diff --git a/README.md b/README.md index 38db50c..3d17d46 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ Whether you're a blockchain enthusiast, developer, or enterprise seeking to harn ### Features - [x] CA Management (Root CA, TLS CA & Intermediate CAs) -- [x] Peer Creation -- [x] Orderer Creation +- [x] Peer Creation, Cert renewal +- [x] Orderer Creation, Addition, Cert renewal - [x] Channel Management - [x] Chaincode Lifecycle Management (Install, Approve, Commit and CC Upgrades) - [x] Cryptographic operations support and certification management @@ -23,9 +23,10 @@ Whether you're a blockchain enthusiast, developer, or enterprise seeking to harn - [x] File Registry support for centralised config files - [x] Support for Hyperledger Fabric 2.3+ - [x] Multi-zone, Multi-DC, Private Network (On-prem DCs) deployment support +- [x] Multi-channel support ### Roadmap -- [ ] Multi-channel support + - [ ] Automatic certificate renewal - [ ] GUI based deployment support - [ ] Optional Fabric Explorer @@ -34,7 +35,8 @@ Whether you're a blockchain enthusiast, developer, or enterprise seeking to harn - [ ] Key Management using HSM / Vault ### Releases -- [v1.1.0](https://github.com/npci/falcon/releases/latest) +- [v1.2.0](https://github.com/npci/falcon/releases/latest) +- [v1.1.0](https://github.com/npci/falcon/releases/tag/v1.1.0) - [v1.0.2](https://github.com/npci/falcon/releases/tag/v1.0.2) - [v1.0.1](https://github.com/npci/falcon/releases/tag/v1.0.1) - [v1.0.0](https://github.com/npci/falcon/releases/tag/v1.0.0) diff --git a/examples/README.md b/examples/README.md index 9bc96c9..f8213f2 100644 --- a/examples/README.md +++ b/examples/README.md @@ -165,7 +165,7 @@ helm install org1-ca-ops -n org1 helm-charts/fabric-ops/ -f examples/fabric-ops/ ``` 3. **Add Org1 to the network** -Once the `Org1` ICA started successfully, you would need to add this `Org1` to the network. For that, you need to run the following Job in `initialpeerorg`. Comment out the `org2` section from the `Values.organizatons` array in the values file [examples/fabric-ops/initialpeerorg/configure-org-channel.yaml](./fabric-ops/initialpeerorg/configure-org-channel.yaml) for now since we have not deployed the `Org2` yet. +Once the `Org1` ICA started successfully, you would need to add this `Org1` to the network. For that, you need to run the following Job in `initialpeerorg`. Comment out the `org2` section from the `Values.organizations` array in the values file [examples/fabric-ops/initialpeerorg/configure-org-channel.yaml](./fabric-ops/initialpeerorg/configure-org-channel.yaml) for now since we have not deployed the `Org2` yet. ``` helm install configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml ``` @@ -196,7 +196,7 @@ helm install org2-ca-ops -n org2 helm-charts/fabric-ops/ -f examples/fabric-ops/ ``` 3. **Add Org2 to network** -Once the `Org2` ICA started successfully, you would need to add this `Org2` to the network. For that, you need to upgrade the following `configorgchannel` Job in `initialpeerorg`. This time, uncomment the `org2` section in the `Values.organizatons` array in the values file [examples/fabric-ops/initialpeerorg/configure-org-channel.yaml](./fabric-ops/initialpeerorg/configure-org-channel.yaml). +Once the `Org2` ICA started successfully, you would need to add this `Org2` to the network. For that, you need to upgrade the following `configorgchannel` Job in `initialpeerorg`. This time, uncomment the `org2` section in the `Values.organizations` array in the values file [examples/fabric-ops/initialpeerorg/configure-org-channel.yaml](./fabric-ops/initialpeerorg/configure-org-channel.yaml). ``` helm upgrade configorgchannel -n initialpeerorg helm-charts/fabric-ops/ -f examples/fabric-ops/initialpeerorg/configure-org-channel.yaml ``` diff --git a/examples/fabric-ops/initialpeerorg/approve-chaincode.yaml b/examples/fabric-ops/initialpeerorg/approve-chaincode.yaml index a110895..2d84555 100644 --- a/examples/fabric-ops/initialpeerorg/approve-chaincode.yaml +++ b/examples/fabric-ops/initialpeerorg/approve-chaincode.yaml @@ -32,7 +32,7 @@ filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. require_collection_config: "true" collection_config_file: "collection-config.json" collection_config_file_hash: "627dd1b8d679dc52475c148e502c576b109796df8495282ba602cc51ec173286" -core_peer_address: peer0-initialpeerorg:30002 +core_peer_address: peer0-initialpeerorg:7051 cc_name: basic-chaincode cc_version: "1.0" diff --git a/examples/fabric-ops/initialpeerorg/channel-create.yaml b/examples/fabric-ops/initialpeerorg/channel-create.yaml index b5d11dc..cd93c9f 100644 --- a/examples/fabric-ops/initialpeerorg/channel-create.yaml +++ b/examples/fabric-ops/initialpeerorg/channel-create.yaml @@ -19,25 +19,35 @@ tlsca_endpoint: tls-ca.my-hlf-domain.com:30000 orderer_endpoint: orderer0-orderer.my-hlf-domain.com:30000 filestore_endpoint: http://filestore.my-hlf-domain.com:30001 filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. -config_transaction_filename: channel.tx -channel_block_filename: mychannel.block - hlf_domain: my-hlf-domain.com -hlf_channel: mychannel fabric_actions: create_channel: true - + +app_channels: + - mychannel + +admin_organizations: + - org_type: consortium + org_name: initialpeerorg + ica_endpoint: ica-initialpeerorg.my-hlf-domain.com:30000 + cert_path: /root/initialpeerorg.pem + admin_identity: admin + admin_secret: initialpeerorgAdminSamplePassword + require_msp_enrollment: true + require_tls_enrollment: false + anchor_peers: + - host: peer0-initialpeerorg.my-hlf-domain.com + port: "30000" + csr_names_cn: IN csr_names_st: Maharashtra csr_names_l: Mumbai csr_names_o: Your Company Name -admin_identity: - - identity_name: admin - identity_secret: initialpeerorgAdminSamplePassword - require_msp_enrollment: true - require_tls_enrollment: false +configTxProfileType: ConsortiumProfile +consortiumName: InitialConsortium +core_peer_mspconfigpath_override: "" # Required only if admin_identity name is not "admin". You will have to add the complete path to the msp directory in this case. serviceAccount: # Specifies whether a service account should be created diff --git a/examples/fabric-ops/initialpeerorg/commit-chaincode.yaml b/examples/fabric-ops/initialpeerorg/commit-chaincode.yaml index 263829a..8c6b07d 100644 --- a/examples/fabric-ops/initialpeerorg/commit-chaincode.yaml +++ b/examples/fabric-ops/initialpeerorg/commit-chaincode.yaml @@ -32,7 +32,7 @@ filestore_endpoint: http://filestore.my-hlf-domain.com:30001 filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. collection_config_file: collection-config.json collection_config_file_hash: "627dd1b8d679dc52475c148e502c576b109796df8495282ba602cc51ec173286" -core_peer_address: peer0-initialpeerorg:30002 +core_peer_address: peer0-initialpeerorg:7051 cc_name: basic-chaincode cc_version: "1.0" diff --git a/examples/fabric-ops/initialpeerorg/configure-org-channel.yaml b/examples/fabric-ops/initialpeerorg/configure-org-channel.yaml index f359e48..de6a494 100644 --- a/examples/fabric-ops/initialpeerorg/configure-org-channel.yaml +++ b/examples/fabric-ops/initialpeerorg/configure-org-channel.yaml @@ -36,19 +36,17 @@ admin_identity: # core_peer_mspconfigpath_override: /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/users/admin-initialpeerorg/msp # Organizations to be added -organizatons: +organizations: - name: org1 ica_endpoint: ica-org1.my-hlf-domain.com:30000 - identity_name: admin - identity_secret: org1AdminSamplePassword anchor_peer: peer0-org1.my-hlf-domain.com anchor_peer_port: 30000 + status: active # Set to `disabled` to remove an org from the network. - name: org2 ica_endpoint: ica-org2.my-hlf-domain.com:30000 - identity_name: admin - identity_secret: org2AdminSamplePassword anchor_peer: peer0-org2.my-hlf-domain.com anchor_peer_port: 30000 + status: active csr_names_cn: IN csr_names_st: Maharashtra diff --git a/examples/fabric-ops/orderer/orderer-addition.yaml b/examples/fabric-ops/orderer/orderer-addition.yaml index e9eae95..c498e68 100644 --- a/examples/fabric-ops/orderer/orderer-addition.yaml +++ b/examples/fabric-ops/orderer/orderer-addition.yaml @@ -21,7 +21,7 @@ csr_names_st: Maharashtra csr_names_l: Mumbai csr_names_o: Your Company Name -#MspIdOverride: ordererorg +#MspIdOverride: MyOrdererOrg, by default it is `orderer` orderer_endpoint: orderer0-orderer.my-hlf-domain.com:30000 filestore_endpoint: http://filestore.my-hlf-domain.com:30001 filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. diff --git a/examples/fabric-ops/orderer/orderer-cryptogen.yaml b/examples/fabric-ops/orderer/orderer-cryptogen.yaml index c1a6ef8..1dc2941 100644 --- a/examples/fabric-ops/orderer/orderer-cryptogen.yaml +++ b/examples/fabric-ops/orderer/orderer-cryptogen.yaml @@ -18,7 +18,7 @@ imagePullSecrets: [] ## These organizations are the list of initial organizations required to generate the genesis.block file. -organizations: +admin_organizations: - org_type: orderer org_name: orderer ica_endpoint: ica-orderer.my-hlf-domain.com:30000 @@ -35,7 +35,7 @@ organizations: - identity_name: orderer2-orderer identity_secret: orderer2ordererSamplePassword port: "30000" - - org_type: peerorg + - org_type: consortium