genesis"
vars:
- peers: "{{ org.services.peers }}"
docker_url: "{{ network.docker.url }}"
- loop: "{{ network.organizations }}"
+ loop: "{{ network['organizations'] }}"
loop_control:
loop_var: org
- when: org.type == "peer" and org.org_status == "new"
+ when: org.services.orderers is defined and org.services.orderers | length > 0
vars: #These variables can be overriden from the command line
privilege_escalate: false #Default to NOT escalate to root privledges
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
index c094c4d0538f..fe469a4b1ed7 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
@@ -9,105 +9,28 @@
# Also, creates the value file for Certificate Authority (CA)
#############################################################################################
-# Create the folder to store crypto material
-- name: "creating the directory ./build/crypto-config/{{ component_type }}Organizations/{{ component_name }}/ca"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/directory"
- vars:
- path: "./build/crypto-config/{{ component_type }}Organizations/{{ component_name }}/ca"
-
-- name: Check if CA key already exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "{{ component_name }}-CA.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ component }}/{{ component_type }}Organizations/{{ component_name }}/ca"
- check: "certs_created"
-
-# Generate cacerts helmrelease file.
-- name: "Create value file for cacerts job"
- include_role:
- name: helm_component
- vars:
- name: "{{ component }}"
- type: "cacerts_job"
- component_name: "{{ component }}-cacerts-job"
- component_ns: "{{ component }}-net"
- subject: "{{ ca.subject }}"
- git_protocol: "{{ gitops.git_protocol }}"
- git_url: "{{ gitops.git_url }}"
- git_branch: "{{ gitops.branch }}"
- charts_dir: "{{ gitops.chart_source }}"
- vault: "{{ item.vault }}"
- values_dir: "{{playbook_dir}}/../../../{{ gitops.release_dir }}/{{ component }}"
- when: certs_created.failed == True
-
-# Git Push : Push the above generated files to git directory
-- name: Git Push
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
- vars:
- GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
- msg: "[ci skip] Pushing CA server files"
- when: certs_created.failed == True
- tags:
- - notest
-
-# Check if cacerts-job is completed
-- name: Check if cacerts-job job is completed
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_type: Job
- namespace: "{{ component }}-net"
- component_name: "{{ component }}-cacerts-job"
- kubernetes: "{{ item.k8s }}"
- when: certs_created.failed == True
- tags:
- - notest
-
# Copy custom config for fabric-ca server
- name: Copy custom config for fabric-ca server
shell: |
cp {{ ca.configpath }} ../../../{{ gitops.chart_source }}/ca/conf/fabric-ca-server-config-{{ component }}.yaml
when: ca.configpath is defined
-# Create the CA value file for Orderer
-- name: "Create CA server values for Orderer"
- include_role:
- name: helm_component
- vars:
- name: "{{ ca.name }}"
- type: "ca-orderer"
- git_protocol: "{{ gitops.git_protocol }}"
- git_url: "{{ gitops.git_url }}"
- git_branch: "{{ gitops.branch }}"
- charts_dir: "{{ gitops.chart_source }}"
- external_url_suffix: "{{ item.external_url_suffix }}"
- when: component_type == 'orderer'
+- name: Get the kubernetes server url
+ shell: |
+ KUBECONFIG={{ kubernetes.config_file }} kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " "
+ register: kubernetes_server_url
-# Create the CA value file for Organizations
-- name: "Create CA server values organizations"
+# Create the CA value file
+- name: "Create CA server values"
include_role:
- name: helm_component
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component"
vars:
- name: "{{ ca.name }}"
- type: "ca-peer"
+ type: "ca-server"
+ component_name: "{{ ca.name }}"
git_protocol: "{{ gitops.git_protocol }}"
git_url: "{{ gitops.git_url }}"
git_branch: "{{ gitops.branch }}"
charts_dir: "{{ gitops.chart_source }}"
- external_url_suffix: "{{ item.external_url_suffix }}"
- when: component_type == 'peer'
-
-# Git Push : Push the above generated files to git directory
-- name: Git Push
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
- vars:
- GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
- msg: "[ci skip] Pushing CA server files"
- tags:
- - notest
+ subject: "{{ ca.subject }}"
+ external_url_suffix: "{{ org.external_url_suffix }}"
+ kubernetes_url: "{{ kubernetes_server_url.stdout }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/delete_old_certs.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/delete_old_certs.yaml
deleted file mode 100644
index be8b4ef733b9..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/delete_old_certs.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates value file for the deployment of CA Tools CLI
-#############################################################################################
-
-# Delete crypto materials from vault
-- name: Delete Crypto for orderers
- shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{orderer.name}}.{{ component_name }}/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{orderer.name}}.{{ component_name }}/msp
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp
- loop: "{{ item.services.orderers }}"
- loop_control:
- loop_var: orderer
- environment:
- VAULT_ADDR: "{{ item.vault.url }}"
- VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'orderer'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/main.yaml
deleted file mode 100644
index 0aa47a881f9b..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/orderer/tasks/main.yaml
+++ /dev/null
@@ -1,195 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates value file for the deployment of CA Tools CLI
-#############################################################################################
-
-# Check if CA server is available
-- name: "waiting for the CA server to be created in {{ item.name | lower }}-net"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_type: "Pod"
- namespace: "{{ item.name | lower }}-net"
- component_name: "{{ component_services.ca.name }}"
- label_selectors:
- - name = {{ component_name }}
- when: add_peer is not defined or add_peer != 'true'
-
-# Reset ca-tools pod
-- name: "Reset ca-tools pod"
- include_role:
- name: create/refresh_certs/reset_pod
- vars:
- pod_name: "ca-tools"
- file_path: "{{ values_dir }}/{{ pod_name }}/{{ component_name }}.yaml"
- gitops_value: "{{ item.gitops }}"
- component_ns: "{{ component_name }}"
- kubernetes: "{{ item.k8s }}"
- hr_name: "{{ component_name }}-ca-tools"
- when: refresh_cert is defined and refresh_cert == 'true'
-
-- name: "Delete old certificates"
- include_tasks: delete_old_certs.yaml
- vars:
- org_name: "{{ item.name | lower }}"
- when: refresh_cert is defined and refresh_cert == 'true'
-
-# Create the CA-tools value files
-- name: "Create CA-tools Values for orderer"
- include_role:
- name: helm_component
- vars:
- name: "ca-tools"
- type: "ca-tools"
- org_name: "{{ item.name | lower }}"
- component_type: "{{ item.type | lower }}"
- vault: "{{ item.vault }}"
- external_url_suffix: "{{ item.external_url_suffix }}"
- component_subject: "{{ item.subject }}"
- cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # replace , to / and / to , for certpath
- component_country: "{{ item.country }}"
- component_state: "{{ item.state }}"
- component_location: "{{ item.location }}"
- ca_url: "{{ item.ca_data.url }}"
- proxy: "{{ network.env.proxy }}"
- git_protocol: "{{ gitops.git_protocol }}"
- git_url: "{{ gitops.git_url }}"
- git_branch: "{{ gitops.branch }}"
- charts_dir: "{{ gitops.chart_source }}"
- orderers_list: "{{ item.services.orderers }}"
-
-# Git Push : Push the above generated files to git directory
-- name: Git Push
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
- vars:
- GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
- msg: "[ci skip] Pushing CA-tools files"
-
-# Wait for key certs exists in vault.
-- name: Wait for CA key exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "{{ component_name }}-CA.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/ca"
- check: "crypto_materials"
-
-# Wait for admin tls exists in vault.
-- name: Wait for admin tls exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "client.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/users/admin/tls"
- check: "crypto_materials"
-
-# Wait for orderers tls exists in vault.
-- name: Wait for orderers tls exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "server.key"
- vault_path: "{{ vault.secret_path | default('secretv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/orderers/{{ orderer.name }}.{{ component_name}}/tls"
- check: "crypto_materials"
- loop: "{{ item.services.orderers }}"
- loop_control:
- loop_var: orderer
-
-# Copy the msp admincerts from vault
-- name: Fetch the msp admincerts from vault
- shell: |
- vault kv get -field=admincerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp > Admin@{{ component_name }}-cert.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/admincerts/
- mv Admin@{{ component_name }}-cert.pem ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/admincerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
-
-# Copy the msp cacerts from vault
-- name: Fetch the msp cacerts from vault
- shell: |
- vault kv get -field=cacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.external_url_suffix }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/cacerts/
- mv ca-{{ component_name }}-{{ item.external_url_suffix }}.pem ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy != 'none'
-
-# Copy the msp tlscacerts from vault
-- name: Fetch the msp tlscacerts from vault
- shell: |
- vault kv get -field=tlscacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.external_url_suffix }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/tlscacerts/
- mv ca-{{ component_name }}-{{ item.external_url_suffix }}.pem ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy != 'none'
-
-# Copy the msp cacerts from vault proxy is none
-- name: Fetch the msp cacerts from vault
- shell: |
- vault kv get -field=cacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/cacerts/
- mv ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy == 'none'
-
-# Copy the msp tlscacerts from vault when proxy is none
-- name: Fetch the msp tlscacerts from vault
- shell: |
- vault kv get -field=tlscacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/tlscacerts/
- mv ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem ./build/crypto-config/ordererOrganizations/{{ component_name }}/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy == 'none'
-
-# Copy the tls server.crt from vault to the build directory
-- name: Fetch the tls server.crt from vault
- shell: |
- vault kv get -field=server.crt {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{ orderer.name }}.{{ component_name }}/tls > server.crt
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ component_name }}/orderers/{{ orderer.name }}.{{ component_name }}/tls
- mv server.crt ./build/crypto-config/ordererOrganizations/{{ component_name }}/orderers/{{ orderer.name }}.{{ component_name }}/tls/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- loop: "{{ item.services.orderers }}"
- loop_control:
- loop_var: orderer
-
-# Create the certs directory if it does not exist
-- name: Create the certs directory if it does not exist
- file:
- path: "{{ orderer.certificate | dirname }}"
- state: directory
- loop: "{{ network.orderers }}"
- loop_control:
- loop_var: orderer
- when: add_new_org == 'false' and add_peer is not defined
-
-# Copy the tls ca.crt file from the respective CA Tools CLI to the address specified in network.yaml
-- name: Fetch the tls ca.crt file from vault
- shell: |
- vault kv get -field=ca.crt {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{ orderer.name }}.{{ component_name }}/tls > ca.crt
- mv ca.crt {{ orderer.certificate }}
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- loop: "{{ network.orderers }}"
- loop_control:
- loop_var: orderer
- when:
- - add_new_org == 'false' and add_peer is not defined
- - component == orderer.org_name
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/delete_old_certs.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/delete_old_certs.yaml
deleted file mode 100644
index fa568860ed8a..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/delete_old_certs.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates value file for the deployment of CA Tools CLI
-#############################################################################################
-
-# Delete crypto materials from vault
-- name: Delete Crypto for peers
- shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/orderer/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/msp/config
- {% for peer in peers %}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/peers/{{peer.name}}.{{ component_name }}/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/peers/{{peer.name}}.{{ component_name }}/msp
- {% endfor %}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/credentials/{{ component_name }}/couchdb/{{ org_name }}
- vars:
- peers: "{{ item.services.peers }}"
- environment:
- VAULT_ADDR: "{{ item.vault.url }}"
- VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'peer'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/main.yaml
deleted file mode 100644
index b3f4cba47cae..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/main.yaml
+++ /dev/null
@@ -1,243 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates value file for the deployment of CA Tools CLI
-#############################################################################################
-
-# Check if CA server is available
-- name: "waiting for the CA server to be created in {{ item.name | lower }}-net"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_type: "Pod"
- namespace: "{{ item.name | lower }}-net"
- component_name: "{{ component_services.ca.name }}"
- label_selectors:
- - name = {{ component_name }}
- when: add_peer is not defined or add_peer != 'true'
-
-# Reset ca-tools pod
-- name: "Reset ca-tools pod"
- include_role:
- name: create/refresh_certs/reset_pod
- vars:
- pod_name: "ca-tools"
- file_path: "{{ values_dir }}/{{ pod_name }}/{{ component_name }}.yaml"
- gitops_value: "{{ item.gitops }}"
- component_ns: "{{ component_name }}"
- kubernetes: "{{ item.k8s }}"
- hr_name: "{{ component_name }}-ca-tools"
- when: (add_peer is defined and add_peer == 'true') or (refresh_cert is defined and refresh_cert == 'true')
-
-# Delete old certificates
-- name: "Delete old certificates"
- include_tasks: delete_old_certs.yaml
- vars:
- org_name: "{{ item.name | lower }}"
- when: refresh_cert is defined and refresh_cert == 'true'
-
-# Get Orderer certificates
-- name: "Get Orderer certificates"
- include_tasks: nested_orderers.yaml
- loop: "{{ network.orderers }}"
- loop_control:
- loop_var: orderer
-
-# Create the certs directory if it does not exist
-- name: Create the certs directory if it does not exist
- file:
- path: "{{ playbook_dir }}/../charts/fabric-catools/certs"
- state: directory
-
-- set_fact:
- new_peer_list: []
-
-# Loop over the peers and finds the number of new peers
-- name: Count new peers
- set_fact:
- new_peer_list={{ new_peer_list + [ {'peer_name':peer.name } ] }}
- loop: "{{ item.services.peers }}"
- loop_control:
- loop_var: peer
- when:
- - peer.peerstatus is defined and peer.peerstatus == 'new'
- - add_peer is defined and add_peer == 'true'
-
-# Initialize the list new_peer_list
-- name: Count new peers
- set_fact:
- new_peer_list={{ item.services.peers }}
- when:
- - add_peer is not defined or add_peer == 'false'
-
-- set_fact:
- new_orderer_list: []
-
-# Loop over the orderers and get orderers from the organization provided in the network.yaml
-- name: Get orderers from the organization provided in the network.yaml
- set_fact:
- new_orderer_list={{ new_orderer_list + [orderer] }}
- loop: "{{ network.orderers }}"
- loop_control:
- loop_var: orderer
- when:
- - orderer_org == orderer.org_name | lower
-
-# Create the CA-tools value files
-- name: "Create CA-tools Values for peer"
- include_role:
- name: helm_component
- vars:
- name: "ca-tools"
- type: "ca-tools"
- org_name: "{{ item.name | lower }}"
- component_type: "{{ item.type | lower }}"
- vault: "{{ item.vault }}"
- external_url_suffix: "{{ item.external_url_suffix }}"
- component_subject: "{{ item.subject }}"
- cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # Replace '/', ',', and ':' with ';', ',', and ',' respectively for certpath
- component_country: "{{ item.country }}"
- component_state: "{{ item.state }}"
- component_location: "{{ item.location }}"
- ca_url: "{{ item.ca_data.url }}"
- refresh_cert_value: "{{ refresh_cert | default(false) | quote }}"
- proxy: "{{ network.env.proxy }}"
- git_protocol: "{{ item.gitops.git_protocol }}"
- git_url: "{{ gitops.git_url }}"
- git_branch: "{{ gitops.branch }}"
- charts_dir: "{{ gitops.chart_source }}"
- peers_list: "{{ item.services.peers }}"
- orderers_list: "{{ new_orderer_list }}"
- peer_count: "{{ item.services.peers | length }}"
- add_peer_value: "{{ add_peer | default(false) | quote }}"
- new_peer_count: "{{ new_peer_list | length }}"
- user_list: "{{ item.users }}"
-
-# Git Push : Push the above generated files to git directory
-- name: Git Push
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
- vars:
- GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
- msg: "[ci skip] Pushing CA-tools files"
-
-# Wait for CA key exists in vault.
-- name: Wait for CA key exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "{{ component_name }}-CA.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/ca"
- check: "crypto_materials"
-
-# Wait for admin tls exists in vault.
-- name: Wait for admin tls exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "client.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/users/admin/tls"
- check: "crypto_materials"
-
-# Wait for orderers tls exists in vault.
-- name: Wait for peers tls exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "server.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/peers/{{ peer.name }}.{{ component_name }}/tls"
- check: "crypto_materials"
- loop: "{{ item.services.peers }}"
- loop_control:
- loop_var: peer
-
-# Wait for users tls exists in vault.
-- name: Wait for users tls exists in vault.
