From 5944c410bd6282802b35ffe5dfd29388ec19c6d4 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Fri, 14 Aug 2020 01:17:17 +0200 Subject: [PATCH 01/17] working on endpoints, multi org setup --- 014.purge_swarm.yml | 21 ++++++++++- 101.deploy_orderer.yml | 2 + .../__pycache__/enumerate.cpython-38.pyc | Bin 596 -> 596 bytes roles/hlf/cli/orderer/tasks/main.yaml | 23 ++++++++---- roles/hlf/cli/peer/files/cli.sh | 4 +- templates/configtx.yaml.j2 | 20 ++++++---- test.yml | 35 +++++++++++++++++- 7 files changed, 84 insertions(+), 21 deletions(-) diff --git a/014.purge_swarm.yml b/014.purge_swarm.yml index a079f77..09c7e31 100644 --- a/014.purge_swarm.yml +++ b/014.purge_swarm.yml @@ -2,7 +2,7 @@ # ansible-playbook -v 014.purge_swarm.yml -u root -- name: Initialize the host machines +- name: Purge all swarm services hosts: all gather_facts: no become: yes @@ -13,10 +13,27 @@ ignore_errors: yes when: "inventory_hostname in groups.swarm_manager_prime" + - name: "Remove an Overlay Docker Network" + become: yes + become_user: "root" + docker_network: + name: "{{ swarm_network }}" + state: absent + force: yes + when: "inventory_hostname in groups.swarm_manager_prime" + - name: Remove any orphan containers on any machine shell: 'docker rm $(docker ps -aq)' ignore_errors: yes + - name: Remove created volumes on any machone + shell: 'docker volume rm $(docker volume ls -q)' + ignore_errors: yes + + - name: prune all networks on any machine + shell: 'docker network prune -f' + ignore_errors: yes + - name: Leave swarm for a node docker_swarm: state: absent @@ -32,7 +49,7 @@ docker_swarm: state: absent force: true - when: "inventory_hostname in groups.swarm_managers" + when: "inventory_hostname in groups.swarm_managers" - name: Remove data for all services shell: "rm -rf /root/hlft-store/*" \ No newline at end of file diff --git a/101.deploy_orderer.yml b/101.deploy_orderer.yml index cf2372f..b126091 100644 --- a/101.deploy_orderer.yml +++ b/101.deploy_orderer.yml @@ -5,6 +5,8 @@ - name: Spawn a Hyperledger Fabric Topology hosts: swarm_manager_prime gather_facts: no + vars: + Consenters: [] roles: - hlf/cli/orderer - hlf/orderer \ No newline at end of file diff --git a/filter_plugins/__pycache__/enumerate.cpython-38.pyc b/filter_plugins/__pycache__/enumerate.cpython-38.pyc index ac0f871dfb1c1bafae2c6b4d298b3a972c396f89..524b5b70c5a1166b695865041c9031b86eea60a9 100644 GIT binary patch delta 20 acmcb@a)pIEl$V!_0SG$EO*e9TG64WGq6BaN delta 20 acmcb@a)pIEl$V!_0SJEmQryVx$pip6ZUs>Q diff --git a/roles/hlf/cli/orderer/tasks/main.yaml b/roles/hlf/cli/orderer/tasks/main.yaml index 139ca87..c2c01ea 100644 --- a/roles/hlf/cli/orderer/tasks/main.yaml +++ b/roles/hlf/cli/orderer/tasks/main.yaml @@ -1,7 +1,6 @@ # --- # HLF CA CLI Services - # Stop all CLI Services services - name: Stop CLI Service - {{ orderer.name }}_cli become: yes @@ -34,13 +33,21 @@ mode: "0500" force: yes -# # Generate the list of swarm managers to be used as Orderer Endpoints in configtx -# - name: Get IP addresses as a list for all swarm manager nodes -# vars: -# _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" -# __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" -# set_fact: -# swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" +# Generate the list of swarm managers to be used as Orderer Endpoints in configtx +- name: Get IP addresses as a list for all swarm manager nodes + vars: + _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" + __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" + set_fact: + swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" + +# Generate the list of swarm managers to be used in RAFT Consenters in configtx +- name: Build a list of all consenter + set_fact: + Consenters: "{{ Consenters }} + [ {{ senter }} ]" + vars: + senter: {Host: "{{item}}", Port: "{{orderer.port}}",ClientTLSCert: "{{orderer.path}}/msp/tls/server.crt",ServerTLSCert: "{{orderer.path}}/msp/tls/server.crt"} + loop: "{{groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list}}" # Copy relevent config files to mount directories for the docker services - name: Config templating configtx.yaml diff --git a/roles/hlf/cli/peer/files/cli.sh b/roles/hlf/cli/peer/files/cli.sh index ea47824..2e50af9 100644 --- a/roles/hlf/cli/peer/files/cli.sh +++ b/roles/hlf/cli/peer/files/cli.sh @@ -3,10 +3,10 @@ EXIT_CODE=0 if (($IDX == 0)); then CORE_PEER_MSPCONFIGPATH=/root/${AGENT_HOST}/msp # Create the application channel - CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel create -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel.tx -o ${ORDERER_HOST}:7050 --outputBlock /root/${AGENT_HOST}_cli/artifacts/appchannel.block --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE || EXIT_CODE=$? + CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel create -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel.tx -o ${ORDERER_HOST}:7050 --outputBlock /root/${AGENT_HOST}_cli/artifacts/appchannel.block --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --ordererTLSHostnameOverride ${ORDERER_HOST} || EXIT_CODE=$? #Update the channel with anchor peers - CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel_anchor.tx --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE || EXIT_CODE=$? + CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel_anchor.tx --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --ordererTLSHostnameOverride ${ORDERER_HOST} || EXIT_CODE=$? fi CORE_PEER_MSPCONFIGPATH=/root/${ADMIN_USER}/msp # Join the peers to the application channel diff --git a/templates/configtx.yaml.j2 b/templates/configtx.yaml.j2 index 8843147..b1c2d75 100644 --- a/templates/configtx.yaml.j2 +++ b/templates/configtx.yaml.j2 @@ -63,9 +63,12 @@ Organizations: # OrdererEndpoints is a list of all orderers this org runs which clients # and peers may to connect to to push transactions and receive blocks respectively. - #OrdererEndpoints: swarm_manager_ip_list - OrdererEndpoints: - - {{orderer.name}}:7050 + OrdererEndpoints: + {% for endpoint in swarm_manager_ip_list %} + - {{endpoint}} + {% endfor %} + {# OrdererEndpoints: + - {{orderer.name}}:7050 #} # AnchorPeers defines the location of peers which can be used for # cross-org gossip communication. Note, this value is only encoded in @@ -327,10 +330,13 @@ Orderer: &OrdererDefaults # a subset of the host:port items enumerated in this list should be # replicated under the Orderer.Addresses key above. Consenters: - - Host: {{orderer.name}} - Port: {{orderer.port}} - ClientTLSCert: {{orderer.path}}/msp/tls/server.crt - ServerTLSCert: {{orderer.path}}/msp/tls/server.crt + {% for consenter in Consenters %} + - Host: {{consenter.Host}} + Port: {{consenter.Port}} + ClientTLSCert: {{consenter.ClientTLSCert}} + ServerTLSCert: {{consenter.ServerTLSCert}} + {% endfor %} + # Options to be specified for all the etcd/raft nodes. The values here # are the defaults for all new channels and can be modified on a # per-channel basis via configuration updates. diff --git a/test.yml b/test.yml index a7b2eea..62c642d 100644 --- a/test.yml +++ b/test.yml @@ -1,9 +1,40 @@ --- - name: Test Playbook - hosts: all + hosts: swarm_manager_prime gather_facts: true + vars: + Consenters: [] tasks: + # Generate the list of swarm managers to be used as Orderer Endpoints in configtx + - name: Get IP addresses as a list for all swarm manager nodes + vars: + _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" + __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" + set_fact: + swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" + - name: Test hosts list debug: - msg: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + msg: "{{ swarm_manager_ip_list }}" + + - name: Build a list of all consenter + set_fact: + Consenters: "{{ Consenters }} + [ {{ senter }} ]" + vars: + senter: {Host: "{{item}}", Port: "{{orderer.port}}",ClientTLSCert: "{{orderer.path}}/msp/tls/server.crt",ServerTLSCert: "{{orderer.path}}/msp/tls/server.crt"} + loop: "{{groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list}}" + + - name: Test consenters list + debug: + msg: "{{ Consenters }}" + + + # Copy relevent config files to mount directories for the docker services + - name: Config templating configtx.yaml + become: yes + template: + src: "configtx.yaml.j2" + dest: "/root/hlft-store/configtx.yaml" + mode: 0660 + force: yes \ No newline at end of file From 19122b9cf8f752b54be316f1ac071fa63a51251c Mon Sep 17 00:00:00 2001 From: Antorweep Chakravorty Date: Fri, 14 Aug 2020 17:51:45 +0200 Subject: [PATCH 02/17] mutual tls enabled, testing --- 101.deploy_orderer.yml | 2 +- README.md | 18 +++--- .../__pycache__/enumerate.cpython-37.pyc | Bin 576 -> 576 bytes group_vars/all.yml | 6 +- roles/hlf/cli/ca/files/cli.sh | 2 +- roles/hlf/cli/ca/tasks/main.yaml | 7 +++ roles/hlf/cli/orderer/tasks/main.yaml | 8 ++- roles/hlf/cli/peer/files/cli.sh | 13 ++-- roles/hlf/orderer/tasks/main.yml | 4 +- roles/hlf/peer/tasks/main.yml | 8 +-- start_hlf_services.sh | 8 +-- templates/configtx.yaml.j2 | 6 +- test.yml | 58 +++++++++++------- 13 files changed, 87 insertions(+), 53 deletions(-) diff --git a/101.deploy_orderer.yml b/101.deploy_orderer.yml index b126091..560b99e 100644 --- a/101.deploy_orderer.yml +++ b/101.deploy_orderer.yml @@ -4,7 +4,7 @@ - name: Spawn a Hyperledger Fabric Topology hosts: swarm_manager_prime - gather_facts: no + gather_facts: no vars: Consenters: [] roles: diff --git a/README.md b/README.md index 5215a62..ded5cf3 100644 --- a/README.md +++ b/README.md @@ -218,37 +218,39 @@ Setting up of hyperledger fabric cluster requires the following steps. Creating CORE_PEER_ADDRESS=${PEER_HOST}:7051 CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${ADMIN_USER}/msp CORE_PEER_TLS_ROOTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/ca.crt + CORE_PEER_TLS_CLIENTAUTHREQUIRED=true + CORE_PEER_TLS_CLIENTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt #fully qualified path of the client certificate + CORE_PEER_TLS_CLIENTKEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key #fully qualified path of the client private key ``` - Install the chaincode on peer 2 ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode install -n testcc -v 1.0 -l node -p /root/CLI/chaincodes/test_chaincode/node + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode install -n testcc -v 1.0 -l node -p /root/CLI/chaincodes/test_chaincode/node ``` - Instanciate the chaincode ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode instantiate -C appchannel -n testcc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode instantiate -C appchannel -n testcc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} --clientauth --certfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key ``` - List the installed chaincodes ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode list --installed + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode list --installed ``` - List the instanciated chaincodes - ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode list --instantiated -C appchannel + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode list --instantiated -C appchannel ``` - GET ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' ``` - PUT ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode invoke -C appchannel -n testcc -c '{"Args":["invoke","a","b","10"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode invoke -C appchannel -n testcc -c '{"Args":["invoke","a","b","10"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} --clientauth --certfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key ``` - GET ```bash - CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' ``` - Playbook: `104.deploy_hlf_explorer` diff --git a/filter_plugins/__pycache__/enumerate.cpython-37.pyc b/filter_plugins/__pycache__/enumerate.cpython-37.pyc index 01827ccde5d0e2755560d959bfbbc06f15e5aeb9..d0f2518aeffe17998ba819ebf4d8bbc69a639c37 100644 GIT binary patch delta 20 acmX@Wa)5=~iI Date: Fri, 14 Aug 2020 19:56:08 +0200 Subject: [PATCH 03/17] mutualTLS complete --- roles/hlf/cli/peer/files/cli.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/hlf/cli/peer/files/cli.sh b/roles/hlf/cli/peer/files/cli.sh index a71d0f0..f250f10 100644 --- a/roles/hlf/cli/peer/files/cli.sh +++ b/roles/hlf/cli/peer/files/cli.sh @@ -7,6 +7,9 @@ if (($IDX == 0)); then #Update the channel with anchor peers CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel_anchor.tx --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --clientauth --certfile /root/${AGENT_HOST}/msp/tls/server.crt --keyfile /root/${AGENT_HOST}/msp/tls/server.key || EXIT_CODE=$? +else + # We we have the IDX 1 running, we wait for 5 secs first + sleep 5s; fi CORE_PEER_MSPCONFIGPATH=/root/${ADMIN_USER}/msp CORE_PEER_TLS_CLIENTAUTHREQUIRED=true From 277128dcb21b62aa83163b0812955bc8e2a82af7 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Fri, 14 Aug 2020 22:54:14 +0200 Subject: [PATCH 04/17] working on removing orphan clis --- roles/hlf/cli/cli/tasks/main.yml | 6 +++- test.yml | 57 +++++--------------------------- 2 files changed, 14 insertions(+), 49 deletions(-) diff --git a/roles/hlf/cli/cli/tasks/main.yml b/roles/hlf/cli/cli/tasks/main.yml index 6443003..4b5ade3 100644 --- a/roles/hlf/cli/cli/tasks/main.yml +++ b/roles/hlf/cli/cli/tasks/main.yml @@ -45,4 +45,8 @@ constraints: - node.role == worker force_update: yes - when: cli.switch == "on" \ No newline at end of file + when: cli.switch == "on" + +- name: Remove orphan CLIs + become: yes + shell: 'docker service ls --format "{{.Name}}" | grep _cli' \ No newline at end of file diff --git a/test.yml b/test.yml index a7f53ab..3c5d9cd 100644 --- a/test.yml +++ b/test.yml @@ -5,52 +5,13 @@ vars: Consenters: [] tasks: - # Generate the list of swarm managers to be used as Orderer Endpoints in configtx - # - name: Get IP addresses as a list for all swarm manager nodes - # vars: - # _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" - # __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" - # set_fact: - # swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" - - # - name: Test hosts list - # debug: - # msg: "{{ swarm_manager_ip_list }}" - - # - name: Build a list of all consenter - # set_fact: - # Consenters: "{{ Consenters }} + [ {{ senter }} ]" - # vars: - # senter: {Host: "{{item}}", Port: "{{orderer.port}}",ClientTLSCert: "{{orderer.path}}/msp/tls/server.crt",ServerTLSCert: "{{orderer.path}}/msp/tls/server.crt"} - # loop: "{{groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list}}" - - # - name: Test consenters list - # debug: - # msg: "{{ Consenters }}" - - - # # Copy relevent config files to mount directories for the docker services - # - name: Config templating configtx.yaml - # become: yes - # template: - # src: "configtx.yaml.j2" - # dest: "/root/hlft-store/configtx.yaml" - # mode: 0660 - # force: yes - - - name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips - set_fact: - swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" - - - name: + # - name: Remove orphan CLIs + # become: yes + # docker_swarm_service: + # name: "{{item.name}}_cli" + # state: absent + # loop: "{{ peerservices + [orderer] + caservices }}" + - name: Remove orphan CLIs debug: - msg: "{{swarm_manager_ip_list}}" - - # Copy relevent config files to mount directories for the docker services - - name: Config templating configtx.yaml - become: yes - template: - src: "configtx.yaml.j2" - dest: "/root/hlft-store/configtx.yaml" - mode: 0660 - force: yes \ No newline at end of file + msg: "{{item.name}}_cli" + loop: "{{ peerservices + [orderer] + caservices }}" \ No newline at end of file From d55515278e8b94ea0b6011f841f3f2082cd521f6 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Sun, 16 Aug 2020 18:29:28 +0200 Subject: [PATCH 05/17] upgrade to 2.2 complete. AUtomated ChainCode Depployment --- group_vars/all.yml | 1 + roles/hlf/cli/cli/files/CLI.sh | 46 ++++++++++++++++++++++++++++++++ roles/hlf/cli/cli/tasks/main.yml | 14 ++++++++-- start_all_services.sh | 22 +++++++-------- start_hlf_services.sh | 10 +++---- 5 files changed, 75 insertions(+), 18 deletions(-) create mode 100644 roles/hlf/cli/cli/files/CLI.sh diff --git a/group_vars/all.yml b/group_vars/all.yml index 4f66d33..8f15ddc 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,5 +1,6 @@ --- LOG_LEVEL: "INFO" +INSTALL_TEST_CHAINCODE: "yes" ########################################################################################### # # # # diff --git a/roles/hlf/cli/cli/files/CLI.sh b/roles/hlf/cli/cli/files/CLI.sh new file mode 100644 index 0000000..b960068 --- /dev/null +++ b/roles/hlf/cli/cli/files/CLI.sh @@ -0,0 +1,46 @@ +#### Pretty Print ##### +GREEN='\033[0;32m' +RED='\033[0;31m' +NC='\033[0m' +# e.g.: printf "${GREEN} I love Stack Overflow$NC\n" +####################### +if [ $INSTALL_TEST_CHAINCODE == "yes" ]; then + printf "${GREEN}Starting the process of installing test chaincode. Test chaincode will always be installed on peer2 as per the default architecture. If you want to install it on a different peer or you have changed the default architecture, please set INSTALL_TEST_CHAINCODE: no in group_vars/all.yml. Refer to ReadMe about how to install a chaincode (test) manually on a peer.