diff --git a/test-network/ADD_ORDERER_TUTORIAL.md b/test-network/ADD_ORDERER_TUTORIAL.md new file mode 100644 index 0000000000..82be5acc93 --- /dev/null +++ b/test-network/ADD_ORDERER_TUTORIAL.md @@ -0,0 +1,310 @@ +# Adding Orderer To An Existing Network + +## Create an initial cluster +Fabric supports adding new orderer to an existing functioning network. +We will lay out a simple scenario of such functionality using the **test-network** sample. + +### Exending the test network to support the fifth orderer +We extend the `docker-compose-bft` and the `crypto-config-orderer.yaml` to support 5 orderers.\ +In the `crypto-config-orderer.yaml` we should add: +```yaml +- Hostname: orderer5 + SANS: + - localhost +``` + +In the `docker-compose-bft` we should create a new volume in the volumes section: +```yaml +volumes: + - ... + - orderer5.example.com +``` +Now, add the definition of the new orderer: +(Note that you can change the ports according to your needs) +```yaml +orderer5.example.com: +container_name: orderer5.example.com +image: hyperledger/fabric-orderer:latest +labels: + service: hyperledger-fabric +environment: + - FABRIC_LOGGING_SPEC=DEBUG + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7060 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7061 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer5.example.com:9450 + - ORDERER_METRICS_PROVIDER=prometheus +working_dir: /root +command: orderer +volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls:/var/hyperledger/orderer/tls + - orderer5.example.com:/var/hyperledger/production/orderer +ports: + - 7060:7060 + - 7061:7061 + - 9450:9450 +networks: + - test +``` + +We also add the following volume to the CLI container definition: +```yaml +volumes: + - ../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls:/var/hyperledger/orderer/tls +``` + +### Running the cluster +Use: +```shell +./network.sh createChannel -bft +``` +This command will start a network of 4 orderers and 2 peers and 1 CLI, a container of the fifth orderer will be started +as well, but is not a part of the network at this stage. + +## Altering the config +The following commands should be executing from the CLI container. + +### Getting the last config block +The `peer` command uses environment variables to define the context of the organization in which it will run, we will +change the context to: +```shell +export CORE_PEER_LOCALMSPID="Org1MSP" +export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA +export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp +export CORE_PEER_ADDRESS=localhost:7051 +``` +Now, in order to get the last config block we will make: +```shell +peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile "$ORDERER_CA" +``` + +### Convert the block to a JSON +Convert the block to JSON: +```shell +configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json +``` +Extract the config from the JSON block: +```shell +jq .data.data[0].payload.data.config config_block.json > original_config.json +``` + +### Add the fifth orderer to the config +The output of this stage is an update TX, you can calculate the TX from the CLI container, +or copy the `original_config.json` and make all the changes on your local machine.\ +Create a copy of `original_config.json` named `modified_config.json`. +In the new JSON file we need to make 4 changes: + +#### 1. Add the orderer to the known endpoints +Go to **channel_group → groups → Orderer → groups → OrdererOrg → values → Endpoints → value → addresses** +and add the new orderer endpoint. +```json lines +[ + "orderer.example.com:7050", + "orderer.example.com:7052", + "orderer.example.com:7056", + "orderer.example.com:7058", + "orderer.example.com:7060" +] +``` + +#### 2. Add the orderer to the known identities +Go to **channel_group → groups → Orderer → policies → BlockValidation → policy → value → identities** +and add the base64 encode of the identity certificate, please correct the path according to your needs. + +```json +{ + "principal": { + "id_bytes": ".../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/signcerts/orderer5.example.com-cert.pem", + "mspid": "OrdererMSP" + }, + "principal_classification": "IDENTITY" +} +``` + +#### 3. Add the orderer to the policy rules +Go to **channel_group → groups → Orderer → policies → BlockValidation → policy → value → rule**, +change the **n** to be: +``` +# Given that the new number of nodes in cluster is num_of_nodes: +f = int((num_of_nodes - 1) / 3) +n = ceil((num_of_nodes + f + 1) / 2) +``` + +And add a `signed_by` object for the new orderer: + +```json +{ + "n_out_of": { + "n": 4, + "rules": [ + { + "signed_by": 0 + }, + { + "signed_by": 1 + }, + { + "signed_by": 2 + }, + { + "signed_by": 3 + }, + { + "signed_by": 4 + } + ] + } +} +``` + +#### 4. Add the orderer to the concenter mapping +Go to **channel_group → groups → Orderer → values → Orderers → value → consenter_mapping** +and add the base64 encode of the identity, client TLS and server TLS certificates, please correct the paths according +to your needs. +```json +{ + "client_tls_cert": ".../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts/tlsca.example.com-cert.pem", + "host": "orderer5.example.com", + "id": 5, + "identity": ".../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/signcerts/orderer5.example.com-cert.pem", + "msp_id": "OrdererMSP", + "port": 7060, + "server_tls_cert": ".../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" +} +``` + +We made this process easy and created a Python script which can be found in the `scripts` subfolder that does just that (steps 1-4)! +Example for the script usage: +```shell +python3 add_new_orderer_to_config.py original_config.json modified_config.json +-a orderer5.example.com:7060 +-i .../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/signcerts/orderer5.example.com-cert.pem +-s .../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts/tlsca.example.com-cert.pem +-c .../test-network/organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/msp/tlscacerts/tlsca.example.com-cert.pem +``` + +Calculate the update using: +```shell +configtxlator proto_encode --input original_config.json --type common.Config --output original_config.pb +configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb +configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb --output config_update.pb +configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json +echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json +configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output envelope.pb +``` + +`envelope.pb` is the config update TX, note that it does not contain any paths, +if it was created on your local machine, please copy it to the CLI container. + +## Make the update +From the CLI we need to sign the TX using one of the peers' organizations and the orderes' organization. +Since we are in the context of the peer organization `Org1`, we can simply: +```shell +peer channel signconfigtx -f envelope.pb +``` +Now we switch to the orderer organization `Orderer`: +```shell +export CORE_PEER_TLS_ENABLED=true +export CORE_PEER_LOCALMSPID="OrdererMSP" +export CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/orderer/tls/ca.crt +export CORE_PEER_MSPCONFIGPATH=/var/hyperledger/orderer/msp +export CORE_PEER_ADDRESS=localhost:7050 +``` +And we update the orderer: +```shell +peer channel update -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel -f envelope.pb --tls --cafile "$ORDERER_CA" +``` + +The output of this command looks similar to: +``` +INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized +INFO [channelCmd] update -> Successfully submitted channel update +``` + +The new orderer has been added to the cluster, but not to the test channel. + +## Use the `osnadmin` CLI to add the new orderer to the test channel + +The new orderer needs to run the following command: + +```shell +export OSN_TLS_CA_ROOT_CERT=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem +export ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt +export ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key + +osnadmin channel join --channelID [CHANNEL_NAME] --config-block [CHANNEL_CONFIG_BLOCK] -o [ORDERER_ADMIN_LISTENADDRESS] --ca-file $OSN_TLS_CA_ROOT_CERT --client-cert $ADMIN_TLS_SIGN_CERT --client-key $ADMIN_TLS_PRIVATE_KEY +``` + +Replace: +- `CHANNEL_NAME` with the name you want to call this channel. +- `CHANNEL_CONFIG_BLOCK` with the path and file name of the genesis block or the latest config block. +- `ORDERER_ADMIN_LISTENADDRESS` corresponds to the `Orderer.Admin.ListenAddress` defined in the `orderer.yaml` for this orderer. +- `OSN_TLS_CA_ROOT_CERT` with the path and file name of the orderer organization TLS CA root certificate and intermediate certificate if using an intermediate TLS CA. +- `ADMIN_TLS_SIGN_CERT` with the path and file name of the admin client signed certificate from the TLS CA. +- `ADMIN_TLS_PRIVATE_KEY` with the path and file name of the admin client private key from the TLS CA. + +For example: +```shell +osnadmin channel join --channelID mychannel --config-block ./channel-artifacts/mychannel.block -o localhost:7061 --ca-file "$OSN_TLS_CA_ROOT_CERT" --client-cert "$ADMIN_TLS_SIGN_CERT" --client-key "$ADMIN_TLS_PRIVATE_KEY" +``` + +**Note:** Because the connection between the `osnadmin` CLI and the orderer requires mutual TLS, you need to pass the `--client-cert` and `--client-key` parameters on each `osadmin` command. The `--client-cert` parameter points to the admin client certificate and `--client-key` refers to the admin client private key, both issued by the admin client TLS CA. + +The output of this command looks similar to: +``` +Status: 201 +{ + "name": "mychannel", + "url": "/participation/v1/channels/mychannel", + "consensusRelation": "follower", + "status": "onboarding", + "height": 0 +} +``` + +You should see something similar to the following in your orderer logs: +``` +INFO [orderer.consensus.smartbft.chain] NewChain -> SmartBFT-v3 is now servicing chain mychannel channel=mychannel +INFO [orderer.common.cluster] ConfigureNodeCerts -> Updating nodes identity, channel: mychannel, nodes: [id:1 host:"orderer.example.com" port:7050 msp_id:"OrdererMSP" identity:"..." client_tls_cert:"..." server_tls_cert:"..." ] +``` + +You can read further about the osnadmin command [here](https://hyperledger-fabric.readthedocs.io/en/latest/create_channel/create_channel_participation.html#step-two-use-the-osnadmin-cli-to-add-the-first-orderer-to-the-channel). + +## Use the `osnadmin` CLI to remove the new orderer from the test channel + +Use the command: +```shell +osnadmin channel remove -o localhost:7061 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" --channelID mychannel +``` + +The result should be: +``` +Status: 204 +``` + +You should see something similar to the following in your orderer logs: +``` +INFO [orderer.consensus.smartbft.chain] Halt -> Shutting down chain channel=mychannel +INFO [orderer.consensus.smartbft.consensus] func1 -> Exiting channel=mychannel +INFO [orderer.consensus.smartbft.consensus] func1 -> Exiting channel=mychannel +INFO [orderer.common.multichannel] removeMember -> Removed channel: mychannel +``` diff --git a/test-network/README.md b/test-network/README.md index 91b06438ab..b43d27a1c3 100644 --- a/test-network/README.md +++ b/test-network/README.md @@ -2,6 +2,26 @@ You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample. +If you are planning to run the test network with consesnsus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel. +That is to create a network use: +```bash +./network.sh up -bft +``` + +To create a channel use: + +```bash +./network.sh createChannel -bft +``` + +To restart a running network use: + +```bash +./network.sh