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- vault_field: "client.key"
- vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/{{ user.identity }}/tls"
- check: "crypto_materials"
- loop: "{{ item.users }}"
- loop_control:
- loop_var: user
- when: item.users is defined
-
-# Copy msp cacerts to given path
-- name: "Copy msp cacerts to given path"
- include_tasks: nested_endorsers.yaml
- vars:
- org_name: "{{ item.name |lower }}"
- approvers: "{{ channel.endorsers }}"
- loop: "{{ network.channels }}"
- loop_control:
- loop_var: channel
-
-# Fetch msp admincerts from vault
-- name: Fetch the msp admincerts from vault
- shell: |
- vault kv get -field=admincerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp > Admin@{{ component_name }}-cert.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/admincerts/
- mv Admin@{{ component_name }}-cert.pem ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/admincerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
-
-# Fetch msp cacerts from vault
-- name: Fetch the msp cacerts from vault
- shell: |
- vault kv get -field=cacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.external_url_suffix }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/cacerts/
- mv ca-{{ component_name }}-{{ item.external_url_suffix }}.pem ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy != 'none'
-
-# Fetch msp tlscacerts from vault
-- name: Fetch the msp tlscacerts from vault
- shell: |
- vault kv get -field=tlscacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.external_url_suffix }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/tlscacerts/
- mv ca-{{ component_name }}-{{ item.external_url_suffix }}.pem ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy != 'none'
-
-# Fetch msp cacerts from vault when proxy is none
-- name: Fetch the msp cacerts from vault
- shell: |
- vault kv get -field=cacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/cacerts/
- mv ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy == 'none'
-
-# Fetch msp tlscacerts from vault when proxy is none
-- name: Fetch the msp tlscacerts from vault
- shell: |
- vault kv get -field=tlscacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp > ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/tlscacerts/
- mv ca-{{ component_name }}-{{ item.services.ca.grpc.port }}.pem ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: network.env.proxy == 'none'
-
-# Fetch msp config.yaml file from vault
-- name: Fetch msp config.yaml file from vault
- shell: |
- vault kv get -field=configfile {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/msp/config > config.yaml
- mv config.yaml ./build/crypto-config/peerOrganizations/{{ component_name }}/msp/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_endorsers.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_endorsers.yaml
deleted file mode 100644
index fcd36c9975c7..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_endorsers.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
----
-# Get endorsers data
-- name: Get endorsers data
- include_tasks: nested_peers.yaml
- vars:
- org_peers: "{{ item.services.peers }}"
- endorsers_peers: "{{ endorser.peers }}"
- loop: "{{ approvers }}"
- loop_control:
- loop_var: endorser
- when: org_name == endorser.name
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_orderers.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_orderers.yaml
deleted file mode 100644
index b64c55d312a0..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_orderers.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
----
-# Check orderer-certificate file exists
-- name: Check that orderer-certificate file exists
- stat:
- path: "{{ orderer.certificate }}"
- register: orderer_file_result
- failed_when: add_new_org == 'true' and not orderer_file_result.stat.exists # Fail the task if new_org is added and orderer-cert does not exist
- tags:
- - notest
-
-# Check if Orderer certs exists in vault. If yes, get the certificate
-- name: Check if Orderer certs exist in Vault
- shell: |
- vault kv get -field=ca.crt {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/orderer/tls
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- register: orderer_certs_result
- ignore_errors: yes
- changed_when: false
- when:
- - not orderer_file_result.stat.exists
- tags:
- - notest
-
-# Save Orderer certs if not in Vault
-- name: Save Orderer certs if not in Vault
- local_action: copy content="{{ orderer_certs_result.results[0].stdout }}" dest="{{ orderer.certificate }}"
- when:
- - not orderer_file_result.stat.exists
- - orderer_certs_result.results[0].failed == False
- tags:
- - notest
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_peers.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_peers.yaml
deleted file mode 100644
index 23771ceee3e8..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/nested_peers.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
----
-# Set a variable
-- set_fact:
- endorsers_peers_data: []
-
-# Get peers from the endorser
-- name: Get endorsers peers
- set_fact:
- endorsers_peers_data={{ endorsers_peers_data + [ {'name':peer.name | lower, 'certificate':peer.certificate } ] }}
- loop: "{{ endorsers_peers }}"
- loop_control:
- loop_var: peer
- when: peer.certificate is defined
-
-# Copy the certificates in the path provided in the network.yaml
-- name: "Copy certificates"
- include_tasks: write.yaml
- vars:
- endorsers_peers: "{{ endorsers_peers_data }}"
- loop: "{{ org_peers }}"
- loop_control:
- loop_var: org_peer
- when:
- - org_name == endorser.name
- - endorsers_peers_data is defined
- - endorsers_peers_data|length > 0
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/write.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/write.yaml
deleted file mode 100644
index 80a3ed563888..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_tools/peer/tasks/write.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
----
-# Create the certs directory if it does not exist
-- name: Create the certs directory if it does not exist
- file:
- path: "{{ peer.certificate | dirname }}"
- state: directory
- loop: "{{ endorsers_peers }}"
- loop_control:
- loop_var: peer
- when:
- - item.org_status == 'new'
- - org_peer.peerstatus is not defined or org_peer.peerstatus == 'new'
- - org_peer.name == peer.name
-
-# Get msp config.yaml file from vault
-- name: Get msp cacerts
- shell: |
- vault kv get -field=cacerts {{ vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/peers/{{ peer.name }}.{{ component_name }}/msp > {{ peer.certificate }}
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- loop: "{{ endorsers_peers }}"
- loop_control:
- loop_var: peer
- when:
- - item.org_status == 'new'
- - org_peer.peerstatus is not defined or org_peer.peerstatus == 'new'
- - org_peer.name == peer.name
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/fetch_orderers_certs.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/fetch_orderers_certs.yaml
deleted file mode 100644
index 1129576aec25..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/fetch_orderers_certs.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-
-# Fetch msp files from Vault
-- name: Check if orderers tls certs already created
- shell: |
- vault kv get -field=server.crt {{ organization.vault.secret_path | default('secretsv2') }}/{{ organization.name | lower }}/ordererOrganizations/{{ organization.name | lower }}-net/orderers/{{ orderer.name }}.{{ organization.name | lower }}-net/tls > server.crt
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/orderers/{{ orderer.name }}.{{ organization.name | lower }}-net/tls
- mv server.crt ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/orderers/{{ orderer.name }}.{{ organization.name | lower }}-net/tls
- environment:
- VAULT_ADDR: "{{ organization.vault.url }}"
- VAULT_TOKEN: "{{ organization.vault.root_token }}"
- loop: "{{ orderers }}"
- loop_control:
- loop_var: orderer
-
-# Fetch msp files from Vault
-- name: Check if msp admincerts already created
- shell: |
- vault kv get -field=admincerts {{ organization.vault.secret_path | default('secretsv2') }}/{{ organization.name | lower }}/ordererOrganizations/{{ organization.name | lower }}-net/users/admin/msp > Admin@{{ organization.name | lower }}-net-cert.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/admincerts/
- mv Admin@{{ organization.name | lower }}-net-cert.pem ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/admincerts/
- environment:
- VAULT_ADDR: "{{ organization.vault.url }}"
- VAULT_TOKEN: "{{ organization.vault.root_token }}"
-
-# Fetch msp files from Vault
-- name: Check if msp cacerts already created
- shell: |
- vault kv get -field=cacerts {{ organization.vault.secret_path | default('secretsv2') }}/{{ organization.name | lower }}/ordererOrganizations/{{ organization.name | lower }}-net/users/admin/msp > ca-{{ organization.name | lower }}-net-{{ organization.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/cacerts/
- mv ca-{{ organization.name | lower }}-net-{{ organization.services.ca.grpc.port }}.pem ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ organization.vault.url }}"
- VAULT_TOKEN: "{{ organization.vault.root_token }}"
-
-# Fetch msp files from Vault
-- name: Check if msp tlscacerts already created
- shell: |
- vault kv get -field=tlscacerts {{ organization.vault.secret_path | default('secretsv2') }}/{{ organization.name | lower }}/ordererOrganizations/{{ organization.name | lower }}-net/users/admin/msp > ca-{{ organization.name | lower }}-net-{{ organization.services.ca.grpc.port }}.pem
- mkdir -p ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/tlscacerts/
- mv ca-{{ organization.name | lower }}-net-{{ organization.services.ca.grpc.port }}.pem ./build/crypto-config/ordererOrganizations/{{ organization.name | lower }}-net/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ organization.vault.url }}"
- VAULT_TOKEN: "{{ organization.vault.root_token }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/main.yaml
deleted file mode 100644
index da5a05fa56f6..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/tasks/main.yaml
+++ /dev/null
@@ -1,169 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-##############################################################################################
-# This task ensures that the directory exists, and creates it, if it does not exist
-##############################################################################################
-
-# Create the build directory if it does not exist
-- name: Create build directory if it does not exist
- file:
- path: "./build"
- state: directory
-
-# Check configtxgen
-- name: Check configtxgen
- stat:
- path: "{{ build_path }}/configtxgen"
- register: config_stat_result
-
-# Register temporary directory
-- name: Register temporary directory
- tempfile:
- state: directory
- register: tmp_directory
-
-# Fetch orderers files from Vault
-- name: "Check if orderers certs already created"
- include_tasks: fetch_orderers_certs.yaml
- vars:
- orderers: "{{ organization.services.orderers }}"
- loop: "{{ network['organizations'] }}"
- loop_control:
- loop_var: organization
- when:
- - fetch_certs == 'true' and '2.5.' in network.version
- - organization.name == item.osn_creator_org.name
-
-# Fetch msp files from Vault
-- name: Check if msp admincerts already created
- vars:
- query: "organizations[?name=='{{organization.name}}'].services.ca.grpc.port"
- query_vault_url: "organizations[?name=='{{organization.name}}'].vault.url"
- query_vault_token: "organizations[?name=='{{organization.name}}'].vault.root_token"
- query_vault_secretPath: "organizations[?name=='{{organization.name}}'].vault.secret_path"
- shell: |
- vault kv get -field=admincerts {{ network | json_query(query_vault_secretPath) | first | default('secretsv2') }}/{{ organization.name | lower }}/peerOrganizations/{{ organization.name | lower }}-net/users/admin/msp > Admin@{{ organization.name | lower }}-net-cert.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/admincerts/
- mv Admin@{{ organization.name | lower }}-net-cert.pem ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/admincerts/
- environment:
- VAULT_ADDR: "{{ network | json_query(query_vault_url) | first }}"
- VAULT_TOKEN: "{{ network | json_query(query_vault_token) | first }}"
- loop: "{{ item['participants'] }}"
- loop_control:
- loop_var: organization
- when: fetch_certs == 'true'
-
-# Fetch msp files from Vault
-- name: Check if msp cacerts already created
- vars:
- query: "organizations[?name=='{{organization.name}}'].services.ca.grpc.port"
- query_vault_url: "organizations[?name=='{{organization.name}}'].vault.url"
- query_vault_token: "organizations[?name=='{{organization.name}}'].vault.root_token"
- query_vault_secretPath: "organizations[?name=='{{organization.name}}'].vault.secret_path"
- shell: |
- vault kv get -field=cacerts {{ network | json_query(query_vault_secretPath) | first | default('secretsv2') }}/{{ organization.name | lower }}/peerOrganizations/{{ organization.name | lower }}-net/users/admin/msp > ca-{{ organization.name | lower }}-net-{{ network | json_query(query) | first }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/cacerts/
- mv ca-{{ organization.name | lower }}-net-{{ network | json_query(query) | first }}.pem ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/cacerts/
- environment:
- VAULT_ADDR: "{{ network | json_query(query_vault_url) | first }}"
- VAULT_TOKEN: "{{ network | json_query(query_vault_token) | first }}"
- loop: "{{ item['participants'] }}"
- loop_control:
- loop_var: organization
- when: fetch_certs == 'true'
-
-# Fetch msp files from Vault
-- name: Check if msp tlscacerts already created
- vars:
- query: "organizations[?name=='{{organization.name}}'].services.ca.grpc.port"
- query_vault_url: "organizations[?name=='{{organization.name}}'].vault.url"
- query_vault_token: "organizations[?name=='{{organization.name}}'].vault.root_token"
- query_vault_secretPath: "organizations[?name=='{{organization.name}}'].vault.secret_path"
- shell: |
- vault kv get -field=tlscacerts {{ network | json_query(query_vault_secretPath) | first | default('secretsv2') }}/{{ organization.name | lower }}/peerOrganizations/{{ organization.name | lower }}-net/users/admin/msp > ca-{{ organization.name | lower }}-net-{{ network | json_query(query) | first }}.pem
- mkdir -p ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/tlscacerts/
- mv ca-{{ organization.name | lower }}-net-{{ network | json_query(query) | first }}.pem ./build/crypto-config/peerOrganizations/{{ organization.name | lower }}-net/msp/tlscacerts/
- environment:
- VAULT_ADDR: "{{ network | json_query(query_vault_url) | first }}"
- VAULT_TOKEN: "{{ network | json_query(query_vault_token) | first }}"
- loop: "{{ item['participants'] }}"
- loop_control:
- loop_var: organization
- when: fetch_certs == 'true'
-
-############################################################################################
-# Fetch the configtx gen tar file from the mentioned URL
-- name: "Getting the configtxgen binary tar"
- get_url:
- url: https://github.com/hyperledger/fabric/releases/download/v{{network.version}}/hyperledger-fabric-{{install_os}}-{{install_arch}}-{{network.version}}.tar.gz
- dest: "{{ tmp_directory.path }}"
- when: config_stat_result.stat.exists == False
-
-
-############################################################################################
-# Unzip the above downloaded tar file
-- name: "Unziping the downloaded file"
- unarchive:
- src: "{{ tmp_directory.path }}/hyperledger-fabric-{{install_os}}-{{install_arch}}-{{network.version}}.tar.gz"
- dest: "{{ tmp_directory.path }}"
- when: config_stat_result.stat.exists == False
-
-############################################################################################
-# Extract the configtxgen binary and place it at appropriate path
-- name: "Moving the configtxgen from the extracted folder and place in it path"
- copy:
- src: "{{ tmp_directory.path }}/bin/configtxgen"
- dest: "{{ build_path }}/configtxgen"
- mode: 0755
- when: config_stat_result.stat.exists == False
-
-############################################################################################
-# Create the channel-artifacts folder
-- name: "Creating channel-artifacts folder"
- file:
- path: "{{ build_path }}/channel-artifacts"
- state: directory
-
-# Remove old channel block
-- name: Remove old channel block
- file:
- path: "{{ build_path }}/channel-artifacts/{{channel_name}}.tx"
- state: absent
- when: add_new_org == 'false'
-
-############################################################################################
-# Create channel by consuming the configtx.yaml file
-- name: "Creating channels"
- shell: |
- cd {{ build_path }}
- ./configtxgen -profile {{ profile_name }} -outputCreateChannelTx ./channel-artifacts/{{channel_name}}.tx -channelID {{channel_name}}
- cat ./channel-artifacts/{{channel_name}}.tx | base64 > ./channel-artifacts/{{channel_name}}.tx.base64
- when: add_new_org == 'false'
-
-############################################################################################
-# Create the anchortx files
-- name: "Creating Anchor artifacts"
- shell: |
- cd {{ build_path }}
- ./configtxgen -profile {{ profile_name }} -outputAnchorPeersUpdate ./channel-artifacts/{{channel_name}}{{participant.name}}MSPAnchor.tx -channelID {{channel_name}} -asOrg {{participant.name}}MSP -configPath ./
- cat ./channel-artifacts/{{channel_name}}{{participant.name}}MSPAnchor.tx | base64 > ./channel-artifacts/{{channel_name}}{{participant.name}}MSPAnchor.tx.base64
- loop: "{{ item.participants }}"
- loop_control:
- loop_var: participant
- when: add_new_org == 'false'
-
-# Create the channel by consuming the configtx.yaml file
-- name: "Creating JSON configuration for new organization"
- shell: |
- cd {{ build_path }}
- export FABRIC_CFG_PATH=$PWD
- ./configtxgen -printOrg {{ participant.name }}MSP > ./channel-artifacts/{{ channel_name | lower }}.json
- loop: "{{ item.participants }}"
- loop_control:
- loop_var: participant
- register: result
- when: participant.org_status == 'new' and add_new_org == 'true'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/vars/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/vars/main.yaml
deleted file mode 100644
index 22da8c2d5867..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/channel_artifacts/vars/main.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
----
-tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}"
-fabric:
- os: "linux" # use "darwin" for MacOS X, "windows" for Windows
- arch: "amd64" # other possible values: "386","arm64","arm","ppc64le","s390x"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml
deleted file mode 100644
index bac5f7132ff8..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates value file for Cli pods
-############################################################################################
-# CREATE CLI POD #
-############################################################################################
-
-# Reset peers pods
-- name: "Reset peers pods"
- include_role:
- name: create/refresh_certs/reset_pod
- vars:
- pod_name: "cli"
- file_path: "{{ values_dir }}/{{ pod_name }}/{{ peer.name | lower}}-{{ org.name | lower }}-cli.yaml"
- gitops_value: "{{ org.gitops }}"
- component_ns: "{{ org.name | lower}}-net"
- kubernetes: "{{ org.k8s }}"
- hr_name: "{{ peer.name | lower}}-{{ org.name | lower }}-cli"
- loop: "{{ peers }}"
- loop_control:
- loop_var: peer
- when:
- - refresh_cert is defined and refresh_cert == 'true'
- - peer.cli is defined
- - peer.cli == "enabled"
-
-# Create the value file for the cli pod as per requirements mentioned in network.yaml
-- name: "Create Value file for CLI Pod"
- include_role:
- name: helm_component
- vars:
- name: "cli"
- component_name: "{{ peer.name | lower}}-{{ org.name | lower }}-cli"
- orderer: "{{ network.orderers | first }}"
- component_ns: "{{ org.name | lower}}-net"
- git_protocol: "{{ org.gitops.git_protocol }}"
- git_url: "{{ org.gitops.git_url }}"
- git_branch: "{{ org.gitops.branch }}"
- charts_dir: "{{ org.gitops.chart_source }}"
- vault: "{{ org.vault }}"
- sc_name: "{{ org.name | lower }}-bevel-storageclass"
- values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
- type: "cli"
- external_url_suffix: "{{ org.external_url_suffix }}"
- loop: "{{ peers }}"
- loop_control:
- loop_var: peer
- when:
- - peer.peerstatus is not defined or peer.peerstatus == 'new'
- - peer.cli is defined
- - peer.cli == "enabled"
-
-# Git Push : Push the above generated files to git directory
-- name: Git Push
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
- vars:
- GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ org.gitops }}"
- msg: "[ci skip] Pushing CLI value files"
- loop: "{{ peers }}"
- loop_control:
- loop_var: peer
- when: peer.cli is defined and peer.cli == "enabled"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/configtx/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/configtx/tasks/main.yaml
deleted file mode 100644
index 4ff1074b874f..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/configtx/tasks/main.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-##############################################################################################
-# This role creates configtx.yaml file which is consumed by configtxgen tool
-##############################################################################################
-
-##############################################################################################
-# Create the configtx.yaml file as the requirements mentioned in network.yaml
-# file. The configtx.yaml file is consumed by the configtxgen binary to generate the
-# genesis block and channels.
-##############################################################################################
-
-# Create the build directory if it does not exist
-- name: Create build directory if it does not exist
- file:
- path: "./build"
- state: directory
-
-# Remove old configtx file
-- name: "Remove old configtx file"
- file:
- path: "{{ config_file }}"
- state: absent
-
-# The tasks add the required data patch by patch to the configtx.yaml file to generate it.