{NC}\n" + PEER_HOST=peer2 + CORE_PEER_ADDRESS=${PEER_HOST}:7051 + CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${ADMIN_USER}/msp + CORE_PEER_TLS_ROOTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/ca.crt + CORE_PEER_TLS_CLIENTAUTHREQUIRED=true + CORE_PEER_TLS_CLIENTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt #fully qualified path of the client certificate + CORE_PEER_TLS_CLIENTKEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key #fully qualified path of the client private key + + printf "${GREEN}Install the chaincode on peer 2${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode install -n testcc -v 1.0 -l node -p /root/CLI/chaincodes/test_chaincode/node + sleep 3s; + + printf "${GREEN}Instanciate the chaincode${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode instantiate -C appchannel -n testcc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} --clientauth --certfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key + sleep 3s; + + printf "${GREEN}List the installed chaincodes${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode list --installed + + printf "${GREEN}List the instanciated chaincodes${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode list --instantiated -C appchannel + + printf "${GREEN}Run a GET Query${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' + + printf "${GREEN}Run a PUT Invoke Query${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode invoke -C appchannel -n testcc -c '{"Args":["invoke","a","b","10"]}' -o ${ORDERER_HOST}:7050 --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} --clientauth --certfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key + sleep 3s; + + printf "${GREEN}Run a GET Query after running the PUT Invoke Query${NC}\n" + CORE_PEER_ADDRESS=$CORE_PEER_ADDRESS CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE peer chaincode query -C appchannel -n testcc -c '{"Args":["query","a"]}' + + printf "${GREEN}Installing test Chaincode complete!${NC}\n" +fi + +printf "${GREEN}Keeping CLI active${NC}\n" + +while true; do sleep 2; done; \ No newline at end of file diff --git a/roles/hlf/cli/cli/tasks/main.yml b/roles/hlf/cli/cli/tasks/main.yml index 4b5ade3..85fefbc 100644 --- a/roles/hlf/cli/cli/tasks/main.yml +++ b/roles/hlf/cli/cli/tasks/main.yml @@ -15,6 +15,14 @@ src: "test_chaincode/" dest: "/root/hlft-store/chaincodes/test_chaincode" mode: 0750 + +- name: Copy CLI script + become: yes + copy: + src: "CLI.sh" + dest: "/root/hlft-store/CLI.sh" + mode: "0500" + force: yes # Create & Start service for CLI - name: Fabric Service - {{ item.name }} @@ -26,7 +34,7 @@ - "{{swarm_network}}" image: "{{cli.image}}:{{cli.tag}}" command: > - bash -c "while true; do sleep 2; done;" + bash -c "/root/CLI/CLI.sh;" working_dir: /root/CLI mounts: - source: "/root/hlft-store" @@ -41,6 +49,7 @@ - "ADMIN_USER={{admin_user}}" - "TLSCA_HOST={{tlsca.name}}" - "ORGCA_HOST={{orgca.name}}" + - "INSTALL_TEST_CHAINCODE={{INSTALL_TEST_CHAINCODE}}" placement: constraints: - node.role == worker @@ -49,4 +58,5 @@ - name: Remove orphan CLIs become: yes - shell: 'docker service ls --format "{{.Name}}" | grep _cli' \ No newline at end of file + shell: docker service rm $(docker service ls | grep _cli | cut -b 1-12 | sed 's/ *$//g') + ignore_errors: yes \ No newline at end of file diff --git a/start_all_services.sh b/start_all_services.sh index 020e097..a6bb212 100644 --- a/start_all_services.sh +++ b/start_all_services.sh @@ -1,14 +1,14 @@ #!/bin/bash set -x #echo on -ansible-playbook -v 011.initialize_hosts.yml -u root && -ansible-playbook -v 012.prepare_docker_images.yml -u root && -ansible-playbook -v 013.mount_fs.yml -u root && -ansible-playbook -v 014.spawn_swarm.yml -u root && -ansible-playbook -v 015.deploy_swarm_visualizer.yml --flush-cache -u root && -ansible-playbook -v 016.deploy_portainer.yml --flush-cache -u root && -ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root && sleep 15 && -ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root && sleep 10 && -ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root && sleep 10 && -ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root && sleep 10 && -ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root \ No newline at end of file +ansible-playbook -v 011.initialize_hosts.yml -u root; +ansible-playbook -v 012.prepare_docker_images.yml -u root; +ansible-playbook -v 013.mount_fs.yml -u root; +ansible-playbook -v 014.spawn_swarm.yml -u root; +ansible-playbook -v 015.deploy_swarm_visualizer.yml --flush-cache -u root; +ansible-playbook -v 016.deploy_portainer.yml --flush-cache -u root; +ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root; +ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root; +ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root; +ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root; +ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root; \ No newline at end of file diff --git a/start_hlf_services.sh b/start_hlf_services.sh index 9a81548..2bdc9e1 100644 --- a/start_hlf_services.sh +++ b/start_hlf_services.sh @@ -1,8 +1,8 @@ #!/bin/bash set -x #echo on -ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root -ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root -ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root -ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root -ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root \ No newline at end of file +ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root; +ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root; +ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root; +ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root; +ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root; \ No newline at end of file From dd64ecd569e63c33d522e1f2f30094a7e981b118 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Sun, 16 Aug 2020 18:38:46 +0200 Subject: [PATCH 06/17] upgrade to 2.2 complete. AUtomated ChainCode Depployment --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ded5cf3..e6ca236 100644 --- a/README.md +++ b/README.md @@ -210,7 +210,8 @@ Setting up of hyperledger fabric cluster requires the following steps. Creating - Contains mounts of MSPs for all agents (admin, orderer, peers, ...) - Can perfrom any and all operations on the blockchain by changing its profile to any of the mounted agents - Mounts a test chaincode under `/root/CLI/chaincodes/test_chaincode` - - Sanity Check the working of the cluster + - Sanity Check the working of the cluster [OPTIONAL] + - Test chaincode is automatically installed when *INSTALL_TEST_CHAINCODE: "yes"* in *group_vars/all.yml*. If, *INSTALL_TEST_CHAINCODE: "no"* then you can install it manually, if needed, by following the steps bellow: - Install, Instanciate and Test Chaincode ```bash docker exec -it <> bash From 5d76ff890a26771c797ca82cc862960b6aeed22e Mon Sep 17 00:00:00 2001 From: achak1987 Date: Sun, 16 Aug 2020 22:01:04 +0200 Subject: [PATCH 07/17] working on register service --- .../200.deploy_register_service.yml | 52 +++++++ register_service/README.md | 33 +++++ register_service/ansible.cfg | 20 +++ register_service/docker-compose.yaml | 21 +++ register_service/files/config/ca.json | 18 +++ register_service/files/config/server.json | 7 + register_service/files/package.json | 18 +++ register_service/files/server.js | 127 ++++++++++++++++++ register_service/files/setup.sh | 0 register_service/group_vars/all.yml | 23 ++++ register_service/inventory/hosts | 1 + register_service/keys/.gitignore | 1 + register_service/keys/ca.crt | 22 +++ register_service/keys/ca.key | 28 ++++ register_service/keys/ca.srl | 1 + register_service/keys/server.crt | 20 +++ register_service/keys/server.csr | 17 +++ register_service/keys/server.key | 28 ++++ register_service/services/nodejs/Dockerfile | 54 ++++++++ 19 files changed, 491 insertions(+) create mode 100644 register_service/200.deploy_register_service.yml create mode 100644 register_service/README.md create mode 100644 register_service/ansible.cfg create mode 100644 register_service/docker-compose.yaml create mode 100644 register_service/files/config/ca.json create mode 100644 register_service/files/config/server.json create mode 100644 register_service/files/package.json create mode 100644 register_service/files/server.js create mode 100644 register_service/files/setup.sh create mode 100644 register_service/group_vars/all.yml create mode 100644 register_service/inventory/hosts create mode 100644 register_service/keys/.gitignore create mode 100644 register_service/keys/ca.crt create mode 100644 register_service/keys/ca.key create mode 100644 register_service/keys/ca.srl create mode 100644 register_service/keys/server.crt create mode 100644 register_service/keys/server.csr create mode 100644 register_service/keys/server.key create mode 100644 register_service/services/nodejs/Dockerfile diff --git a/register_service/200.deploy_register_service.yml b/register_service/200.deploy_register_service.yml new file mode 100644 index 0000000..5979565 --- /dev/null +++ b/register_service/200.deploy_register_service.yml @@ -0,0 +1,52 @@ +--- + +# ansible-playbook -v 200.deploy_register_service.yml -u root + +- name: Deploy Register Service + hosts: all + gather_facts: no + tasks: + - name: Clean Register Folder Structure + file: + path: "/root/hlft-store/{{register.name}}" + state: absent + + - name: Create Register Folder Structure + file: + path: "/root/hlft-store/{{register.name}}" + state: directory + + - name: Copy required scripts + copy: + src: "{{item}}" + dest: "/root/hlft-store/{{register.name}}/{{item}}" + loop: + - server.js + - package.json + - config/ + + - name: Start the Registration Service + become: yes + docker_swarm_service: + name: "{{ register.name }}" + hostname: "{{ register.name }}" + networks: + - "{{swarm_network}}" + image: "{{register.image}}:{{register.tag}}" + mode: replicated + replicas: "{{register.replicas}}" + mounts: + - source: "/root/hlft-store/{{register.name}}" + target: "{{register.path}}" + type: bind + publish: + - published_port: "{{register.port}}" + target_port: "8080" + protocol: "tcp" + working_dir: "{{register.path}}" + command: > + sh -c "sleep 30000s;" + placement: + constraints: + - node.role == worker + force_update: yes \ No newline at end of file diff --git a/register_service/README.md b/register_service/README.md new file mode 100644 index 0000000..242e279 --- /dev/null +++ b/register_service/README.md @@ -0,0 +1,33 @@ +# MySoMe Network - Register Server (HTTPS Enabled) +## Allows registration of users to the MySoMeNetwork +- Test connection: *curl -k -X POST https://167.99.129.174:8080* +- Register a user: *curl -k -X POST -d "username=user1&password=password" https://167.99.129.174:8080/register* + +## Start the server locally +### Via localhost. You have to generate the relevent keys/cert for running it in https mode +Execute the following from your project directory +- mkdir -p keys +- openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/ca.key +- openssl req -new -x509 -days 3650 -key ./keys/ca.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department" -out ./keys/ca.crt +- openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/server.key +- openssl req -new -key ./keys/server.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department/CN=localhost" -out ./keys/server.csr +- openssl x509 -days 3650 -req -in ./keys/server.csr -CAcreateserial -CA ./keys/ca.crt -CAkey ./keys/ca.key -out ./keys/server.crt +- npm install + +### Via docker swarm +- docker-compose up +- Press "Ctrl-C" to stop +- docker rm register-server +- docker-compose push +- docker stack deploy MYSOMENET --compose-file docker-compose.yaml +#### Uninstall +- docker service rm MYSOMENET_register-serve + + +#### Note +*CA Server* is currently pointed to MySoMeNetworkDev0 in DigitalOcean +- In order to point the another Network + - Change the value *"url": "[http/https]://hostname:port"* in *config/server.json* + - You might also need to changes the revent values in *config/server.json* depending on the new CA server config + + diff --git a/register_service/ansible.cfg b/register_service/ansible.cfg new file mode 100644 index 0000000..f92030c --- /dev/null +++ b/register_service/ansible.cfg @@ -0,0 +1,20 @@ +# config file for ansible -- https://ansible.com/ +# =============================================== + +[defaults] +inventory = ./inventory/hosts +callback_whitelist = profile_tasks + + +# Supresses check og host names in known hosts +host_key_checking = False + + + +# # Mitogen specific config +# strategy_plugins = ./plugins/mitogen-0.2.8/ansible_mitogen/plugins/strategy +# strategy = mitogen_linear + +# Dont enable in dev mode +#[ssh_connection] +#pipelining = True \ No newline at end of file diff --git a/register_service/docker-compose.yaml b/register_service/docker-compose.yaml new file mode 100644 index 0000000..a13410b --- /dev/null +++ b/register_service/docker-compose.yaml @@ -0,0 +1,21 @@ +version: '3' +networks: + mysomenet-ov: + # If network is created with deplyment, Chaincode container cannot connect to network + external: + name: mysomenet-ov + +services: + register-server: + image: 127.0.0.1:5000/register-server + build: + context: . + dockerfile: ./services/nodejs/Dockerfile + hostname: register-server + container_name: register-server + working_dir: /home/node/register-server + networks: + - mysomenet-ov + ports: + - "8080:8080" + command: node /home/node/register-server/server.js \ No newline at end of file diff --git a/register_service/files/config/ca.json b/register_service/files/config/ca.json new file mode 100644 index 0000000..a89078d --- /dev/null +++ b/register_service/files/config/ca.json @@ -0,0 +1,18 @@ +{ + "orgca": { + "caname": "orgca", + "url": "https://orgca:7054", + "enrollmentID": "admin1", + "enrollmentSecret": "admin1pw", + "mspid": "hlfMSP" + + }, + "tlsca": { + "caname": "tlsca", + "url": "https://tlsca:7054", + "enrollmentID": "admin1", + "enrollmentSecret": "admin1pw", + "mspid": "hlfMSP" + + } +} diff --git a/register_service/files/config/server.json b/register_service/files/config/server.json new file mode 100644 index 0000000..121b7ac --- /dev/null +++ b/register_service/files/config/server.json @@ -0,0 +1,7 @@ +{ + "host": "localhost", + "port": 8080, + "credentialStore": "credentialStore", + "cryptoStore": "credentialStore/cryptoStore", + "userrole": "client" +} diff --git a/register_service/files/package.json b/register_service/files/package.json new file mode 100644 index 0000000..addff3b --- /dev/null +++ b/register_service/files/package.json @@ -0,0 +1,18 @@ +{ + "name": "register-server", + "version": "1.0.0", + "description": "", + "main": "server.