org_name: initialpeerorg ica_endpoint: ica-initialpeerorg.my-hlf-domain.com:30000 cert_path: /root/peerorg.pem @@ -45,16 +45,13 @@ organizations: - host: peer0-initialpeerorg.my-hlf-domain.com port: "30000" -channel_artifact_dir: /scripts/channel-artifacts -base_dir: /scripts/crypto-config hlf_domain: my-hlf-domain.com orderer_system_channel: "orderer-sys-channel" -hlf_channel: "mychannel" block_file: genesis.block -config_transaction_filename: channel.tx +configTxProfileType: OrdererEtcdRaftProfile +consortiumName: InitialConsortium tlsca_endpoint: tls-ca.my-hlf-domain.com:30000 - filestore_endpoint: http://filestore.my-hlf-domain.com:30001 filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. diff --git a/examples/fabric-ops/org1/approve-chaincode.yaml b/examples/fabric-ops/org1/approve-chaincode.yaml index 4aa7c68..c2093d5 100644 --- a/examples/fabric-ops/org1/approve-chaincode.yaml +++ b/examples/fabric-ops/org1/approve-chaincode.yaml @@ -32,7 +32,7 @@ filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. require_collection_config: "true" collection_config_file: "collection-config.json" collection_config_file_hash: "627dd1b8d679dc52475c148e502c576b109796df8495282ba602cc51ec173286" -core_peer_address: peer0-org1:30002 +core_peer_address: peer0-org1:7051 cc_name: basic-chaincode cc_version: "1.0" diff --git a/examples/fabric-ops/org2/approve-chaincode.yaml b/examples/fabric-ops/org2/approve-chaincode.yaml index 3e14f04..c13b540 100644 --- a/examples/fabric-ops/org2/approve-chaincode.yaml +++ b/examples/fabric-ops/org2/approve-chaincode.yaml @@ -32,7 +32,7 @@ filestore_ssl: false # Make it `true` if `filestore_endpoint` is over https. require_collection_config: "true" collection_config_file: "collection-config.json" collection_config_file_hash: "627dd1b8d679dc52475c148e502c576b109796df8495282ba602cc51ec173286" -core_peer_address: peer0-org2:30002 +core_peer_address: peer0-org2:7051 cc_name: basic-chaincode cc_version: "1.0" diff --git a/examples/fabric-orderer/orderer.yaml b/examples/fabric-orderer/orderer.yaml index efc33b9..5792e87 100644 --- a/examples/fabric-orderer/orderer.yaml +++ b/examples/fabric-orderer/orderer.yaml @@ -101,6 +101,8 @@ global: value: file - name: ORDERER_GENERAL_LISTENADDRESS value: 0.0.0.0 + # - name: ORDERER_ADMIN_LISTENADDRESS + # value: "0.0.0.0:9443" - name: ORDERER_GENERAL_TLS_ENABLED value: "true" - name: ORDERER_GENERAL_LOCALMSPDIR diff --git a/examples/fabric-peer/initialpeerorg/values.yaml b/examples/fabric-peer/initialpeerorg/values.yaml index 3c146e9..ef497fc 100644 --- a/examples/fabric-peer/initialpeerorg/values.yaml +++ b/examples/fabric-peer/initialpeerorg/values.yaml @@ -111,7 +111,7 @@ global: peerContainerPort: "7051" peerDataDir: /var/hyperledger/production peerServiceType: ClusterIP - peerServicePort: "30002" + peerServicePort: "7051" peerDiskSize: 1G peerCertDiskSize: 50M peerPvcAccessMode: ReadWriteOnce diff --git a/examples/fabric-peer/org1/values.yaml b/examples/fabric-peer/org1/values.yaml index 777a66b..6940d0e 100644 --- a/examples/fabric-peer/org1/values.yaml +++ b/examples/fabric-peer/org1/values.yaml @@ -110,7 +110,7 @@ global: peerContainerPort: "7051" peerDataDir: /var/hyperledger/production peerServiceType: ClusterIP - peerServicePort: "30002" + peerServicePort: "7051" peerDiskSize: 1G peerCertDiskSize: 50M peerPvcAccessMode: ReadWriteOnce diff --git a/examples/fabric-peer/org2/values.yaml b/examples/fabric-peer/org2/values.yaml index fc56f9a..c615a08 100644 --- a/examples/fabric-peer/org2/values.yaml +++ b/examples/fabric-peer/org2/values.yaml @@ -107,7 +107,7 @@ global: peerContainerPort: "7051" peerDataDir: /var/hyperledger/production peerServiceType: ClusterIP - peerServicePort: "30002" + peerServicePort: "7051" peerDiskSize: 1G peerCertDiskSize: 50M peerPvcAccessMode: ReadWriteOnce diff --git a/helm-charts/fabric-ca/Chart.yaml b/helm-charts/fabric-ca/Chart.yaml index f8df2ba..1d09dfe 100644 --- a/helm-charts/fabric-ca/Chart.yaml +++ b/helm-charts/fabric-ca/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: fabric-ca description: A Helm chart for deploying Fabric CA Server in Kubernetes. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "1.5.0" diff --git a/helm-charts/fabric-ca/templates/service.yaml b/helm-charts/fabric-ca/templates/service.yaml index 8393948..384f969 100644 --- a/helm-charts/fabric-ca/templates/service.yaml +++ b/helm-charts/fabric-ca/templates/service.yaml @@ -12,9 +12,12 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} + - name: {{ include "fabric-ca.fullname" . }} + port: {{ .Values.service.port }} targetPort: http protocol: TCP - name: {{ include "fabric-ca.fullname" . }} + {{- if and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} selector: - {{- include "fabric-ca.selectorLabels" . | nindent 4 }} + {{- include "fabric-ca.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/helm-charts/fabric-ca/values.yaml b/helm-charts/fabric-ca/values.yaml index 198983c..07f0b62 100644 --- a/helm-charts/fabric-ca/values.yaml +++ b/helm-charts/fabric-ca/values.yaml @@ -55,8 +55,7 @@ service: ingress: enabled: true className: "nginx" - annotations: - nginx.ingress.kubernetes.io/ssl-passthrough: "true" + annotations: {} path: / pathType: Prefix diff --git a/helm-charts/fabric-ops/Chart.yaml b/helm-charts/fabric-ops/Chart.yaml index f3a3706..df97d96 100644 --- a/helm-charts/fabric-ops/Chart.yaml +++ b/helm-charts/fabric-ops/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: fabric-ops description: A Helm chart for performing various operations in Hyperledger fabric network. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "1.5.0" diff --git a/helm-charts/fabric-ops/README.md b/helm-charts/fabric-ops/README.md index 4370125..b16f399 100644 --- a/helm-charts/fabric-ops/README.md +++ b/helm-charts/fabric-ops/README.md @@ -9,12 +9,12 @@ A Helm chart for performing various operations in Hyperledger fabric network. - [x] [Genesis block creation](#how-to-create-genesis-block--channel-transaction-tx-) - [x] [Channel creation](#how-to-create-new-channel-in-hyperpedger-fabric-) - [x] [Anchorpeer list update on channel](#how-to-update-anchorpeer-on-channel-) -- [x] [Adding Orgs to channel](#how-to-add-a-new-org-to-channel-) +- [x] [Add/remove Orgs in channel](#how-to-addremove-an-org-in-channel-) - [x] [Chaincode installation](#how-to-install-chaincode-on-peers-) - [x] [Chaincode approval](#how-to-approve-chaincode-for-an-org-) - [x] [Chaincode commit](#how-to-commmit-chaincode-from-an-org-) -- [x] [Order addition](#how-to-add-new-order-node-into-a-running-hyperpedger-fabric-network-) -- [x] [Order TLS cert renewal](#how-to-updaterenew-orderer-node-tls-certificates-in-a-running-hyperpedger-fabric-network-) +- [x] [Orderer addition](#how-to-add-new-orderer-node-into-a-running-hyperpedger-fabric-network-) +- [x] [Orderer TLS cert renewal](#how-to-updaterenew-orderer-node-tls-certificates-in-a-running-hyperpedger-fabric-network-) #### The following parameters are common across all fabric-ops job. @@ -106,13 +106,11 @@ identities: | Parameter | Description | Default | | ------------------------ | ----------------------- | -------------- | | `fabric_actions.cryptogen` | `true` to specify the job is a cryptogen job | `true` | -| `organizations` | The array to specify the Orderer organization and Initial peer org. [Refer](#Cryptogen-array-example) | `[]` | -| `channel_artifact_dir` | Directory in which the channel artifacts will be generated inside the job pod | `"/scripts/channel-artifacts"` | -| `base_dir` | Base directory for all identity registration inside the job pod | `"/scripts/crypto-config"` | +| `admin_organizations` | The array to specify the Orderer organization and Initial peer org. [Refer](#Cryptogen-array-example) | `[]` | | `orderer_system_channel` | Orderer system channel name | `"orderer-sys-channel"` | -| `hlf_channel` | Application channel name | `""` | +| `configTxProfileType` | cc | `OrdererEtcdRaftProfile` | +| `consortiumName` | Consortium Name | `InitialConsortium` | | `block_file` | Genesisblock file name to be generated | `"genesis.block"` | -| `config_transaction_filename` | Channel transaction file name to be generated | `"channel.tx"` | | `tlsca_endpoint` | FQDN of the TLSCA server endpoint with port | `"tls-ca.my-hlf-domain.com:30000"` | | `filestore_endpoint` | FQDN of filestore server endpoint with port | `"http://filestore.my-hlf-domain.com:30001"` | | `filestore_ssl` | `true` if `filestore_endpoint` is over https. | `false` | @@ -121,7 +119,7 @@ identities: #### Cryptogen array example; ```bash -organizations: +admin_organizations: - org_type: orderer org_name: orderer ica_endpoint: ica-orderer.my-hlf-domain.com:30000 @@ -138,7 +136,7 @@ organizations: - identity_name: orderer2-orderer identity_secret: orderer2ordererSamplePassword port: "30000" - - org_type: peerorg + - org_type: consortium org_name: initialpeerorg ica_endpoint: ica-initialpeerorg.my-hlf-domain.com:30000 cert_path: /root/peerorg.pem @@ -147,9 +145,15 @@ organizations: anchor_peers: - host: peer0-initialpeerorg.my-hlf-domain.com port: "30000" + +hlf_domain: my-hlf-domain.com +orderer_system_channel: "orderer-sys-channel" +block_file: genesis.block +configTxProfileType: OrdererEtcdRaftProfile +consortiumName: InitialConsortium ``` -## How to create new Channel in hyperpedger fabric ? +## How to create new Channels in hyperpedger fabric ? | Parameter | Description | Default | | ------------------------ | ----------------------- | -------------- | @@ -159,19 +163,34 @@ organizations: | `orderer_endpoint` | FQDN of the Orderer node endpoint with port | `"orderer0-orderer.my-hlf-domain.com:30000"` | | `filestore_endpoint` | The filestore endpoint | `"http://filestore.my-hlf-domain.com:30001"` | | `filestore_ssl` | `true` if `filestore_endpoint` is over https | `false` | -| `config_transaction_filename` | Transaction filename in the filestore project dirctory | `"channel.tx"` | -| `channel_block_filename` | Initial channel block filename to be created and uploaded to filestore project dirctory | `""` | -| `hlf_channel` | Application channel name | `""` | -| `admin_identity` | Any valid Admin user identity array in `ica_endpoint`. [Refer](#Admin-identity) | `[]` | +| `app_channels` | Application channel list | `""` | +| `configTxProfileType` | Config txn creation profile name | `ConsortiumProfile` | +| `consortiumName` | Consortium name which is part of orderer gensis block creation| `InitialConsortium` | +| `admin_organizations` | Admin organization information which is already part of Consortium. [Refer](#Admin-organizations) | `[]` | -#### Admin-identity; +`NOTE: Prior to Falcon 1.2.0, the default name consortium name was "SampleConsortium".` + +#### Admin-organizations; ```bash -admin_identity: - - identity_name: admin - identity_secret: initialpeerorgAdminSamplePassword +app_channels: + - mychannel + +admin_organizations: + - org_type: consortium + org_name: initialpeerorg + ica_endpoint: ica-initialpeerorg.my-hlf-domain.com:30000 + cert_path: /root/initialpeerorg.pem + admin_identity: admin + admin_secret: initialpeerorgAdminSamplePassword require_msp_enrollment: true require_tls_enrollment: false + anchor_peers: + - host: peer0-initialpeerorg.my-hlf-domain.com + port: "30000" + +configTxProfileType: ConsortiumProfile +consortiumName: InitialConsortium ``` ## How to update AnchorPeer on channel ? @@ -198,7 +217,7 @@ anchor_peers: port: "30000" ``` -## How to add a new Org to channel ? +## How to add/remove an Org in channel ? | Parameter | Description | Default | | ------------------------ | ----------------------- | -------------- | @@ -208,24 +227,22 @@ anchor_peers: | `orderer_endpoint` | FQDN of the Orderer node endpoint with port | `"orderer0-orderer.my-hlf-domain.com:30000"` | | `hlf_channel` | The channel to update | `""` | | `admin_identity` | Any valid Admin user identity array in `ica_endpoint`. [Refer](#Admin-identity) | `[]` | -| `organizatons` | List of organizations to add. [Refer](#Organization-list-format) | `[]` | +| `organizations` | List of organizations to add. [Refer](#Organization-list-format) | `[]` | #### Organization list format; ```bash -organizatons: +organizations: - name: org1 ica_endpoint: ica-org1.my-hlf-domain.com:30000 - identity_name: admin - identity_secret: org1AdminSamplePassword anchor_peer: peer0-org1.my-hlf-domain.com anchor_peer_port: 30000 + status: active - name: org2 ica_endpoint: ica-org2.my-hlf-domain.com:30000 - identity_name: admin - identity_secret: org2AdminSamplePassword anchor_peer: peer0-org2.my-hlf-domain.com anchor_peer_port: 30000 + status: disabled ``` ## How to install Chaincode on peers ? @@ -297,7 +314,7 @@ peer_identities: | `admin_identity` | Any valid Admin user identity array in `ica_endpoint`. [Refer](#Admin-identity) | `[]` | -## How to add new Order node into a running hyperpedger fabric network ? +## How to add new Orderer node into a running hyperpedger fabric network ? | Parameter | Description | Default | | ------------------------ | ----------------------- | -------------- | @@ -311,7 +328,7 @@ peer_identities: | `additional_orderers` | List of additional oderers. Execute one at a time. [Refer](#New-orderer-for-order-addition) | `[]` | | `MspIdOverride` | To override `nameOverride` with a different MSPID | `""` | -#### Admin identity for order operation; +#### Admin identity for Orderer operation; ```bash admin_identity: diff --git a/helm-charts/fabric-ops/templates/cm-common-functions.yaml b/helm-charts/fabric-ops/templates/cm-common-functions.yaml index 10a7bea..b885584 100644 --- a/helm-charts/fabric-ops/templates/cm-common-functions.yaml +++ b/helm-charts/fabric-ops/templates/cm-common-functions.yaml @@ -174,4 +174,17 @@ data: exit fi + } + + function check_exit_status() { + + local exit_status=$1 + + if [ $exit_status -eq 0 ]; then + echo "============ [SUCCESS] ============" + break; + else + echo "============ [ERROR] One of the previous step returned an error, please debug it manually using cli pod and re-run this job if necessary. ============" + exit + fi } \ No newline at end of file diff --git a/helm-charts/fabric-ops/templates/cm-configtx.yaml b/helm-charts/fabric-ops/templates/cm-configtx.yaml index 84aaf37..2ee9332 100644 --- a/helm-charts/fabric-ops/templates/cm-configtx.yaml +++ b/helm-charts/fabric-ops/templates/cm-configtx.yaml @@ -3,12 +3,10 @@ Copyright National Payments Corporation of India. All Rights Reserved. SPDX-License-Identifier: GPL-3.0 */}} -{{- if .Values.fabric_actions.cryptogen }} +{{- if or (.Values.fabric_actions.cryptogen) (.Values.fabric_actions.create_channel) }} {{- $HlfDomain := .Values.hlf_domain }} -{{- $BaseDir := .Values.base_dir }} -{{- $OrdererOrgName := .Values.orderer_org_name }} -{{- $PeerOrgName := .Values.peer_org_name }} +{{- $BaseDir := .Values.workdir }} apiVersion: v1 kind: ConfigMap @@ -20,22 +18,12 @@ metadata: data: configtx.yaml: | Organizations: - {{- range .Values.organizations }} + {{- range .Values.admin_organizations }} - &{{ .org_name }} - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment Name: {{ .org_name }} - - # ID to load the MSP definition as ID: {{ .org_name }} - - # MSPDir is the filesystem path which contains the MSP configuration {{- $Msp_dir := printf "%s/%s/%s/%s" $BaseDir .org_name .admin_identity "msp" }} MSPDir: {{ .msp_dir | default $Msp_dir }} - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// {{- if eq "orderer" .org_type }} Policies: Readers: @@ -52,7 +40,7 @@ data: - {{ printf "%s.%s:%s" .identity_name $HlfDomain .port }} {{- end }} {{- end }} - {{- if eq "peerorg" .org_type }} + {{- if eq "consortium" .org_type }} Policies: Readers: Type: Signature @@ -66,12 +54,7 @@ data: Endorsement: Type: Signature Rule: "OR('{{ .org_name }}.peer')" - - # leave this flag set to true. AnchorPeers: - # AnchorPeers defines the location of peers which can be used - # for cross org gossip communication. Note, this value is only - # encoded in the genesis block in the Application section context {{- range .anchor_peers }} - Host: {{ .host }} Port: {{ .port }} @@ -79,59 +62,14 @@ data: {{- end }} {{- end }} Capabilities: - # Channel capabilities apply to both the orderers and the peers and must be - # supported by both. - # Set the value of the capability to true to require it. Channel: &ChannelCapabilities - # V2_0 capability ensures that orderers and peers behave according - # to v2.0 channel capabilities. Orderers and peers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 capability. - # Prior to enabling V2.0 channel capabilities, ensure that all - # orderers and peers on a channel are at v2.0.0 or later. V2_0: true - - # Orderer capabilities apply only to the orderers, and may be safely - # used with prior release peers. - # Set the value of the capability to true to require it. Orderer: &OrdererCapabilities - # V2_0 orderer capability ensures that orderers behave according - # to v2.0 orderer capabilities. Orderers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 orderer capability. - # Prior to enabling V2.0 orderer capabilities, ensure that all - # orderers on channel are at v2.0.0 or later. V2_0: true - - # Application capabilities apply only to the peer network, and may be safely - # used with prior release orderers. - # Set the value of the capability to true to require it. Application: &ApplicationCapabilities - # V2_0 application capability ensures that peers behave according - # to v2.0 application capabilities. Peers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 application capability. - # Prior to enabling V2.0 application capabilities, ensure that all - # peers on channel are at v2.0.0 or later. V2_0: true - - ################################################################################ - # - # SECTION: Application - # - # - This section defines the values to encode into a config transaction or - # genesis block for application related parameters - # - ################################################################################ Application: &ApplicationDefaults - - # Organizations is the list of orgs which are defined as participants on - # the application side of the network Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Application policies, their canonical path is - # /Channel/Application/ Policies: Readers: Type: ImplicitMeta @@ -148,47 +86,16 @@ data: Endorsement: Type: ImplicitMeta Rule: "ANY