-- name: "create configtx.yaml file"
- file:
- path: "{{ config_file }}"
- state: touch
-
-# Copy custom files if present
-- name: "Copy custom files if present"
- copy:
- src: "{{ network.configtx.folder_path }}"
- dest: ./roles/create/configtx/templates
- when: network.configtx is defined and network.configtx.custom == true
-
-# Checking if custom init patch to configtx.yaml exists
-- name: "Checking if custom init patch to configtx.yaml exists"
- stat:
- path: "{{ network.configtx.folder_path }}configtxinit_custom.tpl"
- register: cfinit
- when: network.configtx is defined and network.configtx.custom == true
-
-# Add init patch to configtx.yaml
-- name: "Adding init patch to configtx.yaml"
- blockinfile:
- dest: "{{ config_file }}"
- block: "{{ lookup('template', filename) }}"
- marker: "#"
- vars:
- consensus: "{{ org.services.consensus }}"
- org_query: "organizations[?type=='orderer']"
- org: "{{ network | json_query(org_query) | first }}"
- filename: configtxinit_{{ 'custom' if network.configtx is defined and network.configtx.custom == true and cfinit.stat.exists else 'default' }}.tpl
-
-# Check if custom init patch to configtx.yaml exists
-- name: "Checking if custom init patch to configtx.yaml exists"
- stat:
- path: "{{ network.configtx.folder_path }}configtxOrg_custom.tpl"
- register: cforg
- when: network.configtx is defined and network.configtx.custom == true
-
-# Add organization patch to configtx.yaml
-- name: "Adding organization patch to configtx.yaml"
- blockinfile:
- dest: "{{ config_file }}"
- block: "{{ lookup('template', filename) }}"
- marker: "#"
- vars:
- component_name: "{{ item.name }}"
- component_ns: "{{ item.name | lower }}-net"
- component_type: "{{ item.type | lower }}"
- orderers: "{{ item.services.orderers | default('') }}"
- provider: "{{ network.env.proxy }}"
- filename: configtxOrg_{{ 'custom' if network.configtx is defined and network.configtx.custom == true and cforg.stat.exists else 'default' }}.tpl
- loop: "{{ network['organizations'] }}"
-
-# Check if custom init patch to configtx.yaml exists
-- name: "Checking if custom init patch to configtx.yaml exists"
- stat:
- path: "{{ network.configtx.folder_path }}configtxOrderer_custom.tpl"
- register: cford
- when: network.configtx is defined and network.configtx.custom == true
-
-# Add orderer patch to configtx.yaml
-- name: "Adding orderer patch to configtx.yaml"
- blockinfile:
- dest: "{{ config_file }}"
- block: "{{ lookup('template', filename) }}"
- marker: "#"
- vars:
- orderers: "{{ network.orderers }}"
- consensus: "{{ network.consensus }}"
- provider: "{{ network.env.proxy }}"
- filename: configtxOrderer_{{ 'custom' if network.configtx is defined and network.configtx.custom == true and cford.stat.exists else 'default' }}.tpl
-
-# Check if custom init patch to configtx.yaml exists
-- name: "Checking if custom init patch to configtx.yaml exists"
- stat:
- path: "{{ network.configtx.folder_path }}configtxProfile_custom.tpl"
- register: cfprofile
- when: network.configtx is defined and network.configtx.custom == true
-
-# Add profile patch to configtx.yaml
-- name: "Adding profile patch to configtx.yaml"
- blockinfile:
- dest: "{{ config_file }}"
- block: "{{ lookup('template', filename) }}"
- marker: "#"
- vars:
- orderers: "{{ network.orderers }}"
- consensus: "{{ network.consensus }}"
- provider: "{{ network.env.proxy }}"
- filename: configtxProfile_{{ 'custom' if network.configtx is defined and network.configtx.custom == true and cfprofile.stat.exists else 'default' }}.tpl
- when: network.channels is defined
-
-# Display configtx file contents
-- name: Display configtx file contents
- debug:
- msg: "The configtx file is: {{ lookup('file', './build/configtx.yaml') }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrderer_default.tpl b/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrderer_default.tpl
deleted file mode 100644
index 18245f54937c..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrderer_default.tpl
+++ /dev/null
@@ -1,63 +0,0 @@
-Orderer: &OrdererDefaults
-{% if consensus.name == 'raft' %}
- OrdererType: etcdraft
-{% else %}
- OrdererType: {{ consensus.name }}
-{% endif %}
- Addresses:
-{% for orderer in orderers %}
-{% if provider == 'none' %}
- - {{ orderer.name }}.{{ orderer.org_name | lower }}-net:7050
-{% else %}
- - {{ orderer.uri }}
-{% endif %}
-{% endfor %}
- BatchTimeout: 2s
- BatchSize:
- MaxMessageCount: 10
- AbsoluteMaxBytes: 98 MB
- PreferredMaxBytes: 1024 KB
-{% if consensus.name == 'kafka' %}
- Kafka:
- Brokers:
-{% for org in network.organizations %}
-{% if org.services.orderers is defined and org.services.orderers|length > 0 %}
-{% for i in range(consensus.replicas) %}
- - {{ consensus.name }}-{{ i }}.{{ consensus.type }}.{{ org.name |lower }}-net.svc.cluster.local:{{ consensus.grpc.port }}
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if consensus.name == 'raft' %}
- EtcdRaft:
- Consenters:
-{% for orderer in orderers %}
-{% set component_ns = orderer.org_name.lower() + '-net' %}
-{% if provider == 'none' %}
- - Host: {{orderer.name}}.{{ component_ns }}
- Port: 7050
-{% else %}
-{% set path = orderer.uri.split(':') %}
- - Host: {{ path[0] }}
- Port: {{ path[1] }}
-{% endif %}
- ClientTLSCert: ./crypto-config/ordererOrganizations/{{ component_ns }}/orderers/{{ orderer.name }}.{{ component_ns }}/tls/server.crt
- ServerTLSCert: ./crypto-config/ordererOrganizations/{{ component_ns }}/orderers/{{ orderer.name }}.{{ component_ns }}/tls/server.crt
-{% endfor %}
-{% endif %}
- Organizations:
- Policies:
- Readers:
- Type: ImplicitMeta
- Rule: "ANY Readers"
- Writers:
- Type: ImplicitMeta
- Rule: "ANY Writers"
- Admins:
- Type: ImplicitMeta
- Rule: "MAJORITY Admins"
- BlockValidation:
- Type: ImplicitMeta
- Rule: "ANY Writers"
- Capabilities:
- <<: *OrdererCapabilities
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrg_default.tpl b/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrg_default.tpl
deleted file mode 100644
index c9f40e2347e4..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxOrg_default.tpl
+++ /dev/null
@@ -1,45 +0,0 @@
- - &{{ component_name }}Org
- Name: {{ component_name }}MSP
- ID: {{ component_name }}MSP
- MSPDir: ./crypto-config/{{ component_type }}Organizations/{{ component_ns }}/msp
- Policies:
- Readers:
- Type: Signature
- Rule: "OR('{{ component_name }}MSP.member')"
- Writers:
- Type: Signature
- Rule: "OR('{{ component_name }}MSP.member')"
- Admins:
- Type: Signature
- Rule: "OR('{{ component_name }}MSP.admin')"
- Endorsement:
- Type: Signature
- Rule: "OR('{{ component_name }}MSP.member')"
-{% if component_type == 'peer' and '2.5' not in network.version %}
- AnchorPeers:
- # AnchorPeers defines the location of peers which can be used
- # for cross org gossip communication. Note, this value is only
- # encoded in the genesis block in the Application section context
-{% for peer in item.services.peers %}
-{% if peer.type == 'anchor' %}
-{% if provider == 'none' %}
- - Host: {{ peer.name }}.{{ component_ns }}
- Port: 7051
-{% else %}
-{% set path = peer.peerAddress.split(':') %}
- - Host: {{ path[0] }}
- Port: {{ path[1] }}
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if component_type == 'orderer' and '2.5' in network.version %}
- OrdererEndpoints:
-{% for orderer in orderers %}
-{% if provider == 'none' %}
- - {{ orderer.name }}.{{ orderer.org_name | lower }}-net:7050
-{% else %}
- - {{ orderer.ordererAddress }}
-{% endif %}
-{% endfor %}
-{% endif %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxProfile_default.tpl b/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxProfile_default.tpl
deleted file mode 100644
index bccfbba8670c..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxProfile_default.tpl
+++ /dev/null
@@ -1,51 +0,0 @@
-Profiles:
-{% for channel in network.channels %}
- {{channel.genesis.name}}:
- <<: *ChannelDefaults
- Orderer:
- <<: *OrdererDefaults
-{% if consensus.name == 'raft' %}
- OrdererType: etcdraft
- EtcdRaft:
- Consenters:
-{% for orderer in orderers %}
-{% set component_ns = orderer.org_name.lower() + '-net' %}
-{% if provider == 'none' %}
- - Host: {{orderer.name}}.{{ component_ns }}
- Port: 7050
-{% else %}
-{% set path = orderer.uri.split(':') %}
- - Host: {{ path[0] }}
- Port: {{ path[1] }}
-{% endif %}
- ClientTLSCert: ./crypto-config/ordererOrganizations/{{ component_ns }}/orderers/{{ orderer.name }}.{{ component_ns }}/tls/server.crt
- ServerTLSCert: ./crypto-config/ordererOrganizations/{{ component_ns }}/orderers/{{ orderer.name }}.{{ component_ns }}/tls/server.crt
-{% endfor %}
-{% endif %}
- Organizations:
-{% for orderer in channel.orderers %}
- - *{{ orderer }}Org
-{% endfor %}
-{% if '2.5' not in network.version %}
- Consortiums:
- {{channel.consortium}}:
- Organizations:
-{% for org in network.organizations %}
-{% if org.type != 'orderer' %}
- - *{{org.name}}Org
-{% endif %}
-{% endfor %}
- {{channel.channel_name}}:
- <<: *ChannelDefaults
- Consortium: {{channel.consortium}}
-{% endif %}
- Application:
- <<: *ApplicationDefaults
- Organizations:
-{% for org in channel.participants %}
- - *{{org.name}}Org
-{% endfor %}
-{% if '2.5' in network.version %}
- Capabilities: *ApplicationCapabilities
-{% endif %}
-{% endfor %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxinit_default.tpl b/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxinit_default.tpl
deleted file mode 100644
index 9d3948012f47..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/configtx/templates/configtxinit_default.tpl
+++ /dev/null
@@ -1,73 +0,0 @@
----
-Capabilities:
-{% if '2.' in network.version %}
- Channel: &ChannelCapabilities
- V2_0: true
- Orderer: &OrdererCapabilities
- V2_0: true
- Application: &ApplicationCapabilities
-{% if '2.5' in network.version %}
- V2_5: true
-{% else %}
- V2_0: true
-{% endif %}
-{% endif %}
-{% if '1.4' in network.version %}
-{% if consensus.name == 'kafka' %}
- Global: &ChannelCapabilities
- V1_1: true
- Orderer: &OrdererCapabilities
- V1_1: true
- Application: &ApplicationCapabilities
- V1_1: true
-{% endif %}
-{% if consensus.name == 'raft' %}
- Global: &ChannelCapabilities
- V1_4_3: true
- Orderer: &OrdererCapabilities
- V1_4_2: true
- Application: &ApplicationCapabilities
- V1_4_2: true
-{% endif %}
-{% endif %}
-
-Application: &ApplicationDefaults
- Organizations:
-{% if '2.' in network.version %}
- Policies: &ApplicationDefaultPolicies
- LifecycleEndorsement:
- Type: ImplicitMeta
- Rule: "MAJORITY Endorsement"
- Endorsement:
- Type: ImplicitMeta
- Rule: "MAJORITY Endorsement"
- Readers:
- Type: ImplicitMeta
- Rule: "ANY Readers"
- Writers:
- Type: ImplicitMeta
- Rule: "ANY Writers"
- Admins:
- Type: ImplicitMeta
- Rule: "MAJORITY Admins"
-{% endif %}
- Capabilities:
- <<: *ApplicationCapabilities
-
-Channel: &ChannelDefaults
-{% if '2.' in network.version %}
- Policies:
- Readers:
- Type: ImplicitMeta
- Rule: "ANY Readers"
- Writers:
- Type: ImplicitMeta
- Rule: "ANY Writers"
- Admins:
- Type: ImplicitMeta
- Rule: "MAJORITY Admins"
-{% endif %}
- Capabilities:
- <<: *ChannelCapabilities
-
-Organizations:
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/tasks/main.yaml
deleted file mode 100644
index 31595836185b..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/tasks/main.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates the generate_crypto.sh script for orderers and organizations.
-#############################################################################################
-
-# Create the build directory if it does not exist
-- name: Create build directory if it does not exist
- file:
- path: "./build"
- state: directory
-
-# Create the generate_crypto.sh file for orderers
-- name: Create generate_crypto script file for orderers
- template:
- src: "orderer_script.tpl"
- dest: "./build/generate-crypto-{{ component_name }}-{{ peer_name }}.sh"
- vars:
- component_name: "{{ item.name | lower }}"
- component_ns: "{{ item.name | lower }}-net"
- component_country: "{{ item.country }}"
- component_subject: "{{ item.subject }}"
- component_state: "{{ item.state }}"
- component_location: "{{ item.location }}"
- ca_url: "{{ item.ca_data.url }}"
- peer_name: "{{ orderer.name }}"
- proxy: "{{ network.env.proxy }}"
- loop: "{{ orderers }}"
- loop_control:
- loop_var: orderer
- when: component_type == 'orderer'
-
-# Create the generate-crypto-{{ component_name }}.sh file for orderer organizations
-- name: Create generate_crypto script file for orderer organisation
- template:
- src: "orderer_organisation_script.tpl"
- dest: "./build/generate-crypto-{{ component_name }}.sh"
- vars:
- component_name: "{{ item.name | lower }}"
- component_ns: "{{ item.name | lower }}-net"
- component_subject: "{{ item.subject }}"
- component_country: "{{ item.country }}"
- component_state: "{{ item.state }}"
- component_location: "{{ item.location }}"
- ca_url: "{{ item.ca_data.url }}"
- proxy: "{{ network.env.proxy }}"
- when: component_type == 'orderer'
-
-# Create the generate_crypto.sh file for organizations
-- name: Create generate_crypto script file for organisations
- template:
- src: "organisation_script.tpl"
- dest: "./build/generate-crypto-{{ component_name }}.sh"
- vars:
- component_name: "{{ item.name | lower }}"
- component_ns: "{{ item.name | lower }}-net"
- component_subject: "{{ item.subject }}"
- component_country: "{{ item.country }}"
- component_state: "{{ item.state }}"
- component_location: "{{ item.location }}"
- ca_url: "{{ item.ca_data.url }}"
- peer_count: "{{ item.services.peers | length }}"
- proxy: "{{ network.env.proxy }}"
- when: component_type == 'peer'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_organisation_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_organisation_script.tpl
deleted file mode 100644
index 31ad7014d99b..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_organisation_script.tpl
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-set -x
-
-CURRENT_DIR=${PWD}
-FULLY_QUALIFIED_ORG_NAME="{{ component_ns }}"
-EXTERNAL_URL_SUFFIX="{{ item.external_url_suffix }}"
-ALTERNATIVE_ORG_NAMES=("{{ item.external_url_suffix }}")
-ORG_NAME="{{ component_name }}"
-SUBJECT="C={{ component_country }},ST={{ component_state }},L={{ component_location }},O={{ component_name }}"
-SUBJECT_PEER="{{ component_subject }}"
-CA="{{ ca_url }}"
-CA_ADMIN_USER="${ORG_NAME}-admin"
-CA_ADMIN_PASS="${ORG_NAME}-adminpw"
-
-ORG_ADMIN_USER="Admin@${FULLY_QUALIFIED_ORG_NAME}"
-ORG_ADMIN_PASS="Admin@${FULLY_QUALIFIED_ORG_NAME}-pw"
-
-ORG_CYPTO_FOLDER="/crypto-config/ordererOrganizations/${FULLY_QUALIFIED_ORG_NAME}"
-
-ROOT_TLS_CERT="/crypto-config/ordererOrganizations/${FULLY_QUALIFIED_ORG_NAME}/ca/ca.${FULLY_QUALIFIED_ORG_NAME}-cert.pem"
-
-CAS_FOLDER="${HOME}/ca-tools/cas/ca-${ORG_NAME}"
-ORG_HOME="${HOME}/ca-tools/${ORG_NAME}"
-
-## Enroll CA administrator for Org. This user will be used to create other identities
-fabric-ca-client enroll -d -u https://${CA_ADMIN_USER}:${CA_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER} --csr.names "${SUBJECT_PEER}"
-
-## Get the CA cert and store in Org MSP folder
-fabric-ca-client getcacert -d -u https://${CA} --tls.certfiles ${ROOT_TLS_CERT} -M ${ORG_CYPTO_FOLDER}/msp
-
-if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
-fi
-mkdir ${ORG_CYPTO_FOLDER}/msp/tlscacerts
-cp ${ORG_CYPTO_FOLDER}/msp/cacerts/* ${ORG_CYPTO_FOLDER}/msp/tlscacerts
-
-## Register and enroll admin for Org and populate admincerts for MSP
-fabric-ca-client register -d --id.name ${ORG_ADMIN_USER} --id.secret ${ORG_ADMIN_PASS} --id.type admin --csr.names "${SUBJECT_PEER}" --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.AffiliationMgr=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
-
-fabric-ca-client enroll -d -u https://${ORG_ADMIN_USER}:${ORG_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/admin --csr.names "${SUBJECT_PEER}"
-
-mkdir -p ${ORG_CYPTO_FOLDER}/msp/admincerts
-cp ${ORG_HOME}/admin/msp/signcerts/* ${ORG_CYPTO_FOLDER}/msp/admincerts/${ORG_ADMIN_USER}-cert.pem
-
-mkdir ${ORG_HOME}/admin/msp/admincerts
-cp ${ORG_HOME}/admin/msp/signcerts/* ${ORG_HOME}/admin/msp/admincerts/${ORG_ADMIN_USER}-cert.pem
-
-mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}
-cp -R ${ORG_HOME}/admin/msp ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}
-
-if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
-fi
-
-# Get TLS cert for admin and copy to appropriate location
-fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_ADMIN_USER}:${ORG_ADMIN_PASS}@${CA} -M ${ORG_HOME}/admin/tls --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
-# Copy the TLS key and cert to the appropriate place
-mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls
-cp ${ORG_HOME}/admin/tls/keystore/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/client.key
-cp ${ORG_HOME}/admin/tls/signcerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/client.crt
-cp ${ORG_HOME}/admin/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/ca.crt
-
-cd ${CURRENT_DIR}
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_script.tpl
deleted file mode 100644
index 90be7a7afed6..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/orderer_script.tpl
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/bash
-
-set -x
-
-CURRENT_DIR=${PWD}
-FULLY_QUALIFIED_ORG_NAME="{{ component_ns }}"
-EXTERNAL_URL_SUFFIX="{{ item.external_url_suffix }}"
-ALTERNATIVE_ORG_NAMES=("{{ item.external_url_suffix }}")
-ORG_NAME="{{ component_name }}"
-SUBJECT="C={{ component_country }},ST={{ component_state }},L={{ component_location }},O={{ component_name }}"
-SUBJECT_PEER="{{ component_subject }}"
-CA="{{ ca_url }}"
-CA_ADMIN_USER="${ORG_NAME}-admin"
-CA_ADMIN_PASS="${ORG_NAME}-adminpw"
-
-ORG_ADMIN_USER="Admin@${FULLY_QUALIFIED_ORG_NAME}"
-ORG_ADMIN_PASS="Admin@${FULLY_QUALIFIED_ORG_NAME}-pw"
-
-ORG_CYPTO_FOLDER="/crypto-config/ordererOrganizations/${FULLY_QUALIFIED_ORG_NAME}"
-
-ROOT_TLS_CERT="/crypto-config/ordererOrganizations/${FULLY_QUALIFIED_ORG_NAME}/ca/ca.${FULLY_QUALIFIED_ORG_NAME}-cert.pem"
-
-CAS_FOLDER="${HOME}/ca-tools/cas/ca-${ORG_NAME}"
-ORG_HOME="${HOME}/ca-tools/${ORG_NAME}"
-
-## Register and enroll node and populate its MSP folder
-PEER="{{ peer_name }}.${FULLY_QUALIFIED_ORG_NAME}"
-CSR_HOSTS=${PEER}
-for i in "${ALTERNATIVE_ORG_NAMES[@]}"
-do
- CSR_HOSTS="${CSR_HOSTS},{{ peer_name }}.${i}"
-done
-echo "Registering and enrolling $PEER with csr hosts ${CSR_HOSTS}"
-
-
-# Register the peer
-fabric-ca-client register -d --id.name ${PEER} --id.secret ${PEER}-pw --id.type orderer --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
-
-# Enroll to get peers TLS cert
-fabric-ca-client enroll -d --enrollment.profile tls -u https://${PEER}:${PEER}-pw@${CA} -M ${ORG_HOME}/cas/orderers/tls --csr.hosts "${CSR_HOSTS}" --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
-# Copy the TLS key and cert to the appropriate place
-mkdir -p ${ORG_CYPTO_FOLDER}/orderers/${PEER}/tls
-cp ${ORG_HOME}/cas/orderers/tls/keystore/* ${ORG_CYPTO_FOLDER}/orderers/${PEER}/tls/server.key
-cp ${ORG_HOME}/cas/orderers/tls/signcerts/* ${ORG_CYPTO_FOLDER}/orderers/${PEER}/tls/server.crt
-cp ${ORG_HOME}/cas/orderers/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/orderers/${PEER}/tls/ca.crt
-
-rm -rf ${ORG_HOME}/cas/orderers/tls
-
-# Enroll again to get the peer's enrollment certificate (default profile)
-fabric-ca-client enroll -d -u https://${PEER}:${PEER}-pw@${CA} -M ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
-
-# Create the TLS CA directories of the MSP folder if they don't exist.