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1", + "start": "node server.js" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "express": "^4.16.3", + "fabric-ca-client": "~1.4.4", + "fabric-client": "~1.4.4" + } +} diff --git a/register_service/files/server.js b/register_service/files/server.js new file mode 100644 index 0000000..62cc5ee --- /dev/null +++ b/register_service/files/server.js @@ -0,0 +1,127 @@ +var path = require('path'); +var util = require('util'); +var os = require('os'); +var https = require('https'); +var fs = require('fs'); +var express = require('express'); +var bodyParser = require('body-parser'); +var Fabric_Client = require('fabric-client'); +var Fabric_CA_Client = require('fabric-ca-client'); +var fabric_client = new Fabric_Client(); + +// Configuration for this server +var server_config = require('./config/server.json'); +// Configuration of the RCA/ICA (CA) server +var ca_config = require('./config/ca.json'); + +var fabric_ca_client = null; +var admin_user = null; + +// Setting up https +var options = { + key: fs.readFileSync('./keys/server.key'), + cert: fs.readFileSync( './keys/server.crt'), + ca: fs.readFileSync( './keys/server.csr') +} + +// Create a service (the app object is just a callback). +var app = express(); +//support parsing of application/json type post data +app.use(bodyParser.json()); +//support parsing of application/x-www-form-urlencoded post data +app.use(bodyParser.urlencoded({ + extended: true +})); + +app.post('/', async function(req, res) { + res.setHeader('Content-Type', 'text/html'); + res.end('here i am \n'); + +}) + +app.post('/register', async function(req, res) { + // at this point we should have the admin user + // first need to register the user with the CA server + var status = true; + try { + await fabric_ca_client.register({enrollmentID: req.body.username, enrollmentSecret: req.body.password, role: server_config.userrole}, admin_user); + } catch(err) { + status = false; + console.error('Could not to register user. Error: ' + err.stack ? err.stack : err); + } + res.end('{"status": '+ '"'+ status + '"}'); +}) + +async function enrollAdmin() { + let return_value; + try { + // Create a new CA client for interacting with the CA. + const caInfo = ccp.certificateAuthorities[CA_ORGANISATION_NAME]; + console.log(caInfo); + const caTLSCACerts = []; + //const caTLSCACerts = caInfo.tlsCACerts.pem; + const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName); + + // Create a new file system based wallet for managing identities. + const walletPath = path.join(process.cwd(), 'wallet'); + + const wallet = new FileSystemWallet(walletPath); + console.log(`Wallet path: ${walletPath}`); + + // Check to see if we've already enrolled the admin user. + const adminExists = await wallet.exists('admin'); + if (adminExists) { + return_value = 'An identity for the admin user "admin" already exists in the wallet'; + } + + else { + // Enroll the admin user, and import the new identity into the wallet. + const enrollment = await ca.enroll({ enrollmentID: admin_username, enrollmentSecret: admin_password }); + const identity = X509WalletMixin.createIdentity(ORGANISATION_MSP, enrollment.certificate, enrollment.key.toBytes()); + await wallet.import('admin', identity); + return_value = 'Successfully enrolled admin user "admin" and imported it into the wallet'; + } + } + catch (error) { + + return_value = `Failed to enroll admin user "admin": ${error}`; + } + finally { + console.log("'enrollAdmin' function -> returning value"); + return return_value; + } +} + +var server = https.createServer(options, app); + +server.listen(server_config.port, function() { + console.info('****************** SERVER STARTED ************************'); + console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); + // use the a location for the state store (where the users' certificate are kept) + // and the crypto store (where the users' keys are kept). Only admin cred should be stored + var tlsOptions = { + trustedRoots: [], + verify: false + }; + fabric_ca_client = new Fabric_CA_Client(ca_config.bityogaca.url, tlsOptions , ca_config.bityogaca.caname); + + // need to enroll it with CA server + return fabric_ca_client.enroll({ + enrollmentID: ca_config.bityogaca.enrollmentID, + enrollmentSecret: ca_config.bityogaca.enrollmentSecret + }).then((enrollment) => { + console.log('Successfully enrolled admin user "admin"'); + return fabric_client.createUser( + {username: ca_config.bityogaca.enrollmentID, + mspid: ca_config.bityogaca.mspid, + cryptoContent: { privateKeyPEM: enrollment.key.toBytes(), signedCertPEM: enrollment.certificate }, + skipPersistence: true + }); + }).then((user) => { + admin_user = user; + return fabric_client.setUserContext(admin_user, skipPersistence=true); + }).catch((err) => { + console.error('Failed to enroll admin. Error: ' + err.stack ? err.stack : err); + throw new Error('Failed to enroll admin'); + }); +}); diff --git a/register_service/files/setup.sh b/register_service/files/setup.sh new file mode 100644 index 0000000..e69de29 diff --git a/register_service/group_vars/all.yml b/register_service/group_vars/all.yml new file mode 100644 index 0000000..44d6be5 --- /dev/null +++ b/register_service/group_vars/all.yml @@ -0,0 +1,23 @@ +--- +# Organization Details +org: + name: "hlf" + unit: "bityoga" + +# Creds of various agents +admin_user: "admin1" +admin_password: "admin1pw" + +# Name of the swarm network that would host the services +swarm_network: "hlfnet" + +register_name: "registerjs" + +# Image information for the registration service +register: + name: "{{register_name}}" + image: "node" + tag: "current-alpine3.11" + replicas: -1 + path: "/root/{{register_name}}" + port: 8088 \ No newline at end of file diff --git a/register_service/inventory/hosts b/register_service/inventory/hosts new file mode 100644 index 0000000..e0f0858 --- /dev/null +++ b/register_service/inventory/hosts @@ -0,0 +1 @@ +hlf1 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/register_service/keys/.gitignore b/register_service/keys/.gitignore new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/register_service/keys/.gitignore @@ -0,0 +1 @@ + diff --git a/register_service/keys/ca.crt b/register_service/keys/ca.crt new file mode 100644 index 0000000..50e947e --- /dev/null +++ b/register_service/keys/ca.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIJAILRiHR3wN2LMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV +BAYTAk5PMREwDwYDVQQIDAhSb2dhbGFuZDESMBAGA1UEBwwJU3RhdmFuZ2VyMRgw +FgYDVQQKDA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQw +HhcNMTgwNTEyMTU0MDI4WhcNMjgwNTA5MTU0MDI4WjBmMQswCQYDVQQGEwJOTzER +MA8GA1UECAwIUm9nYWxhbmQxEjAQBgNVBAcMCVN0YXZhbmdlcjEYMBYGA1UECgwP +R2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iiNx8/n2zGElPPt6HG0dAWoNBqe2dmP +ToZrseKPTFZUJT9i9o5F2Qc6xacEkp5dfAKKIft/TvA71VkSZDXkrMJUEGMTdsWt +YFyO68+4fmQrkBs9tCfvTVTsYDUYoV8JYkxfbr+JPvtDYXd8g/irxsoha7ITTLci +VU8+vmfCfl4QouPpegaHf0QbtejqtollgV816SbCcxIoPLkIgz9rYSUeZrNKZ8nS +ZDVl3Fo/4tV1k0ow1qZ38kxujy7tf1ovo6gSDWUF1X7cFUZlLIZ+pxaOqYoF3X7t +j+9ixjEz/uHHE9wpeET+BNttvIL/+/i7OaQNSGIzBW8D6i76ufG/0wIDAQABo1Aw +TjAdBgNVHQ4EFgQUXFvoXctZbDlzWL83V+N2hPPEAZgwHwYDVR0jBBgwFoAUXFvo +XctZbDlzWL83V+N2hPPEAZgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAFxj51/8fS2L6KX5ECZN+GX8+g65k/ft358/5uKXXZvfpBi0KpIjNmaOA6Qwc ++C5S5RctuKmXGpPxeBWKbooMYBoWoiiXEqFqRA28TTi6BU9dO36l8RwDbJFE7XkN +vpZm7FM3PeeW/k4friKL8yOf5T6VrtYGPz7wczz9QWKoSkULB8jPP/B+bTcSy2Ga +d3xIOm9DA72ruc6+s5RT3pfonru+4mqdVHvx4AG4lKGkTELylNLEaUGT2tWE8PJH +Q9+M+x3IUcMGlhMMSOenowBXq7BAglBec9IAI56tzgp4WQ3z0evX+nu+i1cfjBp9 +XhVM8kAcJ+fS0lThuFSb5sxTsg== +-----END CERTIFICATE----- diff --git a/register_service/keys/ca.key b/register_service/keys/ca.key new file mode 100644 index 0000000..c6031ea --- /dev/null +++ b/register_service/keys/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDiKI3Hz+fbMYSU +8+3ocbR0Bag0Gp7Z2Y9Ohmux4o9MVlQlP2L2jkXZBzrFpwSSnl18Aooh+39O8DvV +WRJkNeSswlQQYxN2xa1gXI7rz7h+ZCuQGz20J+9NVOxgNRihXwliTF9uv4k++0Nh +d3yD+KvGyiFrshNMtyJVTz6+Z8J+XhCi4+l6Bod/RBu16Oq2iWWBXzXpJsJzEig8 +uQiDP2thJR5ms0pnydJkNWXcWj/i1XWTSjDWpnfyTG6PLu1/Wi+jqBINZQXVftwV +RmUshn6nFo6pigXdfu2P72LGMTP+4ccT3Cl4RP4E2228gv/7+Ls5pA1IYjMFbwPq +Lvq58b/TAgMBAAECggEAbgwxwXLnbX+Q9jIkKCF8H6DJEmGJvpPg6eL68JpABHNV +irJnY3YjgtHDxX3Z+cZZ0wghUxvf/PdlBhHLozueRHpjEX5EcF0MWoFvgkuXiNkR +YZP/2HQ+O7EBPGdZztxB4rUrEubcz+rQBNNxoX4ViCu/S3phbckHSd+/tkMjHv2Y +imc5TfwW4nCpsPQUZugcSV+gaGHnaY7VuS9AGgvYm6ssNd7TW+oSQOKXrSF/mTBx +KS/uD78lQbG8sKrAf1RCxqDK7KwKu0ua+M1ZysvESZ2/7v+ZiPkToLQBWzw3bgdx +rOcxO8WrSxcf4AkbfTAY2nHNZKpUVN2BPhg4BrwbsQKBgQDx8rbUETcaKzBB5iwC +ZFyue5aYYk/rYIh5JqiNoK1eVzohisHTRB1+DBR5Mdu9jyDxwwNVWUVGjOHiz8Qq +IV/kahJPC2MTQABRhhL/q91lxMyNlLDZNwQLLHD45lLn4DKpXfpoHxJuJAuswv6/ +gHVPGYwPR+JIiQRGsdlXcCKjlwKBgQDvSxQWiiVMnqhUArcJVq6bntrCa+VnYXqt +l8hRUuSeFdELI9Bhv3YT3/80PgQQ/OT3dkt0h8ovkz7rvQucWjLa/fWhgUTzYECp +kyG3B5eGLTPJlrTacXHfXz37zmM+ulUERrmNTknuCSel8clCysPeGMiJTx/JGQEo +ywThF9gdJQKBgQDRRazZ9SICIoUVGu/KCeEYkpGJsM+Lue2RTNzR077hMPV4+bn4 +8JvJ4Mz8nyF/7oMCWjlR42tGQKlJM4hrIH7+5Lh9Yk4J4nvkB+H6/z76vaRoecoV +t75po8D7qMzg/00SrdTfprCcT9VBU1Bhd8z/5Ar/VJ/nOYxXUZG6TaXIdQKBgQCf +hiOsKwhWneaFqxGurhTVNf+MYTWbx8Zq96bZYDN8l/q2PHfs0iC7eza88yLu2Ekk +F76Rvvyw3q6xpWOaJh+FEoyv0GfQ/7fb1HRDelIvZu8BUvDaN4q8aNf/iEVtSfbn +VObaJvjuMTg3TorndhlBdLArqY39GChHs6BbFvRB6QKBgG3kxM0JO58NdI9eLeZR +6FDfNu+DGSUb/a6QOTMrN6uMfAvhqyi5FOLiYlC24L2iBcbEfU8ZrMbcbLSZHeU4 +N5wbVpPt49S3ASnukj93JbJFIMsg1e6AM8lwnu+gqh/DX5sIEa25X7K1pW0cxzF5 +HF45Q5ds0NIQiWStgly1wyPW +-----END PRIVATE KEY----- diff --git a/register_service/keys/ca.srl b/register_service/keys/ca.srl new file mode 100644 index 0000000..479e7bf --- /dev/null +++ b/register_service/keys/ca.srl @@ -0,0 +1 @@ +DCEA968ABE833668 diff --git a/register_service/keys/server.crt b/register_service/keys/server.crt new file mode 100644 index 0000000..d401ef1 --- /dev/null +++ b/register_service/keys/server.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAkQCCQDc6paKvoM2aDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJO +TzERMA8GA1UECAwIUm9nYWxhbmQxEjAQBgNVBAcMCVN0YXZhbmdlcjEYMBYGA1UE +CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MB4XDTE4 +MDUxMjE1NDExOFoXDTI4MDUwOTE1NDExOFowejELMAkGA1UEBhMCTk8xETAPBgNV +BAgMCFJvZ2FsYW5kMRIwEAYDVQQHDAlTdGF2YW5nZXIxGDAWBgNVBAoMD0dsb2Jh +bCBTZWN1cml0eTEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UEAwwJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSBOsz5V5SK +/r+Xzf0BEY1X4kUon7Ohlg9F5v/3wqMIYN0UOxF2Mr7FRVCEfJs8NA5jUSSD29n5 +uZpcoz/rthPIeDWWynhBsWeq7/a2hJVujQtPfQFdd2wTcbLIkN8YmyhF2j8BKQWx +cxO1O6TPq6cOe6i81B41KzngPjMAiUx/ZUyxHa07wavB/W1sV2FylznehuXKmioz +zPKZTecflhGFWkv0jNMU3LhxmzFk/YgOBbR3aLuWkmNmP0nfPiNtdnqCgwzqYRjk +fZSu8DIwqV6mkjx+dsw7q2Y8H9CJRMkas4nobxvih5xAnPDMO4qkuYUwBhCbhsyt +WJylCqLSdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCre9G4KmoDG6+cU/8y5Wkt +qQqZk8E+GDcDObI43Tnk6qEC08n6yC0eKkr+aVTeLddUQFqGB5iL0Ma8YqwK9M+Y +XhAzpARMnqgSBbRQdKQmBPNlVJ26751xjYfM12riWS3byIf2dT1L4Zk3afOmtpZW +2S+pw2Cik+pn7zPPcMo3ZHmWY4IHC0hWuyFdhl+aMabxmoxTaFtIEmXV5dM5sDOw +r9HxGQHGX6EqPFmABf3eZ3IAIa8x0nm6a8dfsKeoXNbg5t9+4kIUBxu46iDNPrFB +p/0Tb7CXjQ6KpY11pHpLyV9CvOpocUN1cww24DPd6zxpbDAe33tzpjZ/MfuBe1pb +-----END CERTIFICATE----- diff --git a/register_service/keys/server.csr b/register_service/keys/server.csr new file mode 100644 index 0000000..28c1079 --- /dev/null +++ b/register_service/keys/server.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvzCCAacCAQAwejELMAkGA1UEBhMCTk8xETAPBgNVBAgMCFJvZ2FsYW5kMRIw +EAYDVQQHDAlTdGF2YW5nZXIxGDAWBgNVBAoMD0dsb2JhbCBTZWN1cml0eTEWMBQG +A1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSBOsz5V5SK/r+Xzf0BEY1X4kUon7Oh +lg9F5v/3wqMIYN0UOxF2Mr7FRVCEfJs8NA5jUSSD29n5uZpcoz/rthPIeDWWynhB +sWeq7/a2hJVujQtPfQFdd2wTcbLIkN8YmyhF2j8BKQWxcxO1O6TPq6cOe6i81B41 +KzngPjMAiUx/ZUyxHa07wavB/W1sV2FylznehuXKmiozzPKZTecflhGFWkv0jNMU +3LhxmzFk/YgOBbR3aLuWkmNmP0nfPiNtdnqCgwzqYRjkfZSu8DIwqV6mkjx+dsw7 +q2Y8H9CJRMkas4nobxvih5xAnPDMO4qkuYUwBhCbhsytWJylCqLSdwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBADj95wjDzWTzYGQoBzsdfFR6UrFDhkmZHMxf5YcS +XBj9ZNAZzIq+Gfb9eazuxGL4yjMG5UoOndruoAD48KqDceLqMga6xle2u3LnMika +zC4fAIFmICppmFnUhWww3IZnk+LB/BI4NA8GB0W8GO6+xd/eQyb9aiSZ+R/xrtFp +Ug458BP/JReZ8ry0hsTsuK1Ol5yAmIzqjW00oFs/gcuxKFDZ5lO1kZyXDOBXyAje +V+Uw68ZdypR/Bkl8uj9B4Qj9H4ys91tJIdwWVnshN59xDj1hqY8j7mYxQOACf6bz +HkKFAJeTv2HQnd1YSgAzsBAzsFFtJ49Wrb6VHKMZHaqOhOY= +-----END CERTIFICATE REQUEST----- diff --git a/register_service/keys/server.key b/register_service/keys/server.key new file mode 100644 index 0000000..2c7695b --- /dev/null +++ b/register_service/keys/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+NIE6zPlXlIr+ +v5fN/QERjVfiRSifs6GWD0Xm//fCowhg3RQ7EXYyvsVFUIR8mzw0DmNRJIPb2fm5 +mlyjP+u2E8h4NZbKeEGxZ6rv9raElW6NC099AV13bBNxssiQ3xibKEXaPwEpBbFz +E7U7pM+rpw57qLzUHjUrOeA+MwCJTH9lTLEdrTvBq8H9bWxXYXKXOd6G5cqaKjPM +8plN5x+WEYVaS/SM0xTcuHGbMWT9iA4FtHdou5aSY2Y/Sd8+I212eoKDDOphGOR9 +lK7wMjCpXqaSPH52zDurZjwf0IlEyRqziehvG+KHnECc8Mw7iqS5hTAGEJuGzK1Y +nKUKotJ3AgMBAAECggEAb9OowuxuEHrJ+ZqlYrtEXJBwQh0NFE/lSbdzDqwhe7Kk +o2Z3lX7fslgM3YLIUgZmr+hhpfxE9gZC10eU/XoAWE1rSJmhLSrk3KupiWnQx0Sf ++ZbTxhf+Xs8Q44EMgHhaHCbiYr02LmsleBX3MLjmS/JtBnEfi8qy0dY2K/uKbi2g +xqGsDKUGbQi1yjiRk74Dd7cCOOg9EZyNfqQ9I9VI+bCwnnuBCW+KUhYfzQ7Sx/iN +o25AIv1UQaj9o+sle7z6H1JveUIZh6A8ThNTpO45aXbK9C0LPqemNAqF3U37PN81 +m5GMUrxCYXnofthUmBeKkZwlw8f2jzUSwWORyvC5eQKBgQD8iFINMH4pqN5jOnY9 +wtKNOhGPu/eUmtY8XksoHX+sAnIElsugGfSzPEOgQoMInMMl3t0a9+Z1AAlKlBJi +b7Grhdch+CjwDhGIKPiuG4tQ6Z/aWB/ljQVL6mnX9IFOK3H7Cp6D2DYXgrgSrT7P +zpGvZMzf1hRWgDWlloqDY+CsSwKBgQDA0Ri7ru+MA495z00TslUqMpKooijsk1UP +5OfgisQu3VPCYqTr7PmVYR9sVG5yVnmzCHV/ckcglPEGSf1nKu0BNXWuWIgnCk/M ++IhaJqIPvZ4sRdu6qPqWg4EPL9ku6+faeH86tCrPZjXyhUk9jdOAb3USzdJ2m9mR ++hB2bOs/BQKBgH+WBBaD1IoJtmndxJWJk8UkfHDpH7nlzK1tWn1nAfUOuzpUUYaO +9pGDtgsG75rvUK0WfxE8BCRCo28ZhnxTQCmPklSoQ06dXQA06wdUBTwY/NlcwqjA +adekFFu2PYoX6xtRjyq/lvyj34oYG270R6icveGtEFNvrSr+9vZRBNcnAoGAWgaG +vMKN19qlt6LhguvFtcENFq033FVh5tziosVHmfX+sIisJfdsBKHnMQYu1zWm9r9h +VNL/gKfp7RzIss2pAOJ8Ap4VW90Fq1bzGtxk2GKZImSvlfRlo7bcoEGf7rd4dlnC +VZ9fSZyYXZZ7vsCkWpgvmkr9FCHqMK0H2LM8Fx0CgYEApyH35VKrajG/OT5EOqz6 +oDi7NUPOrn8RkKO0WDzCdCCruybK0bH+SFd+kC+qXQv5AV2KpS9/NyynDyI1JBEl +N3/ES/e6reJx8R2t96arBz76A7Q9k9exsu0ode1S16cS4XPaXfNkl0rtBRWCux/b +xWmIiYMkJPNP9tG5yjOqz20= +-----END PRIVATE KEY----- diff --git a/register_service/services/nodejs/Dockerfile b/register_service/services/nodejs/Dockerfile new file mode 100644 index 0000000..5adbd37 --- /dev/null +++ b/register_service/services/nodejs/Dockerfile @@ -0,0 +1,54 @@ +#FROM node:latest + +# set the base image to Debian +# https://hub.docker.com/_/debian/ +FROM debian:latest + +# replace shell with bash so we can source files +RUN rm /bin/sh && ln -s /bin/bash /bin/sh + +# update the repository sources list +# and install dependencies +RUN apt-get update \ + && apt-get install -y curl \ + && apt-get -y autoclean + +# nvm environment variables +ENV NVM_DIR /usr/local/nvm +ENV NODE_VERSION 8.9.0 + +# install nvm +# https://github.com/creationix/nvm#install-script +RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash + +# install node and npm +RUN source $NVM_DIR/nvm.sh \ + && nvm install $NODE_VERSION \ + && nvm alias default $NODE_VERSION \ + && nvm use default + +# add node and npm to path so the commands are available +ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules +ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH + +# confirm installation +RUN node -v +RUN npm -v + +COPY ./server.js /home/node/register-server/ +COPY ./package.json /home/node/register-server/ +COPY config /home/node/register-server/config + +WORKDIR /home/node/register-server +RUN mkdir -p /home/node/register-server/keys +RUN openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/ca.key +RUN openssl req -new -x509 -days 3650 -key ./keys/ca.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department" -out ./keys/ca.crt + +RUN openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/server.key +RUN openssl req -new -key ./keys/server.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department/CN=localhost" -out ./keys/server.csr +RUN openssl x509 -days 3650 -req -in ./keys/server.csr -CAcreateserial -CA ./keys/ca.crt -CAkey ./keys/ca.key -out ./keys/server.crt +RUN rm -rfv node_modules/ +RUN apt-get install -y python +RUN apt-get install -y build-essential +RUN npm install + From ff04e0fa1cd58f91e88c64f86ac182ff2d2c3ffd Mon Sep 17 00:00:00 2001 From: Antorweep Chakravorty Date: Mon, 17 Aug 2020 13:44:39 +0200 Subject: [PATCH 08/17] working on registaR --- .../200.deploy_ registrar_service.yml | 52 +++++ .../200.deploy_register_service.yml | 52 ----- .../files/connection_profile.json | 97 +++++++++ register_service/files/server.js | 195 +++++++++--------- register_service/group_vars/all.yml | 20 +- 5 files changed, 263 insertions(+), 153 deletions(-) create mode 100644 register_service/200.deploy_ registrar_service.yml delete mode 100644 register_service/200.deploy_register_service.yml create mode 100644 register_service/files/connection_profile.json diff --git a/register_service/200.deploy_ registrar_service.yml b/register_service/200.deploy_ registrar_service.yml new file mode 100644 index 0000000..f696374 --- /dev/null +++ b/register_service/200.deploy_ registrar_service.yml @@ -0,0 +1,52 @@ +--- + +# ansible-playbook -v 200.deploy_registrar_service.yml -u root + +- name: Deploy Registrar Service + hosts: all + gather_facts: no + tasks: + - name: Clean Registrar Folder Structure + file: + path: "/root/hlft-store/{{registrar.name}}" + state: absent + + - name: Create Registrar Folder Structure + file: + path: "/root/hlft-store/{{Registrar.name}}" + state: directory + + - name: Copy required scripts + copy: + src: "{{item}}" + dest: "/root/hlft-store/{{Registrar.name}}/{{item}}" + loop: + - server.js + - package.json + - config/ + + - name: Start the Registrar Service + become: yes + docker_swarm_service: + name: "{{ registrar.name }}" + hostname: "{{ registrar.name }}" + networks: + - "{{swarm_network}}" + image: "{{registrar.image}}:{{registrar.tag}}" + mode: replicated + replicas: "{{registrar.replicas}}" + mounts: + - source: "/root/hlft-store/{{registrar.name}}" + target: "{{registrar.path}}" + type: bind + publish: + - published_port: "{{registrar.port}}" + target_port: "8080" + protocol: "tcp" + working_dir: "{{registrar.path}}" + command: > + sh -c "sleep 30000s;" + placement: + constraints: + - node.role == worker + force_update: yes \ No newline at end of file diff --git a/register_service/200.deploy_register_service.yml b/register_service/200.deploy_register_service.yml deleted file mode 100644 index 5979565..0000000 --- a/register_service/200.deploy_register_service.