Endorsement" - Capabilities: <<: *ApplicationCapabilities - ################################################################################ - # - # SECTION: Orderer - # - # - This section defines the values to encode into a config transaction or - # genesis block for orderer related parameters - # - ################################################################################ Orderer: &OrdererDefaults - - # Orderer Type: The orderer implementation to start OrdererType: etcdraft - - # Batch Timeout: The amount of time to wait before creating a batch BatchTimeout: 1s - - # Batch Size: Controls the number of messages batched into a block BatchSize: - - # Max Message Count: The maximum number of messages to permit in a batch MaxMessageCount: 150 - - # Absolute Max Bytes: The absolute maximum number of bytes allowed for - # the serialized messages in a batch. AbsoluteMaxBytes: 99 MB - - # Preferred Max Bytes: The preferred maximum number of bytes allowed for - # the serialized messages in a batch. A message larger than the preferred - # max bytes will result in a batch larger than preferred max bytes. PreferredMaxBytes: 99 MB - - # Organizations is the list of orgs which are defined as participants on - # the orderer side of the network Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Orderer policies, their canonical path is - # /Channel/Orderer/ Policies: Readers: Type: ImplicitMeta @@ -199,72 +106,44 @@ data: Admins: Type: ImplicitMeta Rule: "ANY Admins" - # BlockValidation specifies what signatures must be included in the block - # from the orderer for the peer to validate it. BlockValidation: Type: ImplicitMeta Rule: "ANY Writers" - - ################################################################################ - # - # CHANNEL - # - # This section defines the values to encode into a config transaction or - # genesis block for channel related parameters. - # - ################################################################################ Channel: &ChannelDefaults - # Policies defines the set of policies at this level of the config tree - # For Channel policies, their canonical path is - # /Channel/ Policies: - # Who may invoke the 'Deliver' API Readers: Type: ImplicitMeta Rule: "ANY Readers" - # Who may invoke the 'Broadcast' API Writers: Type: ImplicitMeta Rule: "ANY Writers" - # By default, who may modify elements at this config level Admins: Type: ImplicitMeta Rule: "ANY Admins" - - # Capabilities describes the channel level capabilities, see the - # dedicated Capabilities section elsewhere in this file for a full - # description Capabilities: <<: *ChannelCapabilities - - ################################################################################ - # - # Profile - # - # - Different configuration profiles may be encoded here to be specified - # as parameters to the configtxgen tool - # - ################################################################################ Profiles: - - {{- range .Values.organizations }} - {{- if eq "peerorg" .org_type }} - TwoOrgsChannel: - Consortium: SampleConsortium + {{- if eq "ConsortiumProfile" .Values.configTxProfileType }} + ConsortiumProfile: + Consortium: {{ $.Values.consortiumName }} <<: *ChannelDefaults Application: <<: *ApplicationDefaults Organizations: + {{- range .Values.admin_organizations }} + {{- if eq "consortium" .org_type }} - *{{ .org_name }} + {{- end }} + {{- end }} Capabilities: <<: *ApplicationCapabilities - {{- end }} {{- end }} - SampleMultiNodeEtcdRaft: + {{- if eq "OrdererEtcdRaftProfile" .Values.configTxProfileType }} + OrdererEtcdRaftProfile: <<: *ChannelDefaults Capabilities: <<: *ChannelCapabilities - {{- range .Values.organizations }} + {{- range .Values.admin_organizations }} {{ $Org_name := .org_name }} {{- if eq "orderer" .org_type }} Orderer: @@ -293,13 +172,13 @@ data: - <<: *{{ $Org_name }} {{- end }} {{- end }} - {{- range .Values.organizations }} - {{- if eq "peerorg" .org_type }} Consortiums: - SampleConsortium: - Organizations: - - *{{ .org_name }} - {{- end }} - {{- end }} - + {{ $.Values.consortiumName }}: + Organizations: + {{- range .Values.admin_organizations }} + {{- if eq "consortium" .org_type }} + - *{{ .org_name }} + {{- end }} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/helm-charts/fabric-ops/templates/cm-configure-org-channel.yaml b/helm-charts/fabric-ops/templates/cm-configure-org-channel.yaml index 65ae39c..aec015c 100644 --- a/helm-charts/fabric-ops/templates/cm-configure-org-channel.yaml +++ b/helm-charts/fabric-ops/templates/cm-configure-org-channel.yaml @@ -10,7 +10,7 @@ SPDX-License-Identifier: GPL-3.0 {{- $IcaTlsCertFile := .Values.ica_tls_certfile | default "/tmp/ca-cert.pem" }} {{- $TlsCaTlsCertFile := .Values.tlsca_tls_certfile | default "/tmp/tlsca-cert.pem" }} {{- $ChannelName := .Values.hlf_channel }} -{{- $Msp_base_dir := printf "%s%s" .Values.workdir "/peer/crypto/users" }} +{{- $MspBaseDir := printf "%s%s" .Values.workdir "/peer/crypto/users" }} {{- if .Values.fabric_actions.configure_org_channel | default false }} @@ -21,13 +21,13 @@ metadata: labels: {{- include "fabric-ops.labels" $ | nindent 4 }} data: -{{- range .Values.organizatons }} +{{- range .Values.organizations }} configtx_{{ .name }}.yaml: | Organizations: - &{{ .name }} Name: {{ .name }} ID: {{ .name }} - {{- $MSPDir := printf "%s/%s/%s" (.msp_dir | default "/crypto-config/peerOrganizations" ) .identity_name "msp" }} + {{- $MSPDir := printf "%s/%s/%s" (.msp_dir | default "/crypto-config/peerOrganizations" ) .name "msp" }} MSPDir: {{ $MSPDir }} Policies: Readers: @@ -47,13 +47,17 @@ data: Port: {{ .anchor_peer_port }} {{- end }} fabric_configure_org_channel.sh: | + ORG_NAME=$1 + ORG_STATUS=$4 + + echo "============ Org status is set to $ORG_STATUS ============" source /scripts/fabric_enroll.sh fabric_public_key_fetch {{ $TlsCaEndpoint }} {{ $TlsCaTlsCertFile }} {{- range .Values.admin_identity }} enroll \ {{ .identity_name }} \ {{ .identity_secret }} \ - {{ .msp_base_dir | default $Msp_base_dir }} \ + {{ .msp_base_dir | default $MspBaseDir }} \ {{ .ica_endpoint | default $IcaEndPoint }} \ {{ .tlsca_endpoint | default $TlsCaEndpoint }} \ {{ .ica_tls_certfile | default $IcaTlsCertFile }} \ @@ -63,53 +67,85 @@ data: {{ .require_tls_enrollment }} {{- end }} - ORG_NAME=$1 FABRIC_CA_URL=$2 - FABRIC_IDENTITY=$3 - FABRIC_IDENTITY_SECRET=$4 - FABRIC_IDENTITY_MSP_DIR=$5 - FABRIC_TLS_CERT_FILE=/tmp/$ORG_NAME-cert.pem + FABRIC_IDENTITY_MSP_DIR=$3 - echo "============ Updating channel for $ORG_NAME ============" - enroll \ - $FABRIC_IDENTITY \ - $FABRIC_IDENTITY_SECRET \ - $FABRIC_IDENTITY_MSP_DIR \ - $FABRIC_CA_URL \ - null \ - $FABRIC_TLS_CERT_FILE \ - null \ - {{ .Values.hlf_domain }} \ - {{ .require_msp_enrollment | default "true" }} \ - {{ .require_tls_enrollment | default "false" }} - - echo "Rearranging Org specific msp directory" - mkdir $FABRIC_IDENTITY_MSP_DIR/$FABRIC_IDENTITY/msp/tlscacerts - cp -pr $FABRIC_IDENTITY_MSP_DIR/$FABRIC_IDENTITY/msp/cacerts/* $FABRIC_IDENTITY_MSP_DIR/$FABRIC_IDENTITY/msp/cacerts/ca-cert.pem - cp {{ $TlsCaTlsCertFile }} $FABRIC_IDENTITY_MSP_DIR/$FABRIC_IDENTITY/msp/tlscacerts/ca.crt + if [ $ORG_STATUS = "active" ]; then + + echo "============ Rearranging Org specific msp directory ============" + mkdir -p $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/tlscacerts + mkdir -p $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/cacerts/ + mkdir -p $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/intermediatecerts/ + fabric_public_key_fetch $FABRIC_CA_URL $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/cacerts/ca-cert.pem + cp $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/cacerts/ca-cert.pem $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/intermediatecerts/ca-cert.pem + cp {{ $TlsCaTlsCertFile }} $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/tlscacerts/ca.crt + cp /tmp/config.yaml $FABRIC_IDENTITY_MSP_DIR/$ORG_NAME/msp/config.yaml + + echo "============ Generating org material for $ORG_NAME ============" + configtxgen -configPath {{ $.Values.workdir }}/peer -printOrg $ORG_NAME > $ORG_NAME.json + + echo "============ Fetching config block ============" + peer channel fetch config config_block.pb -o {{ .Values.orderer_endpoint }} -c {{ $ChannelName }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} + echo "============ Converting the configuration to JSON (jq) ============" + configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json + echo "============ Adding the org information to JSON (jq) ============" + jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${ORG_NAME}'":.