-mkdir ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/tlscacerts
-
-if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
-fi
-cp ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/cacerts/* ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/tlscacerts
-
-# Copy the peer org's admin cert into target MSP directory
-mkdir -p ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/admincerts
-
-cp ${ORG_CYPTO_FOLDER}/msp/admincerts/${ORG_ADMIN_USER}-cert.pem ${ORG_CYPTO_FOLDER}/orderers/${PEER}/msp/admincerts
-
-cd ${CURRENT_DIR}
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/organisation_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/organisation_script.tpl
deleted file mode 100644
index 1d7d0ecd89b8..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/crypto_script/templates/organisation_script.tpl
+++ /dev/null
@@ -1,112 +0,0 @@
-#!/bin/bash
-
-set -x
-
-CURRENT_DIR=${PWD}
-FULLY_QUALIFIED_ORG_NAME="{{ component_ns }}"
-ALTERNATIVE_ORG_NAMES=("{{ component_ns }}.svc.cluster.local" "{{ component_name }}.net" "{{ component_ns }}.{{ item.external_url_suffix }}")
-ORG_NAME="{{ component_name }}"
-EXTERNAL_URL_SUFFIX="{{ item.external_url_suffix }}"
-AFFILIATION="{{ component_name }}"
-SUBJECT="C={{ component_country }},ST={{ component_state }},L={{ component_location }},O={{ component_name }}"
-SUBJECT_PEER="{{ component_subject }}"
-CA="{{ ca_url }}"
-CA_ADMIN_USER="${ORG_NAME}-admin"
-CA_ADMIN_PASS="${ORG_NAME}-adminpw"
-
-ORG_ADMIN_USER="Admin@${FULLY_QUALIFIED_ORG_NAME}"
-ORG_ADMIN_PASS="Admin@${FULLY_QUALIFIED_ORG_NAME}-pw"
-
-ORG_CYPTO_FOLDER="/crypto-config/peerOrganizations/${FULLY_QUALIFIED_ORG_NAME}"
-
-ROOT_TLS_CERT="/crypto-config/peerOrganizations/${FULLY_QUALIFIED_ORG_NAME}/ca/ca.${FULLY_QUALIFIED_ORG_NAME}-cert.pem"
-
-CAS_FOLDER="${HOME}/ca-tools/cas/ca-${ORG_NAME}"
-ORG_HOME="${HOME}/ca-tools/${ORG_NAME}"
-
-NO_OF_PEERS={{ peer_count | e }}
-
-## Enroll CA administrator for Org. This user will be used to create other identities
-fabric-ca-client enroll -d -u https://${CA_ADMIN_USER}:${CA_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER} --csr.names "${SUBJECT_PEER}"
-
-## Get the CA cert and store in Org MSP folder
-fabric-ca-client getcacert -d -u https://${CA} --tls.certfiles ${ROOT_TLS_CERT} -M ${ORG_CYPTO_FOLDER}/msp
-
-if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
-fi
-mkdir ${ORG_CYPTO_FOLDER}/msp/tlscacerts
-cp ${ORG_CYPTO_FOLDER}/msp/cacerts/* ${ORG_CYPTO_FOLDER}/msp/tlscacerts
-
-# Add affiliation for organisation
-fabric-ca-client affiliation add ${AFFILIATION} -u https://${CA_ADMIN_USER}:${CA_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
-## Register and enroll admin for Org and populate admincerts for MSP
-fabric-ca-client register -d --id.name ${ORG_ADMIN_USER} --id.secret ${ORG_ADMIN_PASS} --id.type admin --csr.names "${SUBJECT_PEER}" --id.affiliation ${AFFILIATION} --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.AffiliationMgr=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
-
-fabric-ca-client enroll -d -u https://${ORG_ADMIN_USER}:${ORG_ADMIN_PASS}@${CA} --id.affiliation ${AFFILIATION} --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/admin --csr.names "${SUBJECT_PEER}"
-
-mkdir -p ${ORG_CYPTO_FOLDER}/msp/admincerts
-cp ${ORG_HOME}/admin/msp/signcerts/* ${ORG_CYPTO_FOLDER}/msp/admincerts/${ORG_ADMIN_USER}-cert.pem
-
-mkdir ${ORG_HOME}/admin/msp/admincerts
-cp ${ORG_HOME}/admin/msp/signcerts/* ${ORG_HOME}/admin/msp/admincerts/${ORG_ADMIN_USER}-cert.pem
-
-mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}
-cp -R ${ORG_HOME}/admin/msp ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}
-
-if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
-fi
-
-# Get TLS cert for admin and copy to appropriate location
-fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_ADMIN_USER}:${ORG_ADMIN_PASS}@${CA} -M ${ORG_HOME}/admin/tls --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
-# Copy the TLS key and cert to the appropriate place
-mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls
-cp ${ORG_HOME}/admin/tls/keystore/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/client.key
-cp ${ORG_HOME}/admin/tls/signcerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/client.crt
-cp ${ORG_HOME}/admin/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_ADMIN_USER}/tls/ca.crt
-
-## Register and enroll peers and populate their MSP folder
-COUNTER=0
-while [ ${COUNTER} -lt ${NO_OF_PEERS} ]; do
- PEER="peer${COUNTER}.${FULLY_QUALIFIED_ORG_NAME}"
- CSR_HOSTS=${PEER}
- for i in "${ALTERNATIVE_ORG_NAMES[@]}"
- do
- CSR_HOSTS="${CSR_HOSTS},peer${COUNTER}.${i}"
- done
- echo "Registering and enrolling $PEER with csr hosts ${CSR_HOSTS}"
-
- # Register the peer
- fabric-ca-client register -d --id.name ${PEER} --id.secret ${PEER}-pw --id.type peer --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
-
- # Enroll to get peers TLS cert
- fabric-ca-client enroll -d --enrollment.profile tls -u https://${PEER}:${PEER}-pw@${CA} -M ${ORG_HOME}/cas/peers/tls --csr.hosts "${CSR_HOSTS}" --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
- # Copy the TLS key and cert to the appropriate place
- mkdir -p ${ORG_CYPTO_FOLDER}/peers/${PEER}/tls
- cp ${ORG_HOME}/cas/peers/tls/keystore/* ${ORG_CYPTO_FOLDER}/peers/${PEER}/tls/server.key
- cp ${ORG_HOME}/cas/peers/tls/signcerts/* ${ORG_CYPTO_FOLDER}/peers/${PEER}/tls/server.crt
- cp ${ORG_HOME}/cas/peers/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/peers/${PEER}/tls/ca.crt
-
- rm -rf ${ORG_HOME}/cas/peers/tls
-
- # Enroll again to get the peer's enrollment certificate (default profile)
- fabric-ca-client enroll -d -u https://${PEER}:${PEER}-pw@${CA} -M ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp --tls.certfiles ${ROOT_TLS_CERT} --csr.names "${SUBJECT_PEER}"
-
- # Create the TLS CA directories of the MSP folder if they don't exist.
- mkdir -p ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/tlscacerts
-
- # Copy the peer org's admin cert into target MSP directory
- mkdir -p ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/admincerts
- if [ "{{ proxy }}" != "none" ]; then
- mv ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/cacerts/*.pem ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/cacerts/ca-${FULLY_QUALIFIED_ORG_NAME}-${EXTERNAL_URL_SUFFIX}.pem
- fi
- cp ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/cacerts/* ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/tlscacerts
- cp ${ORG_CYPTO_FOLDER}/msp/admincerts/${ORG_ADMIN_USER}-cert.pem ${ORG_CYPTO_FOLDER}/peers/${PEER}/msp/admincerts
-
- let COUNTER=COUNTER+1
-done
-
-cd ${CURRENT_DIR}
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_certificates.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_certificates.yaml
new file mode 100644
index 000000000000..37468b01d95a
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_certificates.yaml
@@ -0,0 +1,24 @@
+# Fetch peer msp config
+- name: Fetch peer msp config
+ include_tasks: get_peer_msp_config.yaml
+ vars:
+ peer_name: "{{ peer.name }}"
+ loop: "{{ peers }}"
+ loop_control:
+ loop_var: peer
+
+# Get admin msp certificates from secret
+- name: Get admin msp certificates from secret
+ kubernetes.core.k8s_info:
+ kubeconfig: "{{ org.k8s.config_file }}"
+ kind: Secret
+ name: "admin-msp"
+ namespace: "{{ org_name }}-net"
+ register: msp_cert_data
+
+- name: Save admin-msp cert locally for genesis
+ copy:
+ content: "{{ msp_cert_data.resources[0] | to_nice_json }}"
+ dest: "{{ files_loc }}/{{ org_name }}.json"
+ vars:
+ files_loc: "{{ playbook_dir }}/../../../{{ charts_dir }}/fabric-genesis/files"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel.yaml
new file mode 100644
index 000000000000..a91da27fcf9d
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel.yaml
@@ -0,0 +1,13 @@
+# Set Variable channel_name_value
+- name: Set Variable channel_name_value1
+ include_tasks: valuefile.yaml
+ loop: "{{ channel.orderers }}"
+ loop_control:
+ loop_var: ord_org
+ when:
+ - ord_org == org.name and ('2.2.' in network.version or '1.4.' in network.version)
+
+# Set Variable channel_name_value
+- name: Set Variable channel_name_value2
+ include_tasks: valuefile.yaml
+ when: channel.osn_creator_org.name == org.name and '2.5.' in network.version
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml
new file mode 100644
index 000000000000..8047ee8bf285
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml
@@ -0,0 +1,13 @@
+# Set Variable channel_name_value
+- name: Set Variable channel_name_value
+ include_tasks: valuefile.yaml
+ loop: "{{ channel.orderers }}"
+ loop_control:
+ loop_var: ord_org
+ when:
+ - ord_org == org.name and ('2.2.' in network.version or '1.4.' in network.version)
+
+# Set Variable channel_name_value
+- name: Set Variable channel_name_value
+ include_tasks: valuefile.yaml
+ when: channel.osn_creator_org.name == org.name and '2.5.' in network.version
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_peer_msp_config.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_peer_msp_config.yaml
new file mode 100644
index 000000000000..34d26c9f9a65
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_peer_msp_config.yaml
@@ -0,0 +1,21 @@
+# Get config file from configmap
+- name: Get config file from config map
+ kubernetes.core.k8s_info:
+ kubeconfig: "{{ org.k8s.config_file }}"
+ kind: ConfigMap
+ name: "{{ peer_name }}-msp-config"
+ namespace: "{{ org_name }}-net"
+ register: config_file_data
+
+# Create the certs directory if it does not exist
+- name: Create the certs directory if it does not exist
+ file:
+ path: "{{ playbook_dir }}/../../../{{ charts_dir }}/fabric-genesis/files"
+ state: directory
+
+- name: Save config peer msp config locally for genesis
+ copy:
+ content: "{{ config_file_data.resources[0] | to_nice_json }}"
+ dest: "{{ files_loc }}/{{ org_name }}-config-file.json"
+ vars:
+ files_loc: "{{ playbook_dir }}/../../../{{ charts_dir }}/fabric-genesis/files"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
index b53f2d5bdd37..0f124120a461 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
@@ -5,52 +5,25 @@
##############################################################################################
############################################################################################
-# Create the channel-artifacts folder
-- name: "Creating channel-artifacts folder"
- file:
- path: "{{ build_path }}/channel-artifacts"
- state: directory
-
-# Set Variable channel_name
-- name: "Set Variable channel_name"
- set_fact:
- channel_name: "{{ sys_channel_name }}"
- when: add_new_org == 'false' and ('2.2.' in network.version or '1.4.' in network.version)
-
-# Set Variable channel_name
-- name: "Set Variable channel_name"
- set_fact:
- channel_name: "{{ item.channel_name | lower }}"
- when: add_new_org == 'false' and '2.5.' in network.version
-
-# Remove old genesis block
-- name: Remove old genesis block
- file:
- path: "{{ build_path }}/channel-artifacts/{{ channel_name }}.genesis.block"
- state: absent
-
-# Create the genesis block by consuming the configtx.yaml file
-- name: "Create genesis block"
- shell: |
- cd {{ build_path }}
- {% if '2.5' in network.version %}
- ./configtxgen -profile {{ genesis.name }} -channelID {{ channel_name }} -outputBlock ./channel-artifacts/{{ channel_name }}.genesis.block
- {% elif '2.2' in network.version %}
- ./configtxgen -profile {{ genesis.name }} -channelID {{ sys_channel_name }} -outputBlock ./channel-artifacts/{{ channel_name }}.genesis.block
- {% else %}
- ./configtxgen -profile {{ genesis.name }} -channelID {{ sys_channel_name }} -outputBlock ./channel-artifacts/{{ channel_name }}.genesis.block
- {% endif %}
- cat ./channel-artifacts/{{ channel_name }}.genesis.block | base64 > ./channel-artifacts/{{ channel_name }}.genesis.block.base64
- when: add_new_org == 'false'
-
-# Write genesis block to Vault
-- name: "Write genesis block to Vault"
- shell: |
- vault kv put {{ org.vault.secret_path | default('secretsv2') }}/{{ org.name | lower }}/ordererOrganizations/{{ org.name }}-net/{{ channel_name }} {{ network.env.type }}GenesisBlock=@{{build_path}}/channel-artifacts/{{ channel_name }}.genesis.block.base64
- environment:
- VAULT_ADDR: "{{ org.vault.url }}"
- VAULT_TOKEN: "{{ org.vault.root_token }}"
+# Fetch peers cetificates
+- name: Fetch peers cetificates
+ include_tasks: get_certificates.yaml
+ vars:
+ charts_dir: "{{ organization.gitops.chart_source }}"
+ org_name: "{{ organization.name | lower }}"
+ peers: "{{ organization.services.peers }}"
loop: "{{ network['organizations'] }}"
loop_control:
- loop_var: org
- when: add_new_org == 'false' and org.type == "orderer"
+ loop_var: organization
+ when:
+ - organization.services.peers is defined and organization.services.peers | length > 0
+ - organization.name != org.name
+
+# Get channel_name
+- name: Get channel_name
+ include_tasks: get_channel_creator.yaml
+ vars:
+ channel_orgs: "{{ channel.orderers}}"
+ loop: "{{ network['channels'] }}"
+ loop_control:
+ loop_var: channel
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml
new file mode 100644
index 000000000000..8a64438aa55c
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml
@@ -0,0 +1,23 @@
+# Create Value files for Genesis
+- name: Create Value files for Genesis
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component"
+ vars:
+ name: "{{ org.name | lower }}"
+ component_ns: "{{ org.name | lower }}-net"
+ component_name: "genesis"
+ consensus: "{{ network.consensus }}"
+ type: "fabric_genesis"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
+
+# Git Push: Push the above generated files to git directory
+- name: Git Push
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
+ vars:
+ GIT_DIR: "{{ playbook_dir }}/../../../"
+ gitops: "{{ org.gitops }}"
+ msg: "[ci skip] Pushing Genesis files"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/k8s_secrets/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/k8s_secrets/tasks/main.yaml
deleted file mode 100644
index 6d843717a6c4..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/create/k8s_secrets/tasks/main.yaml
+++ /dev/null
@@ -1,106 +0,0 @@
-##############################################################################################
-# Copyright Accenture. All Rights Reserved.
-#
-# SPDX-License-Identifier: Apache-2.0
-##############################################################################################
-
-#############################################################################################
-# This role creates the secrets and docker credentials
-#############################################################################################
-
-# Check if root token secret exist of every organization in their namespace
-- name: Check if root token exists in the namespace
- k8s_info:
- kind: Secret
- namespace: "{{ namespace }}"
- name: "roottoken"
- kubeconfig: "{{ kubernetes.config_file }}"
- context: "{{ kubernetes.context }}"
- register: root_token_secret
- when: check == "token_secret"
-
-# Put root token of every organization in their namespace
-- name: Put root token of every organization
- k8s:
- definition:
- apiVersion: v1
- kind: Secret
- metadata:
- name: "roottoken"
- namespace: "{{ namespace }}"
- stringData:
- config.yaml: |-
- token: "{{ vault.root_token }}"
- state: present
- kubeconfig: "{{ kubernetes.config_file }}"
- context: "{{ kubernetes.context }}"
- when: check == "token_secret" and root_token_secret.resources|length == 0
-
-# Check if Docker credentials exist already
-- name: "Checking if the docker credentials already exists"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
- vars:
- check: "docker_credentials"
- register: get_regcred
- when: check == "docker_credentials"
-
-# Set a variable
-- set_fact:
- auth: "{{network.docker.username}}:{{network.docker.password}}"
- when: check == "docker_credentials" and get_regcred.resources|length == 0
-
-# Set a variable
-- set_fact:
- auth_64: "{{auth | b64encode}}"
- when: check == "docker_credentials" and get_regcred.resources|length == 0
-
-# Set a variable
-- set_fact:
- dockerconfigjson: "{\"auths\":{\"{{network.docker.url}}\":{\"username\":\"{{network.docker.username}}\",\"password\":\"{{network.docker.password}}\",\"email\":\"test@abc.mail\",\"auth\":\"{{auth_64}}\"}}}"
- when: check == "docker_credentials" and get_regcred.resources|length == 0
-
-# Create the docker pull credentials for image registry
-- name: Create the docker pull credentials
- k8s:
- definition:
- apiVersion: v1
- kind: Secret
- metadata:
- name: "regcred"
- namespace: "{{ namespace }}"
- type: kubernetes.io/dockerconfigjson
- data:
- .dockerconfigjson: "{{ dockerconfigjson | to_json | b64encode }}"
- state: present
- kubeconfig: "{{ kubernetes.config_file }}"
- context: "{{ kubernetes.context }}"
- when: check == "docker_credentials" and get_regcred.resources|length == 0
-
-# Check if endorser certs secret exists in the namespace
-- name: Check if endorser certs secret exists in the namespace
- k8s_info:
- kind: Secret
- namespace: "{{ namespace }}"
- name: "{{ org_name }}-endorser-cert"
- kubeconfig: "{{ kubernetes.config_file }}"
- context: "{{ kubernetes.context }}"
- register: endorser_certs_secret
- when: check == "endorser_certs"
-
-# Create endorser certs secret exists in the namespace
-- name: Create endorser certs secret exists in the namespace
- k8s:
- definition:
- apiVersion: v1
- kind: Secret
- metadata:
- name: "{{ org_name }}-endorser-cert"
- namespace: "{{ namespace }}"
- stringData:
- config.yaml: |-
- certificate: "{{ cert }}"
- state: present
- kubeconfig: "{{ kubernetes.config_file }}"
- context: "{{ kubernetes.context }}"
- when: check == "endorser_certs" and endorser_certs_secret.resources|length == 0
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/namespace/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/namespace/tasks/main.yaml
index aa8e6565909f..3f4a15a6dfee 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/namespace/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/namespace/tasks/main.yaml
@@ -9,12 +9,12 @@
#############################################################################################
# Check if namespace created
-- name: "Checking if the namespace {{ item.name | lower }}-net already exists"
+- name: "Checking if the namespace {{ org.name | lower }}-net already exists"
include_role:
name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
vars:
component_type: "Namespace"
- component_name: "{{ item.name | lower }}-net"
+ component_name: "{{ org.name | lower }}-net"
type: "no_retry"
register: get_namespace
tags:
@@ -39,7 +39,7 @@
name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
vars:
GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
+ gitops: "{{ org.gitops }}"
msg: "[ci skip] Pushing deployment files for namespace, service accounts and clusterrolebinding"
tags:
- notest
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/get_channel.yaml b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/get_channel.yaml
new file mode 100644
index 000000000000..e0de6087d02b
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/get_channel.yaml
@@ -0,0 +1,8 @@
+# Set Variable channel_name_value
+- name: Set Variable channel_name_value
+ set_fact:
+ channel_name_value: "{{ channel.channel_name | lower }}"
+ loop: "{{ channel.orderers }}"
+ loop_control:
+ loop_var: ord_org
+ when: ord_org == org.name
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
index 8143decf7365..ffd9e9455ed3 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
@@ -8,16 +8,22 @@
# This role creates value file for zkKafka and orderer
#############################################################################################
-# Fetch the genesis block from vault to the build directory
-- name: Fetch the genesis block from vault
- shell: |
- vault kv get -field={{ network.env.type }}GenesisBlock {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ item.name | lower }}-net > {{ sys_channel_name}}.genesis.block.base64
- mkdir -p ./build/channel-artifacts
- mv {{ sys_channel_name}}.genesis.block.base64 ./build/channel-artifacts/
- environment:
- VAULT_ADDR: "{{ vault.url }}"
- VAULT_TOKEN: "{{ vault.root_token }}"
- when: refresh_cert is defined and refresh_cert == 'true'
+# Check if CA server is available
+- name: "waiting for the CA server to be created in {{ org.name | lower }}-net"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_type: "Pod"
+ namespace: "{{ org.name | lower }}-net"
+ component_name: "{{ component_services.ca.name }}"
+ label_selectors:
+ - app = {{ component_name }}
+ when: add_peer is not defined or add_peer != 'true'
+
+# Set Variable first_orderer
+- name: "Set Variable first_orderer"
+ set_fact:
+ first_orderer: "{{ component_services.orderers | map(attribute='name') | first }}"
# Reset peers pods
- name: "Reset peers pods"
@@ -25,12 +31,12 @@
name: create/refresh_certs/reset_pod
vars:
pod_name: "{{ orderer.name | lower }}"
- name: "{{ item.name | lower }}"
- file_path: "{{ values_dir }}/orderer/{{ orderer.name | lower }}-{{ item.name | lower }}.yaml"
- gitops_value: "{{ item.gitops }}"
+ name: "{{ org.name | lower }}"
+ file_path: "{{ values_dir }}/orderer/{{ orderer.name | lower }}-{{ org.name | lower }}.yaml"
+ gitops_value: "{{ org.gitops }}"
component_ns: "{{ namespace }}"
- kubernetes: "{{ item.k8s }}"
- hr_name: "{{ item.name | lower }}-{{ orderer.name }}"
+ kubernetes: "{{ org.k8s }}"
+ hr_name: "{{ org.name | lower }}-{{ orderer.name }}"
loop: "{{ component_services.orderers }}"
loop_control:
loop_var: orderer
@@ -42,7 +48,7 @@
name: helm_component
vars:
name: "orderer"
- org_name: "{{ item.name | lower }}"
+ org_name: "{{ org.name | lower }}"
sc_name: "{{ org_name }}-bevel-storageclass"
component_name: "zkkafka"
type: "zkkafka"
@@ -55,36 +61,18 @@
name: helm_component
vars:
name: "orderer"
- org_name: "{{ item.name | lower }}"
- sc_name: "{{ org_name }}-bevel-storageclass"
- component_name: "{{ orderer.name }}-{{ org_name }}"
+ org_name: "{{ org.name | lower }}"
+ component_name: "{{ orderer.name | lower }}"
type: "orderers"
consensus: "{{component_services.consensus}}"
- genesis: "{{ lookup('file', '{{ build_path }}/channel-artifacts/{{ sys_channel_name }}.genesis.block.base64') }}"
+ component_subject: "{{ org.subject | quote }}"
+ create_configmaps: "{{ true if first_orderer == orderer.name else false }}"
loop: "{{ component_services.orderers }}"
loop_control:
loop_var: orderer
when:
- component_services.orderers is defined and component_services.consensus is defined
- - (orderer.status is not defined or orderer.status == 'new') and '2.5.' not in network.version
-
-# Create the value file for the Orderers as per requirements mentioned in network.yaml
-- name: "create orderers"
- include_role:
- name: helm_component
- vars:
- name: "orderer"
- org_name: "{{ item.name | lower }}"
- sc_name: "{{ org_name }}-bevel-storageclass"
- component_name: "{{ orderer.name }}-{{ org_name }}"
- type: "orderers"
- consensus: "{{component_services.consensus}}"
- loop: "{{ component_services.orderers }}"
- loop_control:
- loop_var: orderer
- when:
- - component_services.orderers is defined and component_services.consensus is defined
- - (orderer.status is not defined or orderer.status == 'new') and '2.5.' in network.version
+ - orderer.status is not defined or orderer.status == 'new'
# Git Push: Push the above generated files to git directory
- name: Git Push
@@ -92,7 +80,37 @@
name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
vars:
GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
+ gitops: "{{ org.gitops }}"
msg: "[ci skip] Pushing Orderer files"
tags:
- notest
+
+# Wait for key certs exists in vault.