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- - -# ansible-playbook -v 200.deploy_register_service.yml -u root - -- name: Deploy Register Service - hosts: all - gather_facts: no - tasks: - - name: Clean Register Folder Structure - file: - path: "/root/hlft-store/{{register.name}}" - state: absent - - - name: Create Register Folder Structure - file: - path: "/root/hlft-store/{{register.name}}" - state: directory - - - name: Copy required scripts - copy: - src: "{{item}}" - dest: "/root/hlft-store/{{register.name}}/{{item}}" - loop: - - server.js - - package.json - - config/ - - - name: Start the Registration Service - become: yes - docker_swarm_service: - name: "{{ register.name }}" - hostname: "{{ register.name }}" - networks: - - "{{swarm_network}}" - image: "{{register.image}}:{{register.tag}}" - mode: replicated - replicas: "{{register.replicas}}" - mounts: - - source: "/root/hlft-store/{{register.name}}" - target: "{{register.path}}" - type: bind - publish: - - published_port: "{{register.port}}" - target_port: "8080" - protocol: "tcp" - working_dir: "{{register.path}}" - command: > - sh -c "sleep 30000s;" - placement: - constraints: - - node.role == worker - force_update: yes \ No newline at end of file diff --git a/register_service/files/connection_profile.json b/register_service/files/connection_profile.json new file mode 100644 index 0000000..bc8b41b --- /dev/null +++ b/register_service/files/connection_profile.json @@ -0,0 +1,97 @@ +{ + "name": "hlf-bityoga", + "version": "1.0.0", + "client": { + "organization": "hlf", + "connection": { + "timeout": { + "peer": { + "endorser": "300" + } + } + } + }, + "channels": { + "appchannel": { + "orderers": [ + "orderer" + ], + "peers": { + "peer2": { + "endorsingPeer": "true", + "chaincodeQuery": "false", + "ledgerQuery": "false", + "eventSource": "false", + "discover": "true" + }, + "peer1": { + "endorsingPeer": "false", + "chaincodeQuery": "true", + "ledgerQuery": "false", + "eventSource": "false", + "discover": "true" + } + } + } + }, + "organizations": { + "hlf": { + "mspid": "hlfMSP", + "peers": [ + "peer2", + "peer1" + ], + "certificateAuthorities": [ + "orgca", + "tlsca" + ] + } + }, + "orderers": { + "orderer": { + "url": "grpcs://ip.address:8053", + "tlsCACerts": { + "path": "./hlft-store/hlfMSP/tlscacerts/tls-tlsca-7054.pem" + }, + "grpcOptions": { + "ssl-target-name-override": "orderer" + } + } + }, + "peers": { + "peer1": { + "url": "grpcs://ip.address:8054", + "tlsCACerts": { + "path": "/root/{{user}}/msp/tls/ca.crt" + }, + "grpcOptions": { + "ssl-target-name-override": "peer1" + } + }, + "peer2": { + "url": "grpcs://ip.address:8055", + "tlsCACerts": { + "path": "/root/{{user}}/msp/tls/ca.crt" + }, + "grpcOptions": { + "ssl-target-name-override": "peer2" + } + } + }, + "certificateAuthorities": { + "orgca": { + "caName": "orgca", + "url": "https://orgca:7054", + "httpOptions": { + "verify": false + } + }, + "tlsca": { + "caName": "tlsca", + "url": "https://tlsca:7054", + "httpOptions": { + "verify": false + } + } + } +} \ No newline at end of file diff --git a/register_service/files/server.js b/register_service/files/server.js index 62cc5ee..70d57a2 100644 --- a/register_service/files/server.js +++ b/register_service/files/server.js @@ -1,27 +1,72 @@ -var path = require('path'); -var util = require('util'); -var os = require('os'); -var https = require('https'); -var fs = require('fs'); -var express = require('express'); -var bodyParser = require('body-parser'); -var Fabric_Client = require('fabric-client'); -var Fabric_CA_Client = require('fabric-ca-client'); -var fabric_client = new Fabric_Client(); - -// Configuration for this server -var server_config = require('./config/server.json'); -// Configuration of the RCA/ICA (CA) server -var ca_config = require('./config/ca.json'); - -var fabric_ca_client = null; -var admin_user = null; +/* + * SPDX-License-Identifier: Apache-2.0 + */ + +'use strict'; + +// Hyperledger Fabric CA Related imports +const FabricCAServices = require('fabric-ca-client'); +const { FileSystemWallet, X509WalletMixin } = require('fabric-network'); + +const fs = require('fs'); +const path = require('path'); + +const ccpPath = path.resolve(__dirname, '.', 'connection_profile.json'); +const ccpJSON = fs.readFileSync(ccpPath, 'utf8'); +const ccp = JSON.parse(ccpJSON); + +const ORGANISATION_MSP = "{{org.name}}MSP"; +const CA_ORGANISATION_NAME = "{{admin.orgca}}"; + +function enrollAdmin() { + try { + + + // Create a new CA client for interacting with the CA. + const caInfo = ccp.certificateAuthorities[CA_ORGANISATION_NAME]; + console.log(caInfo); + const caTLSCACerts = ["{{admin.path/ca.crt}}"]; + //const caTLSCACerts = caInfo.tlsCACerts.pem; + const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName); + + // Create a new file system based wallet for managing identities. + const walletPath = path.join(process.cwd(), 'wallet'); + + const wallet = new FileSystemWallet(walletPath); + console.log(`Wallet path: ${walletPath}`); + + // Check to see if we've already enrolled the admin user. + const adminExists = await wallet.exists("{{admin.name}}"); + if (adminExists) { + console.log('An identity for the admin user "{{admin.name}}" already exists in the wallet'); + return; + } + + // Enroll the admin user, and import the new identity into the wallet. + const enrollment = await ca.enroll({ enrollmentID: "{{admin.name}}", enrollmentSecret: "{{admin.password}}" }); + const identity = X509WalletMixin.createIdentity(ORGANISATION_MSP, enrollment.certificate, enrollment.key.toBytes()); + await wallet.import("{{admin.name}}", identity); + console.log('Successfully enrolled admin user "{{admin.name}}" and imported it into the wallet'); + + } catch (error) { + console.error(`Failed to enroll admin user "{{admin.name}}": ${error}`); + process.exit(1); + } +} + +// Node Express Related imports +const util = require('util'); +const os = require('os'); +const https = require('https'); +const express = require('express'); +const bodyParser = require('body-parser'); + // Setting up https var options = { - key: fs.readFileSync('./keys/server.key'), - cert: fs.readFileSync( './keys/server.crt'), - ca: fs.readFileSync( './keys/server.csr') + key: fs.readFileSync('{{admin.path}}/tls/server.key'), + cert: fs.readFileSync('{{admin.path}}/tls/server.crt'), + ca: fs.readFileSync('{{admin.path}}/tls/ca.crt') } // Create a service (the app object is just a callback). @@ -30,98 +75,62 @@ var app = express(); app.use(bodyParser.json()); //support parsing of application/x-www-form-urlencoded post data app.use(bodyParser.urlencoded({ - extended: true + extended: true })); -app.post('/', async function(req, res) { +app.post('/', async function (req, res) { res.setHeader('Content-Type', 'text/html'); res.end('here i am \n'); }) -app.post('/register', async function(req, res) { - // at this point we should have the admin user - // first need to register the user with the CA server - var status = true; +app.post('/register', async function (req, res) { + var status = false; try { - await fabric_ca_client.register({enrollmentID: req.body.username, enrollmentSecret: req.body.password, role: server_config.userrole}, admin_user); - } catch(err) { - status = false; - console.error('Could not to register user. Error: ' + err.stack ? err.stack : err); - } - res.end('{"status": '+ '"'+ status + '"}'); -}) - -async function enrollAdmin() { - let return_value; - try { - // Create a new CA client for interacting with the CA. - const caInfo = ccp.certificateAuthorities[CA_ORGANISATION_NAME]; - console.log(caInfo); - const caTLSCACerts = []; - //const caTLSCACerts = caInfo.tlsCACerts.pem; - const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName); // Create a new file system based wallet for managing identities. const walletPath = path.join(process.cwd(), 'wallet'); - const wallet = new FileSystemWallet(walletPath); console.log(`Wallet path: ${walletPath}`); - // Check to see if we've already enrolled the admin user. - const adminExists = await wallet.exists('admin'); - if (adminExists) { - return_value = 'An identity for the admin user "admin" already exists in the wallet'; + // Check to see if we've already enrolled the user. + const userExists = await wallet.exists(req.body.username); + if (userExists) { + console.log('An identity for the user "' + req.body.username + '" already exists in the wallet'); + return; } - else { - // Enroll the admin user, and import the new identity into the wallet. - const enrollment = await ca.enroll({ enrollmentID: admin_username, enrollmentSecret: admin_password }); - const identity = X509WalletMixin.createIdentity(ORGANISATION_MSP, enrollment.certificate, enrollment.key.toBytes()); - await wallet.import('admin', identity); - return_value = 'Successfully enrolled admin user "admin" and imported it into the wallet'; + // Check to see if we've already enrolled the admin user. + const adminExists = await wallet.exists("{{admin.name}}"); + if (!adminExists) { + console.log('An identity for the admin user "{{admin.name}}" does not exist in the wallet'); + return; } - } - catch (error) { - - return_value = `Failed to enroll admin user "admin": ${error}`; - } - finally { - console.log("'enrollAdmin' function -> returning value"); - return return_value; + + // Create a new gateway for connecting to our peer node. + const gateway = new Gateway(); + await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}", discovery: { enabled: true, asLocalhost: true } }); + + + // Get the CA client object from the gateway for interacting with the CA. + const ca = gateway.getClient().getCertificateAuthority(); + const adminIdentity = gateway.getCurrentIdentity(); + + + // Register the user, enroll the user, and import the new identity into the wallet. + await ca.register({ enrollmentID: req.body.username, role: "client", enrollmentSecret: req.body.password }, adminIdentity); + console.log('Successfully registered user "' + req.body.username + '" with role client"'); + + } catch (error) { + console.error(`Failed to register user": ${error}`); + process.exit(1); } -} +}) var server = https.createServer(options, app); -server.listen(server_config.port, function() { +server.listen(server_config.port, function () { console.info('****************** SERVER STARTED ************************'); - console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); - // use the a location for the state store (where the users' certificate are kept) - // and the crypto store (where the users' keys are kept). Only admin cred should be stored - var tlsOptions = { - trustedRoots: [], - verify: false - }; - fabric_ca_client = new Fabric_CA_Client(ca_config.bityogaca.url, tlsOptions , ca_config.bityogaca.caname); - - // need to enroll it with CA server - return fabric_ca_client.enroll({ - enrollmentID: ca_config.bityogaca.enrollmentID, - enrollmentSecret: ca_config.bityogaca.enrollmentSecret - }).then((enrollment) => { - console.log('Successfully enrolled admin user "admin"'); - return fabric_client.createUser( - {username: ca_config.bityogaca.enrollmentID, - mspid: ca_config.bityogaca.mspid, - cryptoContent: { privateKeyPEM: enrollment.key.toBytes(), signedCertPEM: enrollment.certificate }, - skipPersistence: true - }); - }).then((user) => { - admin_user = user; - return fabric_client.setUserContext(admin_user, skipPersistence=true); - }).catch((err) => { - console.error('Failed to enroll admin. Error: ' + err.stack ? err.stack : err); - throw new Error('Failed to enroll admin'); - }); + console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); + enrollAdmin(); }); diff --git a/register_service/group_vars/all.yml b/register_service/group_vars/all.yml index 44d6be5..18615b6 100644 --- a/register_service/group_vars/all.yml +++ b/register_service/group_vars/all.yml @@ -1,23 +1,27 @@ --- -# Organization Details org: name: "hlf" unit: "bityoga" -# Creds of various agents -admin_user: "admin1" -admin_password: "admin1pw" +admin: + name: "admin1" + password: "admin1pw" + orgca: "orgca" + tlsca: "tlsca" + path: "/root/admin1" + +user: "" # Name of the swarm network that would host the services swarm_network: "hlfnet" -register_name: "registerjs" +registrar_name: "registrar" # Image information for the registration service -register: - name: "{{register_name}}" +registrar: + name: "{{registrar_name}}" image: "node" tag: "current-alpine3.11" replicas: -1 - path: "/root/{{register_name}}" + path: "/root/{{registrar_name}}" port: 8088 \ No newline at end of file From 8e1aff9f6ed689a3cd6bdc9ba7f2a3551b55ef1f Mon Sep 17 00:00:00 2001 From: Antorweep Chakravorty Date: Tue, 18 Aug 2020 14:23:27 +0200 Subject: [PATCH 09/17] working on registaR --- .../200.deploy_ registrar_service.yml | 63 ++++++++++++++++--- register_service/files/config/ca.json | 18 ------ register_service/files/package.json | 3 +- .../files/{config => }/server.json | 4 +- register_service/files/setup.sh | 7 +++ register_service/group_vars/all.yml | 2 +- register_service/keys/.gitignore | 1 - register_service/keys/ca.crt | 22 ------- register_service/keys/ca.key | 28 --------- register_service/keys/ca.srl | 1 - register_service/keys/server.crt | 20 ------ register_service/keys/server.csr | 17 ----- register_service/keys/server.key | 28 --------- register_service/services/nodejs/Dockerfile | 54 ---------------- .../connection_profile.json.j2} | 4 +- .../server.js => templates/server.js.j2} | 22 ++++--- 16 files changed, 79 insertions(+), 215 deletions(-) delete mode 100644 register_service/files/config/ca.json rename register_service/files/{config => }/server.json (66%) mode change 100644 => 100755 register_service/files/setup.sh delete mode 100644 register_service/keys/.gitignore delete mode 100644 register_service/keys/ca.crt delete mode 100644 register_service/keys/ca.key delete mode 100644 register_service/keys/ca.srl delete mode 100644 register_service/keys/server.crt delete mode 100644 register_service/keys/server.csr delete mode 100644 register_service/keys/server.key delete mode 100644 register_service/services/nodejs/Dockerfile rename register_service/{files/connection_profile.json => templates/connection_profile.json.j2} (96%) rename register_service/{files/server.js => templates/server.js.j2} (88%) diff --git a/register_service/200.deploy_ registrar_service.yml b/register_service/200.deploy_ registrar_service.yml index f696374..328fb86 100644 --- a/register_service/200.deploy_ registrar_service.yml +++ b/register_service/200.deploy_ registrar_service.yml @@ -13,18 +13,56 @@ - name: Create Registrar Folder Structure file: - path: "/root/hlft-store/{{Registrar.name}}" + path: "/root/hlft-store/{{registrar.name}}" + state: directory + + - name: Create tls-admin Folder Structure + file: + path: "/root/hlft-store/{{registrar.name}}/tls-{{admin.name}}" state: directory - - name: Copy required scripts + - name: Copy relevent files copy: - src: "{{item}}" - dest: "/root/hlft-store/{{Registrar.name}}/{{item}}" + src: "{{item[0]}}" + dest: "/root/hlft-store/{{registrar.name}}/{{item[0]}}" + mode: "{{item[1]}}" loop: - - server.js - - package.json - - config/ + - ["package.json", 400] + - ["server.json", 400] + - ["setup.sh", 500] + - name: Template required files + become: yes + template: + src: "{{item}}.j2" + dest: "/root/hlft-store/{{registrar.name}}/{{item}}" + mode: '0750' + force: yes + loop: + - "connection_profile.json" + - "server.js" + + - name: Get keystore filename for admin user + shell: ls /root/hlft-store/{{admin.tlsca}}/{{admin.name}}/msp/keystore | sort -n | head -1 + register: key_filename + ignore_errors: True + + - name: Copy relevent tls files for admin user + copy: + src: "/root/hlft-store/{{admin.tlsca}}/{{admin.name}}/msp/{{item[0]}}" + dest: "/root/hlft-store/{{registrar.name}}/tls-{{admin.name}}/{{item[1]}}" + remote_src: yes + loop: + - ["cacerts/{{admin.tlsca}}-7054.pem", "ca.crt"] + - ["signcerts/cert.pem", "server.crt"] + - ["keystore/{{key_filename.stdout}}", "server.key"] + + - name: Stop the Registrar Service + become: yes + docker_swarm_service: + name: "{{ registrar.name }}" + state: absent + - name: Start the Registrar Service become: yes docker_swarm_service: @@ -38,15 +76,20 @@ mounts: - source: "/root/hlft-store/{{registrar.name}}" target: "{{registrar.path}}" - type: bind + type: bind publish: - published_port: "{{registrar.port}}" target_port: "8080" protocol: "tcp" working_dir: "{{registrar.path}}" command: > - sh -c "sleep 30000s;" + bash -c "{{registrar.path}}/setup.sh;" placement: constraints: - node.role == worker - force_update: yes \ No newline at end of file + force_update: yes + + # Pause for 25 seconds for yarn install to complete + - name: Pause for 30 seconds for yarn install to complete + pause: + seconds: 30 \ No newline at end of file diff --git a/register_service/files/config/ca.json b/register_service/files/config/ca.json deleted file mode 100644 index a89078d..0000000 --- a/register_service/files/config/ca.