restart -bft +``` + +Note that running the createChannel command will start the network, if it is not already running. + Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation. ## Using the Peer commands diff --git a/test-network/bft-config/configtx.yaml b/test-network/bft-config/configtx.yaml new file mode 100644 index 0000000000..9e68982d61 --- /dev/null +++ b/test-network/bft-config/configtx.yaml @@ -0,0 +1,312 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Section: Organizations +# +# - This section defines the different organizational identities which will +# be referenced later in the configuration. +# +################################################################################ +Organizations: + - &OrdererOrg + # SampleOrg defines an MSP using the sampleconfig. It should never be used + # in production but may be used as a template for other definitions + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: OrdererOrg + # ID to load the MSP definition as + ID: OrdererMSP + # MSPDir is the filesystem path which contains the MSP configuration + MSPDir: ../organizations/ordererOrganizations/example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + OrdererEndpoints: + - orderer.example.com:7050 + - orderer.example.com:7052 + - orderer.example.com:7056 + - orderer.example.com:7058 + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + # ID to load the MSP definition as + ID: Org1MSP + MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org1MSP.peer')" + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + # ID to load the MSP definition as + ID: Org2MSP + MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org2MSP.peer')" +################################################################################ +# +# SECTION: Capabilities +# +# - This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V3.0 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v3.0.0 + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V3.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v3.0.0 or later. + V3_0: true + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V2_0 orderer capability ensures that orderers behave according + # to v2.0 orderer capabilities. Orderers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 orderer capability. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on channel are at v2.0.0 or later. + V2_0: true + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V2.5 for Application enables the new non-backwards compatible + # features of fabric v2.5, namely the ability to purge private data. + # Prior to enabling V2.5 application capabilities, ensure that all + # peers on a channel are at v2.5.0 or later. + V2_5: true +################################################################################ +# +# SECTION: Application +# +# - This section defines the values to encode into a config transaction or +# genesis block for application related parameters +# +################################################################################ +Application: &ApplicationDefaults + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Capabilities: + <<: *ApplicationCapabilities +################################################################################ +# +# SECTION: Orderer +# +# - This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters +# +################################################################################ +Orderer: &OrdererDefaults + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + # Batch Size: Controls the number of messages batched into a block + BatchSize: + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities +################################################################################ +# +# Profile +# +# - Different configuration profiles may be encoded here to be specified +# as parameters to the configtxgen tool +# +################################################################################ +Profiles: + ChannelUsingBFT: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - *OrdererOrg + Capabilities: *OrdererCapabilities + OrdererType: BFT + SmartBFT: + RequestBatchMaxCount: 100 + RequestBatchMaxInterval: 50ms + RequestForwardTimeout: 2s + RequestComplainTimeout: 20s + RequestAutoRemoveTimeout: 3m0s + ViewChangeResendInterval: 5s + ViewChangeTimeout: 20s + LeaderHeartbeatTimeout: 1m0s + CollectTimeout: 1s + RequestBatchMaxBytes: 10485760 + IncomingMessageBufferSize: 200 + RequestPoolSize: 100000 + LeaderHeartbeatCount: 10 + ConsenterMapping: + - ID: 1 + Host: orderer.example.com + Port: 7050 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + - ID: 2 + Host: orderer2.example.com + Port: 7052 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/orderer2.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + - ID: 3 + Host: orderer3.example.com + Port: 7056 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/signcerts/orderer3.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + - ID: 4 + Host: orderer4.example.com + Port: 7058 + MSPID: OrdererMSP + Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/signcerts/orderer4.example.com-cert.pem + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + - *Org2 + Capabilities: *ApplicationCapabilities \ No newline at end of file diff --git a/test-network/compose/compose-bft-test-net.yaml b/test-network/compose/compose-bft-test-net.yaml new file mode 100644 index 0000000000..cdab05e349 --- /dev/null +++ b/test-network/compose/compose-bft-test-net.yaml @@ -0,0 +1,287 @@ +version: '3.7' + +volumes: + orderer.example.com: + orderer2.example.com: + orderer3.example.com: + orderer4.example.com: + peer0.org1.example.com: + peer0.org2.example.com: + +networks: + test: + name: fabric_test + +services: + + orderer.example.com: + container_name: orderer.