+- name: Wait for CA key exists in vault
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
+ vars:
+ vault_field: "rootca_key"
+ vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/ca"
+ check: "crypto_materials"
+
+# Wait for admin tls exists in vault.
+- name: Wait for admin tls exists in vault.
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
+ vars:
+ vault_field: "client_key"
+ vault_path: "{{ vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/admin-tls"
+ check: "crypto_materials"
+
+# Wait for orderers tls exists in vault.
+- name: Wait for orderers tls exists in vault.
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/setup"
+ vars:
+ vault_field: "server_key"
+ vault_path: "{{ vault.secret_path | default('secretv2') }}/{{ network.env.type }}{{ org_name }}/orderers/{{ orderer.name }}-tls"
+ check: "crypto_materials"
+ loop: "{{ org.services.orderers }}"
+ loop_control:
+ loop_var: orderer
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml
index 70916bc512ea..9cafa57600a3 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml
@@ -22,17 +22,22 @@
name: create/refresh_certs/reset_pod
vars:
pod_name: "{{ peer.name | lower }}"
- name: "{{ item.name | lower }}"
+ name: "{{ org.name | lower }}"
file_path: "{{ values_dir }}/{{ name }}/values-{{ peer.name }}.yaml"
- gitops_value: "{{ item.gitops }}"
+ gitops_value: "{{ org.gitops }}"
component_ns: "{{ namespace }}"
- kubernetes: "{{ item.k8s }}"
- hr_name: "{{ item.name | lower }}-{{ peer.name }}"
+ kubernetes: "{{ org.k8s }}"
+ hr_name: "{{ org.name | lower }}-{{ peer.name }}"
loop: "{{ component_services.peers }}"
loop_control:
loop_var: peer
when: (refresh_cert is defined and refresh_cert == 'true') or peer.configpath is defined
+# Set Variable first_orderer
+- name: "Set Variable first_peer"
+ set_fact:
+ first_peer: "{{ component_services.peers | map(attribute='name') | first }}"
+
# Create the value file for peers of organisations
- name: This role creates the value file for peers of organisations
include_tasks: nested_main.yaml
@@ -46,45 +51,21 @@
name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
vars:
GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
+ gitops: "{{ org.gitops }}"
msg: "[ci skip] Pushing Peer files"
- tags:
- - notest
-
-# Wait for the peer HelmRelease
-- name: 'Wait for {{ peer.name }} HelmRelease in {{ namespace }}'
- k8s_info:
- api_version: "helm.toolkit.fluxcd.io/v2beta1"
- kind: "HelmRelease"
- namespace: "{{ item.name | lower }}-net"
- kubeconfig: "{{ item.k8s.config_file }}"
- context: "{{ item.k8s.context }}"
- name: "{{ item.name | lower }}-{{ peer.name }}"
- field_selectors:
- - status.conditions=Ready
- register: component_data
- retries: "{{ network.env.retry_count}}"
- delay: 30
- until: component_data.resources|length > 0
- loop: "{{ component_services.peers }}"
- loop_control:
- loop_var: peer
- when: (refresh_cert is defined and refresh_cert == 'true') or peer.configpath is defined
# Wait for peer pods to be in the state of running
-- name: "Waiting for peer pod {{ peer.name }} in {{ item.name | lower }}-net"
+- name: "Waiting for peer pod {{ peer.name }} in {{ org.name | lower }}-net"
include_role:
name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
vars:
component_type: "Pod"
- namespace: "{{ item.name | lower }}-net"
+ namespace: "{{ org.name | lower }}-net"
component_name: "{{ peer.name }}"
- kubernetes: "{{ item.k8s }}"
+ kubernetes: "{{ org.k8s }}"
label_selectors:
- app = {{ component_name }}
loop: "{{ component_services.peers }}"
loop_control:
loop_var: peer
when: peer.peerstatus is not defined or peer.peerstatus == 'new'
- tags:
- - notest
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
index e72388ae9b81..36631bf2fd10 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
@@ -1,47 +1,88 @@
-# Remove existing value file for peer -- change to not use shell
+# Remove existing value file for peer
- name: Remove existing value file for {{ peer.name }}
shell: |
- rm -f {{ values_dir }}/{{ item.name | lower }}/values-{{ peer.name }}.yaml
+ rm -f {{ values_dir }}/{{ org.name | lower }}/values-{{ peer.name }}.yaml
when:
- add_peer is not defined or add_peer == 'false'
+# Create the certs directory if it does not exist
+- name: Create the certs directory if it does not exist
+ file:
+ path: "{{playbook_dir}}/../../../{{ charts_dir }}/fabric-peernode/files"
+ state: directory
+
+# Remove existing core.yaml for peer
+- name: Remove existing core.yaml for {{ peer.name }}
+ shell: |
+ rm -f {{playbook_dir}}/../../../{{ charts_dir }}/fabric-peernode/files/core.yaml
+
# Fetch the custom core.yaml
- name: Fetch the custom core.yaml
shell: |
- cat {{ peer.configpath }} | base64 > {{ playbook_dir }}/build/{{ peer.name }}_{{ item.name | lower }}_core.yaml.base64
+ cat {{ peer.configpath }} > {{playbook_dir}}/../../../{{ charts_dir }}/fabric-peernode/files/core.yaml
register: core_yaml_file
when:
- peer.configpath is defined
+# Get orderer tls cacert from configmap
+- name: check crypto scripts already exists
+ kubernetes.core.k8s_info:
+ kubeconfig: "{{ kubernetes.config_file }}"
+ kind: ConfigMap
+ name: "crypto-scripts-cm"
+ namespace: "{{ org.name | lower }}-net"
+ register: crypto_scripts_data
+
+# Get orderer tls cacert from configmap
+- name: Get orderer tls cacert from config map
+ kubernetes.core.k8s_info:
+ kubeconfig: "{{ kubernetes.config_file }}"
+ kind: ConfigMap
+ name: "orderer-tls-cacert"
+ namespace: "{{ org.orderer_org | lower }}-net"
+ register: tls_cert_data
+ when: org.orderer_org != org.name
+
+- name: Create new ConfigMap with tls_cert_data
+ kubernetes.core.k8s:
+ kubeconfig: "{{ kubernetes.config_file }}"
+ definition:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: "orderer-tls-cacert"
+ namespace: "{{ org.name | lower }}-net"
+ data:
+ cacert: "{{ tls_cert_data.resources[0].data['cacert'] }}"
+ when: org.orderer_org != org.name
+
+# Set Variable sc_name
+- name: "Set Variable sc_name"
+ set_fact:
+ sc_name: "storage-{{ peer.name }}"
+
+- name: Get information about StorageClasses
+ kubernetes.core.k8s_info:
+ kind: StorageClass
+ api_version: storage.k8s.io/v1
+ namespace: default
+ register: storage_classes_info
+
# Create Value files for Organization Peers
- name: Create Value files for Organization Peers
include_role:
- name: helm_component
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component"
vars:
- name: "{{ item.name | lower }}"
- sc_name: "{{ name }}-bevel-storageclass"
+ name: "{{ org.name | lower }}"
type: "value_peer"
- component_name: values-{{ peer.name }}
- peer_name: "{{ peer.name }}"
- peer_ns: "{{ namespace }}"
- provider: "{{ network.env.proxy }}"
+ component_name: "{{ peer.name }}"
+ component_subject: "{{ org.subject }}"
+ component_ns: "{{ namespace }}"
+ provider: "{{ org.cloud_provider }}"
+ orderer: "{{ network.orderers | first }}"
+ user_list: "{{ org.users | default('') }}"
+ enabled_cli: "{{ true if peer.cli == 'enabled' else false }}"
+ sc_enabled: "{{ false if storage_classes_info.resources | selectattr('metadata.name', 'equalto', sc_name) | list else true }}"
+ create_configmaps: "{{ true if (first_peer == peer.name) and (crypto_scripts_data.resources | length == 0) else false }}"
when:
- peer.peerstatus is not defined or peer.peerstatus == 'new'
- - peer.configpath is not defined
-
-# Create Value files for Organization Peers - external
-- name: Create Value files for Organization Peers - external
- include_role:
- name: helm_component
- vars:
- name: "{{ item.name | lower }}"
- sc_name: "{{ name }}-bevel-storageclass"
- type: "value_peer"
- component_name: values-{{ peer.name }}
- peer_name: "{{ peer.name }}"
- peer_ns: "{{ namespace }}"
- provider: "{{ network.env.proxy }}"
- core_file: "{{ lookup('file', '{{ playbook_dir }}/build/{{ peer.name }}_{{ item.name | lower }}_core.yaml.base64') }}"
- when:
- - peer.peerstatus is not defined or peer.peerstatus == 'new'
- - peer.configpath is defined
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/secrets/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/secrets/tasks/main.yaml
new file mode 100644
index 000000000000..cc31dd73c32b
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/secrets/tasks/main.yaml
@@ -0,0 +1,32 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# Wait for namespace to be created by flux
+- name: "Wait for the namespace {{ component_ns }} to be created"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/k8_component"
+ vars:
+ component_type: "Namespace"
+ component_name: "{{ component_ns }}"
+ type: "retry"
+
+# Create the vault roottoken secret
+- name: "Create vault token secret"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+ vars:
+ namespace: "{{ component_ns }}"
+ check: "token_secret"
+
+# Create the docker pull credentials for image registry
+- name: "Create docker credentials secret"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/shared_k8s_secrets"
+ vars:
+ namespace: "{{ component_ns }}"
+ check: "docker_credentials"
+ when:
+ - network.docker.username is defined
diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/genesis/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/genesis/tasks/main.yaml
index 7250b3fe81df..68abdb3bfdaf 100644
--- a/platforms/hyperledger-fabric/configuration/roles/delete/genesis/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/delete/genesis/tasks/main.yaml
@@ -11,7 +11,11 @@
# Delete BASE 64 encoded genesis blocks for all channels
- name: Delete genesis block from Vault for syschannel
shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/{{ sys_channel_name }}
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ item.name | lower }}/channel-artifacts/syschannel-genesis
+ target_path={{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ item.name | lower }}/channel-artifacts;
+ for key in $(vault kv list -format=json "$target_path" | jq -r '.[]'); do
+ vault kv delete "$target_path/$key";
+ done
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
@@ -20,7 +24,11 @@
# Delete genesis block to Vault
- name: "Delete genesis block to Vault for app channel"
shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}//{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/{{ channel.channel_name | lower }}
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ item.name | lower }}/channel-artifacts/{{ channel.channel_name | lower }}-genesis
+ target_path={{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ item.name | lower }}/channel-artifacts;
+ for key in $(vault kv list -format=json "$target_path" | jq -r '.[]'); do
+ vault kv delete "$target_path/$key";
+ done
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml
index 6afb3d0adef6..284c784eeeb8 100644
--- a/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/tasks/main.yaml
@@ -39,19 +39,18 @@
# Delete crypto materials from vault
- name: Delete Crypto for orderers
shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/ca
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{orderer.name}}.{{ component_name }}/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/orderers/{{orderer.name}}.{{ component_name }}/msp
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/ordererOrganizations/{{ component_name }}/users/admin/msp
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/credentials/{{ component_name }}/ca/{{ org_name }}
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/ca
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/orderers/{{ orderer.name | lower }}-tls
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/orderers/{{ orderer.name | lower }}-msp
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/admin-tls
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/admin-msp
loop: "{{ services.orderers }}"
loop_control:
loop_var: orderer
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'orderer'
+ when: item.services.orderers is defined and item.services.orderers | length > 0
# Delete crypto materials from extternalchaincode
- name: Delete Crypto for peers
@@ -69,33 +68,26 @@
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'peer'
+ when:
+ - item.services.peers is defined and item.services.peers | length > 0
+ - peer.chaincodes is defined
# Delete crypto materials from vault
- name: Delete Crypto for peers
shell: |
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/ca
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/admin/msp
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/orderer/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/msp/config
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/ca
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/admin-tls
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/admin-msp
{% for peer in peers %}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/peers/{{peer.name}}.{{ component_name }}/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/peers/{{peer.name}}.{{ component_name }}/msp
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/peers/{{peer.name}}-tls
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/peers//{{peer.name}}-msp
{% endfor %}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/credentials/{{ component_name }}/ca/{{ org_name }}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/credentials/{{ component_name }}/couchdb/{{ org_name }}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/credentials/{{ component_name }}/git
- target_path={{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/endorsers/{{ org_name }}/users;
- for key in $(vault kv list -format=json "$target_path" | jq -r '.[]'); do
- vault kv delete "$target_path/$key/msp";
- done
vars:
peers: "{{ services.peers }}"
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'peer'
+ when: item.services.peers is defined and item.services.peers | length > 0
# Remove all endorsers
- name: Remove all endorsers
@@ -115,20 +107,17 @@
- name: Delete Crypto for users
shell: |
{% for user in users %}
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/{{ user.identity }}/tls
- vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users/{{ user.identity }}/msp
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/{{ user.identity }}-tls
+ vault kv delete {{ item.vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org_name }}/users/{{ user.identity }}-msp
{% endfor %}
- target_path={{ item.vault.secret_path | default('secret') }}/{{ item.name | lower }}/peerOrganizations/{{ component_name }}/users;
- for key in $(vault kv list -format=json "$target_path" | jq -r '.[]'); do
- vault kv delete "$target_path/$key/msp";
- vault kv delete "$target_path/$key/tls";
- done
vars:
users: "{{ item.users }}"
environment:
VAULT_ADDR: "{{ item.vault.url }}"
VAULT_TOKEN: "{{ item.vault.root_token }}"
- when: component_type == 'peer' and item.users is defined
+ when:
+ - item.services.peers is defined and item.services.peers | length > 0
+ - item.users is defined
# Delete policy
- name: Delete policy
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl
index 11f8a049a621..b8bb81fb7321 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-orderer.tpl
@@ -1,13 +1,13 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: {{ component_name }}-ca
- namespace: {{ component_name }}
+ name: {{ name }}
+ namespace: {{ component_ns }}
annotations:
fluxcd.io/automated: "false"
spec:
interval: 1m
- releaseName: {{ component_name }}-ca
+ releaseName: {{ name }}
chart:
spec:
interval: 1m
@@ -17,6 +17,58 @@ spec:
namespace: flux-{{ network.env.type }}
chart: {{ charts_dir }}/fabric-ca-server
values:
+ global:
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ component }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+ cacerts:
+ ca:
+ orgName: {{ component }}
+ subject: {{ subject }}
+
+ storage:
+ size: 512Mi
+ allowedTopologies:
+ enabled: false
+
+ image:
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+ ca: {{ docker_url }}/{{ ca_image[network.version] }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+ server:
+ tlsstatus: true
+ admin: {{ name }}-admin
+{% if component_services.ca.configpath is defined %}
+ configpath: conf/fabric-ca-server-config-{{ component }}.yaml
+{% endif %}
+
+ service:
+ servicetype: ClusterIP
+ ports:
+ tcp:
+ clusteripport: {{ component_services.ca.grpc.port }}
+{% if component_services.ca.grpc.nodePort is defined %}
+ nodeport: {{ component_services.ca.grpc.nodePort }}
+{% endif %}
+
{% if network.env.annotations is defined %}
deployment:
annotations:
@@ -61,45 +113,3 @@ spec:
{% endfor %}
{% endif %}
{% endif %}
-
- metadata:
- namespace: {{ component_name | e }}
- images:
- alpineutils: {{ docker_url }}/{{ alpine_image }}
- ca: {{ docker_url }}/{{ ca_image[network.version] }}
- server:
- name: {{ component_services.ca.name }}
- tlsstatus: true
- admin: {{ component }}-admin
-{% if component_services.ca.configpath is defined %}
- configpath: conf/fabric-ca-server-config-{{ component }}.yaml
-{% endif %}
- storage:
- storageclassname: {{ sc_name }}
- storagesize: 512Mi
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- secretcert: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/ordererOrganizations/{{ component_name | e }}/ca?ca.{{ component_name | e }}-cert.pem
- secretkey: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/ordererOrganizations/{{ component_name | e }}/ca?{{ component_name | e }}-CA.key
- secretadminpass: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ component_name | e }}/ca/{{ component }}?user
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- service:
- servicetype: ClusterIP
- ports:
- tcp:
- clusteripport: {{ component_services.ca.grpc.port }}
-{% if component_services.ca.grpc.nodePort is defined %}
- nodeport: {{ component_services.ca.grpc.nodePort }}
-{% endif %}
- proxy:
- provider: {{ network.env.proxy }}
- type: orderer
- external_url_suffix: {{ external_url_suffix }}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-peer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-peer.tpl
deleted file mode 100644
index 6791b365a39f..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-peer.tpl
+++ /dev/null
@@ -1,105 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: {{ component_name }}-ca
- namespace: {{ component_name }}
- annotations:
- fluxcd.io/automated: "false"
-spec:
- interval: 1m
- releaseName: {{ component_name }}-ca
- chart:
- spec:
- interval: 1m
- sourceRef:
- kind: GitRepository
- name: flux-{{ network.env.type }}
- namespace: flux-{{ network.env.type }}
- chart: {{ charts_dir }}/fabric-ca-server
- values:
- metadata:
- namespace: {{ component_name | e }}
- images:
- alpineutils: {{ docker_url }}/{{ alpine_image }}
- ca: {{ docker_url }}/{{ ca_image[network.version] }}
-{% if network.env.annotations is defined %}
- deployment:
- annotations:
-{% for item in network.env.annotations.deployment %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- annotations:
- service:
-{% for item in network.env.annotations.service %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- pvc:
-{% for item in network.env.annotations.pvc %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-
-{% if network.env.labels is defined %}
- labels:
-{% if network.env.labels.service is defined %}
- service:
-{% for key in network.env.labels.service.keys() %}
- - {{ key }}: {{ network.env.labels.service[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.pvc is defined %}
- pvc:
-{% for key in network.env.labels.pvc.keys() %}
- - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.deployment is defined %}
- deployment:
-{% for key in network.env.labels.deployment.keys() %}
- - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
-{% endfor %}
-{% endif %}
-{% endif %}
-
- server:
- name: {{ component_services.ca.name }}
- tlsstatus: true
- admin: {{ component }}-admin
-{% if component_services.ca.configpath is defined %}
- configpath: conf/fabric-ca-server-config-{{ component }}.yaml
-{% endif %}
- storage:
- storageclassname: {{ sc_name }}
- storagesize: 512Mi
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- secretcert: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ component_name | e }}/ca?ca.{{ component_name | e }}-cert.pem
- secretkey: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ component_name | e }}/ca?{{ component_name | e }}-CA.key
- secretadminpass: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ component_name | e }}/ca/{{ component }}?user
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- service:
- servicetype: ClusterIP
- ports:
- tcp:
- clusteripport: {{ component_services.ca.grpc.port }}
-{% if component_services.ca.grpc.nodePort is defined %}
- nodeport: {{ component_services.ca.grpc.nodePort }}
-{% endif %}
- proxy:
- provider: {{ network.env.proxy }}
- type: peer
- external_url_suffix: {{ external_url_suffix }}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-tools.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-tools.tpl
deleted file mode 100644
index 55f0374ff2c2..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-tools.tpl
+++ /dev/null
@@ -1,140 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: {{ component_name }}-ca-tools
- namespace: {{ component_name }}
- annotations:
- fluxcd.io/automated: "false"
-spec:
- interval: 1m
- releaseName: {{ component_name }}-ca-tools
- chart:
- spec:
- interval: 1m
- sourceRef:
- kind: GitRepository
- name: flux-{{ network.env.type }}
- namespace: flux-{{ network.env.type }}
- chart: {{ charts_dir }}/fabric-catools
- values:
- metadata:
- namespace: {{ component_name }}
- name: ca-tools
- component_type: {{ component_type }}
- org_name: {{ org_name }}
- proxy: {{ proxy }}
-{% if network.env.annotations is defined %}
- annotations:
- service:
-{% for item in network.env.annotations.service %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- pvc:
-{% for item in network.env.annotations.pvc %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- deployment:
-{% for item in network.env.annotations.deployment %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-
-{% if network.env.labels is defined %}
- labels:
-{% if network.env.labels.service is defined %}
- service:
-{% for key in network.env.labels.service.keys() %}
- - {{ key }}: {{ network.env.labels.service[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.pvc is defined %}
- pvc:
-{% for key in network.env.labels.pvc.keys() %}
- - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.deployment is defined %}
- deployment:
-{% for key in network.env.labels.deployment.keys() %}
- - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
-{% endfor %}
-{% endif %}
-{% endif %}
- replicaCount: 1
-
- image:
- alpineutils: {{ docker_url }}/{{ alpine_image }}
- catools: {{ docker_url }}/{{ ca_tools_image }}
- pullPolicy: IfNotPresent
-
- storage:
- storageclassname: {{ sc_name }}