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "orgca": { - "caname": "orgca", - "url": "https://orgca:7054", - "enrollmentID": "admin1", - "enrollmentSecret": "admin1pw", - "mspid": "hlfMSP" - - }, - "tlsca": { - "caname": "tlsca", - "url": "https://tlsca:7054", - "enrollmentID": "admin1", - "enrollmentSecret": "admin1pw", - "mspid": "hlfMSP" - - } -} diff --git a/register_service/files/package.json b/register_service/files/package.json index addff3b..5e7e44a 100644 --- a/register_service/files/package.json +++ b/register_service/files/package.json @@ -12,7 +12,8 @@ "license": "ISC", "dependencies": { "express": "^4.16.3", + "fabric-network": "~1.4.4", "fabric-ca-client": "~1.4.4", "fabric-client": "~1.4.4" } -} +} \ No newline at end of file diff --git a/register_service/files/config/server.json b/register_service/files/server.json similarity index 66% rename from register_service/files/config/server.json rename to register_service/files/server.json index 121b7ac..9f87095 100644 --- a/register_service/files/config/server.json +++ b/register_service/files/server.json @@ -2,6 +2,6 @@ "host": "localhost", "port": 8080, "credentialStore": "credentialStore", - "cryptoStore": "credentialStore/cryptoStore", + "cryptoStore": "credentialStore/cryptoStore", "userrole": "client" -} +} \ No newline at end of file diff --git a/register_service/files/setup.sh b/register_service/files/setup.sh old mode 100644 new mode 100755 index e69de29..c727806 --- a/register_service/files/setup.sh +++ b/register_service/files/setup.sh @@ -0,0 +1,7 @@ +echo "..." +yarn install; +echo "yarn install complete" +node ./server.js +# while true; do +# sleep 0.1 +# done diff --git a/register_service/group_vars/all.yml b/register_service/group_vars/all.yml index 18615b6..51a5a78 100644 --- a/register_service/group_vars/all.yml +++ b/register_service/group_vars/all.yml @@ -21,7 +21,7 @@ registrar_name: "registrar" registrar: name: "{{registrar_name}}" image: "node" - tag: "current-alpine3.11" + tag: "12.15" replicas: -1 path: "/root/{{registrar_name}}" port: 8088 \ No newline at end of file diff --git a/register_service/keys/.gitignore b/register_service/keys/.gitignore deleted file mode 100644 index 8b13789..0000000 --- a/register_service/keys/.gitignore +++ /dev/null @@ -1 +0,0 @@ - diff --git a/register_service/keys/ca.crt b/register_service/keys/ca.crt deleted file mode 100644 index 50e947e..0000000 --- a/register_service/keys/ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIJAILRiHR3wN2LMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV -BAYTAk5PMREwDwYDVQQIDAhSb2dhbGFuZDESMBAGA1UEBwwJU3RhdmFuZ2VyMRgw -FgYDVQQKDA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQw -HhcNMTgwNTEyMTU0MDI4WhcNMjgwNTA5MTU0MDI4WjBmMQswCQYDVQQGEwJOTzER -MA8GA1UECAwIUm9nYWxhbmQxEjAQBgNVBAcMCVN0YXZhbmdlcjEYMBYGA1UECgwP -R2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iiNx8/n2zGElPPt6HG0dAWoNBqe2dmP -ToZrseKPTFZUJT9i9o5F2Qc6xacEkp5dfAKKIft/TvA71VkSZDXkrMJUEGMTdsWt -YFyO68+4fmQrkBs9tCfvTVTsYDUYoV8JYkxfbr+JPvtDYXd8g/irxsoha7ITTLci -VU8+vmfCfl4QouPpegaHf0QbtejqtollgV816SbCcxIoPLkIgz9rYSUeZrNKZ8nS -ZDVl3Fo/4tV1k0ow1qZ38kxujy7tf1ovo6gSDWUF1X7cFUZlLIZ+pxaOqYoF3X7t -j+9ixjEz/uHHE9wpeET+BNttvIL/+/i7OaQNSGIzBW8D6i76ufG/0wIDAQABo1Aw -TjAdBgNVHQ4EFgQUXFvoXctZbDlzWL83V+N2hPPEAZgwHwYDVR0jBBgwFoAUXFvo -XctZbDlzWL83V+N2hPPEAZgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAFxj51/8fS2L6KX5ECZN+GX8+g65k/ft358/5uKXXZvfpBi0KpIjNmaOA6Qwc -+C5S5RctuKmXGpPxeBWKbooMYBoWoiiXEqFqRA28TTi6BU9dO36l8RwDbJFE7XkN -vpZm7FM3PeeW/k4friKL8yOf5T6VrtYGPz7wczz9QWKoSkULB8jPP/B+bTcSy2Ga -d3xIOm9DA72ruc6+s5RT3pfonru+4mqdVHvx4AG4lKGkTELylNLEaUGT2tWE8PJH -Q9+M+x3IUcMGlhMMSOenowBXq7BAglBec9IAI56tzgp4WQ3z0evX+nu+i1cfjBp9 -XhVM8kAcJ+fS0lThuFSb5sxTsg== ------END CERTIFICATE----- diff --git a/register_service/keys/ca.key b/register_service/keys/ca.key deleted file mode 100644 index c6031ea..0000000 --- a/register_service/keys/ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDiKI3Hz+fbMYSU -8+3ocbR0Bag0Gp7Z2Y9Ohmux4o9MVlQlP2L2jkXZBzrFpwSSnl18Aooh+39O8DvV -WRJkNeSswlQQYxN2xa1gXI7rz7h+ZCuQGz20J+9NVOxgNRihXwliTF9uv4k++0Nh -d3yD+KvGyiFrshNMtyJVTz6+Z8J+XhCi4+l6Bod/RBu16Oq2iWWBXzXpJsJzEig8 -uQiDP2thJR5ms0pnydJkNWXcWj/i1XWTSjDWpnfyTG6PLu1/Wi+jqBINZQXVftwV -RmUshn6nFo6pigXdfu2P72LGMTP+4ccT3Cl4RP4E2228gv/7+Ls5pA1IYjMFbwPq -Lvq58b/TAgMBAAECggEAbgwxwXLnbX+Q9jIkKCF8H6DJEmGJvpPg6eL68JpABHNV -irJnY3YjgtHDxX3Z+cZZ0wghUxvf/PdlBhHLozueRHpjEX5EcF0MWoFvgkuXiNkR -YZP/2HQ+O7EBPGdZztxB4rUrEubcz+rQBNNxoX4ViCu/S3phbckHSd+/tkMjHv2Y -imc5TfwW4nCpsPQUZugcSV+gaGHnaY7VuS9AGgvYm6ssNd7TW+oSQOKXrSF/mTBx -KS/uD78lQbG8sKrAf1RCxqDK7KwKu0ua+M1ZysvESZ2/7v+ZiPkToLQBWzw3bgdx -rOcxO8WrSxcf4AkbfTAY2nHNZKpUVN2BPhg4BrwbsQKBgQDx8rbUETcaKzBB5iwC -ZFyue5aYYk/rYIh5JqiNoK1eVzohisHTRB1+DBR5Mdu9jyDxwwNVWUVGjOHiz8Qq -IV/kahJPC2MTQABRhhL/q91lxMyNlLDZNwQLLHD45lLn4DKpXfpoHxJuJAuswv6/ -gHVPGYwPR+JIiQRGsdlXcCKjlwKBgQDvSxQWiiVMnqhUArcJVq6bntrCa+VnYXqt -l8hRUuSeFdELI9Bhv3YT3/80PgQQ/OT3dkt0h8ovkz7rvQucWjLa/fWhgUTzYECp -kyG3B5eGLTPJlrTacXHfXz37zmM+ulUERrmNTknuCSel8clCysPeGMiJTx/JGQEo -ywThF9gdJQKBgQDRRazZ9SICIoUVGu/KCeEYkpGJsM+Lue2RTNzR077hMPV4+bn4 -8JvJ4Mz8nyF/7oMCWjlR42tGQKlJM4hrIH7+5Lh9Yk4J4nvkB+H6/z76vaRoecoV -t75po8D7qMzg/00SrdTfprCcT9VBU1Bhd8z/5Ar/VJ/nOYxXUZG6TaXIdQKBgQCf -hiOsKwhWneaFqxGurhTVNf+MYTWbx8Zq96bZYDN8l/q2PHfs0iC7eza88yLu2Ekk -F76Rvvyw3q6xpWOaJh+FEoyv0GfQ/7fb1HRDelIvZu8BUvDaN4q8aNf/iEVtSfbn -VObaJvjuMTg3TorndhlBdLArqY39GChHs6BbFvRB6QKBgG3kxM0JO58NdI9eLeZR -6FDfNu+DGSUb/a6QOTMrN6uMfAvhqyi5FOLiYlC24L2iBcbEfU8ZrMbcbLSZHeU4 -N5wbVpPt49S3ASnukj93JbJFIMsg1e6AM8lwnu+gqh/DX5sIEa25X7K1pW0cxzF5 -HF45Q5ds0NIQiWStgly1wyPW ------END PRIVATE KEY----- diff --git a/register_service/keys/ca.srl b/register_service/keys/ca.srl deleted file mode 100644 index 479e7bf..0000000 --- a/register_service/keys/ca.srl +++ /dev/null @@ -1 +0,0 @@ -DCEA968ABE833668 diff --git a/register_service/keys/server.crt b/register_service/keys/server.crt deleted file mode 100644 index d401ef1..0000000 --- a/register_service/keys/server.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDXDCCAkQCCQDc6paKvoM2aDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJO -TzERMA8GA1UECAwIUm9nYWxhbmQxEjAQBgNVBAcMCVN0YXZhbmdlcjEYMBYGA1UE -CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MB4XDTE4 -MDUxMjE1NDExOFoXDTI4MDUwOTE1NDExOFowejELMAkGA1UEBhMCTk8xETAPBgNV -BAgMCFJvZ2FsYW5kMRIwEAYDVQQHDAlTdGF2YW5nZXIxGDAWBgNVBAoMD0dsb2Jh -bCBTZWN1cml0eTEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UEAwwJbG9j -YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSBOsz5V5SK -/r+Xzf0BEY1X4kUon7Ohlg9F5v/3wqMIYN0UOxF2Mr7FRVCEfJs8NA5jUSSD29n5 -uZpcoz/rthPIeDWWynhBsWeq7/a2hJVujQtPfQFdd2wTcbLIkN8YmyhF2j8BKQWx -cxO1O6TPq6cOe6i81B41KzngPjMAiUx/ZUyxHa07wavB/W1sV2FylznehuXKmioz -zPKZTecflhGFWkv0jNMU3LhxmzFk/YgOBbR3aLuWkmNmP0nfPiNtdnqCgwzqYRjk -fZSu8DIwqV6mkjx+dsw7q2Y8H9CJRMkas4nobxvih5xAnPDMO4qkuYUwBhCbhsyt -WJylCqLSdwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCre9G4KmoDG6+cU/8y5Wkt -qQqZk8E+GDcDObI43Tnk6qEC08n6yC0eKkr+aVTeLddUQFqGB5iL0Ma8YqwK9M+Y -XhAzpARMnqgSBbRQdKQmBPNlVJ26751xjYfM12riWS3byIf2dT1L4Zk3afOmtpZW -2S+pw2Cik+pn7zPPcMo3ZHmWY4IHC0hWuyFdhl+aMabxmoxTaFtIEmXV5dM5sDOw -r9HxGQHGX6EqPFmABf3eZ3IAIa8x0nm6a8dfsKeoXNbg5t9+4kIUBxu46iDNPrFB -p/0Tb7CXjQ6KpY11pHpLyV9CvOpocUN1cww24DPd6zxpbDAe33tzpjZ/MfuBe1pb ------END CERTIFICATE----- diff --git a/register_service/keys/server.csr b/register_service/keys/server.csr deleted file mode 100644 index 28c1079..0000000 --- a/register_service/keys/server.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICvzCCAacCAQAwejELMAkGA1UEBhMCTk8xETAPBgNVBAgMCFJvZ2FsYW5kMRIw -EAYDVQQHDAlTdGF2YW5nZXIxGDAWBgNVBAoMD0dsb2JhbCBTZWN1cml0eTEWMBQG -A1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjSBOsz5V5SK/r+Xzf0BEY1X4kUon7Oh -lg9F5v/3wqMIYN0UOxF2Mr7FRVCEfJs8NA5jUSSD29n5uZpcoz/rthPIeDWWynhB -sWeq7/a2hJVujQtPfQFdd2wTcbLIkN8YmyhF2j8BKQWxcxO1O6TPq6cOe6i81B41 -KzngPjMAiUx/ZUyxHa07wavB/W1sV2FylznehuXKmiozzPKZTecflhGFWkv0jNMU -3LhxmzFk/YgOBbR3aLuWkmNmP0nfPiNtdnqCgwzqYRjkfZSu8DIwqV6mkjx+dsw7 -q2Y8H9CJRMkas4nobxvih5xAnPDMO4qkuYUwBhCbhsytWJylCqLSdwIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBADj95wjDzWTzYGQoBzsdfFR6UrFDhkmZHMxf5YcS -XBj9ZNAZzIq+Gfb9eazuxGL4yjMG5UoOndruoAD48KqDceLqMga6xle2u3LnMika -zC4fAIFmICppmFnUhWww3IZnk+LB/BI4NA8GB0W8GO6+xd/eQyb9aiSZ+R/xrtFp -Ug458BP/JReZ8ry0hsTsuK1Ol5yAmIzqjW00oFs/gcuxKFDZ5lO1kZyXDOBXyAje -V+Uw68ZdypR/Bkl8uj9B4Qj9H4ys91tJIdwWVnshN59xDj1hqY8j7mYxQOACf6bz -HkKFAJeTv2HQnd1YSgAzsBAzsFFtJ49Wrb6VHKMZHaqOhOY= ------END CERTIFICATE REQUEST----- diff --git a/register_service/keys/server.key b/register_service/keys/server.key deleted file mode 100644 index 2c7695b..0000000 --- a/register_service/keys/server.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+NIE6zPlXlIr+ -v5fN/QERjVfiRSifs6GWD0Xm//fCowhg3RQ7EXYyvsVFUIR8mzw0DmNRJIPb2fm5 -mlyjP+u2E8h4NZbKeEGxZ6rv9raElW6NC099AV13bBNxssiQ3xibKEXaPwEpBbFz -E7U7pM+rpw57qLzUHjUrOeA+MwCJTH9lTLEdrTvBq8H9bWxXYXKXOd6G5cqaKjPM -8plN5x+WEYVaS/SM0xTcuHGbMWT9iA4FtHdou5aSY2Y/Sd8+I212eoKDDOphGOR9 -lK7wMjCpXqaSPH52zDurZjwf0IlEyRqziehvG+KHnECc8Mw7iqS5hTAGEJuGzK1Y -nKUKotJ3AgMBAAECggEAb9OowuxuEHrJ+ZqlYrtEXJBwQh0NFE/lSbdzDqwhe7Kk -o2Z3lX7fslgM3YLIUgZmr+hhpfxE9gZC10eU/XoAWE1rSJmhLSrk3KupiWnQx0Sf -+ZbTxhf+Xs8Q44EMgHhaHCbiYr02LmsleBX3MLjmS/JtBnEfi8qy0dY2K/uKbi2g -xqGsDKUGbQi1yjiRk74Dd7cCOOg9EZyNfqQ9I9VI+bCwnnuBCW+KUhYfzQ7Sx/iN -o25AIv1UQaj9o+sle7z6H1JveUIZh6A8ThNTpO45aXbK9C0LPqemNAqF3U37PN81 -m5GMUrxCYXnofthUmBeKkZwlw8f2jzUSwWORyvC5eQKBgQD8iFINMH4pqN5jOnY9 -wtKNOhGPu/eUmtY8XksoHX+sAnIElsugGfSzPEOgQoMInMMl3t0a9+Z1AAlKlBJi -b7Grhdch+CjwDhGIKPiuG4tQ6Z/aWB/ljQVL6mnX9IFOK3H7Cp6D2DYXgrgSrT7P -zpGvZMzf1hRWgDWlloqDY+CsSwKBgQDA0Ri7ru+MA495z00TslUqMpKooijsk1UP -5OfgisQu3VPCYqTr7PmVYR9sVG5yVnmzCHV/ckcglPEGSf1nKu0BNXWuWIgnCk/M -+IhaJqIPvZ4sRdu6qPqWg4EPL9ku6+faeH86tCrPZjXyhUk9jdOAb3USzdJ2m9mR -+hB2bOs/BQKBgH+WBBaD1IoJtmndxJWJk8UkfHDpH7nlzK1tWn1nAfUOuzpUUYaO -9pGDtgsG75rvUK0WfxE8BCRCo28ZhnxTQCmPklSoQ06dXQA06wdUBTwY/NlcwqjA -adekFFu2PYoX6xtRjyq/lvyj34oYG270R6icveGtEFNvrSr+9vZRBNcnAoGAWgaG -vMKN19qlt6LhguvFtcENFq033FVh5tziosVHmfX+sIisJfdsBKHnMQYu1zWm9r9h -VNL/gKfp7RzIss2pAOJ8Ap4VW90Fq1bzGtxk2GKZImSvlfRlo7bcoEGf7rd4dlnC -VZ9fSZyYXZZ7vsCkWpgvmkr9FCHqMK0H2LM8Fx0CgYEApyH35VKrajG/OT5EOqz6 -oDi7NUPOrn8RkKO0WDzCdCCruybK0bH+SFd+kC+qXQv5AV2KpS9/NyynDyI1JBEl -N3/ES/e6reJx8R2t96arBz76A7Q9k9exsu0ode1S16cS4XPaXfNkl0rtBRWCux/b -xWmIiYMkJPNP9tG5yjOqz20= ------END PRIVATE KEY----- diff --git a/register_service/services/nodejs/Dockerfile b/register_service/services/nodejs/Dockerfile deleted file mode 100644 index 5adbd37..0000000 --- a/register_service/services/nodejs/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -#FROM node:latest - -# set the base image to Debian -# https://hub.docker.com/_/debian/ -FROM debian:latest - -# replace shell with bash so we can source files -RUN rm /bin/sh && ln -s /bin/bash /bin/sh - -# update the repository sources list -# and install dependencies -RUN apt-get update \ - && apt-get install -y curl \ - && apt-get -y autoclean - -# nvm environment variables -ENV NVM_DIR /usr/local/nvm -ENV NODE_VERSION 8.9.0 - -# install nvm -# https://github.com/creationix/nvm#install-script -RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash - -# install node and npm -RUN source $NVM_DIR/nvm.sh \ - && nvm install $NODE_VERSION \ - && nvm alias default $NODE_VERSION \ - && nvm use default - -# add node and npm to path so the commands are available -ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules -ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH - -# confirm installation -RUN node -v -RUN npm -v - -COPY ./server.js /home/node/register-server/ -COPY ./package.json /home/node/register-server/ -COPY config /home/node/register-server/config - -WORKDIR /home/node/register-server -RUN mkdir -p /home/node/register-server/keys -RUN openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/ca.key -RUN openssl req -new -x509 -days 3650 -key ./keys/ca.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department" -out ./keys/ca.crt - -RUN openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/server.key -RUN openssl req -new -key ./keys/server.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department/CN=localhost" -out ./keys/server.csr -RUN openssl x509 -days 3650 -req -in ./keys/server.csr -CAcreateserial -CA ./keys/ca.crt -CAkey ./keys/ca.key -out ./keys/server.crt -RUN rm -rfv node_modules/ -RUN apt-get install -y python -RUN apt-get install -y build-essential -RUN npm install - diff --git a/register_service/files/connection_profile.json b/register_service/templates/connection_profile.json.j2 similarity index 96% rename from register_service/files/connection_profile.json rename to register_service/templates/connection_profile.json.j2 index bc8b41b..1576327 100644 --- a/register_service/files/connection_profile.json +++ b/register_service/templates/connection_profile.json.j2 @@ -1,8 +1,8 @@ { - "name": "hlf-bityoga", + "name": "{{org.name}}-{{org.unit}}", "version": "1.0.0", "client": { - "organization": "hlf", + "organization": "{{org.name}}", "connection": { "timeout": { "peer": { diff --git a/register_service/files/server.js b/register_service/templates/server.js.j2 similarity index 88% rename from register_service/files/server.js rename to register_service/templates/server.js.j2 index 70d57a2..65b3d60 100644 --- a/register_service/files/server.js +++ b/register_service/templates/server.js.j2 @@ -18,14 +18,14 @@ const ccp = JSON.parse(ccpJSON); const ORGANISATION_MSP = "{{org.name}}MSP"; const CA_ORGANISATION_NAME = "{{admin.orgca}}"; -function enrollAdmin() { +async function enrollAdmin() { try { // Create a new CA client for interacting with the CA. const caInfo = ccp.certificateAuthorities[CA_ORGANISATION_NAME]; console.log(caInfo); - const caTLSCACerts = ["{{admin.path/ca.crt}}"]; + const caTLSCACerts = ["{{admin.path}}/ca.crt"]; //const caTLSCACerts = caInfo.tlsCACerts.pem; const ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName); @@ -61,14 +61,15 @@ const https = require('https'); const express = require('express'); const bodyParser = require('body-parser'); - // Setting up https var options = { - key: fs.readFileSync('{{admin.path}}/tls/server.key'), - cert: fs.readFileSync('{{admin.path}}/tls/server.crt'), - ca: fs.readFileSync('{{admin.path}}/tls/ca.crt') + key: fs.readFileSync('{{registrar.path}}/tls-{{admin.name}}/server.key'), + cert: fs.readFileSync('{{registrar.path}}/tls-{{admin.name}}/server.crt'), + ca: fs.readFileSync('{{registrar.path}}/tls-{{admin.name}}/ca.crt') } +var server_config = require('./server.json'); + // Create a service (the app object is just a callback). var app = express(); //support parsing of application/json type post data @@ -118,8 +119,8 @@ app.post('/register', async function (req, res) { // Register the user, enroll the user, and import the new identity into the wallet. - await ca.register({ enrollmentID: req.body.username, role: "client", enrollmentSecret: req.body.password }, adminIdentity); - console.log('Successfully registered user "' + req.body.username + '" with role client"'); + await ca.register({ enrollmentID: req.body.username, role: server_config.userrole, enrollmentSecret: req.body.password }, adminIdentity); + console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole); } catch (error) { console.error(`Failed to register user": ${error}`); @@ -131,6 +132,7 @@ var server = https.createServer(options, app); server.listen(server_config.port, function () { console.info('****************** SERVER STARTED ************************'); - console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); + console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); + //Enroll the Admin User enrollAdmin(); -}); +}); \ No newline at end of file From d623e358088c8090209af9e89d1ac1cb180206c1 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Wed, 19 Aug 2020 00:08:29 +0200 Subject: [PATCH 10/17] working on register service --- register_service/README.md | 4 +- register_service/dev.yml | 14 ++++++ register_service/templates/server.js.j2 | 63 ++++++++++++++----------- 3 files changed, 52 insertions(+), 29 deletions(-) create mode 100644 register_service/dev.yml diff --git a/register_service/README.md b/register_service/README.md index 242e279..d90f0fc 100644 --- a/register_service/README.md +++ b/register_service/README.md @@ -1,7 +1,7 @@ # MySoMe Network - Register Server (HTTPS Enabled) ## Allows registration of users to the MySoMeNetwork -- Test connection: *curl -k -X POST https://167.99.129.174:8080* -- Register a user: *curl -k -X POST -d "username=user1&password=password" https://167.99.129.174:8080/register* +- Test connection: *curl -k -X POST https://165.232.76.37:8088* +- Register a user: *curl -k -X POST -d "username=user1&password=user1pw" https://165.232.76.37:8088/register* ## Start the server locally ### Via localhost. You have to generate the relevent keys/cert for running it in https mode diff --git a/register_service/dev.yml b/register_service/dev.yml new file mode 100644 index 0000000..49b7660 --- /dev/null +++ b/register_service/dev.yml @@ -0,0 +1,14 @@ +--- +- name: Test Playbook + hosts: all + gather_facts: no + tasks: + - name: Template required files + become: yes + template: + src: "{{item}}.j2" + dest: "/root/hlft-store/{{registrar.name}}/{{item}}" + mode: '0750' + force: yes + loop: + - "server.js" \ No newline at end of file diff --git a/register_service/templates/server.js.j2 b/register_service/templates/server.js.j2 index 65b3d60..919439f 100644 --- a/register_service/templates/server.js.j2 +++ b/register_service/templates/server.js.j2 @@ -6,7 +6,7 @@ // Hyperledger Fabric CA Related imports const FabricCAServices = require('fabric-ca-client'); -const { FileSystemWallet, X509WalletMixin } = require('fabric-network'); +const { FileSystemWallet, Gateway, X509WalletMixin } = require('fabric-network'); const fs = require('fs'); const path = require('path'); @@ -86,7 +86,9 @@ app.post('/', async function (req, res) { }) app.post('/register', async function (req, res) { + res.setHeader('Content-Type', 'application/json'); var status = false; + var msg = "" try { // Create a new file system based wallet for managing identities. @@ -94,38 +96,45 @@ app.post('/register', async function (req, res) { const wallet = new FileSystemWallet(walletPath); console.log(`Wallet path: ${walletPath}`); - // Check to see if we've already enrolled the user. - const userExists = await wallet.exists(req.body.username); - if (userExists) { - console.log('An