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7050 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls + - orderer.example.com:/var/hyperledger/production/orderer + ports: + - 7050:7050 + - 7053:7053 + - 9443:9443 + networks: + - test + + orderer2.example.com: + container_name: orderer2.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7052 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7055 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer2.example.com:9446 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls + - orderer2.example.com:/var/hyperledger/production/orderer + ports: + - 7052:7052 + - 7055:7055 + - 9446:9446 + networks: + - test + + orderer3.example.com: + container_name: orderer3.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7056 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7057 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer3.example.com:9447 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls + - orderer3.example.com:/var/hyperledger/production/orderer + ports: + - 7056:7056 + - 7057:7057 + - 9447:9447 + networks: + - test + + orderer4.example.com: + container_name: orderer4.example.com + image: hyperledger/fabric-orderer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_LISTENPORT=7058 + - ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_GENERAL_BOOTSTRAPMETHOD=none + - ORDERER_CHANNELPARTICIPATION_ENABLED=true + - ORDERER_ADMIN_TLS_ENABLED=true + - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7059 + - ORDERER_OPERATIONS_LISTENADDRESS=orderer4.example.com:9448 + - ORDERER_METRICS_PROVIDER=prometheus + working_dir: /root + command: orderer + volumes: + - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp + - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls + - orderer4.example.com:/var/hyperledger/production/orderer + ports: + - 7058:7058 + - 7059:7059 + - 9448:9448 + networks: + - test + + + + + peer0.org1.example.com: + container_name: peer0.org1.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.org1.example.com + - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric + - peer0.org1.example.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 7051:7051 + - 9444:9444 + networks: + - test + + peer0.org2.example.com: + container_name: peer0.org2.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_PROFILE_ENABLED=false + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + # Peer specific variables + - CORE_PEER_ID=peer0.org2.example.com + - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 + - CORE_PEER_LOCALMSPID=Org2MSP + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 + - CORE_METRICS_PROVIDER=prometheus + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} + - CORE_CHAINCODE_EXECUTETIMEOUT=300s + volumes: + - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric + - peer0.org2.example.com:/var/hyperledger/production + working_dir: /root + command: peer node start + ports: + - 9051:9051 + - 9445:9445 + networks: + - test + + cli: + container_name: cli + image: hyperledger/fabric-tools:latest + labels: + service: hyperledger-fabric + tty: true + stdin_open: true + environment: + - GOPATH=/opt/gopath + - FABRIC_LOGGING_SPEC=INFO + - FABRIC_CFG_PATH=/etc/hyperledger/peercfg + #- FABRIC_LOGGING_SPEC=DEBUG + working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer + command: /bin/bash + volumes: + - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations + - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + depends_on: + - peer0.org1.example.com + - peer0.org2.example.com + networks: + - test \ No newline at end of file diff --git a/test-network/compose/compose-test-net.yaml b/test-network/compose/compose-test-net.yaml index 6e0aef26b3..ba3a968c10 100644 --- a/test-network/compose/compose-test-net.yaml +++ b/test-network/compose/compose-test-net.yaml @@ -87,8 +87,8 @@ services: - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric - - peer0.org1.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric + - peer0.org1.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -120,14 +120,14 @@ services: - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 - CORE_PEER_LOCALMSPID=Org2MSP - - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp + - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445 - CORE_METRICS_PROVIDER=prometheus - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"} - CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes: - - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric - - peer0.org2.example.com:/var/hyperledger/production + - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric + - peer0.org2.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports: @@ -151,10 +151,10 @@ services: working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes: - - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations - - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations + - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ depends_on: - peer0.org1.example.com - peer0.org2.example.com networks: - - test + - test \ No newline at end of file diff --git a/test-network/compose/docker/docker-compose-bft-test-net.yaml b/test-network/compose/docker/docker-compose-bft-test-net.yaml new file mode 100644 index 0000000000..68f6dc565b --- /dev/null +++ b/test-network/compose/docker/docker-compose-bft-test-net.yaml @@ -0,0 +1,38 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '3.7' +services: + peer0.org1.example.com: + container_name: peer0.org1.