- storagesize: 512Mi
-
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- secretusers: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/users
- secretorderer: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/orderers
- secretpeer: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/peers
- secretpeerorderertls: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name }}/orderer/tls
- secretcert: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name | e }}/ca?ca.{{ component_name | e }}-cert.pem
- secretkey: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name | e }}/ca?{{ component_name | e }}-CA.key
- secretcouchdb: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ component_name }}/couchdb/{{ org_name }}
- secretconfigfile: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component_name | e }}/msp/config
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
-
- healthcheck:
- retries: 10
- sleepTimeAfterError: 2
-
-
- org_data:
- external_url_suffix: {{ external_url_suffix }}
- component_subject: {{ component_subject }}
- cert_subject: {{ cert_subject }}
- component_country: {{ component_country }}
- component_state: {{ component_state }}
- component_location: {{ component_location }}
- ca_url: {{ ca_url }}
-
- orderers:
- name: {% for orderer in orderers_list %}{% for key, value in orderer.items() %}{% if key == 'name' %}{{ value }}-{% endif %}{% endfor %}{% endfor %}
-
-{% if item.type == 'peer' %}
- orderers_info:
-{% for orderer in orderers_list %}
- - name: {{ orderer.name }}
- path: "{{ lookup('file', orderer.certificate) | b64encode }}"
-{% endfor %}
-
- peers:
- name: {% for peer in peers_list %}{% for key, value in peer.items() %}{% if key == 'name' %}{{ value }},{% endif %}{% if key == 'peerstatus' %}{{ value }}{% endif %}{% endfor %}-{% endfor %}
-
- peer_count: "{{ peer_count }}"
-{% if item.users is defined %}
- users:
- users_list: "{{ user_list | b64encode }}"
- users_identities: {% for user in user_list %}{% for key, value in user.items() %}{% if key == 'identity' %}{{ value }}{% endif %}{% endfor %}-{% endfor %}
-{% endif %}
-
-{% if add_peer_value == 'true' %}
- new_peer_count: "{{ new_peer_count }}"
-{% endif %}
- checks:
- refresh_cert_value: {{ refresh_cert_value }}
- add_peer_value: {{ add_peer_value }}
-{% endif %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl
index b6d0b4caad5e..9e9e748bfbcb 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cacerts_job.tpl
@@ -17,25 +17,31 @@ spec:
namespace: flux-{{ network.env.type }}
chart: {{ charts_dir }}/fabric-cacerts-gen
values:
- metadata:
- name: {{ component }}
- component_name: {{ component }}-net
- namespace: {{ component_ns }}
- images:
- alpineutils: {{ docker_url }}/{{ alpine_image }}
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- secretcryptoprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/{{ component_type }}Organizations/{{ component }}-net/ca
- secretcredentialsprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ component }}-net/ca/{{ component }}
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
+ global:
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ component }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+ image:
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
{% else %}
- imagesecretname: ""
+ pullSecret: ""
{% endif %}
-
+
ca:
+ orgName: {{ name }}
subject: {{ subject }}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
deleted file mode 100644
index 910af3ad0344..000000000000
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
+++ /dev/null
@@ -1,73 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: {{ component_name }}
- namespace: {{ component_ns }}
- annotations:
- fluxcd.io/automated: "false"
-spec:
- interval: 1m
- releaseName: {{ component_name }}
- chart:
- spec:
- interval: 1m
- sourceRef:
- kind: GitRepository
- name: flux-{{ network.env.type }}
- namespace: flux-{{ network.env.type }}
- chart: {{ charts_dir }}/fabric-cli
- values:
- metadata:
- namespace: {{ component_ns }}
- images:
- fabrictools: {{ docker_url }}/{{ fabric_tools_image[network.version] }}
- alpineutils: {{ docker_url }}/{{ alpine_image }}
- storage:
- class: {{ sc_name }}
- size: 256Mi
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ org.k8s.cluster_id | default('')}}{{ network.env.type }}{{ org.name | lower }}
- adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ org.name | lower }}/peerOrganizations/{{ component_ns }}/users/admin
- orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ org.name | lower }}/peerOrganizations/{{ component_ns }}/orderer
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- tls: false
- peer:
- name: {{ peer.name }}
- localmspid: {{ org.name | lower}}MSP
- tlsstatus: true
-{% if network.env.proxy == 'none' %}
- address: {{ peer.name }}.{{ component_ns }}:7051
-{% else %}
- address: {{ peer.peerAddress }}
-{% endif %}
- orderer:
- address: {{ orderer.uri }}
-{% if network.env.labels is defined %}
- labels:
-{% if network.env.labels.service is defined %}
- service:
-{% for key in network.env.labels.service.keys() %}
- - {{ key }}: {{ network.env.labels.service[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.pvc is defined %}
- pvc:
-{% for key in network.env.labels.pvc.keys() %}
- - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.deployment is defined %}
- deployment:
-{% for key in network.env.labels.deployment.keys() %}
- - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
-{% endfor %}
-{% endif %}
-{% endif %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
index 2b8c0a19309e..6a440d113385 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
@@ -1,13 +1,13 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: {{ org_name }}-{{ orderer.name }}
+ name: {{ component_name | replace('_','-') }}
namespace: {{ namespace }}
annotations:
fluxcd.io/automated: "false"
spec:
interval: 1m
- releaseName: {{ org_name }}-{{ orderer.name }}
+ releaseName: {{ component_name | replace('_','-') }}
chart:
spec:
interval: 1m
@@ -17,118 +17,119 @@ spec:
namespace: flux-{{ network.env.type }}
chart: {{ charts_dir }}/fabric-orderernode
values:
- metadata:
- namespace: {{ namespace }}
- network:
- version: {{ network.version }}
- images:
- orderer: {{ docker_url }}/{{ orderer_image[network.version] }}
- alpineutils: {{ docker_url }}/{{ alpine_image }}
-{% if network.env.annotations is defined %}
- annotations:
- service:
-{% for item in network.env.annotations.service %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- pvc:
-{% for item in network.env.annotations.pvc %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
- deployment:
-{% for item in network.env.annotations.deployment %}
-{% for key, value in item.items() %}
- - {{ key }}: {{ value | quote }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-{% if network.env.labels is defined %}
- labels:
-{% if network.env.labels.service is defined %}
- service:
-{% for key in network.env.labels.service.keys() %}
- - {{ key }}: {{ network.env.labels.service[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.pvc is defined %}
- pvc:
-{% for key in network.env.labels.pvc.keys() %}
- - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
-{% endfor %}
-{% endif %}
-{% if network.env.labels.deployment is defined %}
- deployment:
-{% for key in network.env.labels.deployment.keys() %}
- - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
-{% endfor %}
-{% endif %}
+ global:
+ version: {{ network.version }}
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ org_name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ org_name }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+ storage:
+ size: 512Mi
+ reclaimPolicy: "Delete"
+ volumeBindingMode:
+ allowedTopologies:
+ enabled: false
+
+ certs:
+ generateCertificates: true
+ orgData:
+{% if network.env.proxy == 'none' %}
+ caAddress: ca.{{ namespace }}:7054
+{% else %}
+ caAddress: ca.{{ namespace }}.{{ org.external_url_suffix }}
{% endif %}
- orderer:
- name: {{ orderer.name }}
- loglevel: info
- localmspid: {{ org_name }}MSP
- tlsstatus: true
- keepaliveserverinterval: 10s
- ordererAddress: {{ orderer.ordererAddress }}
+ caAdminUser: {{ org_name }}-admin
+ caAdminPassword: {{ org_name }}-adminpw
+ orgName: {{ org_name }}
+ type: orderer
+ componentSubject: {{ component_subject | quote }}
- consensus:
- name: {{ orderer.consensus }}
+ settings:
+ createConfigMaps: {{ create_configmaps }}
+ refreshCertValue: false
+ addPeerValue: false
+ removeCertsOnDelete: true
+ removeOrdererTlsOnDelete: true
- storage:
- storageclassname: {{ sc_name }}
- storagesize: 512Mi
+ image:
+ orderer: {{ docker_url }}/{{ orderer_image }}
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+ orderer:
+ consensus: {{ orderer.consensus }}
+ logLevel: info
+ localMspId: {{ org_name }}MSP
+ tlsStatus: true
+ keepAliveServerInterval: 10s
service:
- servicetype: ClusterIP
+ serviceType: ClusterIP
ports:
grpc:
- clusteripport: {{ orderer.grpc.port }}
+ clusterIpPort: {{ orderer.grpc.port }}
{% if orderer.grpc.nodePort is defined %}
nodeport: {{ orderer.grpc.nodePort }}
{% endif %}
metrics:
enabled: {{ orderer.metrics.enabled | default(false) }}
- clusteripport: {{ orderer.metrics.port | default(9443) }}
+ clusterIpPort: {{ orderer.metrics.port | default(9443) }}
+ resources:
+ limits:
+ memory: 512M
+ cpu: 1
+ requests:
+ memory: 512M
+ cpu: 0.25
- vault:
- address: {{ vault.url }}
- role: vault-role
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- type: {{ vault.type | default("hashicorp") }}
- secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/ordererOrganizations/{{ namespace }}/orderers/{{ orderer.name }}.{{ namespace }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- serviceaccountname: vault-auth
{% if orderer.consensus == 'kafka' %}
kafka:
- readinesscheckinterval: 10
- readinessthreshold: 10
+ readinessCheckInterval: 10
+ readinessThresHold: 10
brokers:
{% for i in range(consensus.replicas) %}
- {{ consensus.name }}-{{ i }}.{{ consensus.type }}.{{ namespace }}.svc.cluster.local:{{ consensus.grpc.port }}
{% endfor %}
{% endif %}
- proxy:
- provider: {{ network.env.proxy }}
- external_url_suffix: {{ item.external_url_suffix }}
-{% if '2.5' not in network.version %}
- genesis: |-
-{{ genesis | indent(width=6, first=True) }}
-{% endif %}
+ healthCheck:
+ retries: 10
+ sleepTimeAfterError: 15
- config:
- pod:
- resources:
- limits:
- memory: 512M
- cpu: 1
- requests:
- memory: 512M
- cpu: 0.25
+{% if network.env.labels is defined %}
+ labels:
+{% if network.env.labels.service is defined %}
+ service:
+{% for key in network.env.labels.service.keys() %}
+ - {{ key }}: {{ network.env.labels.service[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.pvc is defined %}
+ pvc:
+{% for key in network.env.labels.pvc.keys() %}
+ - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.deployment is defined %}
+ deployment:
+{% for key in network.env.labels.deployment.keys() %}
+ - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
+{% endfor %}
+{% endif %}
+{% endif %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
index 2f46e730edd7..54f4a4736cfa 100755
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
@@ -1,13 +1,13 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: {{ name }}-{{ peer_name }}
+ name: {{ component_name | replace('_','-') }}
namespace: {{ peer_ns }}
annotations:
fluxcd.io/automated: "false"
spec:
interval: 1m
- releaseName: {{ name }}-{{ peer_name }}
+ releaseName: {{ component_name | replace('_','-') }}
chart:
spec:
interval: 1m
@@ -20,12 +20,129 @@ spec:
{% if network.upgrade is defined %}
upgrade: {{ network.upgrade }}
{% endif %}
- metadata:
- namespace: {{ peer_ns }}
- images:
- couchdb: {{ docker_url }}/{{ couchdb_image[network.version] }}
- peer: {{ docker_url }}/{{ peer_image[network.version] }}
- alpineutils: {{ docker_url }}/{{ alpine_image }}
+ global:
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ name }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+ network:
+ version: {{ network.version }}
+
+ catools:
+ orgData:
+ orgName: {{ name }}
+ type: {{ org.type }}
+ componentSubject: {{ component_subject }}
+ certSubject: {{ cert_subject }}
+ componentCountry: {{ component_country }}
+ componentState: {{ component_state }}
+ componentLocation: {{ component_location }}
+
+ peers:
+{% for peer in peers_list %}
+{% for key, value in peer.items() %}
+{% if key == 'name' %}
+ - {{ value }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+{% if item.users is defined %}
+ users:
+ usersListAnsible: "{{ user_list | b64encode }}"
+ usersIdentities: {% for user in user_list %}{% for key, value in user.items() %}{% if key == 'identity' %}{{ value }}{% endif %}{% endfor %}-{% endfor %}
+{% endif %}
+
+ cli:
+ enabled: true
+ orderer:
+ address: {{ orderer.uri }}
+ peer:
+ localMspId: {{ org.name | lower}}MSP
+ tlsStatus: true
+{% if network.env.proxy == 'none' %}
+ address: {{ component_ns }}:7051
+{% else %}
+ address: {{ peer.peerAddress }}
+{% endif %}
+
+ storage:
+ peer:
+ storagesize: 512Mi
+ couchdb:
+ storagesize: 1Gi
+
+ image:
+ couchdb: {{ docker_url }}/{{ couchdb_image }}
+ peer: {{ docker_url }}/{{ peer_image }}
+ alpineutils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+ peer:
+ gossipPeerAddress: {{ peer.gossippeeraddress }}
+{% if provider == 'none' %}
+ gossipExternalEndpoint: {{ peer_name }}.{{ peer_ns }}:7051
+{% else %}
+ gossipExternalEndpoint: {{ peer.peerAddress }}
+{% endif %}
+ localMspId: {{ name }}MSP
+ logLevel: info
+ tlsStatus: true
+ builder: hyperledger/fabric-ccenv
+ couchdb:
+ username: {{ name }}-user
+
+ service:
+ serviceType: ClusterIP
+ ports:
+ grpc:
+ clusterIpPort: {{ peer.grpc.port }}
+{% if peer.grpc.nodePort is defined %}
+ nodePort: {{ peer.grpc.nodePort }}
+{% endif %}
+ events:
+ clusterIpPort: {{ peer.events.port }}
+{% if peer.events.nodePort is defined %}
+ nodePort: {{ peer.events.nodePort }}
+{% endif %}
+ couchdb:
+ clusterIpPort: {{ peer.couchdb.port }}
+{% if peer.couchdb.nodePort is defined %}
+ nodepnodePortort: {{ peer.couchdb.nodePort }}
+{% endif %}
+ metrics:
+ enabled: {{ peer.metrics.enabled | default(false) }}
+ clusterIpPort: {{ peer.metrics.port | default(9443) }}
+
+ config:
+ pod:
+ resources:
+ limits:
+ memory: 512M
+ cpu: 1
+ requests:
+ memory: 512M
+ cpu: 0.25
+
+ settings:
+ removeConfigMapsOnDelete: true
+ removeCertsOnDelete: true
+ generateCertificates: {{ generate_certs }}
{% if network.env.annotations is defined %}
annotations:
@@ -69,80 +186,3 @@ spec:
{% endfor %}
{% endif %}
{% endif %}
-
- peer:
- name: {{ peer_name }}
- gossippeeraddress: {{ peer.gossippeeraddress }}
-{% if provider == 'none' %}
- gossipexternalendpoint: {{ peer_name }}.{{ peer_ns }}:7051
-{% else %}
- gossipexternalendpoint: {{ peer.peerAddress }}
-{% endif %}
- localmspid: {{ name }}MSP
- loglevel: info
- tlsstatus: true
- builder: hyperledger/fabric-ccenv:{{ network.version }}
- couchdb:
- username: {{ name }}-user
-{% if peer.configpath is defined %}
- configpath: conf/{{ peer_name }}_{{ name }}_core.yaml
- core: |-
-{{ core_file | indent(width=8, first=True) }}
-{% endif %}
-
- storage:
- peer:
- storageclassname: {{ sc_name }}
- storagesize: 512Mi
- couchdb:
- storageclassname: {{ sc_name }}
- storagesize: 1Gi
-
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- secretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ namespace }}/peers/{{ peer_name }}.{{ namespace }}
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- secretcouchdbpass: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ namespace }}/couchdb/{{ name }}?user
-
- service:
- servicetype: ClusterIP
- ports:
- grpc:
- clusteripport: {{ peer.grpc.port }}
-{% if peer.grpc.nodePort is defined %}
- nodeport: {{ peer.grpc.nodePort }}
-{% endif %}
- events:
- clusteripport: {{ peer.events.port }}
-{% if peer.events.nodePort is defined %}
- nodeport: {{ peer.events.nodePort }}
-{% endif %}
- couchdb:
- clusteripport: {{ peer.couchdb.port }}
-{% if peer.couchdb.nodePort is defined %}
- nodeport: {{ peer.couchdb.nodePort }}
-{% endif %}
- metrics:
- enabled: {{ peer.metrics.enabled | default(false) }}
- clusteripport: {{ peer.metrics.port | default(9443) }}
- proxy:
- provider: "{{ network.env.proxy }}"
- external_url_suffix: {{ item.external_url_suffix }}
-
- config:
- pod:
- resources:
- limits:
- memory: 512M
- cpu: 1
- requests:
- memory: 512M
- cpu: 0.25
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/vars/main.yaml b/platforms/hyperledger-fabric/configuration/roles/helm_component/vars/main.yaml
index 22ee588acaeb..6cde1c004a64 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/vars/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/vars/main.yaml
@@ -30,30 +30,14 @@ helm_templates:
external_chaincode: external_chaincode.tpl
install_external_chaincode_job: install_external_chaincode_job.tpl
-alpine_image: bevel-alpine:latest
+bevel_alpine_version: latest # Change to tag version when using tag specific images
ca_tools_image: bevel-fabric-ca-tools:1.2.1
kafka_image: bevel-fabric-kafka:0.4.18
zookeeper_image: bevel-fabric-zookeeper:0.4.18
fabric_console_image: bevel-fabric-console:latest
-ca_image:
- 1.4.8: bevel-fabric-ca:1.4.8
- 2.2.2: bevel-fabric-ca:1.4.8
- 2.5.4: bevel-fabric-ca:latest
-
-orderer_image:
- 1.4.8: bevel-fabric-orderer:1.4.8
- 2.2.2: bevel-fabric-orderer:2.2.2
- 2.5.4: bevel-fabric-orderer:2.5.4
-
-peer_image:
- 1.4.8: bevel-fabric-peer:1.4.8
- 2.2.2: bevel-fabric-peer:2.2.2
- 2.5.4: bevel-fabric-peer:2.5.4
-
-couchdb_image:
- 1.4.8: bevel-fabric-couchdb:1.4.8
- 2.2.2: bevel-fabric-couchdb:2.2.2
- 2.5.4: bevel-fabric-couchdb:2.5.4
+orderer_image: bevel-fabric-orderer
+peer_image: bevel-fabric-peer
+couchdb_image: bevel-fabric-couchdb
fabric_tools_image:
1.4.8: bevel-fabric-tools:1.4.8
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
index f603add72e16..21c4ab9f408b 100644
--- a/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
@@ -9,25 +9,25 @@
#############################################################################################
# Ensure that the directory exists for each entity, if not, it creates them
-- name: Ensure {{ component_type_name }} dir exists
+- name: Ensure {{ release_dir }} dir exists
file:
- path: "{{ release_dir }}/{{ component_type_name }}"
+ path: "{{ release_dir }}"
state: directory
# Create the value file for the k8 components
-- name: "Create {{ component_type }} file for {{ component_type_name }}"
+- name: "Create {{ component_type }} file for {{ org.name | lower }}"
template:
src: "{{ k8_templates[type] | default('default.tpl') }}"
dest: "{{ values_file }}"
vars:
- values_file: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
+ values_file: "{{ release_dir }}/{{ component_type }}.yaml"
type: "{{ component_type }}"
# Create the component in kubernetes cluster directly when using operator
- name: Create the component in kubernetes cluster directly when using operator
kubernetes.core.k8s:
state: present
- src: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
+ src: "{{ release_dir }}/{{ component_type }}.yaml"
kubeconfig: "{{ kubernetes.config_file }}"
context: "{{ kubernetes.context }}"
when:
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-new-channel.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-new-channel.yaml
index 6a02eebf0630..40a3c1b469f4 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-new-channel.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-new-channel.yaml
@@ -48,42 +48,64 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
- channel:
consortium: SupplyChainConsortium
channel_name: AllChannel
- channel_status: existing
+ osn_creator_org: # Organization name, whose orderers will create the channel. This field is only used with version 2.5
+ name: supplychain
chaincodes:
- "chaincode_name"
- orderers:
+ orderers:
- supplychain
participants:
- organization:
name: carrier
type: creator # creator organization will create the channel and instantiate chaincode, in addition to joining the channel and install chaincode
- org_status: existing
+ org_status: new
peers:
- peer:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, External or internal URI of the orderer
+ - organization:
+ name: supplychain
+ type: joiner
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ peerAddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ - peer:
+ name: peer1
+ gossipAddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ peerAddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ - organization:
+ name: store
+ type: joiner # joiner organization will only join the channel and install chaincode
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
+ peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- organization:
name: warehouse
type: joiner
@@ -93,7 +115,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- organization:
name: manufacturer
type: joiner
@@ -103,17 +125,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
- - organization:
- name: store
- type: joiner # joiner organization will only join the channel and install chaincode
- org_status: new
- peers:
- - peer:
- name: peer0
- gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
- peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -144,8 +156,7 @@ network:
name: peer0
corepeerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
certificate: "/path/store/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
+
- channel:
consortium: SupplyChainConsortium
channel_name: ChannelTwo
@@ -162,7 +173,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: creator # joiner organization will only join the channel and install chaincode
@@ -172,7 +183,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -189,8 +200,6 @@ network:
name: peer0
corepeerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
certificate: "/path/store/server.crt" # certificate path for peer
- genesis:
- name: ChannelTwoGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -204,11 +213,9 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: new
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -266,21 +273,21 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -289,12 +296,10 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: /path/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -344,7 +349,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -378,12 +382,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: /path/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -431,7 +433,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -464,12 +465,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
+