identity for the user "' + req.body.username + '" already exists in the wallet'); - return; - } - // Check to see if we've already enrolled the admin user. const adminExists = await wallet.exists("{{admin.name}}"); if (!adminExists) { console.log('An identity for the admin user "{{admin.name}}" does not exist in the wallet'); - return; + msg = "System issue. See logs!" + res.status(400).json({ + status: status, + message: msg + }); + } else { + // Create a new gateway for connecting to our peer node. + const gateway = new Gateway(); + await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}", discovery: { enabled: true, asLocalhost: true } }); + + + // Get the CA client object from the gateway for interacting with the CA. + const ca = gateway.getClient().getCertificateAuthority(); + const adminIdentity = gateway.getCurrentIdentity(); + + + // Register the user, enroll the user, and import the new identity into the wallet. + await ca.register({ enrollmentID: req.body.username, role: server_config.userrole, enrollmentSecret: req.body.password }, adminIdentity); + console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole); + msg = 'Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole; + status=true; } - - // Create a new gateway for connecting to our peer node. - const gateway = new Gateway(); - await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}", discovery: { enabled: true, asLocalhost: true } }); - - - // Get the CA client object from the gateway for interacting with the CA. - const ca = gateway.getClient().getCertificateAuthority(); - const adminIdentity = gateway.getCurrentIdentity(); - - - // Register the user, enroll the user, and import the new identity into the wallet. - await ca.register({ enrollmentID: req.body.username, role: server_config.userrole, enrollmentSecret: req.body.password }, adminIdentity); - console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole); - + } catch (error) { - console.error(`Failed to register user": ${error}`); - process.exit(1); - } + console.error(`"Failed to register user:" + ${error}`); + msg = `"Failed to register user:" + ${error}`; + res.status(400).json({ + status: status, + message: msg + }); + } + res.status(200).json({ + status: status, + message: msg + }); }) var server = https.createServer(options, app); From 0e4d24070e872f34a9a344c770cabe7e80462d84 Mon Sep 17 00:00:00 2001 From: Antorweep Chakravorty Date: Wed, 19 Aug 2020 13:16:13 +0200 Subject: [PATCH 11/17] working on registaR --- register_service/dev.yml | 6 ++++-- register_service/group_vars/all.yml | 5 +++-- register_service/templates/server.js.j2 | 18 +++++++++++------- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/register_service/dev.yml b/register_service/dev.yml index 49b7660..056dd05 100644 --- a/register_service/dev.yml +++ b/register_service/dev.yml @@ -1,7 +1,7 @@ --- - name: Test Playbook hosts: all - gather_facts: no + gather_facts: no tasks: - name: Template required files become: yes @@ -11,4 +11,6 @@ mode: '0750' force: yes loop: - - "server.js" \ No newline at end of file + - "server.js" + # - debug: + # msg: "{{ admin.cas.values() | list }}" \ No newline at end of file diff --git a/register_service/group_vars/all.yml b/register_service/group_vars/all.yml index 51a5a78..e8b56ce 100644 --- a/register_service/group_vars/all.yml +++ b/register_service/group_vars/all.yml @@ -6,8 +6,9 @@ org: admin: name: "admin1" password: "admin1pw" - orgca: "orgca" - tlsca: "tlsca" + cas: + orgca: "orgca" + tlsca: "tlsca" path: "/root/admin1" user: "" diff --git a/register_service/templates/server.js.j2 b/register_service/templates/server.js.j2 index 919439f..e65354b 100644 --- a/register_service/templates/server.js.j2 +++ b/register_service/templates/server.js.j2 @@ -16,7 +16,7 @@ const ccpJSON = fs.readFileSync(ccpPath, 'utf8'); const ccp = JSON.parse(ccpJSON); const ORGANISATION_MSP = "{{org.name}}MSP"; -const CA_ORGANISATION_NAME = "{{admin.orgca}}"; +const CA_ORGANISATION_NAME = "{{admin.cas.orgca}}"; async function enrollAdmin() { try { @@ -106,20 +106,24 @@ app.post('/register', async function (req, res) { message: msg }); } else { + // for loop for cas will come here // Create a new gateway for connecting to our peer node. const gateway = new Gateway(); await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}", discovery: { enabled: true, asLocalhost: true } }); + var ca; + var adminIdentity; - + {% for ca_name in admin.cas.values() | list %} // Get the CA client object from the gateway for interacting with the CA. - const ca = gateway.getClient().getCertificateAuthority(); - const adminIdentity = gateway.getCurrentIdentity(); - + ca = gateway.getClient().getCertificateAuthority("{{ca_name}}"); + adminIdentity = gateway.getCurrentIdentity(); // Register the user, enroll the user, and import the new identity into the wallet. await ca.register({ enrollmentID: req.body.username, role: server_config.userrole, enrollmentSecret: req.body.password }, adminIdentity); - console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole); - msg = 'Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole; + console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole + "onto ca " + "{{ca_name}}"); + msg += 'Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole + "onto ca " + "{{ca_name}}" + '\n'; + + {% endfor %} status=true; } From 7e9bb79d7b749ba2b73004c777abf6037335e46a Mon Sep 17 00:00:00 2001 From: achak1987 Date: Wed, 19 Aug 2020 16:52:08 +0200 Subject: [PATCH 12/17] registar service complete --- register_service/templates/server.js.j2 | 57 ++++++++++++++----------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/register_service/templates/server.js.j2 b/register_service/templates/server.js.j2 index e65354b..da34d5d 100644 --- a/register_service/templates/server.js.j2 +++ b/register_service/templates/server.js.j2 @@ -16,9 +16,8 @@ const ccpJSON = fs.readFileSync(ccpPath, 'utf8'); const ccp = JSON.parse(ccpJSON); const ORGANISATION_MSP = "{{org.name}}MSP"; -const CA_ORGANISATION_NAME = "{{admin.cas.orgca}}"; -async function enrollAdmin() { +async function enrollAdmin(CA_ORGANISATION_NAME) { try { @@ -36,20 +35,20 @@ async function enrollAdmin() { console.log(`Wallet path: ${walletPath}`); // Check to see if we've already enrolled the admin user. - const adminExists = await wallet.exists("{{admin.name}}"); + const adminExists = await wallet.exists("{{admin.name}}-" + CA_ORGANISATION_NAME); if (adminExists) { - console.log('An identity for the admin user "{{admin.name}}" already exists in the wallet'); + console.log('An identity for the admin user "{{admin.name}}-' + CA_ORGANISATION_NAME + 'already exists in the wallet'); return; } // Enroll the admin user, and import the new identity into the wallet. const enrollment = await ca.enroll({ enrollmentID: "{{admin.name}}", enrollmentSecret: "{{admin.password}}" }); const identity = X509WalletMixin.createIdentity(ORGANISATION_MSP, enrollment.certificate, enrollment.key.toBytes()); - await wallet.import("{{admin.name}}", identity); - console.log('Successfully enrolled admin user "{{admin.name}}" and imported it into the wallet'); + await wallet.import("{{admin.name}}-" + CA_ORGANISATION_NAME, identity); + console.log('Successfully enrolled admin user {{admin.name}}-' + CA_ORGANISATION_NAME + ' and imported it into the wallet'); } catch (error) { - console.error(`Failed to enroll admin user "{{admin.name}}": ${error}`); + console.error(`Failed to enroll admin user {{admin.name}}-${CA_ORGANISATION_NAME} : ${error}`); process.exit(1); } } @@ -88,32 +87,35 @@ app.post('/', async function (req, res) { app.post('/register', async function (req, res) { res.setHeader('Content-Type', 'application/json'); var status = false; - var msg = "" + var msg = ""; + var current_ca = ""; try { // Create a new file system based wallet for managing identities. const walletPath = path.join(process.cwd(), 'wallet'); const wallet = new FileSystemWallet(walletPath); - console.log(`Wallet path: ${walletPath}`); + console.log(`Wallet path: ${walletPath}`); + + var adminExists; + // Create a new gateway for connecting to our peer node. + const gateway = new Gateway(); + var ca; + var adminIdentity; + {% for ca_name in admin.cas.values() | list %} + current_ca = "{{ca_name}}"; // Check to see if we've already enrolled the admin user. - const adminExists = await wallet.exists("{{admin.name}}"); + adminExists = await wallet.exists("{{admin.name}}-{{ca_name}}"); if (!adminExists) { - console.log('An identity for the admin user "{{admin.name}}" does not exist in the wallet'); + console.log('An identity for the admin user "{{admin.name}}-{{ca_name}}" does not exist in the wallet'); msg = "System issue. See logs!" res.status(400).json({ status: status, message: msg }); - } else { - // for loop for cas will come here - // Create a new gateway for connecting to our peer node. - const gateway = new Gateway(); - await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}", discovery: { enabled: true, asLocalhost: true } }); - var ca; - var adminIdentity; - - {% for ca_name in admin.cas.values() | list %} + } else { + status=false; + await gateway.connect(ccpPath, { wallet, identity: "{{admin.name}}-{{ca_name}}", discovery: { enabled: true, asLocalhost: true } }); // Get the CA client object from the gateway for interacting with the CA. ca = gateway.getClient().getCertificateAuthority("{{ca_name}}"); adminIdentity = gateway.getCurrentIdentity(); @@ -122,14 +124,15 @@ app.post('/register', async function (req, res) { await ca.register({ enrollmentID: req.body.username, role: server_config.userrole, enrollmentSecret: req.body.password }, adminIdentity); console.log('Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole + "onto ca " + "{{ca_name}}"); msg += 'Successfully registered user "' + req.body.username + '" with role "' + server_config.userrole + "onto ca " + "{{ca_name}}" + '\n'; - - {% endfor %} + status=true; } + + {% endfor %} } catch (error) { - console.error(`"Failed to register user:" + ${error}`); - msg = `"Failed to register user:" + ${error}`; + console.error(`Failed to register user for ${current_ca} ca with error ${error}`); + msg = `Failed to register user for ${current_ca} ca with error ${error}`; res.status(400).json({ status: status, message: msg @@ -146,6 +149,8 @@ var server = https.createServer(options, app); server.listen(server_config.port, function () { console.info('****************** SERVER STARTED ************************'); console.info('*************** https://%s:%s ******************', server_config.host, server_config.port); - //Enroll the Admin User - enrollAdmin(); + //Enroll the Admin User for orgca + enrollAdmin("{{admin.cas.orgca}}"); + //Enroll the Admin User for tlsca + enrollAdmin("{{admin.cas.tlsca}}"); }); \ No newline at end of file From 40fe0b459f9a30061274ca124dd593b532d86e98 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Wed, 19 Aug 2020 17:09:40 +0200 Subject: [PATCH 13/17] registar service readme update --- register_service/README.md | 53 +++++++++++++---------------- register_service/group_vars/all.yml | 21 +++++++----- 2 files changed, 36 insertions(+), 38 deletions(-) diff --git a/register_service/README.md b/register_service/README.md index d90f0fc..9cc283d 100644 --- a/register_service/README.md +++ b/register_service/README.md @@ -1,33 +1,26 @@ -# MySoMe Network - Register Server (HTTPS Enabled) -## Allows registration of users to the MySoMeNetwork -- Test connection: *curl -k -X POST https://165.232.76.37:8088* -- Register a user: *curl -k -X POST -d "username=user1&password=user1pw" https://165.232.76.37:8088/register* - -## Start the server locally -### Via localhost. You have to generate the relevent keys/cert for running it in https mode -Execute the following from your project directory -- mkdir -p keys -- openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/ca.key -- openssl req -new -x509 -days 3650 -key ./keys/ca.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department" -out ./keys/ca.crt -- openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ./keys/server.key -- openssl req -new -key ./keys/server.key -subj "/C=NO/ST=Rogaland/L=Stavanger/O=Global Security/OU=IT Department/CN=localhost" -out ./keys/server.csr -- openssl x509 -days 3650 -req -in ./keys/server.csr -CAcreateserial -CA ./keys/ca.crt -CAkey ./keys/ca.key -out ./keys/server.crt -- npm install - -### Via docker swarm -- docker-compose up -- Press "Ctrl-C" to stop -- docker rm register-server -- docker-compose push -- docker stack deploy MYSOMENET --compose-file docker-compose.yaml -#### Uninstall -- docker service rm MYSOMENET_register-serve +# Registar Server for fabric-as-code (HTTPS Enabled) +The register service is an **optional** service provided for the fabric as code hyperledger fabric network. This service provides a RESTful App for registration of users. This purticularly useful for mobile Hyperledger Fabric clients that would like to call a registration service with admin rights that is able to register a given user. +## Pre-requisites +- Make sure that the the fabric-as-code is up and running +- You have to run the playbook '200.deploy_ registrar_service.yml' on the master node of the fabric-as-code network +- Change the file **inventory/hosts** in this directory + - Please replace the *ip.address* value in the following line inside *inventory/host* to the ip address of the machine running the master node + ```hlf1 ansible_host=ip.address ansible_python_interpreter=/usr/bin/python3``` +- Change the file **group_vars/all.yml** in this directory + - Change the following two values + - ```admin_name```: name of the user with admin rights that can register new client users. **Note: This user needs to have been already been registered with the hyperledger fabric network** + - ```admin_password```: password of the aforementioned user +- Make sure port **8088** is open for the master node of the hyperledger fabric network -#### Note -*CA Server* is currently pointed to MySoMeNetworkDev0 in DigitalOcean -- In order to point the another Network - - Change the value *"url": "[http/https]://hostname:port"* in *config/server.json* - - You might also need to changes the revent values in *config/server.json* depending on the new CA server config - +## Start the service +- Inorder to start the service run the following command +- Make sure that the machine form which you are running the following commands, has ansible version of atleast **ansible 2.9.1** or up. +- !!!Required: Ensure that you have password less SSH for these host for a user. Later when you run the playbooks change the value for the playbooks with argument -u to the appropiate user that has passwordless SHH access to these machines +- 200.deploy_ registrar_service.yml: Playbook that runs the registration services +```ansible-playbook -v 200.deploy_ registrar_service.yml -u root``` +## Varification +- Test connection: *curl -k -X POST https://165.232.76.37:8088* +- Register a user: *curl -k -X POST -d "username=user1&password=user1pw" https://165.232.76.37:8088/register* + - Change the value for username or password \ No newline at end of file diff --git a/register_service/group_vars/all.yml b/register_service/group_vars/all.yml index e8b56ce..d5a7f27 100644 --- a/register_service/group_vars/all.yml +++ b/register_service/group_vars/all.yml @@ -1,21 +1,21 @@ --- -org: - name: "hlf" - unit: "bityoga" +# Name of the user that is already registered with the fabric network. This user should have admin rights, so that it is able to register other users +admin_name: "admin1" # Argument to change +admin_password: "admin1pw" # Argument to change +# Advances settings. Change these, if you know what you are doing. admin: - name: "admin1" - password: "admin1pw" + name: "{{admin_name}}" + password: "{{admin_password}}" cas: orgca: "orgca" tlsca: "tlsca" - path: "/root/admin1" + path: "/root/{{admin_name}}" user: "" # Name of the swarm network that would host the services swarm_network: "hlfnet" - registrar_name: "registrar" # Image information for the registration service @@ -25,4 +25,9 @@ registrar: tag: "12.15" replicas: -1 path: "/root/{{registrar_name}}" - port: 8088 \ No newline at end of file + port: 8088 + +# Info about the organization that hosts the CA(s) +org: + name: "hlf" + unit: "bityoga" \ No newline at end of file From c0dbf3cb49aad7fec303fa538edeaa20b7e94c12 Mon Sep 17 00:00:00 2001 From: Antorweep Chakravorty Date: Thu, 20 Aug 2020 17:19:07 +0200 Subject: [PATCH 14/17] working on adding new org --- 101.deploy_orderer.yml | 2 +- 101.export_org_artifacts.yml | 9 ++ 101.import_org_artifacts.yml | 11 ++ group_vars/all.yml | 4 +- inventory/hosts_org0 | 15 +++ inventory/hosts_org1 | 14 +++ notes.txt | 2 + .../cli/add_new_org_artifacts/tasks/main.yaml | 29 +++++ roles/hlf/cli/ca/files/cli.sh | 6 +- .../cli/gen_new_org_artifacts/tasks/main.yaml | 96 +++++++++++++++ .../{orderer => orderer_prime}/files/cli.sh | 0 .../tasks/main.yaml | 0 roles/hlf/cli/tasks copy/main.yaml | 109 ++++++++++++++++++ roles/hlf/cli/tasks/main.yaml | 109 ++++++++++++++++++ templates/configtx.yaml.j2 | 41 ++++--- templates/configtx_newOrg.yaml.j2 | 69 +++++++++++ 