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + peer0.org2.example.com: + container_name: peer0.org2.example.com + image: hyperledger/fabric-peer:latest + labels: + service: hyperledger-fabric + environment: + #Generic peer variables + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg + - ${DOCKER_SOCK}:/host/var/run/docker.sock + + cli: + container_name: cli + image: hyperledger/fabric-tools:latest + volumes: + - ./docker/peercfg:/etc/hyperledger/peercfg diff --git a/test-network/configtx/configtx.yaml b/test-network/configtx/configtx.yaml index 01fb15fb3e..6f783e2ad1 100644 --- a/test-network/configtx/configtx.yaml +++ b/test-network/configtx/configtx.yaml @@ -13,91 +13,77 @@ # ################################################################################ Organizations: - + - &OrdererOrg # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions - - &OrdererOrg - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: OrdererOrg - - # ID to load the MSP definition as - ID: OrdererMSP - - # MSPDir is the filesystem path which contains the MSP configuration - MSPDir: ../organizations/ordererOrganizations/example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('OrdererMSP.member')" - Writers: - Type: Signature - Rule: "OR('OrdererMSP.member')" - Admins: - Type: Signature - Rule: "OR('OrdererMSP.admin')" - - OrdererEndpoints: - - orderer.example.com:7050 - - - &Org1 - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: Org1MSP - - # ID to load the MSP definition as - ID: Org1MSP - - MSPDir: ../organizations/peerOrganizations/org1.example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" - Writers: - Type: Signature - Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" - Admins: - Type: Signature - Rule: "OR('Org1MSP.admin')" - Endorsement: - Type: Signature - Rule: "OR('Org1MSP.peer')" - - - &Org2 - # DefaultOrg defines the organization which is used in the sampleconfig - # of the fabric.git development environment - Name: Org2MSP - - # ID to load the MSP definition as - ID: Org2MSP - - MSPDir: ../organizations/peerOrganizations/org2.example.com/msp - - # Policies defines the set of policies at this level of the config tree - # For organization policies, their canonical path is usually - # /Channel/// - Policies: - Readers: - Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" - Writers: - Type: Signature - Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" - Admins: - Type: Signature - Rule: "OR('Org2MSP.admin')" - Endorsement: - Type: Signature - Rule: "OR('Org2MSP.peer')" - + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: OrdererOrg + # ID to load the MSP definition as + ID: OrdererMSP + # MSPDir is the filesystem path which contains the MSP configuration + MSPDir: ../organizations/ordererOrganizations/example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + OrdererEndpoints: + - orderer.example.com:7050 + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + # ID to load the MSP definition as + ID: Org1MSP + MSPDir: ../organizations/peerOrganizations/org1.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org1MSP.peer')" + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + # ID to load the MSP definition as + ID: Org2MSP + MSPDir: ../organizations/peerOrganizations/org2.example.com/msp + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('Org2MSP.peer')" ################################################################################ # # SECTION: Capabilities @@ -118,41 +104,37 @@ Organizations: # ################################################################################ Capabilities: - # Channel capabilities apply to both the orderers and the peers and must be - # supported by both. - # Set the value of the capability to true to require it. - Channel: &ChannelCapabilities - # V2_0 capability ensures that orderers and peers behave according - # to v2.0 channel capabilities. Orderers and peers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 capability. - # Prior to enabling V2.0 channel capabilities, ensure that all - # orderers and peers on a channel are at v2.0.0 or later. - V2_0: true - - - # Orderer capabilities apply only to the orderers, and may be safely - # used with prior release peers. - # Set the value of the capability to true to require it. - Orderer: &OrdererCapabilities - # V2_0 orderer capability ensures that orderers behave according - # to v2.0 orderer capabilities. Orderers from - # prior releases would behave in an incompatible way, and are therefore - # not able to participate in channels at v2.0 orderer capability. - # Prior to enabling V2.0 orderer capabilities, ensure that all - # orderers on channel are at v2.0.0 or later. - V2_0: true - - # Application capabilities apply only to the peer network, and may be safely - # used with prior release orderers. - # Set the value of the capability to true to require it. - Application: &ApplicationCapabilities - # V2.5 for Application enables the new non-backwards compatible - # features of fabric v2.5, namely the ability to purge private data. - # Prior to enabling V2.5 application capabilities, ensure that all - # peers on a channel are at v2.5.0 or later. - V2_5: true - + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V2_0 capability ensures that orderers and peers behave according + # to v2.0 channel capabilities. Orderers and peers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 capability. + # Prior to enabling V2.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v2.0.0 or later. + V2_0: true + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V2_0 orderer capability ensures that orderers behave according + # to v2.0 orderer capabilities. Orderers from + # prior releases would behave in an incompatible way, and are therefore + # not able to participate in channels at v2.0 orderer capability. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on channel are at v2.0.0 or later. + V2_0: true + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V2.5 for Application enables the new non-backwards compatible + # features of fabric v2.5, namely the ability to purge private data. + # Prior to enabling V2.5 application capabilities, ensure that all + # peers on a channel are at v2.5.0 or later. + V2_5: true ################################################################################ # # SECTION: Application @@ -162,33 +144,30 @@ Capabilities: # ################################################################################ Application: &ApplicationDefaults - - # Organizations is the list of orgs which are defined as participants on - # the application side of the network - Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Application policies, their canonical path is - # /Channel/Application/ - Policies: - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - Endorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - - Capabilities: - <<: *ApplicationCapabilities + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Capabilities: + <<: *ApplicationCapabilities ################################################################################ # # SECTION: Orderer @@ -198,65 +177,47 @@ Application: &ApplicationDefaults # ################################################################################ Orderer: &OrdererDefaults - - # Orderer Type: The orderer implementation to start - OrdererType: etcdraft - # Addresses used to be the list of orderer addresses that clients and peers - # could connect to. However, this does not allow clients to associate orderer - # addresses and orderer organizations which can be useful for things such - # as TLS validation. The preferred way to specify orderer addresses is now - # to include the OrdererEndpoints item in your org definition - Addresses: - - orderer.example.com:7050 - - EtcdRaft: - Consenters: - - Host: orderer.example.com - Port: 7050 - ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - - # Batch Timeout: The amount of time to wait before creating a batch - BatchTimeout: 2s - - # Batch Size: Controls the number of messages batched into a block - BatchSize: - - # Max Message Count: The maximum number of messages to permit in a batch - MaxMessageCount: 10 - - # Absolute Max Bytes: The absolute maximum number of bytes allowed for - # the serialized messages in a batch. - AbsoluteMaxBytes: 99 MB - - # Preferred Max Bytes: The preferred maximum number of bytes allowed for - # the serialized messages in a batch. A message larger than the preferred - # max bytes will result in a batch larger than preferred max bytes. - PreferredMaxBytes: 512 KB - - # Organizations is the list of orgs which are defined as participants on - # the orderer side of the network - Organizations: - - # Policies defines the set of policies at this level of the config tree - # For Orderer policies, their canonical path is - # /Channel/Orderer/ - Policies: - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - # BlockValidation specifies what signatures must be included in the block - # from the orderer for the peer to validate it. - BlockValidation: - Type: ImplicitMeta - Rule: "ANY Writers" - + # Addresses used to be the list of orderer addresses that clients and peers + # could connect to. However, this does not allow clients to associate orderer + # addresses and orderer organizations which can be useful for things such + # as TLS validation. The preferred way to specify orderer addresses is now + # to include the OrdererEndpoints item in your org definition + Addresses: + - orderer.example.com:7050 + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + # Batch Size: Controls the number of messages batched into a block + BatchSize: + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" ################################################################################ # # CHANNEL @@ -266,29 +227,27 @@ Orderer: &OrdererDefaults # ################################################################################ Channel: &ChannelDefaults - # Policies defines the set of policies at this level of the config tree - # For Channel policies, their canonical path is - # /Channel/ - Policies: - # Who may invoke the 'Deliver' API - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - # Who may invoke the 'Broadcast' API - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - # By default, who may modify elements at this config level - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - - # Capabilities describes the channel level capabilities, see the - # dedicated Capabilities section elsewhere in this file for a full - # description - Capabilities: - <<: *ChannelCapabilities - + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities ################################################################################ # # Profile @@ -298,17 +257,23 @@ Channel: &ChannelDefaults # ################################################################################ Profiles: - - TwoOrgsApplicationGenesis: - <<: *ChannelDefaults - Orderer: - <<: *OrdererDefaults - Organizations: - - *OrdererOrg - Capabilities: *OrdererCapabilities - Application: - <<: *ApplicationDefaults - Organizations: - - *Org1 - - *Org2 - Capabilities: *ApplicationCapabilities + ChannelUsingRaft: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + EtcdRaft: + Consenters: + - Host: orderer.example.com + Port: 7050 + ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + Organizations: + - *OrdererOrg + Capabilities: *OrdererCapabilities + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + - *Org2 + Capabilities: *ApplicationCapabilities diff --git a/test-network/network.sh b/test-network/network.sh index 84ba013459..333f3c6bee 100755 --- a/test-network/network.sh +++ b/test-network/network.sh @@ -243,6 +243,7 @@ function createOrgs() { # Bring up the peer and orderer nodes using docker compose. function networkUp() { + checkPrereqs # generate artifacts if they don't exist @@ -270,6 +271,8 @@ function createChannel() { # Bring up the network if it is not already up. bringUpNetwork="false" + local bft_true=$1 + if ! $CONTAINER_CLI info > /dev/null 2>&1 ; then fatalln "$CONTAINER_CLI network is required to be running to create a channel" fi @@ -292,7 +295,7 @@ function createChannel() { # now run the script that creates a