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: /path/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -517,7 +517,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -551,12 +550,10 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: /path/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -604,7 +601,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-ordererorg.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-ordererorg.yaml
index 99424a65ae54..991580d2b382 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-ordererorg.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-ordererorg.yaml
@@ -46,20 +46,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -80,7 +77,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -90,7 +87,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -100,7 +97,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -110,7 +107,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -134,8 +131,6 @@ network:
name: peer0
corepeerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
certificate: "/path/manufacturer/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -149,11 +144,9 @@ network:
state: London
location: London
subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: file/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -211,7 +204,7 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
@@ -234,11 +227,9 @@ network:
state: London
location: London
subject: "O=NewOrderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org6proxy.blockchaincloudpoc.com
org_status: new # Status of the organization for the existing network, can be new / existing
ca_data:
- url: ca.neworderer-net.org6proxy.blockchaincloudpoc.com
certificate: file/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -311,12 +302,10 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -399,12 +388,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -485,12 +472,10 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -571,12 +556,10 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-organization.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-organization.yaml
index 65ef1b55687a..bb7518effe0a 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-organization.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-organization.yaml
@@ -47,20 +47,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Path of the orderer certificate which must exist
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Path of the orderer certificate which must exist
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -81,7 +78,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: warehouse
type: joiner
@@ -91,7 +88,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -101,7 +98,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -111,7 +108,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -135,9 +132,7 @@ network:
name: peer0
corepeerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
certificate: /home/bevel/build/manufacturer/server.crt # certificate path for peer
- genesis:
- name: OrdererGenesis
-
+
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
# then these services should be listed in this section as well.
@@ -150,11 +145,9 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /home/bevel/build/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
aws:
@@ -211,21 +204,21 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -234,12 +227,10 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: /home/bevel/build/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -288,7 +279,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -322,12 +312,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: /home/bevel/build/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -375,7 +363,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -409,12 +396,10 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: new # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: /home/bevel/build/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -467,7 +452,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -500,12 +484,10 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be new / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: /home/bevel/build/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -553,7 +535,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
index 24da0562f210..e4155a8ca6d5 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
@@ -42,20 +42,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -82,9 +79,7 @@ network:
peerstatus: new # new peers should have status as new
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer1.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- genesis:
- name: OrdererGenesis
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -97,12 +92,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: existing # org_status must be existing when adding peer
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com # CA Server URL must be public when adding peer on new cluster
certificate: /path/carrier/server.crt # CA Server public cert must be provided when adding peer on new cluster
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -157,7 +150,6 @@ network:
gossippeeraddress: peer1.carrier-net.org3proxy.blockchaincloudpoc.com:443 # No change from original configuration
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
peerstatus: existing # old peers should have status as existing
- certificate: /path/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -190,7 +182,6 @@ network:
gossippeeraddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External address of the existing anchor peer
peerAddress: peer1.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
peerstatus: new # new peers should have status as new
- certificate: /path/carrier/peer1.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -225,11 +216,9 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing # org_status must be existing when adding peer
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -287,18 +276,18 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-remove-organization.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-remove-organization.yaml
index f0ffe9b1dd08..4a6d3441a28b 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-remove-organization.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-remove-organization.yaml
@@ -43,20 +43,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Path of the orderer certificate which must exist
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Path of the orderer certificate which must exist
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -77,7 +74,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -87,7 +84,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -97,7 +94,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -107,9 +104,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
- genesis:
- name: OrdererGenesis
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -123,11 +118,9 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be delete / existing
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -185,21 +178,21 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -208,12 +201,10 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be delete / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: /path/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -263,7 +254,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -297,12 +287,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be delete / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: /path/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -350,7 +338,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -384,12 +371,10 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: delete # Status of the organization for the existing network, can be delete / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: /path/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -437,7 +422,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
@@ -471,12 +455,10 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: existing # Status of the organization for the existing network, can be delete / existing
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: /path/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -524,7 +506,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
grpc:
port: 7051
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
index b12d70a544b2..ce591ebf05a6 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
@@ -48,20 +48,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
- channel:
@@ -81,7 +78,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -91,7 +88,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -101,7 +98,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -111,7 +108,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -135,8 +132,6 @@ network:
name: peer0
corepeerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
certificate: "/home/bevel/build/manufacturer/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -150,12 +145,10 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: new
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.supplychain-net:7054
certificate: /home/bevel/build/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, minikube
@@ -187,7 +180,7 @@ network:
git_repo: "github.com//bevel.git" # Gitops https URL for git push (without https://)
username: "git_username" # Git Service user who has rights to check-in in all branches
password: "git_access_token" # Git Server user password
- email: "git_email" # Email to use in git config
+ email: "git@email.com" # Email to use in git config
private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo
# Services maps to the pods that will be deployed on the k8s cluster
@@ -230,13 +223,11 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To deploy Fabric console for this organization
ca_data:
- url: ca.manufacturer-net:7054
certificate: /home/bevel/build/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, minikube
@@ -268,7 +259,7 @@ network:
git_repo: "github.com//bevel.git" # Gitops https URL for git push (without https://)
username: "git_username" # Git Service user who has rights to check-in in all branches
password: "git_access_token" # Git Server user password
- email: "git_email" # Email to use in git config
+ email: "git@email.com" # Email to use in git config
private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo
# Generating User Certificates with custom attributes using Fabric CA in BAF for Peer Organizations
users:
@@ -292,7 +283,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/manufacturer/peer0.crt # Path to peer Certificate
cli: enabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
configpath: /home/bevel/build/peer0-core.yaml # path to custom core.yaml
grpc:
@@ -326,13 +316,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.carrier-net:7054
certificate: /home/bevel/build/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, minikube
@@ -364,7 +352,7 @@ network:
git_repo: "github.com//bevel.git" # Gitops https URL for git push (without https://)
username: "git_username" # Git Service user who has rights to check-in in all branches
password: "git_access_token" # Git Server user password
- email: "git_email" # Email to use in git config
+ email: "git@email.com" # Email to use in git config
private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo
# Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
users:
@@ -386,7 +374,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
configpath: /home/bevel/build/peer0-core.yaml # path to custom core.yaml
grpc:
@@ -420,13 +407,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.store-net:7054
certificate: /home/bevel/build/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, minikube
@@ -458,7 +443,7 @@ network:
git_repo: "github.com//bevel.git" # Gitops https URL for git push (without https://)
username: "git_username" # Git Service user who has rights to check-in in all branches
password: "git_access_token" # Git Server user password
- email: "git_email" # Email to use in git config
+ email: "git@email.com" # Email to use in git config
private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo
# Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
users:
@@ -480,7 +465,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
configpath: /home/bevel/build/peer0-core.yaml # path to custom core.yaml
grpc:
@@ -513,13 +497,11 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.warehouse-net:7054
certificate: /home/bevel/build/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, minikube
@@ -551,7 +533,7 @@ network:
git_repo: "github.com//bevel.git" # Gitops https URL for git push (without https://)
username: "git_username" # Git Service user who has rights to check-in in all branches
password: "git_access_token" # Git Server user password
- email: "git_email" # Email to use in git config
+ email: "git@email.com" # Email to use in git config
private_key: "path_to_private_key" # Path to private key file which has write-access to the git repo
services:
@@ -567,7 +549,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /home/bevel/build/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
configpath: /home/bevel/build/peer0-core.yaml # path to custom core.yaml
grpc:
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-kafka.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-kafka.yaml
index 417341e0372c..5d332cc43a4c 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-kafka.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-kafka.yaml
@@ -51,14 +51,12 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -79,7 +77,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -89,7 +87,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org3proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -99,7 +97,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -109,9 +107,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
- genesis:
- name: OrdererGenesis
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -125,12 +121,10 @@ network:
state: London
location: London
subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: new
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: file/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -191,14 +185,14 @@ network:
consensus: kafka
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: kafka
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
@@ -208,13 +202,11 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -297,13 +289,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -383,13 +373,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.store-net.org3proxy.blockchaincloudpoc.com
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -470,13 +458,11 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.warehouse-net.org2proxy.blockchaincloudpoc.com
certificate: /file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
index 773b86353d9a..0e93a256d74c 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
@@ -44,26 +44,22 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer4
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer4.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer4.crt # Ensure that the directory exists
+ uri: orderer4.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -84,7 +80,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -94,7 +90,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -104,7 +100,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -114,9 +110,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
- genesis:
- name: OrdererGenesis
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -130,11 +124,9 @@ network:
state: London
location: London
subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -193,7 +185,7 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
status: existing
@@ -201,7 +193,7 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
status: existing
@@ -209,7 +201,7 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer4
status: new
@@ -217,4 +209,4 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer4.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer4.supplychain-net.org1proxy.blockchaincloudpoc.com:443
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
index b93494485242..65f68973f3ba 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
@@ -21,11 +21,6 @@ network:
proxy: haproxy # values can be 'haproxy' or 'none'
retry_count: 20 # Retry count for the checks
external_dns: enabled # Should be enabled if using external-dns for automatic route configuration
- annotations: # Additional annotations that can be used for some pods (ca, ca-tools, orderer and peer nodes)
- service:
- - example1: example2
- deployment: {}
- pvc: {}
labels:
service:
example1: example2
@@ -53,20 +48,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -89,7 +81,21 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Must include port, External or internal URI of the orderer
+ - organization:
+ name: supplychain
+ type: joiner
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ peerAddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ - peer:
+ name: peer1
+ gossipAddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ peerAddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -99,7 +105,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- organization:
name: warehouse
type: joiner
@@ -109,7 +115,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- organization:
name: manufacturer
type: joiner
@@ -119,7 +125,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -150,8 +156,6 @@ network:
name: peer0
corepeerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
certificate: "/path/store/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -165,12 +169,10 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: new
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -210,7 +212,7 @@ network:
services:
ca:
name: ca
- subject: "/C=GB/ST=London/L=London/O=Orderer/CN=ca.supplychain-net.org1proxy.blockchaincloudpoc.com"
+ subject: "/C=GB/ST=London/L=London/O=Orderer"
type: ca
grpc:
port: 7054
@@ -227,21 +229,59 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
+
+ peers:
+ - peer:
+ name: peer0
+ type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
+ peerAddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # External URI of the peer
+ cli: enabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver:
+ targetPort: 20001
+ port: 20001
+ expressapi:
+ targetPort: 3000
+ port: 3000
+ - peer:
+ name: peer1
+ type: nonanchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer0.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # External address of the existing anchor peer
+ peerAddress: peer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443 # External URI of the peer
+ cli: enabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver:
+ targetPort: 20001
+ port: 20001
+ expressapi:
+ targetPort: 3000
+ port: 3000
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -250,13 +290,11 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: /path/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -302,7 +340,7 @@ network:
services:
ca:
name: ca
- subject: "/C=CH/ST=Zurich/L=Zurich/O=Manufacturer/CN=ca.manufacturer-net.org2proxy.blockchaincloudpoc.com"
+ subject: "/C=CH/ST=Zurich/L=Zurich/O=Manufacturer"
type: ca
grpc:
port: 7054
@@ -312,7 +350,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -348,13 +385,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: /path/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -398,7 +433,7 @@ network:
services:
ca:
name: ca
- subject: "/C=GB/ST=London/L=London/O=Carrier/CN=ca.carrier-net.org3proxy.blockchaincloudpoc.com"
+ subject: "/C=GB/ST=London/L=London/O=Carrier"
type: ca
grpc:
port: 7054
@@ -408,7 +443,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -443,13 +477,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: /path/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -493,7 +525,7 @@ network:
services:
ca:
name: ca
- subject: "/C=US/ST=New York/L=New York/O=Store/CN=ca.store-net.org4proxy.blockchaincloudpoc.com"
+ subject: "/C=US/ST=New York/L=New York/O=Store"
type: ca
grpc:
port: 7054
@@ -503,7 +535,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -539,13 +570,11 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: /path/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -589,7 +618,7 @@ network:
services:
ca:
name: ca
- subject: "/C=US/ST=Massachusetts/L=Boston/O=Warehouse/CN=ca.warehouse-net.org5proxy.blockchaincloudpoc.com"
+ subject: "/C=US/ST=Massachusetts/L=Boston/O=Warehouse"
type: ca
grpc:
port: 7054
@@ -599,7 +628,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml b/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml
index 1cecf912954f..26121b10a2e5 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml
@@ -46,20 +46,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -80,7 +77,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -90,7 +87,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: warehouse
type: joiner
@@ -100,7 +97,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- organization:
name: manufacturer
type: joiner
@@ -110,7 +107,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -141,8 +138,6 @@ network:
name: peer0
corepeerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443
certificate: "/path/store/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -156,12 +151,10 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: new
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.supplychain-net.org1proxy.blockchaincloudpoc.com
certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -198,21 +191,21 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
+ ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -221,13 +214,11 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: org2proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.manufacturer-net.org2proxy.blockchaincloudpoc.com
certificate: /path/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -264,7 +255,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -299,13 +289,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.carrier-net.org3proxy.blockchaincloudpoc.com
certificate: /path/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -340,7 +328,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -374,13 +361,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: org4proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.store-net.org4proxy.blockchaincloudpoc.com
certificate: /path/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -415,7 +400,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.org4proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -450,13 +434,11 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: org5proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.warehouse-net.org5proxy.blockchaincloudpoc.com