16 files changed, 489 insertions(+), 27 deletions(-) create mode 100644 101.export_org_artifacts.yml create mode 100644 101.import_org_artifacts.yml create mode 100644 inventory/hosts_org0 create mode 100644 inventory/hosts_org1 create mode 100644 notes.txt create mode 100644 roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml create mode 100644 roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml rename roles/hlf/cli/{orderer => orderer_prime}/files/cli.sh (100%) rename roles/hlf/cli/{orderer => orderer_prime}/tasks/main.yaml (100%) create mode 100644 roles/hlf/cli/tasks copy/main.yaml create mode 100644 roles/hlf/cli/tasks/main.yaml create mode 100644 templates/configtx_newOrg.yaml.j2 diff --git a/101.deploy_orderer.yml b/101.deploy_orderer.yml index 560b99e..0d30652 100644 --- a/101.deploy_orderer.yml +++ b/101.deploy_orderer.yml @@ -8,5 +8,5 @@ vars: Consenters: [] roles: - - hlf/cli/orderer + - hlf/cli/orderer_prime - hlf/orderer \ No newline at end of file diff --git a/101.export_org_artifacts.yml b/101.export_org_artifacts.yml new file mode 100644 index 0000000..382e52a --- /dev/null +++ b/101.export_org_artifacts.yml @@ -0,0 +1,9 @@ +--- + +# ansible-playbook -v 101.export_org_artifacts.yml --flush-cache -u root + +- name: Spawn a Hyperledger Fabric Topology + hosts: swarm_manager_prime + gather_facts: no + roles: + - hlf/cli/gen_new_org_artifacts \ No newline at end of file diff --git a/101.import_org_artifacts.yml b/101.import_org_artifacts.yml new file mode 100644 index 0000000..5fc7eb9 --- /dev/null +++ b/101.import_org_artifacts.yml @@ -0,0 +1,11 @@ +--- + +# ansible-playbook -v 101.import_org_artifacts.yml --flush-cache -u root + +- name: Spawn a Hyperledger Fabric Topology + hosts: swarm_manager_prime + gather_facts: no + vars: + artifact_path: "/tmp/newOrg_export.tgz" + roles: + - hlf/cli/add_new_org_artifacts \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml index 8f15ddc..da08f65 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -22,8 +22,8 @@ glusterd_version: '7' # Organization Details org: - name: "hlf" - unit: "bityoga" + name: "newOrg" + unit: "somethingsomething" # Creds of various agents admin_user: "admin1" diff --git a/inventory/hosts_org0 b/inventory/hosts_org0 new file mode 100644 index 0000000..c0ae418 --- /dev/null +++ b/inventory/hosts_org0 @@ -0,0 +1,15 @@ +[all:children] +swarm_manager_prime +swarm_managers +swarm_workers + +[swarm_manager_prime] +hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 + + +[swarm_managers] +hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 + +[swarm_workers] +hlf1 ansible_host=138.68.87.60 ansible_python_interpreter=/usr/bin/python3 +hlf2 ansible_host=138.68.87.49 ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/inventory/hosts_org1 b/inventory/hosts_org1 new file mode 100644 index 0000000..689d759 --- /dev/null +++ b/inventory/hosts_org1 @@ -0,0 +1,14 @@ +[all:children] +swarm_manager_prime +swarm_managers +swarm_workers + +[swarm_manager_prime] +hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 + + +[swarm_managers] +hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 + +[swarm_workers] +hlf1 ansible_host=134.209.146.246 ansible_python_interpreter=/usr/bin/python3 diff --git a/notes.txt b/notes.txt new file mode 100644 index 0000000..19bdf53 --- /dev/null +++ b/notes.txt @@ -0,0 +1,2 @@ +#adding new orgs +configtxgen -printOrg newOrgMSP > orgnewOrg.json -configPath /root/CLI/new_org_artifacts \ No newline at end of file diff --git a/roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml b/roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml new file mode 100644 index 0000000..7402cea --- /dev/null +++ b/roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml @@ -0,0 +1,29 @@ +# --- +- name: Clean the import directory if present + file: + path: "/root/hlft-store/new_org_artifacts" + state: absent + +- name: Create the import directory + file: + path: "/root/hlft-store/new_org_artifacts" + state: directory + +- name: Copy new org artifact to remote machine + copy: + src: "{{artifact_path}}" + dest: "/root/hlft-store/new_org_artifacts/artifact.tgz" + +- name: Extract /root/hlft-store/new_org_artifacts/artifact.tgz into /root/hlft-store/new_org_artifacts/ + unarchive: + src: /root/hlft-store/new_org_artifacts/artifact.tgz + dest: /root/hlft-store/new_org_artifacts + remote_src: yes + +- name: Remove the archive /root/hlft-store/new_org_artifacts/artifact.tgz + file: + path: "/root/hlft-store/new_org_artifacts/artifact.tgz" + state: absent + +- debug: + msg: "Log into CLI and do the rest." diff --git a/roles/hlf/cli/ca/files/cli.sh b/roles/hlf/cli/ca/files/cli.sh index 450cdc2..4df602b 100644 --- a/roles/hlf/cli/ca/files/cli.sh +++ b/roles/hlf/cli/ca/files/cli.sh @@ -26,9 +26,9 @@ if (($IDX == 0)); then export FABRIC_CA_CLIENT_HOME=$HOST_HOME/$ADMIN_USER fabric-ca-client enroll -d -u https://$ADMIN_USER:$ADMIN_SECRET@$FABRIC_CA_NAME:$FABRIC_CA_PORT - printf "${GREEN}Make $AGENT_HOST admin of itself${NC}\n" - mkdir -p $HOST_HOME/$ADMIN_USER/msp/admincerts - cp $HOST_HOME/$ADMIN_USER/msp/signcerts/cert.pem $HOST_HOME/$ADMIN_USER/msp/admincerts/${ADMIN_USER}-cert.pem + printf "${GREEN}Make $AGENT_HOST admin of itself${NC}\n" + mkdir -p $HOST_HOME/$ADMIN_USER/msp/admincerts + cp $HOST_HOME/$ADMIN_USER/msp/signcerts/cert.pem $HOST_HOME/$ADMIN_USER/msp/admincerts/${ADMIN_USER}-cert.pem fi # Delay the registration and enrollment of agents, by few seconds so that the registration and enrollment of admins are done first. diff --git a/roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml b/roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml new file mode 100644 index 0000000..c5107e3 --- /dev/null +++ b/roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml @@ -0,0 +1,96 @@ +# --- +- name: Clean the export directory if present + file: + path: "/root/hlft-store/{{org.name}}_export" + state: absent + +- name: Create an export directory to be used for sending the relevent information for adding this organization to the existing hlf blockchain consortium + file: + path: "/root/hlft-store/{{org.name}}_export" + state: directory + +# Generate the list of swarm managers to be used as Orderer Endpoints in configtx +- name: Get IP addresses as a list for all swarm manager nodes + vars: + _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" + __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" + set_fact: + swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" + +- name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips + set_fact: + swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" + + # Copy relevent config files to mount directories for the docker services +- name: Config templating configtx_newOrg.yaml + become: yes + template: + src: "configtx_newOrg.yaml.j2" + dest: "/root/hlft-store/{{org.name}}_export/configtx.yaml" + mode: 0660 + force: yes + +# Prep the TLS certs +- name: Create tls folder under /root/hlft-store/{{org.name}}_export/tls + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/tls" + state: directory + mode: '0755' + +# Copy tls certs +- name: Copy TLS certs + copy: + src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/tls/{{item[1]}}" + remote_src: yes + loop: + - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] + - ["signcerts/cert.pem", "server.crt"] + +- name: Create org MSP-folder + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp" + state: directory + mode: '0755' + +- name: Create subfolders folder under /root/hlft-store/{{org.name}}_export/msp + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp/{{item}}" + state: directory + mode: '0755' + loop: + - "tlscacerts" + - "admincerts" + - "cacerts" + - "users" + +- name: Copy certs in the msp subfolder + copy: + src: "/root/hlft-store/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" + remote_src: yes + loop: + - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] + + +- name: Compress the export folder + archive: + path: "/root/hlft-store/{{org.name}}_export/" + dest: "/root/hlft-store/{{org.name}}_export.tgz" + +- name: Fetch the exported folder to your local machine. Send it out to the organization that invited you to be part of the blockchain + fetch: + src: "/root/hlft-store/{{org.name}}_export.tgz" + dest: "/tmp/{{org.name}}_export.tgz" + flat: yes + +- name: Remove the compress file from the remote machine + file: + path: "/root/hlft-store/{{org.name}}_export.tgz" + state: absent + diff --git a/roles/hlf/cli/orderer/files/cli.sh b/roles/hlf/cli/orderer_prime/files/cli.sh similarity index 100% rename from roles/hlf/cli/orderer/files/cli.sh rename to roles/hlf/cli/orderer_prime/files/cli.sh diff --git a/roles/hlf/cli/orderer/tasks/main.yaml b/roles/hlf/cli/orderer_prime/tasks/main.yaml similarity index 100% rename from roles/hlf/cli/orderer/tasks/main.yaml rename to roles/hlf/cli/orderer_prime/tasks/main.yaml diff --git a/roles/hlf/cli/tasks copy/main.yaml b/roles/hlf/cli/tasks copy/main.yaml new file mode 100644 index 0000000..134f2df --- /dev/null +++ b/roles/hlf/cli/tasks copy/main.yaml @@ -0,0 +1,109 @@ +# --- + +# HLF CA CLI Services +# Stop all CLI Services services +- name: Stop CLI Service - {{org.name}}_cli + become: yes + docker_swarm_service: + name: "{{org.name}}_cli" + state: absent + networks: + - "{{swarm_network}}" + + +- name: Clean the export directory if present + file: + path: "/root/hlft-store/{{org.name}}_export" + state: absent + +- name: Create an export directory to be used for sending the relevent information for adding this organization to the existing hlf blockchain consortium + file: + path: "/root/hlft-store/{{org.name}}_export" + state: directory + +# Generate the list of swarm managers to be used as Orderer Endpoints in configtx +- name: Get IP addresses as a list for all swarm manager nodes + vars: + _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" + __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" + set_fact: + swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" + +- name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips + set_fact: + swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" + + # Copy relevent config files to mount directories for the docker services +- name: Config templating configtx_newOrg.yaml + become: yes + template: + src: "configtx_newOrg.yaml.j2" + dest: "/root/hlft-store/{{org.name}}_export/configtx.yaml" + mode: 0660 + force: yes + +# Prep the TLS certs +- name: Create tls folder under /root/hlft-store/{{org.name}}_export/tls + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/tls" + state: directory + mode: '0755' + +# Copy tls certs +- name: Copy TLS certs + copy: + src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/tls/{{item[1]}}" + remote_src: yes + loop: + - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] + - ["signcerts/cert.pem", "server.crt"] + +- name: Create org MSP-folder + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp" + state: directory + mode: '0755' + +- name: Create subfolders folder under /root/hlft-store/{{org.name}}_export/msp + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp/{{item}}" + state: directory + mode: '0755' + loop: + - "tlscacerts" + - "admincerts" + - "cacerts" + - "users" + +- name: Copy certs in the msp subfolder + copy: + src: "/root/hlft-store/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" + remote_src: yes + loop: + - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] + + +- name: Compress the export folder + archive: + path: "/root/hlft-store/{{org.name}}_export" + dest: "/tmp/{{org.name}}_export.tgz" + +- name: Fetch the exported folder to your local machine. Send it out to the organization that invited you to be part of the blockchain + fetch: + src: "/tmp/{{org.name}}_export.tgz" + dest: "/tmp/{{org.name}}_export.tgz" + +- name: Stop CLI Service - {{org.name}}_cli + become: yes + docker_swarm_service: + name: "{{org.name}}_cli" + state: absent + networks: + - "{{swarm_network}}" \ No newline at end of file diff --git a/roles/hlf/cli/tasks/main.yaml b/roles/hlf/cli/tasks/main.yaml new file mode 100644 index 0000000..134f2df --- /dev/null +++ b/roles/hlf/cli/tasks/main.yaml @@ -0,0 +1,109 @@ +# --- + +# HLF CA CLI Services +# Stop all CLI Services services +- name: Stop CLI Service - {{org.name}}_cli + become: yes + docker_swarm_service: + name: "{{org.name}}_cli" + state: absent + networks: + - "{{swarm_network}}" + + +- name: Clean the export directory if present + file: + path: "/root/hlft-store/{{org.name}}_export" + state: absent + +- name: Create an export directory to be used for sending the relevent information for adding this organization to the existing hlf blockchain consortium + file: + path: "/root/hlft-store/{{org.name}}_export" + state: directory + +# Generate the list of swarm managers to be used as Orderer Endpoints in configtx +- name: Get IP addresses as a list for all swarm manager nodes + vars: + _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" + __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" + set_fact: + swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" + +- name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips + set_fact: + swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" + + # Copy relevent config files to mount directories for the docker services +- name: Config templating configtx_newOrg.yaml + become: yes + template: + src: "configtx_newOrg.yaml.j2" + dest: "/root/hlft-store/{{org.name}}_export/configtx.yaml" + mode: 0660 + force: yes + +# Prep the TLS certs +- name: Create tls folder under /root/hlft-store/{{org.name}}_export/tls + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/tls" + state: directory + mode: '0755' + +# Copy tls certs +- name: Copy TLS certs + copy: + src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/tls/{{item[1]}}" + remote_src: yes + loop: + - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] + - ["signcerts/cert.pem", "server.crt"] + +- name: Create org MSP-folder + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp" + state: directory + mode: '0755' + +- name: Create subfolders folder under /root/hlft-store/{{org.name}}_export/msp + become: yes + file: + path: "/root/hlft-store/{{org.name}}_export/msp/{{item}}" + state: directory + mode: '0755' + loop: + - "tlscacerts" + - "admincerts" + - "cacerts" + - "users" + +- name: Copy certs in the msp subfolder + copy: + src: "/root/hlft-store/{{item[0]}}" + dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" + remote_src: yes + loop: + - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] + - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] + + +- name: Compress the export folder + archive: + path: "/root/hlft-store/{{org.name}}_export" + dest: "/tmp/{{org.name}}_export.tgz" + +- name: Fetch the exported folder to your local machine. Send it out to the organization that invited you to be part of the blockchain + fetch: + src: "/tmp/{{org.name}}_export.tgz" + dest: "/tmp/{{org.name}}_export.tgz" + +- name: Stop CLI Service - {{org.name}}_cli + become: yes + docker_swarm_service: + name: "{{org.name}}_cli" + state: absent + networks: + - "{{swarm_network}}" \ No newline at end of file diff --git a/templates/configtx.yaml.j2 b/templates/configtx.yaml.j2 index 55b51d3..997a81a 100644 --- a/templates/configtx.yaml.j2 +++ b/templates/configtx.yaml.j2 @@ -16,12 +16,16 @@ Organizations: # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions. - - &org1{{org.name}} + - &org{{org.name}} # Name is the key by which this org will be referenced in channel # configuration transactions. # Name can include alphanumeric characters as well as dots and dashes. Name: {{org.name}}MSP + # ID is the key by which this org's MSP definition will be referenced. + # ID can include alphanumeric characters as well as dots and dashes. + ID: {{org.name}}MSP + # SkipAsForeign can be set to true for org definitions which are to be # inherited from the orderer system channel during channel creation. This # is especially useful when an admin of a single org without access to the @@ -29,10 +33,7 @@ Organizations: # this property must always be set to false for orgs included in block # creation. SkipAsForeign: false - - # ID is the key by which this org's MSP definition will be referenced. - # ID can include alphanumeric characters as well as dots and dashes. - ID: {{org.name}}MSP + # MSPDir is the filesystem path which contains the MSP configuration. MSPDir: /root/{{org.name}}MSP @@ -67,8 +68,6 @@ Organizations: {% for endpoint in swarm_manager_ip_list %} - {{endpoint}} {% endfor %} - {# OrdererEndpoints: - - {{orderer.name}}:7050 #} # AnchorPeers defines the location of peers which can be used for # cross-org gossip communication. Note, this value is only encoded in @@ -449,11 +448,11 @@ Profiles: Orderer: <<: *OrdererDefaults Organizations: - - *org1{{org.name}} + - *org{{org.name}} Consortiums: SampleConsortium: Organizations: - - *org1{{org.name}} + - *org{{org.name}} # SampleSingleMSPKafka defines a configuration that differs from the # SampleSingleMSPSolo one only in that it uses the Kafka-based orderer. @@ -463,11 +462,11 @@ Profiles: <<: *OrdererDefaults OrdererType: kafka