[1]}}}}}' config.json $ORG_NAME.json > modified_config.json + echo "============ Converting config.json and modified_config.json files to protocol buffer ============" + configtxlator proto_encode --input config.json --type common.Config --output config.pb + configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb + echo "============ Compute the delta between original and modified pb files ============" + configtxlator compute_update --channel_id {{ $ChannelName }} --original config.pb --updated modified_config.pb --output org_update.pb + echo "============ Convert org_update.pb to JSON format (jq) ============" + configtxlator proto_decode --input org_update.pb --type common.ConfigUpdate | jq . > org_update.json + echo "============ Update header to Envelop JSON file. ============" + echo '{"payload":{"header":{"channel_header":{"channel_id":"{{ $ChannelName }}", "type":2}},"data":{"config_update":'$(cat org_update.json)'}}}' | jq . > org_update_in_envelope.json + echo "============ Encode the Envelop JSON file to Protocol buffer. ============" + configtxlator proto_encode --input org_update_in_envelope.json --type common.Envelope --output org_update_in_envelope.pb + echo "============ Signing the Channel Configuration Update ============" + peer channel signconfigtx -f org_update_in_envelope.pb --connTimeout {{ .Values.connTimeout }} + echo "============ Updating Channel configuration by adding the org $ORG_NAME ============" + peer channel update -f org_update_in_envelope.pb -c {{ $ChannelName }} -o {{ .Values.orderer_endpoint }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} - echo "============ Generating org material for $ORG_NAME ============" - configtxgen -configPath {{ $.Values.workdir }}/peer -printOrg $ORG_NAME > $ORG_NAME.json - echo "============ Fetching config block ============" - peer channel fetch config config_block.pb -o {{ .Values.orderer_endpoint }} -c {{ $ChannelName }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} - echo "============ Converting the configuration to JSON ============" - configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json - echo "============ Add the new Org $ORG_NAME crypto material ============" - jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${ORG_NAME}'":.[1]}}}}}' config.json $ORG_NAME.json > modified_config.json - configtxlator proto_encode --input config.json --type common.Config --output config.pb - configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb - configtxlator compute_update --channel_id {{ $ChannelName }} --original config.pb --updated modified_config.pb --output org3_update.pb - configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json - echo '{"payload":{"header":{"channel_header":{"channel_id":"{{ $ChannelName }}", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json - configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb - echo "============ Signing the Channel Configuration Update ============" - peer channel signconfigtx -f org3_update_in_envelope.pb --connTimeout {{ .Values.connTimeout }} - echo "============ Updating Channel configuration ============" - peer channel update -f org3_update_in_envelope.pb -c {{ $ChannelName }} -o {{ .Values.orderer_endpoint }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} + if [ $? -ne 0 ]; then + echo "============ [ERROR] One of the previous step returned an error, please debug it manually using cli pod and re-run this job if necessary. ============" + else + echo "============ [SUCCESS] All steps have been executed successfully. ============" + fi + + elif [ $ORG_STATUS = "disabled" ]; then - if [ $? -ne 0 ]; then - echo "============ [ERROR] One of the previous step returned an error, please debug it manually using cli pod and re-run this job if necessary. ============" + echo "==========================================================================" + echo "============ Triggering org removal of $ORG_NAME from channel ============" + echo "==========================================================================" + echo "============ Fetching config block ============" + peer channel fetch config config_block.pb -o {{ .Values.orderer_endpoint }} -c {{ $ChannelName }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} + echo "============ Converting the configuration to JSON (jq) ============" + configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json + echo "============ Removing the org information from JSON (jq) ============" + jq 'del(.channel_group.groups.Application.groups.'$ORG_NAME')' config.json > modified_config.json + echo "============ Converting config.json and modified_config.json files to protocol buffer ============" + configtxlator proto_encode --input config.json --type common.Config --output config.pb + configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb + echo "============ Compute the delta between original and modified pb files ============" + configtxlator compute_update --channel_id {{ $ChannelName }} --original config.pb --updated modified_config.pb --output config_update.pb + echo "============ Convert config_update.pb to JSON format ============" + configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json + echo "============ Update header to Envelop JSON file. ============" + echo '{"payload":{"header":{"channel_header":{"channel_id":"{{ $ChannelName }}", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json + echo "============ Encode the Envelop JSON file to Protocol buffer. ============" + configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb + echo "============ Signing the Channel Configuration Update ============" + peer channel signconfigtx -f config_update_in_envelope.pb --connTimeout {{ .Values.connTimeout }} + echo "============ Updating Channel configuration by removing the org $ORG_NAME ============" + peer channel update -f config_update_in_envelope.pb -c {{ $ChannelName }} -o {{ .Values.orderer_endpoint }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} + + if [ $? -ne 0 ]; then + echo "============ [ERROR] One of the previous step returned an error, please debug it manually using cli pod and re-run this job if necessary. ============" + else + echo "============ [SUCCESS] All steps have been executed successfully. ============" + fi else - echo "============ [SUCCESS] All steps have been executed successfully. ============" + echo "Wrong Org status value. It must be either active or disabled" fi + {{- end }} \ No newline at end of file diff --git a/helm-charts/fabric-ops/templates/cm-create-channel.yaml b/helm-charts/fabric-ops/templates/cm-create-channel.yaml index 4730107..24f705b 100644 --- a/helm-charts/fabric-ops/templates/cm-create-channel.yaml +++ b/helm-charts/fabric-ops/templates/cm-create-channel.yaml @@ -3,14 +3,15 @@ Copyright National Payments Corporation of India. All Rights Reserved. SPDX-License-Identifier: GPL-3.0 */}} -{{- $Project := .Values.project }} -{{- $HlfDomain := .Values.hlf_domain }} -{{- $IcaEndPoint := .Values.ica_endpoint }} -{{- $TlsCaEndpoint := .Values.tlsca_endpoint }} -{{- $IcaTlsCertFile := .Values.ica_tls_certfile | default "/tmp/ca-cert.pem" }} -{{- $TlsCaTlsCertFile := .Values.tlsca_tls_certfile | default "/tmp/tlsca-cert.pem" }} -{{- $ChannelName := .Values.hlf_channel }} -{{- $Msp_base_dir := printf "%s%s" .Values.workdir "/peer/crypto/users" }} +{{- $Project := .Values.project }} +{{- $HlfDomain := .Values.hlf_domain }} +{{- $IcaEndPoint := .Values.ica_endpoint }} +{{- $TlsCaEndpoint := .Values.tlsca_endpoint }} +{{- $IcaTlsCertFile := .Values.ica_tls_certfile | default "/tmp/ca-cert.pem" }} +{{- $TlsCaTlsCertFile := .Values.tlsca_tls_certfile | default "/tmp/tlsca-cert.pem" }} +{{- $ChannelName := .Values.hlf_channel }} +{{- $MspBaseDir := .Values.workdir }} +{{- $ChannelArtifactDir := .Values.channel_artifact_dir | default "/scripts" }} {{- if .Values.fabric_actions.create_channel | default false }} @@ -22,13 +23,14 @@ metadata: {{- include "fabric-ops.labels" $ | nindent 4 }} data: fabric_create_channel.sh: | + channel_name=$1 source /scripts/fabric_enroll.sh fabric_public_key_fetch {{ $TlsCaEndpoint }} {{ $TlsCaTlsCertFile }} - {{- range .Values.admin_identity }} + {{- range .Values.admin_organizations }} enroll \ - {{ .identity_name }} \ - {{ .identity_secret }} \ - {{ .msp_base_dir | default $Msp_base_dir }} \ + {{ .admin_identity }} \ + {{ .admin_secret }} \ + {{ .msp_base_dir | default (printf "%s%s%s" $MspBaseDir "/" .org_name) }} \ {{ .ica_endpoint | default $IcaEndPoint }} \ {{ .tlsca_endpoint | default $TlsCaEndpoint }} \ {{ .ica_tls_certfile | default $IcaTlsCertFile }} \ @@ -36,19 +38,32 @@ data: {{ .hlf_domain | default $.Values.hlf_domain }} \ {{ .require_msp_enrollment }} \ {{ .require_tls_enrollment }} - {{- end }} + {{- end }} - get_file {{ $.Values.workdir }}/peer/{{ .Values.config_transaction_filename }} {{ .Values.filestore_endpoint }}/{{ $Project }}/{{ .Values.config_transaction_filename }} - echo "Printing the downloaded file {{ $.Values.workdir }}/peer/{{ .Values.config_transaction_filename }}" - cat {{ $.Values.workdir }}/peer/{{ .Values.config_transaction_filename }} + echo "--------------------------------------------------------------------" + echo "Generating Configuration transaction file ${channel_name}.tx at {{ $ChannelArtifactDir }}/${channel_name}.tx"; + echo "--------------------------------------------------------------------" + configtxgen -profile {{ .Values.configTxProfileType }} -outputCreateChannelTx {{ $ChannelArtifactDir }}/${channel_name}.tx -channelID ${channel_name} -configPath {{ $.Values.workdir }}/peer/ + check_exit_status $? + sleep 5 + echo "--------------------------------" + echo "Printing generated ${channel_name}.tx" + echo "--------------------------------" + configtxgen -inspectChannelCreateTx {{ $ChannelArtifactDir }}/${channel_name}.tx || jq . + echo "\n" + echo "--------------------------------------------------------------------" + CHANNELTX_SHA=$(sha256sum {{ $ChannelArtifactDir }}/${channel_name}.tx) + echo "SHA256 value = $CHANNELTX_SHA" + + echo "============ Creating channel ${channel_name} ============" + peer channel create -o {{ $.Values.orderer_endpoint }} -c ${channel_name} -f {{ $ChannelArtifactDir }}/${channel_name}.tx --outputBlock {{ $ChannelArtifactDir }}/${channel_name}.block --tls true --cafile $ORDERER_CA --connTimeout {{ $.Values.connTimeout }} + check_exit_status $? - echo "============ Creating channel ============" - peer channel create -o {{ .Values.orderer_endpoint }} -c {{ $ChannelName }} -f {{ $.Values.workdir }}/peer/{{ .Values.config_transaction_filename }} --tls true --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} - echo "============ Uploading {{ .Values.channel_block_filename }} to Filestore at {{ .Values.filestore_endpoint }} ============" - upload_file {{ .Values.channel_block_filename }} {{ .Values.filestore_endpoint }}/{{ $Project }}/ - if [ $? -ne 0 ]; then - echo "============ [ERROR] One of the previous step returned an error, please debug it manually using cli pod and re-run this job if necessary. ============" - else - echo "============ [SUCCESS] All steps have been executed successfully. ============" - fi - {{- end }} \ No newline at end of file + echo "Printing generated ${channel_name}.tx" + configtxgen -inspectBlock {{ $ChannelArtifactDir }}/${channel_name}.block | jq . + echo "============ Uploading {{ $ChannelArtifactDir }}/${channel_name}.block to Filestore at {{ $.Values.filestore_endpoint }} ============" + upload_file {{ $ChannelArtifactDir }}/${channel_name}.block {{ $.Values.filestore_endpoint }}/{{ $Project }}/ + echo "============ Uploading {{ $ChannelArtifactDir }}/${channel_name}.tx to Filestore at {{ $.Values.filestore_endpoint }} ============" + upload_file {{ $ChannelArtifactDir }}/${channel_name}.tx {{ $.Values.filestore_endpoint }}/{{ $Project }}/ + + {{- end }} \ No newline at end of file diff --git a/helm-charts/fabric-ops/templates/cm-cryptogen.yaml b/helm-charts/fabric-ops/templates/cm-cryptogen.yaml index 2e6845e..b3b2e94 100644 --- a/helm-charts/fabric-ops/templates/cm-cryptogen.yaml +++ b/helm-charts/fabric-ops/templates/cm-cryptogen.yaml @@ -5,12 +5,12 @@ SPDX-License-Identifier: GPL-3.0 {{- if .Values.fabric_actions.cryptogen }} -{{- $BaseDir := .Values.base_dir }} -{{- $Project := .Values.project }} -{{- $TlsCaEndPoint := .Values.tlsca_endpoint }} -{{- $TlsCaTlsCertFile := .Values.tlsca_tls_certfile | default "/tmp/tlsca-cert.pem" }} -{{- $HlfDomain := .Values.hlf_domain }} -{{- $ChannelName := .Values.hlf_channel }} +{{- $BaseDir := .Values.workdir }} +{{- $Project := .Values.project }} +{{- $TlsCaEndPoint := .Values.tlsca_endpoint }} +{{- $TlsCaTlsCertFile := .Values.tlsca_tls_certfile | default "/tmp/tlsca-cert.pem" }} +{{- $HlfDomain := .Values.hlf_domain }} +{{- $ChannelArtifactDir := .Values.channel_artifact_dir | default "/scripts" }} --- apiVersion: v1 kind: ConfigMap @@ -24,14 +24,15 @@ data: source /scripts/fabric_enroll.sh fabric_public_key_fetch {{ $TlsCaEndPoint }} {{ $TlsCaTlsCertFile }} - {{- range .Values.organizations }} + {{- range .Values.admin_organizations }} {{- if eq "orderer" .org_type }} {{ $org_name := .org_name }} {{ $ica_endpoint := .ica_endpoint }} {{ $cert_path := .cert_path }} {{- range .orderer_identities }} - - {{- $msp_dir := printf "%s/%s" $BaseDir $org_name }} + + echo "============ Starting Orderer identity enrollments. ============" + {{- $msp_dir := printf "%s/%s" $BaseDir $org_name }} enroll \ {{ .identity_name }} \ {{ .identity_secret }} \ @@ -56,7 +57,7 @@ data: echo "============ Starting Org admin enrollments. ============" - {{- range .Values.organizations }} + {{- range .Values.admin_organizations }} {{- $msp_dir := printf "%s/%s" $BaseDir .org_name }} enroll \ @@ -76,32 +77,25 @@ data: {{- end }} echo "--------------------------------------------------------------------" - echo "Generating Genesis block file {{ .Values.block_file }} at {{ .Values.channel_artifact_dir }}/{{ .Values.block_file }}"; + echo "Generating Genesis block file {{ .Values.block_file }} at {{ $ChannelArtifactDir }}/{{ .Values.block_file }}"; echo "--------------------------------------------------------------------" - configtxgen -profile SampleMultiNodeEtcdRaft -channelID {{ .Values.orderer_system_channel }} -outputBlock {{ .Values.channel_artifact_dir }}/{{ .Values.block_file }}; + configtxgen -profile {{ .Values.configTxProfileType }} -channelID {{ .Values.orderer_system_channel }} -outputBlock {{ $ChannelArtifactDir }}/{{ .Values.block_file }}; + + if [ $? -ne 0 ]; then + echo "============ [ERROR] Genesis block creation failed with an error, please debug it manually using cli pod and re-run this job if necessary. ============" + exit + else + echo "============ [SUCCESS] Genesis block creation has been executed successfully. ============" + fi + sleep 5; echo "--------------------------------" echo "Printing generated {{ .Values.block_file }}" echo "--------------------------------" - cat {{ .Values.channel_artifact_dir }}/{{ .Values.block_file }} + configtxgen -inspectBlock {{ $ChannelArtifactDir }}/{{ .Values.block_file }} | jq . echo "--------------------------------" - GENESIS_SHA=$(sha256sum {{ .Values.channel_artifact_dir }}/{{ .Values.block_file }}) + GENESIS_SHA=$(sha256sum {{ $ChannelArtifactDir }}/{{ .Values.block_file }}) echo "SHA256 value = $GENESIS_SHA" echo "--------------------------------" - - echo "--------------------------------------------------------------------" - echo "Generating Configuration transaction file {{ .Values.config_transaction_filename }} at {{ .Values.channel_artifact_dir }}/{{ .Values.config_transaction_filename }}"; - echo "--------------------------------------------------------------------" - configtxgen -profile TwoOrgsChannel -outputCreateChannelTx {{ .Values.channel_artifact_dir }}/{{ .Values.config_transaction_filename }} -channelID {{ $ChannelName }}; - sleep 5 - echo "--------------------------------" - echo "Printing generated {{ .Values.config_transaction_filename }}" - echo "--------------------------------" - cat {{ .Values.channel_artifact_dir }}/{{ .Values.config_transaction_filename }} - echo "\n" - echo "--------------------------------------------------------------------" - CHANNELTX_SHA=$(sha256sum {{ .Values.channel_artifact_dir }}/{{ .Values.config_transaction_filename }}) - echo "SHA256 value = $CHANNELTX_SHA" - upload_file {{ .Values.channel_artifact_dir }}/{{ .Values.block_file }} {{ .Values.filestore_endpoint }}/{{ $Project }}/ - upload_file {{ .Values.channel_artifact_dir }}/{{ .Values.config_transaction_filename }} {{ .Values.filestore_endpoint }}/{{ $Project }}/ + upload_file {{ $ChannelArtifactDir }}/{{ .Values.block_file }} {{ .Values.filestore_endpoint }}/{{ $Project }}/ {{- end }} \ No newline at end of file diff --git a/helm-charts/fabric-ops/templates/cm-update-anchor-peer.yaml b/helm-charts/fabric-ops/templates/cm-update-anchor-peer.yaml index afecbd8..1d2e770 100644 --- a/helm-charts/fabric-ops/templates/cm-update-anchor-peer.yaml +++ b/helm-charts/fabric-ops/templates/cm-update-anchor-peer.yaml @@ -46,21 +46,20 @@ data: configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json echo "============ Add the anchor peer configs ============" jq --argjson hostList "$(cat anchorpeer.json)" '.channel_group.groups.Application.groups.{{ $BankName }}.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": $hostList},"version": "0"}}' config.json > modified_config.json - echo "Executing configtxlator commands" - echo "============ Executing - configtxlator proto_encode --input config.json --type common.Config --output config.pb ============" + echo "============ Converting config.json and modified_config.json files to protocol buffer ============" configtxlator proto_encode --input config.json --type common.Config --output config.pb - echo "============ Executing - configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb ============" configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb - echo "============ Executing - configtxlator compute_update --channel_id {{ $ChannelName }} --original config.pb --updated modified_config.pb --output anchor_update.pb ============================" + echo "============ Compute the delta between original and modified pb files ============" configtxlator compute_update --channel_id {{ $ChannelName }} --original config.pb --updated modified_config.pb --output anchor_update.pb - echo "============ Executing - configtxlator proto_decode --input anchor_update.pb --type common.ConfigUpdate | jq . > anchor_update.json ============" + echo "============ Convert config_update.pb to JSON format ============" configtxlator proto_decode --input anchor_update.pb --type common.ConfigUpdate | jq . > anchor_update.json + echo "============ Update header to Envelop JSON file. ============" echo '{"payload":{"header":{"channel_header":{"channel_id":"{{ $ChannelName }}", "type":2}},"data":{"config_update":'$(cat anchor_update.json)'}}}' | jq . > anchor_update_in_envelope.json - echo "============ configtxlator proto_encode --input anchor_update_in_envelope.json --type common.Envelope --output anchor_update_in_envelope.pb ============" + echo "============ Encode the Envelop JSON file to Protocol buffer. ============" configtxlator proto_encode --input anchor_update_in_envelope.json --type common.Envelope --output anchor_update_in_envelope.pb echo "============ Signing the Channel Configuration ============" peer channel signconfigtx -f anchor_update_in_envelope.pb --connTimeout {{ .Values.connTimeout }} - echo "============ Running peer channel update ============" + echo "============ Updating Channel configuration with anchor peers list ============" peer channel update -f anchor_update_in_envelope.pb -c {{ $ChannelName }} -o {{ .Values.orderer_endpoint }} --tls --cafile $ORDERER_CA --connTimeout {{ .Values.connTimeout }} if [ $? -ne 0 ]; then diff --git a/helm-charts/fabric-ops/templates/job-configure-org-channel.yaml b/helm-charts/fabric-ops/templates/job-configure-org-channel.yaml index 087d7aa..b03eff8 100644 --- a/helm-charts/fabric-ops/templates/job-configure-org-channel.yaml +++ b/helm-charts/fabric-ops/templates/job-configure-org-channel.yaml @@ -10,12 +10,12 @@ SPDX-License-Identifier: GPL-3.0 {{ $ChannelName := .Values.channel_name }} {{ $CorePeerMspConfigPath := printf "%s%s" .Values.workdir "/peer/crypto/users/admin/msp" }} -{{- range .Values.organizatons }} +{{- range .Values.organizations }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ include "fabric-ops.fullname" $ }}-{{ .name }} + name: {{ include "fabric-ops.fullname" $ }}-{{ .name }}-{{ .status }} labels: {{- include "fabric-ops.labels" $ | nindent 4 }} spec: @@ -46,7 +46,7 @@ spec: workingDir: {{ $.Values.workdir }}/peer command: ["/bin/sh","-c"] args: - - /scripts/fabric_configure_org_channel.sh {{ .name }} {{ .ica_endpoint }} {{ .identity_name }} {{ .identity_secret }} {{ .msp_dir | default "/crypto-config/peerOrganizations" }}; + - /scripts/fabric_configure_org_channel.sh {{ .name }} {{ .ica_endpoint }} {{ .msp_dir | default "/crypto-config/peerOrganizations" }} {{ .status }}; tty: true env: - name: FABRIC_LOGGING_SPEC diff --git a/helm-charts/fabric-ops/templates/job-create-channel.yaml b/helm-charts/fabric-ops/templates/job-create-channel.yaml index a67fc6e..d447566 100644 --- a/helm-charts/fabric-ops/templates/job-create-channel.yaml +++ b/helm-charts/fabric-ops/templates/job-create-channel.yaml @@ -5,17 +5,15 @@ SPDX-License-Identifier: GPL-3.0 {{- if .Values.fabric_actions.create_channel | default false }} -{{ $BankName := .Values.nameOverride }} -{{ $HlfDomain := .Values.hlf_domain }} -{{ $ChannelName := .Values.channel_name }} -{{ $Msp_base_dir := printf "%s%s" .Values.workdir "/peer/crypto/users/" }} +{{ $BankName := .Values.nameOverride }} +{{ $CorePeerMspConfigPath := printf "%s%s%s%s%s" .Values.workdir "/" $BankName "/admin" "/msp" }} -{{- range .Values.admin_identity }} +{{- range .Values.app_channels }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ include "fabric-ops.fullname" $ }} + name: {{ $.Release.Name }}-{{ . }} labels: {{- include "fabric-ops.labels" $ | nindent 4 }} spec: @@ -46,7 +44,7 @@ spec: workingDir: {{ $.Values.workdir }}/peer command: ["/bin/sh","-c"] args: - - /scripts/fabric_create_channel.sh; + - /scripts/fabric_create_channel.sh {{ . }}; tty: true env: - name: FABRIC_LOGGING_SPEC @@ -54,7 +52,7 @@ spec: - name: CORE_PEER_LOCALMSPID value: {{ $BankName }} - name: CORE_PEER_MSPCONFIGPATH - value: {{ $.Values.core_peer_mspconfigpath_override | default (printf "%s%s%s" $Msp_base_dir .identity_name "/msp") }} + value: {{ $.Values.core_peer_mspconfigpath_override | default $CorePeerMspConfigPath }} - name: CORE_PEER_TLS_ENABLED value: "true" - name: GOPATH @@ -71,6 +69,9 @@ spec: - name: scripts subPath: fabric_create_channel.sh mountPath: /scripts/fabric_create_channel.sh + - name: configtx + subPath: configtx.yaml + mountPath: {{ $.Values.workdir }}/peer/configtx.yaml resources: {{- toYaml $.Values.resources | nindent 12 }} volumes: @@ -78,6 +79,10 @@ spec: configMap: name: {{ include "fabric-ops.fullname" $ }} defaultMode: 0777 + - name: configtx + configMap: + name: {{ include "fabric-ops.fullname" $ }}-configtx + defaultMode: 0777 - name: fabric-ops configMap: name: {{ include "fabric-ops.fullname" $ }}-functions diff --git a/helm-charts/fabric-ops/values.yaml b/helm-charts/fabric-ops/values.yaml index 9caea23..50d5f4b 100644 --- a/helm-charts/fabric-ops/values.yaml +++ b/helm-charts/fabric-ops/values.yaml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: GPL-3.0 workdir: /opt/gopath/src/github.com/hyperledger/fabric -peer_internal_service_port: "30002" +peer_internal_service_port: "7051" ttlSecondsAfterFinished: "100" retry_seconds: 60 connTimeout: 60s diff --git a/helm-charts/fabric-orderer/Chart.yaml b/helm-charts/fabric-orderer/Chart.yaml index 9aef945..2c8f6ed 100644 --- a/helm-charts/fabric-orderer/Chart.yaml +++ b/helm-charts/fabric-orderer/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: fabric-orderer description: A Helm chart for deploying Fabric Orderers in Kubernetes. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2.4" diff --git a/helm-charts/fabric-orderer/README.md b/helm-charts/fabric-orderer/README.md index 9c54fa4..f6ef0b7 100644 --- a/helm-charts/fabric-orderer/README.md +++ b/helm-charts/fabric-orderer/README.md @@ -71,6 +71,9 @@ The following table lists the configurable parameters of the Fabric-orderer char | `orderers.[].name` | The name of the orderer | `orderer[n]` | | `orderers.[].identity_name` | The identity of orderer | `""` | | `orderers.[].identity_secret` | The identity password of orderer | `""` | +| `orderers.[].command` | To override command for this orderer | `"` Default to container image spec | +| `orderers.[].args` | To override args for this orderer | `orderer` | +| `orderers.[].hlf_domain` | If want to override the `.Values.hlf_domain` for this orderer. Make sure this is matching with the endpoint in channel config. | `""` | | `orderers.[].tls_cert_archive` | The tls cert archive file name of orderer in the filestore | `"orderer[n]-orderer-tls-certs.tar.gz"` | | `orderers.[].use_existing_pvc_data` | If want to mount an existing orderer pvc instead of creating new pvc. | `""` | | `orderers.[].additionalEnvironmentVars` | If want to add additional env variables per orderer | `""` | diff --git a/helm-charts/fabric-orderer/templates/configmap.yaml b/helm-charts/fabric-orderer/templates/configmap.yaml index 0bf1550..6f729ea 100644 --- a/helm-charts/fabric-orderer/templates/configmap.yaml +++ b/helm-charts/fabric-orderer/templates/configmap.yaml @@ -44,6 +44,7 @@ data: FABRIC_IDENTITY=$2 FABRIC_IDENTITY_SECRET=$3 FABRIC_TLS_CERT_FILE=$4 + HLF_DOMAIN=$5 while true; do echo "======== Enrolling to https://$FABRIC_CA_URL as $FABRIC_IDENTITY ========" @@ -51,7 +52,7 @@ data: --url https://$FABRIC_IDENTITY:$FABRIC_IDENTITY_SECRET@$FABRIC_CA_URL \ --mspdir {{ $.Values.orderer_cert_base_dir }}/msp \ --tls.certfiles $FABRIC_TLS_CERT_FILE \ - --csr.hosts $FABRIC_IDENTITY,$FABRIC_IDENTITY.{{ $HlfDomain }} \ + --csr.hosts $FABRIC_IDENTITY,$FABRIC_IDENTITY.$HLF_DOMAIN \ --csr.names O='{{ $.Values.csr_names_o }}',L={{ $.Values.csr_names_l }},ST={{ $.Values.csr_names_st }},C={{ $.Values.csr_names_cn }} if [ $? -eq 0 ]; then echo "======== Identity is valid and enrollment is successful. ========" @@ -145,7 +146,7 @@ data: echo "======== Cound not find a client certificate at {{ $.Values.orderer_cert_base_dir }}/msp/signcerts/cert.pem. Proceeding to further msp enrollment ========" rm -rf {{ $.Values.orderer_cert_base_dir }}/msp fabric_public_key_fetch $1 $4 - fabric_enroll $1 $2 $3 $4 + fabric_enroll $1 $2 $3 $4 {{ .hlf_domain | default $HlfDomain }} fi if [ -f "{{ $.Values.orderer_cert_base_dir }}/tls/signcerts/cert.pem" ]; then diff --git a/helm-charts/fabric-orderer/templates/deployment.yaml b/helm-charts/fabric-orderer/templates/deployment.yaml index e89edfa..d18daab 100644 --- a/helm-charts/fabric-orderer/templates/deployment.yaml +++ b/helm-charts/fabric-orderer/templates/deployment.yaml @@ -74,8 +74,21 @@ spec: image: "{{ $.Values.global.image.repository }}:{{ $.Values.global.image.tag | default $.Chart.AppVersion }}" imagePullPolicy: {{ $.Values.global.image.pullPolicy }} workingDir: /opt/gopath/src/github.com/hyperledger/fabric + {{- if .command }} + command: + {{- range .command }} + - "{{ . }}" + {{- end }} + {{- end }} + {{- if .args }} + args: + {{- range .args }} + - "{{ . }}" + {{- end }} + {{- else }} args: - orderer + {{- end }} env: - name: ORDERER_GENERAL_GENESISFILE {{- if .block_file }} diff --git a/helm-charts/fabric-orderer/templates/ingress.yaml b/helm-charts/fabric-orderer/templates/ingress.yaml index fd434d0..63c49ed 100644 --- a/helm-charts/fabric-orderer/templates/ingress.yaml +++ b/helm-charts/fabric-orderer/templates/ingress.yaml @@ -7,9 +7,11 @@ SPDX-License-Identifier: GPL-3.0 {{- $Name := .Values.nameOverride | default .Chart.Name -}} {{- $Annotations := .Values.global.ingress.annotations -}} {{- $ClassName := .Values.global.ingress.className -}} +{{- $IngressEnabled := .Values.global.ingressEnabled -}} {{- range .Values.orderers }} - {{- if .ingressEnabled | default $.Values.global.ingressEnabled }} +{{- if or $IngressEnabled .ingressEnabled }} +{{- if (ne .ingressEnabled false) }} --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -28,7 +30,7 @@ metadata: spec: ingressClassName: {{ $ClassName }} rules: - - host: {{ .identity_name }}.