certificate: /path/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -491,7 +473,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.org5proxy.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
- certificate: /path/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-proxy-none.yaml b/platforms/hyperledger-fabric/configuration/samples/network-proxy-none.yaml
index 77e8df9e0d59..12f495f7f382 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-proxy-none.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-proxy-none.yaml
@@ -43,7 +43,6 @@ network:
name: orderer1
org_name: supplychain # org_name should match one organization definition below in organizations: key
uri: orderer1.supplychain-net:7050 # Internal URI for orderer which should be reachable by all peers
- certificate: /home/bevel/build/orderer1.crt # the directory should be writable
# The channels defined for a network with participating peers in each channel
channels:
@@ -91,8 +90,6 @@ network:
name: peer0
corepeerAddress: peer0.manufacturer-net:7051
certificate: "/home/bevel/build/manufacturer/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -106,12 +103,10 @@ network:
state: London
location: London
subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: develop.local.com # Ignore for proxy none
org_status: new
fabric_console: enabled
ca_data:
- url: ca.supplychain-net:7054
certificate: /home/bevel/build/supplychain/server.crt
cloud_provider: aws # Options: aws, azure, gcp
@@ -179,12 +174,10 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: develop.local.com # Ignore for proxy none
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.manufacturer-net:7054
certificate: /home/bevel/build/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp
@@ -242,7 +235,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net:7051 # Internal URI of the peer
- certificate: /home/bevel/build/manufacturer/peer0.crt # Path to peer Certificate
cli: enabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: enabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -279,12 +271,10 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: develop.local.com # Ignore for proxy none
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
ca_data:
- url: ca.carrier-net:7054
certificate: /home/bevel/build/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp
@@ -340,7 +330,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net:7051 # Internal URI of the peer
- certificate: /home/bevel/build/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-user-certificate.yaml b/platforms/hyperledger-fabric/configuration/samples/network-user-certificate.yaml
index 1e387def9cf5..00896f979784 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-user-certificate.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-user-certificate.yaml
@@ -37,13 +37,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: org3proxy.blockchaincloudpoc.com
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
cli: enabled
ca_data:
- url: ca.carrier-net:7054
certificate: file/server.crt
cloud_provider: aws # Options: aws, azure, gcp, minikube
diff --git a/platforms/hyperledger-fabric/configuration/samples/workflow/network-fabric-workflow.yaml b/platforms/hyperledger-fabric/configuration/samples/workflow/network-fabric-workflow.yaml
index ab2b529441e4..a4818baaea0a 100644
--- a/platforms/hyperledger-fabric/configuration/samples/workflow/network-fabric-workflow.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/workflow/network-fabric-workflow.yaml
@@ -48,20 +48,17 @@ network:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer1.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: USER_DIRECTORY/build/orderer1.crt # Ensure that the directory exists
+ uri: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer2.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: USER_DIRECTORY/build/orderer2.crt # Ensure that the directory exists
+ uri: orderer2.supplychain-net.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
- uri: orderer3.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
- certificate: USER_DIRECTORY/build/orderer3.crt # Ensure that the directory exists
+ uri: orderer3.supplychain-net.EXTERNAL_URL_SUFFIX:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
# The channels defined for a network with participating peers in each channel
channels:
@@ -84,7 +81,7 @@ network:
name: peer0
gossipAddress: peer0.carrier-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External or internal URI of the gossip peer
peerAddress: peer0.carrier-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.EXTERNAL_URL_SUFFIX:443 # Must include port, External or internal URI of the orderer
+ ordererAddress: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External or internal URI of the orderer
- organization:
name: store
type: joiner # joiner organization will only join the channel and install chaincode
@@ -94,7 +91,7 @@ network:
name: peer0
gossipAddress: peer0.store-net.EXTERNAL_URL_SUFFIX:443
peerAddress: peer0.store-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443
- organization:
name: warehouse
type: joiner
@@ -104,7 +101,7 @@ network:
name: peer0
gossipAddress: peer0.warehouse-net.EXTERNAL_URL_SUFFIX:443
peerAddress: peer0.warehouse-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443
- organization:
name: manufacturer
type: joiner
@@ -114,7 +111,7 @@ network:
name: peer0
gossipAddress: peer0.manufacturer-net.EXTERNAL_URL_SUFFIX:443
peerAddress: peer0.manufacturer-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- ordererAddress: orderer1.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443
endorsers:
# Only one peer per org required for endorsement
- organization:
@@ -145,8 +142,6 @@ network:
name: peer0
corepeerAddress: peer0.store-net.EXTERNAL_URL_SUFFIX:443
certificate: "USER_DIRECTORY/store/server.crt" # certificate path for peer
- genesis:
- name: OrdererGenesis
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -160,12 +155,10 @@ network:
state: London
location: London
subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
- type: orderer
external_url_suffix: EXTERNAL_URL_SUFFIX
org_status: new
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.supplychain-net.EXTERNAL_URL_SUFFIX
certificate: USER_DIRECTORY/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -222,21 +215,21 @@ network:
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer1.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer1.supplychain-net.EXTERNAL_URL_SUFFIX:443
- orderer:
name: orderer2
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer2.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer2.supplychain-net.EXTERNAL_URL_SUFFIX:443
- orderer:
name: orderer3
type: orderer
consensus: raft
grpc:
port: 7050
- ordererAddress: orderer3.EXTERNAL_URL_SUFFIX:443
+ ordererAddress: orderer3.supplychain-net.EXTERNAL_URL_SUFFIX:443
# Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
@@ -245,13 +238,11 @@ network:
state: Zurich
location: Zurich
subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
- type: peer
external_url_suffix: EXTERNAL_URL_SUFFIX
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: enabled # To deploy Fabric console for this organization
ca_data:
- url: ca.manufacturer-net.EXTERNAL_URL_SUFFIX
certificate: USER_DIRECTORY/manufacturer/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -307,7 +298,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.manufacturer-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- certificate: USER_DIRECTORY/manufacturer/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -343,13 +333,11 @@ network:
state: London
location: London
subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
- type: peer
external_url_suffix: EXTERNAL_URL_SUFFIX
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.carrier-net
certificate: USER_DIRECTORY/carrier/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -403,7 +391,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.carrier-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- certificate: USER_DIRECTORY/carrier/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -438,13 +425,11 @@ network:
state: New York
location: New York
subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
- type: peer
external_url_suffix: EXTERNAL_URL_SUFFIX
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.store-net
certificate: USER_DIRECTORY/store/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -498,7 +483,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.store-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- certificate: USER_DIRECTORY/store/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
@@ -534,13 +518,11 @@ network:
state: Massachusetts
location: Boston
subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
- type: peer
external_url_suffix: EXTERNAL_URL_SUFFIX
org_status: new
orderer_org: supplychain # Name of the organization that provides the ordering service
fabric_console: disabled # To not deploy Fabric console for this organization
ca_data:
- url: ca.warehouse-net
certificate: USER_DIRECTORY/warehouse/server.crt
cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
@@ -594,7 +576,6 @@ network:
type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
peerAddress: peer0.warehouse-net.EXTERNAL_URL_SUFFIX:443 # Must include port, External URI of the peer
- certificate: USER_DIRECTORY/warehouse/peer0.crt # Path to peer Certificate
cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
grpc:
diff --git a/platforms/network-schema.json b/platforms/network-schema.json
index 848014438a3a..bbc0fd0e27aa 100755
--- a/platforms/network-schema.json
+++ b/platforms/network-schema.json
@@ -1343,19 +1343,13 @@
"uri": {
"type": "string",
"pattern": "^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9](?::[0-9]{2,5})?$"
- },
- "certificate": {
- "type": "string",
- "pattern": "^(\/[^\/ ]*)+[^\/ ]+\\.crt$",
- "description": "Absolute path to the public certificates"
}
},
"required": [
"name",
"type",
"org_name",
- "uri",
- "certificate"
+ "uri"
],
"additionalProperties": false
},
@@ -1400,20 +1394,6 @@
],
"additionalProperties": false
},
- "genesis": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "pattern": "^[A-Za-z0-9-]{1,30}$",
- "description": "Name of the genesis block"
- }
- },
- "required": [
- "name"
- ],
- "additionalProperties": false
- },
"orderers": {
"type": "array",
"items": {
@@ -1443,7 +1423,6 @@
"channel",
"consortium",
"channel_name",
- "genesis",
"orderers",
"participants"
],
@@ -1595,13 +1574,6 @@
"maxLength": 12,
"description": "Name of the organization"
},
- "type": {
- "type": "string",
- "enum": [
- "orderer",
- "peer"
- ]
- },
"country": {
"type": "string",
"description": "Country of the organization"
@@ -1630,31 +1602,15 @@
"delete"
]
},
- "if": {
- "properties": {
- "type": {
- "const": "peer"
- }
- }
- },
- "then": {
- "properties": {
- "orderer_org": {
- "type": "string",
- "pattern": "^[a-z0-9-]{1,30}$",
- "description": "Name of the organization providing the ordering service"
- }
- }
+ "orderer_org": {
+ "type": "string",
+ "pattern": "^[a-z0-9-]{1,30}$",
+ "description": "Name of the organization providing the ordering service"
},
"ca_data": {
"type": "object",
"description": "Contains the certificate authority url and certificate path; this has not been implemented yet",
"properties": {
- "url": {
- "type": "string",
- "pattern": "^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9](?::[0-9]{2,5})?$",
- "description": "Gossip address of the peer"
- },
"certificate": {
"type": "string",
"pattern": "^\/?([^\/ ]*\/)+[^\/ ]+\\.crt$",
@@ -1662,35 +1618,15 @@
}
},
"required": [
- "url",
"certificate"
],
"additionalProperties": false
- }
- },
- "if": {
- "properties": {
- "type": {
- "const": "orderer"
- }
- }
- },
- "then": {
- "properties": {
- "services": {
- "$ref": "#/definitions/fabric_orderer_services"
- }
- }
- },
- "else": {
- "properties": {
- "services": {
- "$ref": "#/definitions/fabric_peer_services"
- }
+ },
+ "services": {
+ "$ref": "#/definitions/fabric_services"
}
},
"required": [
- "type",
"country",
"state",
"location",
@@ -1699,7 +1635,7 @@
"services"
]
},
- "fabric_orderer_services": {
+ "fabric_services": {
"type": "object",
"properties": {
"ca": {
@@ -1713,20 +1649,6 @@
"items": {
"$ref": "#/definitions/fabric_service_orderer"
}
- }
- },
- "required": [
- "ca",
- "consensus",
- "orderers"
- ],
- "additionalProperties": false
- },
- "fabric_peer_services": {
- "type": "object",
- "properties": {
- "ca": {
- "$ref": "#/definitions/fabric_service_ca"
},
"peers": {
"type": "array",
@@ -1736,8 +1658,7 @@
}
},
"required": [
- "ca",
- "peers"
+ "ca"
],
"additionalProperties": false
},
@@ -1879,7 +1800,7 @@
},
"name": {
"type": "string",
- "pattern": "^peer[0-9]{1,2}$",
+ "pattern": "^[a-z0-9-]{1,30}$",
"description": "Name of the peer. Must be of the format peer0 for the first peer, peer1 for the second peer and so on."
},
"gossippeeraddress": {
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/ca-server.tpl b/platforms/shared/configuration/roles/create/job_component/templates/ca-server.tpl
new file mode 100644
index 000000000000..2e532cf31ea7
--- /dev/null
+++ b/platforms/shared/configuration/roles/create/job_component/templates/ca-server.tpl
@@ -0,0 +1,68 @@
+global:
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ kubernetesUrl: {{ kubernetes_url }}
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ component }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+storage:
+ size: 512Mi
+ volumeBindingMode: Immediate
+ allowedTopologies:
+ enabled: false
+
+image:
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+ ca: {{ docker_url }}/{{ ca_image[network.version] }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+server:
+ removeCertsOnDelete: true
+ tlsStatus: true
+ adminUsername: {{ component }}-admin
+ adminPassword: {{ component }}-adminpw
+ subject: {{ subject }}
+{% if component_services.ca.configpath is defined %}
+ configPath: conf/fabric-ca-server-config-{{ component }}.yaml
+{% endif %}
+{% if component_services.ca.grpc.nodePort is defined %}
+ nodePort: {{ component_services.ca.grpc.nodePort }}
+{% endif %}
+ clusterIpPort: {{ component_services.ca.grpc.port }}
+
+{% if network.env.labels is defined %}
+labels:
+{% if network.env.labels.service is defined %}
+ service:
+{% for key in network.env.labels.service.keys() %}
+ - {{ key }}: {{ network.env.labels.service[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.pvc is defined %}
+ pvc:
+{% for key in network.env.labels.pvc.keys() %}
+ - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.deployment is defined %}
+ deployment:
+{% for key in network.env.labels.deployment.keys() %}
+ - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
+{% endfor %}
+{% endif %}
+{% endif %}
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl b/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl
new file mode 100755
index 000000000000..b9b12fe77a16
--- /dev/null
+++ b/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl
@@ -0,0 +1,100 @@
+global:
+ version: {{ network.version }}
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ name }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+image:
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+ fabricTools: {{ docker_url }}/{{ fabric_tools_image }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+organizations:
+{% for organization in network.organizations %}
+ - organization:
+{% for data, value in organization.items() %}
+{% if data == 'name' %}
+ name: {{ value }}
+{% endif %}
+{% if data == 'type' %}
+ type: {{ value }}
+{% endif %}
+{% endfor %}
+{% for service in organization.services %}
+{% if service == 'orderers' %}
+ orderers:
+{% for orderer in organization.services.orderers %}
+ - orderer:
+{% for key, value in orderer.items() %}
+{% if key == 'name' %}
+ name: {{ value }}
+{% endif %}
+{% if key == 'ordererAddress' %}
+ ordererAddress: {{ value }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% if service == 'peers' %}
+ peers:
+{% for peer in organization.services.peers %}
+ - peer:
+{% for key, value in peer.items() %}
+{% if key == 'name' %}
+ name: {{ value }}
+{% endif %}
+{% if key == 'peerAddress' %}
+ peerAddress: {{ value }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+consensus: {{ consensus.name }}
+
+{% if consensus.name == 'kafka' %}
+kafka:
+ brokers:
+{% for i in range(consensus.replicas) %}
+ - {{ consensus.name }}-{{ i }}.{{ consensus.type }}.{{ component_ns }}.svc.cluster.local:{{ consensus.grpc.port }}
+{% endfor %}
+{% endif %}
+
+channels:
+{% for channel in network.channels %}
+ - name: {{ channel.channel_name | lower }}
+ consortium: {{ channel.consortium }}
+ orderers:
+{% for ordererOrg in channel.orderers %}
+ - {{ ordererOrg }}
+{% endfor %}
+ participants:
+{% for participant in channel.participants %}
+ - {{ participant.name | lower }}
+{% endfor %}
+{% endfor %}
+
+settings:
+ # Flag to generate the genesis file for Fabrix 2.2.x
+ generateGenesis: true
+ # Flag to ensure the genesis configmap is removed on helm uninstall
+ removeConfigMapOnDelete: true
+
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/value_peer.tpl b/platforms/shared/configuration/roles/create/job_component/templates/value_peer.tpl
new file mode 100755
index 000000000000..58a040a5ca6a
--- /dev/null
+++ b/platforms/shared/configuration/roles/create/job_component/templates/value_peer.tpl
@@ -0,0 +1,143 @@
+
+global:
+ version: {{ network.version }}
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ name }}"
+ role: vault-role
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+storage:
+ enabled: {{ sc_enabled }}
+ peer: 512Mi
+ couchdb: 512Mi
+ reclaimPolicy: "Delete"
+ volumeBindingMode: Immediate
+ allowedTopologies:
+ enabled: false
+
+certs:
+ generateCertificates: true
+ orgData:
+{% if network.env.proxy == 'none' %}
+ caAddress: ca.{{ namespace }}:7054
+{% else %}
+ caAddress: ca.{{ namespace }}.{{ org.external_url_suffix }}
+{% endif %}
+ caAdminUser: {{ name }}-admin
+ caAdminPassword: {{ name }}-adminpw
+ orgName: {{ name }}
+ type: peer
+ componentSubject: {{ component_subject }}
+
+{% if org.users is defined %}
+ users:
+ usersList:
+{% for user in user_list %}
+ - {{ user }}
+{% endfor %}
+{% endif %}
+
+ settings:
+ createConfigMaps: {{ create_configmaps }}
+ refreshCertValue: false
+ addPeerValue: false
+ removeCertsOnDelete: true
+ removeOrdererTlsOnDelete: true
+
+image:
+ couchdb: {{ docker_url }}/{{ couchdb_image }}
+ peer: {{ docker_url }}/{{ peer_image }}
+ alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+peer:
+{% if provider == 'none' %}
+ gossipPeerAddress: {{ component_ns }}:7051
+{% else %}
+ gossipPeerAddress: {{ peer.peerAddress }}
+{% endif %}
+ logLevel: info
+ localMspId: {{ name }}MSP
+ tlsStatus: true
+ cliEnabled: {{ enabled_cli }}
+ ordererAddress: {{ orderer.uri }}
+ builder: hyperledger/fabric-ccenv
+ couchdb:
+ username: {{ name }}-user
+ password: {{ name }}-userpw
+ mspConfig:
+ organizationalUnitIdentifiers:
+ nodeOUs:
+ clientOUIdentifier: client
+ peerOUIdentifier: peer
+ adminOUIdentifier: admin
+ ordererOUIdentifier: orderer
+ serviceType: ClusterIP
+ loadBalancerType: ""
+ ports:
+ grpc:
+ clusterIpPort: {{ peer.grpc.port }}
+{% if peer.grpc.nodePort is defined %}
+ nodePort: {{ peer.grpc.nodePort }}
+{% endif %}
+ events:
+ clusterIpPort: {{ peer.events.port }}
+{% if peer.events.nodePort is defined %}
+ nodePort: {{ peer.events.nodePort }}
+{% endif %}
+ couchdb:
+ clusterIpPort: {{ peer.couchdb.port }}
+{% if peer.couchdb.nodePort is defined %}
+ nodepnodePortort: {{ peer.couchdb.nodePort }}
+{% endif %}
+ metrics:
+ enabled: {{ peer.metrics.enabled | default(false) }}
+ clusterIpPort: {{ peer.metrics.port | default(9443) }}
+ resources:
+ limits:
+ memory: 1Gi
+ cpu: 1
+ requests:
+ memory: 512M
+ cpu: 0.25
+ upgrade: {{ network.upgrade | default(false) }}
+ healthCheck:
+ retries: 20
+ sleepTimeAfterError: 15
+
+{% if network.env.labels is defined %}
+labels:
+{% if network.env.labels.service is defined %}
+ service:
+{% for key in network.env.labels.service.keys() %}
+ - {{ key }}: {{ network.env.labels.service[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.pvc is defined %}
+ pvc:
+{% for key in network.env.labels.pvc.keys() %}
+ - {{ key }}: {{ network.env.labels.pvc[key] | quote }}
+{% endfor %}
+{% endif %}
+{% if network.env.labels.deployment is defined %}
+ deployment:
+{% for key in network.env.labels.deployment.keys() %}
+ - {{ key }}: {{ network.env.labels.deployment[key] | quote }}
+{% endfor %}
+{% endif %}
+{% endif %}
diff --git a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
index 77488d3b028c..d70a138d5c93 100644
--- a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
+++ b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
@@ -9,8 +9,23 @@ job_templates:
secondary_genesis: secondary_genesis.tpl
primary_init: primary_init.tpl
secondary_init: secondary_init.tpl
+ ca-server: ca-server.tpl
+ value_peer: value_peer.tpl
+ fabric_genesis: fabric_genesis.tpl
charts:
primary_genesis: "{{ network.type }}-genesis"
secondary_genesis: "{{ network.type }}-genesis"
primary_init: corda-init
secondary_init: corda-init
+ ca-server: fabric-ca-server
+ value_peer: fabric-peernode
+ fabric_genesis: fabric-genesis
+
+bevel_alpine_version: latest
+couchdb_image: bevel-fabric-couchdb
+peer_image: bevel-fabric-peer
+fabric_tools_image: bevel-fabric-tools
+ca_image:
+ 1.4.8: bevel-fabric-ca:1.4.8
+ 2.2.2: bevel-fabric-ca:1.4.8
+ 2.5.4: bevel-fabric-ca:latest
diff --git a/platforms/shared/configuration/roles/delete/k8s_resources/tasks/main.yaml b/platforms/shared/configuration/roles/delete/k8s_resources/tasks/main.yaml
index 1f73c34025b7..2dc78f62cb65 100644
--- a/platforms/shared/configuration/roles/delete/k8s_resources/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/delete/k8s_resources/tasks/main.yaml
@@ -10,6 +10,17 @@
KUBECONFIG={{ kubernetes.config_file }} helm ls -drq -n {{ organization_ns }}
register: helm_info
+# Remove all Helm releases of organization except genesis
+- name: Delete Helm releases
+ kubernetes.core.helm:
+ kubeconfig: "{{ kubernetes.config_file }}"
+ name: "{{ item }}"
+ release_namespace: "{{ organization_ns }}"
+ state: absent
+ with_items: "{{ helm_info.stdout_lines }}"
+ when:
+ - network.type == "fabric"
+
# Remove all Helm releases of organization except genesis
- name: Delete Helm releases
kubernetes.core.helm:
@@ -29,6 +40,8 @@
release_namespace: "{{ organization_ns }}"
state: absent
ignore_errors: yes # Ignore failure until all platforms have genesis similar to Besu
+ when:
+ - network.type != "fabric"
- name: Get Helm releases
shell: |