channel. This script uses configtxgen once # to create the channel creation transaction and the anchor peer updates. - scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE + scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE $bft_true } @@ -316,7 +319,8 @@ function deployCCAAS() { # Tear down running network function networkDown() { - + local temp_compose=$COMPOSE_FILE_BASE + COMPOSE_FILE_BASE=compose-bft-test-net.yaml COMPOSE_BASE_FILES="-f compose/${COMPOSE_FILE_BASE} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_BASE}" COMPOSE_COUCH_FILES="-f compose/${COMPOSE_FILE_COUCH} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_COUCH}" COMPOSE_CA_FILES="-f compose/${COMPOSE_FILE_CA} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_CA}" @@ -336,6 +340,7 @@ function networkDown() { fatalln "Container CLI ${CONTAINER_CLI} not supported" fi + COMPOSE_FILE_BASE=$temp_compose # Don't remove the generated artifacts -- note, the ledgers are always removed if [ "$MODE" != "restart" ]; then @@ -406,6 +411,9 @@ DATABASE="leveldb" SOCK="${DOCKER_HOST:-/var/run/docker.sock}" DOCKER_SOCK="${SOCK##unix://}" +# BFT activated flag +BFT=0 + # Parse commandline args ## Parse mode @@ -439,6 +447,10 @@ while [[ $# -ge 1 ]] ; do CHANNEL_NAME="$2" shift ;; + -bft ) + BFT=1 + shift + ;; -ca ) CRYPTO="Certificate Authorities" ;; @@ -502,6 +514,11 @@ while [[ $# -ge 1 ]] ; do shift done +if [ $BFT -eq 1 ]; then + export FABRIC_CFG_PATH=${PWD}/bft-config + COMPOSE_FILE_BASE=compose-bft-test-net.yaml +fi + # Are we generating crypto material with this command? if [ ! -d "organizations/peerOrganizations" ]; then CRYPTO_MODE="with crypto from '${CRYPTO}'" @@ -516,7 +533,7 @@ if [ "$MODE" == "up" ]; then elif [ "$MODE" == "createChannel" ]; then infoln "Creating channel '${CHANNEL_NAME}'." infoln "If network is not up, starting nodes with CLI timeout of '${MAX_RETRY}' tries and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE} ${CRYPTO_MODE}" - createChannel + createChannel $BFT elif [ "$MODE" == "down" ]; then infoln "Stopping network" networkDown diff --git a/test-network/organizations/cryptogen/crypto-config-orderer.yaml b/test-network/organizations/cryptogen/crypto-config-orderer.yaml index 6c5e766815..e307ea2ae4 100755 --- a/test-network/organizations/cryptogen/crypto-config-orderer.yaml +++ b/test-network/organizations/cryptogen/crypto-config-orderer.yaml @@ -13,6 +13,8 @@ OrdererOrgs: - Name: Orderer Domain: example.com EnableNodeOUs: true + + # --------------------------------------------------------------------------- # "Specs" - See PeerOrgs for complete description # --------------------------------------------------------------------------- @@ -20,3 +22,12 @@ OrdererOrgs: - Hostname: orderer SANS: - localhost + - Hostname: orderer2 + SANS: + - localhost + - Hostname: orderer3 + SANS: + - localhost + - Hostname: orderer4 + SANS: + - localhost \ No newline at end of file diff --git a/test-network/scripts/add_new_orderer_to_config.py b/test-network/scripts/add_new_orderer_to_config.py new file mode 100644 index 0000000000..2daf217114 --- /dev/null +++ b/test-network/scripts/add_new_orderer_to_config.py @@ -0,0 +1,98 @@ +# This is a sample Python script. + +# Press ⌃R to execute it or replace it with your code. +# Press Double ⇧ to search everywhere for classes, files, tool windows, actions, and settings. +import argparse +import base64 +import copy +import json +import math +from typing import Any + + +def parse_args(): + parser = argparse.ArgumentParser( + prog='Config Update', + description='What the program does', + epilog='Text at the bottom of help') + parser.add_argument('config_path', type=str) + parser.add_argument('updated_config_path', type=str) + parser.add_argument('-a', '--address', type=str, required=True) + parser.add_argument('-i', '--identity', type=str, required=True) + parser.add_argument('-s', '--server-cert', type=str, required=True) + parser.add_argument('-c', '--client-cert', type=str, required=True) + return parser.parse_args() + + +def _pem_file_to_base64(path: str) -> str: + with open(path, 'rb') as binary_file: + binary_file_data = binary_file.read() + base64_encoded_data = base64.b64encode(binary_file_data) + return base64_encoded_data.decode('utf-8') + + +def _log_update(name: str, old: Any, new: Any) -> None: + print('=' * 50) + print(f'Updating {name}:') + print(f'{old}') + print(">" * 25) + print(f'{new}') + print('=' * 50) + + +def _calculate_bft_quorum(n: int) -> int: + f = int((n - 1) / 3) + return int(math.ceil((n + f + 1) / 2)) + + +def update_config(config_path: str, updated_config_path: str, address: str, identity_pem_path: str, server_pem_path: str, client_pem_path: str): + with open(config_path, 'r') as f: + config = json.load(f) + identity = _pem_file_to_base64(identity_pem_path) + client_cert = _pem_file_to_base64(client_pem_path) + server_cert = _pem_file_to_base64(server_pem_path) + host, port = address.split(':') + + addresses = config['channel_group']['groups']['Orderer']['groups']['OrdererOrg']['values']['Endpoints']['value']['addresses'] + addresses_before_update = copy.deepcopy(addresses) + original_orderers_count = len(addresses_before_update) + addresses.append(f'{addresses[0].split(":")[0]}:{port}') + new_orderers_count = len(addresses) + _log_update('addresses', addresses_before_update, addresses) + + identities = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value']['identities'] + identities_before_update = copy.deepcopy(identities) + new_identity = copy.deepcopy(identities[0]) + new_identity['principal']['id_bytes'] = identity + identities.append(new_identity) + _log_update('block validation identities', identities_before_update, identities) + + rule = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value'][ + 'rule'] + rule_before_update = copy.deepcopy(rule) + rule['n_out_of']['n'] = _calculate_bft_quorum(new_orderers_count) + rule['n_out_of']['rules'].append({'signed_by': new_orderers_count - 1}) + _log_update('block validation rules', rule_before_update, rule) + + consenter_mapping = config['channel_group']['groups']['Orderer']['values']['Orderers']['value']['consenter_mapping'] + consenter_mapping_before_update = copy.deepcopy(consenter_mapping) + consenter_mapping.append({ + 'client_tls_cert': client_cert, + 'host': host, + 'id': new_orderers_count, + 'identity': identity, + 'msp_id': consenter_mapping[0]['msp_id'], + 'port': port, + 'server_tls_cert': server_cert + }) + _log_update('consenter_mapping', consenter_mapping_before_update, consenter_mapping) + + with open(updated_config_path, 'w') as f: + json.dump(config, f) + +# Press the green button in the gutter to run the script. +if __name__ == '__main__': + args = parse_args() + update_config(args.config_path, args.updated_config_path, args.address, args.identity, args.server_cert, args.client_cert) + +# See PyCharm help at https://www.jetbrains.com/help/pycharm/ diff --git a/test-network/scripts/createChannel.sh b/test-network/scripts/createChannel.sh index 96894258e4..d82214d18f 100755 --- a/test-network/scripts/createChannel.sh +++ b/test-network/scripts/createChannel.sh @@ -4,14 +4,17 @@ . scripts/envVar.sh . scripts/utils.sh + CHANNEL_NAME="$1" DELAY="$2" MAX_RETRY="$3" VERBOSE="$4" +BFT="$5" : ${CHANNEL_NAME:="mychannel"} : ${DELAY:="3"} : ${MAX_RETRY:="5"} : ${VERBOSE:="false"} +: ${BFT:=0} : ${CONTAINER_CLI:="docker"} : ${CONTAINER_CLI_COMPOSE:="${CONTAINER_CLI}-compose"} @@ -22,26 +25,39 @@ if [ ! -d "channel-artifacts" ]; then fi createChannelGenesisBlock() { + setGlobals 1 which configtxgen if [ "$?" -ne 0 ]; then fatalln "configtxgen tool not found." fi + local bft_true=$1 set -x - configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + + if [ $bft_true -eq 1 ]; then + configtxgen -profile ChannelUsingBFT -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + else + configtxgen -profile ChannelUsingRaft -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME + fi res=$? { set +x; } 2>/dev/null verifyResult $res "Failed to generate channel configuration transaction..." } createChannel() { - setGlobals 1 # Poll in case the raft leader is not set yet local rc=1 local COUNTER=1 + local bft_true=$1 + infoln "Adding orderers" while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do sleep $DELAY set -x - osnadmin channel join --channelID $CHANNEL_NAME --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >&log.txt + . scripts/orderer.sh ${CHANNEL_NAME}> /dev/null 2>&1 + if [ $bft_true -eq 1 ]; then + . scripts/orderer2.sh ${CHANNEL_NAME}> /dev/null 2>&1 + . scripts/orderer3.sh ${CHANNEL_NAME}> /dev/null 2>&1 + . scripts/orderer4.sh ${CHANNEL_NAME}> /dev/null 2>&1 + fi res=$? { set +x; } 2>/dev/null let rc=$res @@ -53,8 +69,8 @@ createChannel() { # joinChannel ORG joinChannel() { - FABRIC_CFG_PATH=$PWD/../config/ ORG=$1 + FABRIC_CFG_PATH=$PWD/../config/ setGlobals $ORG local rc=1 local COUNTER=1 @@ -77,18 +93,23 @@ setAnchorPeer() { ${CONTAINER_CLI} exec cli ./scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME } -FABRIC_CFG_PATH=${PWD}/configtx -## Create channel genesis block -infoln "Generating channel genesis block '${CHANNEL_NAME}.block'" -createChannelGenesisBlock +## Create channel genesis block FABRIC_CFG_PATH=$PWD/../config/ BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block" +infoln "Generating channel genesis block '${CHANNEL_NAME}.block'" +FABRIC_CFG_PATH=${PWD}/configtx +if [ $BFT -eq 1 ]; then + FABRIC_CFG_PATH=${PWD}/bft-config +fi +createChannelGenesisBlock $BFT + + ## Create channel infoln "Creating channel ${CHANNEL_NAME}" -createChannel +createChannel $BFT successln "Channel '$CHANNEL_NAME' created" ## Join all the peers to the channel diff --git a/test-network/scripts/envVar.sh b/test-network/scripts/envVar.sh index b2acfb2a20..c30376c382 100755 --- a/test-network/scripts/envVar.sh +++ b/test-network/scripts/envVar.sh @@ -15,8 +15,6 @@ export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tl export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem -export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt -export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key # Set environment variables for the peer org setGlobals() { @@ -37,7 +35,6 @@ setGlobals() { export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 - elif [ $USING_ORG -eq 3 ]; then export CORE_PEER_LOCALMSPID="Org3MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG3_CA diff --git a/test-network/scripts/orderer.sh b/test-network/scripts/orderer.sh new file mode 100644 index 0000000000..e18a89c958 --- /dev/null +++ b/test-network/scripts/orderer.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer2.sh b/test-network/scripts/orderer2.sh new file mode 100755 index 0000000000..978aab2d96 --- /dev/null +++ b/test-network/scripts/orderer2.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7055 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer3.sh b/test-network/scripts/orderer3.sh new file mode 100644 index 0000000000..8b216eba82 --- /dev/null +++ b/test-network/scripts/orderer3.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7057 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file diff --git a/test-network/scripts/orderer4.sh b/test-network/scripts/orderer4.sh new file mode 100644 index 0000000000..3c572770e9 --- /dev/null +++ b/test-network/scripts/orderer4.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +channel_name=$1 + +export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH +export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt /dev/null 2>&1 +export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key > /dev/null 2>&1 + +osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7059 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1 \ No newline at end of file