{{ $.Values.hlf_domain }} + - host: {{ .identity_name }}.{{ .hlf_domain | default $.Values.hlf_domain }} http: paths: - path: / @@ -37,6 +39,7 @@ spec: service: name: {{ .name }}-{{ include "fabric-orderer.fullname" $ }} port: - number: {{ $.Values.global.servicePort }} - {{- end }} -{{- end }} \ No newline at end of file + number: {{ .servicePort | default $.Values.global.servicePort }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm-charts/fabric-orderer/templates/pvc.yaml b/helm-charts/fabric-orderer/templates/pvc.yaml index d469993..ec75dc4 100644 --- a/helm-charts/fabric-orderer/templates/pvc.yaml +++ b/helm-charts/fabric-orderer/templates/pvc.yaml @@ -20,7 +20,7 @@ spec: - {{ .storageAccessMode | default ($.Values.global.storageAccessMode | default "ReadWriteOnce") }} resources: requests: - storage: {{ .dataStorageSize | default ($.Values.global.storageSize | default "5Gi") }} + storage: {{ .dataStorageSize | default ($.Values.global.dataStorageSize | default "5Gi") }} storageClassName: {{ .storageClass | default ($.Values.global.storageClass | default "default") }} {{- end }} --- diff --git a/helm-charts/fabric-orderer/templates/service.yaml b/helm-charts/fabric-orderer/templates/service.yaml index 78d46de..435a461 100644 --- a/helm-charts/fabric-orderer/templates/service.yaml +++ b/helm-charts/fabric-orderer/templates/service.yaml @@ -16,12 +16,15 @@ metadata: {{ toYaml .additionalLabels | nindent 4 }} {{- end }} spec: - type: {{ $.Values.global.serviceType | default "ClusterIP" }} + type: {{ .serviceType | default ($.Values.global.serviceType | default "ClusterIP") }} ports: - - port: {{ $.Values.global.servicePort }} - targetPort: {{ $.Values.global.containerPort }} + - name: http + port: {{ .servicePort | default $.Values.global.servicePort }} + targetPort: {{ .containerPort | default $.Values.global.containerPort }} protocol: TCP - name: http + {{- if and (eq .serviceType "NodePort") (not (empty .serviceNodePort)) }} + nodePort: {{ .serviceNodePort }} + {{- end }} selector: {{- include "fabric-orderer.selectorLabels" $ | nindent 4 }} app: {{ .name }}-{{ include "fabric-orderer.fullname" $ }} @@ -38,12 +41,15 @@ metadata: {{ toYaml .additionalLabels | nindent 4 }} {{- end }} spec: - type: {{ $.Values.global.operations.serviceType | default "ClusterIP" }} + type: {{ .operationsServiceType | default ($.Values.global.operations.serviceType | default "ClusterIP") }} ports: - - port: {{ $.Values.global.operations.servicePort }} + - name: {{ $.Values.global.operations.serviceName }} + port: {{ .operationsServicePort | default $.Values.global.operations.servicePort }} targetPort: 8443 protocol: TCP - name: {{ $.Values.global.operations.serviceName }} + {{- if and (eq .operationsServiceType "NodePort") (not (empty .operationServiceNodePort)) }} + nodePort: {{ .operationServiceNodePort }} + {{- end }} selector: {{- include "fabric-orderer.selectorLabels" $ | nindent 4 }} app: {{ .name }}-{{ include "fabric-orderer.fullname" $ }} diff --git a/helm-charts/fabric-orderer/values.yaml b/helm-charts/fabric-orderer/values.yaml index 38acf0e..19b7599 100644 --- a/helm-charts/fabric-orderer/values.yaml +++ b/helm-charts/fabric-orderer/values.yaml @@ -15,22 +15,30 @@ podSecurityContext: {} securityContext: {} resources: {} startupProbe: - tcpSocket: - port: 7050 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 failureThreshold: 3 -readinessProbe: - tcpSocket: - port: 7050 + httpGet: + path: /healthz + port: 8443 + scheme: HTTP periodSeconds: 10 + successThreshold: 1 +readinessProbe: failureThreshold: 3 -livenessProbe: - tcpSocket: - port: 7050 + httpGet: + path: /healthz + port: 8443 + scheme: HTTP periodSeconds: 10 + successThreshold: 1 +livenessProbe: failureThreshold: 3 + httpGet: + path: /healthz + port: 8443 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + ## Example complete list of orderer deployment values. # orderers: diff --git a/helm-charts/fabric-peer/Chart.yaml b/helm-charts/fabric-peer/Chart.yaml index c92ab89..97413af 100644 --- a/helm-charts/fabric-peer/Chart.yaml +++ b/helm-charts/fabric-peer/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: fabric-peer description: A Helm chart for deploying Fabric Peers in Kubernetes. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "2.4" diff --git a/helm-charts/fabric-peer/templates/ingress.yaml b/helm-charts/fabric-peer/templates/ingress.yaml index b40e3a5..f0642b4 100644 --- a/helm-charts/fabric-peer/templates/ingress.yaml +++ b/helm-charts/fabric-peer/templates/ingress.yaml @@ -3,8 +3,15 @@ Copyright National Payments Corporation of India. All Rights Reserved. SPDX-License-Identifier: GPL-3.0 */}} +{{- $Chart := .Chart.Name -}} +{{- $Name := .Values.nameOverride | default .Chart.Name -}} +{{- $Annotations := .Values.global.ingress.annotations -}} +{{- $ClassName := .Values.global.ingressClass -}} +{{- $IngressEnabled := .Values.global.ingressEnabled -}} + {{- range .Values.peers }} - {{- if .ingressEnabled | default $.Values.global.ingressEnabled }} +{{- if or $IngressEnabled .ingressEnabled }} +{{- if (ne .ingressEnabled false) }} --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -16,12 +23,12 @@ metadata: {{- if .additionalLabels -}} {{ toYaml .additionalLabels | nindent 4 }} {{- end }} - {{- with $.Values.global.ingress.annotations }} + {{- with $Annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .ingressClass | default $.Values.global.ingressClass }} + ingressClassName: {{ .ingressClass | default $ClassName }} rules: - host: {{ .name }}-{{ include "fabric-peer.name" $ }}.{{ $.Values.global.hlf_domain }} http: @@ -33,5 +40,6 @@ spec: name: {{ .name }}-{{ include "fabric-peer.name" $ }} port: number: {{ .peerServicePort | default $.Values.global.peerServicePort }} - {{- end }} +{{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/helm-charts/fabric-peer/templates/service.yaml b/helm-charts/fabric-peer/templates/service.yaml index 5ad4f49..2d6f80d 100644 --- a/helm-charts/fabric-peer/templates/service.yaml +++ b/helm-charts/fabric-peer/templates/service.yaml @@ -21,8 +21,11 @@ spec: ports: - name: peer port: {{ .peerServicePort | default $.Values.global.peerServicePort }} - targetPort: 7051 + targetPort: {{ .peerContainerPort | default $.Values.global.peerContainerPort }} protocol: TCP + {{- if and (eq .peerServiceType "NodePort") (not (empty .peerServiceNodePort)) }} + nodePort: {{ .peerServiceNodePort }} + {{- end }} selector: app: {{ .name }}-{{ include "fabric-peer.name" $ }} {{- include "fabric-peer.selectorLabels" $ | nindent 4 }} @@ -47,8 +50,11 @@ spec: ports: - name: couchdb port: {{ .couchServicePort | default $.Values.global.couchServicePort }} - targetPort: 5984 + targetPort: {{ .couchContainerPort | default $.Values.global.couchContainerPort }} protocol: TCP + {{- if and (eq .couchServiceType "NodePort") (not (empty .couchServiceNodePort)) }} + nodePort: {{ .couchServiceNodePort }} + {{- end }} selector: app: {{ .name }}-{{ include "fabric-peer.name" $ }} {{- include "fabric-peer.selectorLabels" $ | nindent 4 }} @@ -74,6 +80,9 @@ spec: port: {{ .operationsServicePort | default $.Values.global.operations.servicePort }} targetPort: 9443 protocol: TCP + {{- if and (eq .operationsServiceType "NodePort") (not (empty .operationServiceNodePort)) }} + nodePort: {{ .operationServiceNodePort }} + {{- end }} selector: app: {{ .name }}-{{ include "fabric-peer.name" $ }} {{- include "fabric-peer.selectorLabels" $ | nindent 4 }} diff --git a/helm-charts/fabric-peer/templates/statefulset.yaml b/helm-charts/fabric-peer/templates/statefulset.yaml index 51a8354..e339a03 100644 --- a/helm-charts/fabric-peer/templates/statefulset.yaml +++ b/helm-charts/fabric-peer/templates/statefulset.yaml @@ -268,7 +268,7 @@ spec: configMap: name: {{ .name }}-{{ include "fabric-peer.fullname" $ }}-conf defaultMode: 0777 - {{- if not .require_certs_dir_persistence }} + {{- if not (.require_certs_dir_persistence | default $.Values.global.require_certs_dir_persistence) }} - name: cert-peer emptyDir: sizeLimit: {{ $.Values.global.peerCertDiskSize }} diff --git a/helm-charts/fabric-tools/Chart.yaml b/helm-charts/fabric-tools/Chart.yaml index 7d28952..9cd7ed6 100644 --- a/helm-charts/fabric-tools/Chart.yaml +++ b/helm-charts/fabric-tools/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: fabric-tools description: A Helm chart for deploying Fabric cli tools in Kubernetes. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "1.5.0" diff --git a/helm-charts/filestore/Chart.yaml b/helm-charts/filestore/Chart.yaml index 5029551..e75969e 100644 --- a/helm-charts/filestore/Chart.yaml +++ b/helm-charts/filestore/Chart.yaml @@ -4,5 +4,5 @@ apiVersion: v2 name: filestore description: A Helm chart for deploying an Nginx file sharing web server in Kubernetes. type: application -version: 1.1.0 +version: 1.2.0 appVersion: "1.16.0" \ No newline at end of file