Organizations: - - *org1{{org.name}} + - *org{{org.name}} Consortiums: SampleConsortium: Organizations: - - *org1{{org.name}} + - *org{{org.name}} # SampleInsecureSolo defines a configuration which uses the Solo orderer, # contains no MSP definitions, and allows all transactions and channel @@ -501,7 +500,7 @@ Profiles: Orderer: <<: *OrdererDefaults Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -510,7 +509,7 @@ Profiles: Application: <<: *ApplicationDefaults Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -519,7 +518,7 @@ Profiles: Consortiums: SampleConsortium: Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -534,7 +533,7 @@ Profiles: <<: *OrdererDefaults OrdererType: kafka Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -543,7 +542,7 @@ Profiles: Application: <<: *ApplicationDefaults Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -552,7 +551,7 @@ Profiles: Consortiums: SampleConsortium: Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -570,7 +569,7 @@ Profiles: Application: <<: *ApplicationDefaults Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} # SampleDevModeEtcdRaft defines a configuration that differs from the # SampleDevModeSolo one only in that it uses the etcd/raft-based orderer. @@ -580,7 +579,7 @@ Profiles: <<: *OrdererDefaults OrdererType: etcdraft Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -589,7 +588,7 @@ Profiles: Application: <<: *ApplicationDefaults Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: @@ -598,7 +597,7 @@ Profiles: Consortiums: SampleConsortium: Organizations: - - <<: *org1{{org.name}} + - <<: *org{{org.name}} Policies: <<: *SampleOrgPolicies Admins: diff --git a/templates/configtx_newOrg.yaml.j2 b/templates/configtx_newOrg.yaml.j2 new file mode 100644 index 0000000..e72828e --- /dev/null +++ b/templates/configtx_newOrg.yaml.j2 @@ -0,0 +1,69 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Section: Organizations +# +# - This section defines the different organizational identities which will +# be referenced later in the configuration. +# +################################################################################ +Organizations: + - &org{{org.name}} + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: {{org.name}}MSP + + # ID to load the MSP definition as + ID: {{org.name}}MSP + + # SkipAsForeign can be set to true for org definitions which are to be + # inherited from the orderer system channel during channel creation. This + # is especially useful when an admin of a single org without access to the + # MSP directories of the other orgs wishes to create a channel. Note + # this property must always be set to false for orgs included in block + # creation. + SkipAsForeign: false + + MSPDir: /root/CLI/new_org_artifacts + + Policies: &SampleOrgPolicies + Readers: + Type: Signature + Rule: "OR('{{org.name}}MSP.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')" + Writers: + Type: Signature + Rule: "OR('{{org.name}}MSP.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')" + Admins: + Type: Signature + Rule: "OR('{{org.name}}MSP.admin')" + Endorsement: + Type: Signature + Rule: "OR('{{org.name}}MSP.member')" + + # OrdererEndpoints is a list of all orderers this org runs which clients + # and peers may to connect to to push transactions and receive blocks respectively. + + OrdererEndpoints: + {% for endpoint in swarm_manager_ip_list %} + - {{endpoint}} + {% endfor %} + + # AnchorPeers defines the location of peers which can be used for + # cross-org gossip communication. Note, this value is only encoded in + # the genesis block in the Application section context. + AnchorPeers: + {% for endpoint in swarm_manager_ip_list_anchor %} + - Host: {{endpoint}} + Port: {{orderer.anchorport}} + {% endfor %} \ No newline at end of file From 96bc37c3dcb1b369d8e2b43abc4936eb8328bfde Mon Sep 17 00:00:00 2001 From: achak1987 Date: Fri, 21 Aug 2020 00:34:48 +0200 Subject: [PATCH 15/17] working on adding new org --- group_vars/all.yml | 2 +- notes.txt | 37 ++++++++++++++++++++++++++++++- templates/configtx_newOrg.yaml.j2 | 10 +-------- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index da08f65..f8e11a6 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,5 +1,5 @@ --- -LOG_LEVEL: "INFO" +LOG_LEVEL: "DEBUG" INSTALL_TEST_CHAINCODE: "yes" ########################################################################################### # # diff --git a/notes.txt b/notes.txt index 19bdf53..a5f8aff 100644 --- a/notes.txt +++ b/notes.txt @@ -1,2 +1,37 @@ #adding new orgs -configtxgen -printOrg newOrgMSP > orgnewOrg.json -configPath /root/CLI/new_org_artifacts \ No newline at end of file +configtxgen -printOrg newOrgMSP > orgnewOrg.json -configPath /root/CLI/new_org_artifacts + +PEER_HOST=peer2 +CORE_PEER_ADDRESS=${PEER_HOST}:7051 +CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${ADMIN_USER}/msp +CORE_PEER_TLS_ROOTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/ca.crt +CORE_PEER_TLS_CLIENTAUTHREQUIRED=false +CORE_PEER_TLS_CLIENTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt #fully qualified path of the client certificate +CORE_PEER_TLS_CLIENTKEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key #fully qualified path of the client private key +CORE_PEER_LOCALMSPID=hlfMSP + +CHANNEL_NAME=syschannel + +CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel fetch config config_block.pb -o ${ORDERER_HOST}:7050 -c $CHANNEL_NAME --tls --cafile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/ca.crt --clientauth --certfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORDERER_HOST}/${PEER_HOST}/msp/tls/server.key + + +configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json + +jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"newOrgMSP":.[1]}}}}}' config.json orgnewOrg.json > config1.json + +jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"SampleConsortium":{"groups": {"newOrgMSP":.[1]}}}}}}}' config1.json orgnewOrg.json > config2.json + +cert=`base64 ./tls/server.crt | sed ':a;N;$!ba;s/\n//g'` + +cat config2.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "142.93.216.173", "port": 8053, "server_tls_cert": "'$cert'"}] ' > modified_config.json + + +configtxlator proto_encode --input config.json --type common.Config --output config.pb +configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb +configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output newordorg.pb +configtxlator proto_decode --input newordorg.pb --type common.ConfigUpdate | jq . > newordorg.json +echo '{"payload":{"header":{"channel_header":{"channel_id":"syschannel", "type":2}},"data":{"config_update":'$(cat newordorg.json)'}}}' | jq . > ordorg_update_in_envelope.json +configtxlator proto_encode --input ordorg_update_in_envelope.json --type common.Envelope --output ordorg_update_in_envelope.pb + + +CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c ${CHANNEL_NAME} -f ordorg_update_in_envelope.pb --tls true --cafile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/ca.crt --clientauth --certfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.key --ordererTLSHostnameOverride tlsca --connTimeout 10 \ No newline at end of file diff --git a/templates/configtx_newOrg.yaml.j2 b/templates/configtx_newOrg.yaml.j2 index e72828e..6dcc9fa 100644 --- a/templates/configtx_newOrg.yaml.j2 +++ b/templates/configtx_newOrg.yaml.j2 @@ -29,7 +29,7 @@ Organizations: # creation. SkipAsForeign: false - MSPDir: /root/CLI/new_org_artifacts + MSPDir: /root/CLI/new_org_artifacts/msp Policies: &SampleOrgPolicies Readers: @@ -51,14 +51,6 @@ Organizations: Type: Signature Rule: "OR('{{org.name}}MSP.member')" - # OrdererEndpoints is a list of all orderers this org runs which clients - # and peers may to connect to to push transactions and receive blocks respectively. - - OrdererEndpoints: - {% for endpoint in swarm_manager_ip_list %} - - {{endpoint}} - {% endfor %} - # AnchorPeers defines the location of peers which can be used for # cross-org gossip communication. Note, this value is only encoded in # the genesis block in the Application section context. From 47d8c42bd493f6d02a7a502d2936f4703ec105f0 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Sun, 23 Aug 2020 22:21:55 +0200 Subject: [PATCH 16/17] working on adding new org --- 101.export_org_artifacts.yml | 2 +- 101.import_org_artifacts.yml | 4 +- group_vars/all.yml | 6 +- inventory/hosts_org0 | 15 --- inventory/hosts_org1 | 7 +- inventory/hosts_org2 | 14 +++ notes.txt | 36 +++--- .../200.deploy_ registrar_service.yml | 4 +- roles/hlf/cli/ca/files/cli.sh | 6 +- roles/hlf/cli/ca/tasks/main.yaml | 2 +- roles/hlf/cli/cli/tasks/main.yml | 12 +- roles/hlf/cli/orderer_prime/tasks/main.yaml | 14 +-- roles/hlf/cli/peer/files/cli.sh | 4 +- roles/hlf/cli/tasks copy/main.yaml | 109 ------------------ roles/hlf/cli/tasks/main.yaml | 109 ------------------ .../add_new_org_artifacts/tasks/main.yaml | 0 .../gen_new_org_artifacts/tasks/main.yaml | 6 +- roles/hlf/orderer/tasks/main.yml | 21 ++++ roles/hlf/peer/tasks/main.yml | 20 +++- start_hlf_services.sh | 10 +- test.yml | 18 ++- 21 files changed, 122 insertions(+), 297 deletions(-) delete mode 100644 inventory/hosts_org0 create mode 100644 inventory/hosts_org2 delete mode 100644 roles/hlf/cli/tasks copy/main.yaml delete mode 100644 roles/hlf/cli/tasks/main.yaml rename roles/hlf/{cli => newOrg}/add_new_org_artifacts/tasks/main.yaml (100%) rename roles/hlf/{cli => newOrg}/gen_new_org_artifacts/tasks/main.yaml (89%) mode change 100644 => 100755 start_hlf_services.sh diff --git a/101.export_org_artifacts.yml b/101.export_org_artifacts.yml index 382e52a..db5972f 100644 --- a/101.export_org_artifacts.yml +++ b/101.export_org_artifacts.yml @@ -6,4 +6,4 @@ hosts: swarm_manager_prime gather_facts: no roles: - - hlf/cli/gen_new_org_artifacts \ No newline at end of file + - hlf/newOrg/gen_new_org_artifacts \ No newline at end of file diff --git a/101.import_org_artifacts.yml b/101.import_org_artifacts.yml index 5fc7eb9..839faa8 100644 --- a/101.import_org_artifacts.yml +++ b/101.import_org_artifacts.yml @@ -6,6 +6,6 @@ hosts: swarm_manager_prime gather_facts: no vars: - artifact_path: "/tmp/newOrg_export.tgz" + artifact_path: "/tmp/bityoga_export.tgz" roles: - - hlf/cli/add_new_org_artifacts \ No newline at end of file + - hlf/newOrg/add_new_org_artifacts \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml index f8e11a6..69b4217 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -22,8 +22,8 @@ glusterd_version: '7' # Organization Details org: - name: "newOrg" - unit: "somethingsomething" + name: "agelia" + unit: "energy" # Creds of various agents admin_user: "admin1" @@ -104,7 +104,7 @@ leader: "{{peer1_user}}" } ######################################### CLI ############################################# -cli: { switch: "on", image: "hyperledger/fabric-tools", tag: "2.2"} +cli: { switch: "on", name: "CLI", image: "hyperledger/fabric-tools", tag: "2.2"} ######################################### DBs ############################################# sqlite: {type: "sqlite3", source: "fabric-ca-server.db"} diff --git a/inventory/hosts_org0 b/inventory/hosts_org0 deleted file mode 100644 index c0ae418..0000000 --- a/inventory/hosts_org0 +++ /dev/null @@ -1,15 +0,0 @@ -[all:children] -swarm_manager_prime -swarm_managers -swarm_workers - -[swarm_manager_prime] -hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 - - -[swarm_managers] -hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 - -[swarm_workers] -hlf1 ansible_host=138.68.87.60 ansible_python_interpreter=/usr/bin/python3 -hlf2 ansible_host=138.68.87.49 ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/inventory/hosts_org1 b/inventory/hosts_org1 index 689d759..c0ae418 100644 --- a/inventory/hosts_org1 +++ b/inventory/hosts_org1 @@ -4,11 +4,12 @@ swarm_managers swarm_workers [swarm_manager_prime] -hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 +hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 [swarm_managers] -hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 +hlf0 ansible_host=165.232.76.37 ansible_python_interpreter=/usr/bin/python3 [swarm_workers] -hlf1 ansible_host=134.209.146.246 ansible_python_interpreter=/usr/bin/python3 +hlf1 ansible_host=138.68.87.60 ansible_python_interpreter=/usr/bin/python3 +hlf2 ansible_host=138.68.87.49 ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/inventory/hosts_org2 b/inventory/hosts_org2 new file mode 100644 index 0000000..689d759 --- /dev/null +++ b/inventory/hosts_org2 @@ -0,0 +1,14 @@ +[all:children] +swarm_manager_prime +swarm_managers +swarm_workers + +[swarm_manager_prime] +hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 + + +[swarm_managers] +hlf0 ansible_host=142.93.216.173 ansible_python_interpreter=/usr/bin/python3 + +[swarm_workers] +hlf1 ansible_host=134.209.146.246 ansible_python_interpreter=/usr/bin/python3 diff --git a/notes.txt b/notes.txt index a5f8aff..bcdedf0 100644 --- a/notes.txt +++ b/notes.txt @@ -1,25 +1,27 @@ #adding new orgs -configtxgen -printOrg newOrgMSP > orgnewOrg.json -configPath /root/CLI/new_org_artifacts +NEW_ORG_NAME=bityoga +CHANNEL_NAME=syschannel + +configtxgen -printOrg ${NEW_ORG_NAME}MSP > org${NEW_ORG_NAME}.json -configPath /root/CLI/new_org_artifacts -PEER_HOST=peer2 +PEER_HOST=peer1 CORE_PEER_ADDRESS=${PEER_HOST}:7051 CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${ADMIN_USER}/msp + +CORE_PEER_TLS_ENABLED=true CORE_PEER_TLS_ROOTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/ca.crt +CORE_PEER_TLS_KEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key +CORE_PEER_TLS_CERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt CORE_PEER_TLS_CLIENTAUTHREQUIRED=false -CORE_PEER_TLS_CLIENTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt #fully qualified path of the client certificate -CORE_PEER_TLS_CLIENTKEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key #fully qualified path of the client private key -CORE_PEER_LOCALMSPID=hlfMSP - -CHANNEL_NAME=syschannel -CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel fetch config config_block.pb -o ${ORDERER_HOST}:7050 -c $CHANNEL_NAME --tls --cafile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/ca.crt --clientauth --certfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORDERER_HOST}/${PEER_HOST}/msp/tls/server.key +CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel fetch config config_block.pb -o ${ORDERER_HOST}:7050 -c $CHANNEL_NAME --tls --cafile ${CORE_PEER_TLS_ROOTCERT_FILE} --clientauth --certfile ${CORE_PEER_TLS_CERT_FILE} --keyfile ${CORE_PEER_TLS_KEY_FILE} configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json -jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"newOrgMSP":.[1]}}}}}' config.json orgnewOrg.json > config1.json +jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${NEW_ORG_NAME}MSP'":.[1]}}}}}' config.json org${NEW_ORG_NAME}.json > config1.json -jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"SampleConsortium":{"groups": {"newOrgMSP":.[1]}}}}}}}' config1.json orgnewOrg.json > config2.json +jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"SampleConsortium":{"groups": {"'${NEW_ORG_NAME}MSP'":.[1]}}}}}}}' config1.json org${NEW_ORG_NAME}.json > config2.json cert=`base64 ./tls/server.crt | sed ':a;N;$!ba;s/\n//g'` @@ -28,10 +30,14 @@ cat config2.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value. configtxlator proto_encode --input config.json --type common.Config --output config.pb configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb -configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output newordorg.pb -configtxlator proto_decode --input newordorg.pb --type common.ConfigUpdate | jq . > newordorg.json -echo '{"payload":{"header":{"channel_header":{"channel_id":"syschannel", "type":2}},"data":{"config_update":'$(cat newordorg.json)'}}}' | jq . > ordorg_update_in_envelope.json -configtxlator proto_encode --input ordorg_update_in_envelope.json --type common.Envelope --output ordorg_update_in_envelope.pb +configtxlator compute_update --channel_id ${CHANNEL_NAME} --original config.pb --updated modified_config.pb --output neworg.pb +configtxlator proto_decode --input neworg.pb --type common.ConfigUpdate | jq . > neworg.json +echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat neworg.json)'}}}' | jq . > org_update_in_envelope.json +configtxlator proto_encode --input org_update_in_envelope.json --type common.Envelope --output org_update_in_envelope.pb + + + +CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel signconfigtx -f org_update_in_envelope.pb -CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_TLS_CLIENTAUTHREQUIRED=$CORE_PEER_TLS_CLIENTAUTHREQUIRED CORE_PEER_TLS_CLIENTCERT_FILE=$CORE_PEER_TLS_CLIENTCERT_FILE CORE_PEER_TLS_CLIENTKEY_FILE=$CORE_PEER_TLS_CLIENTKEY_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c ${CHANNEL_NAME} -f ordorg_update_in_envelope.pb --tls true --cafile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/ca.crt --clientauth --certfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.crt --keyfile /root/CLI/${ORGCA_HOST}/${ORDERER_HOST}/msp/tls/server.key --ordererTLSHostnameOverride tlsca --connTimeout 10 \ No newline at end of file +CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c ${CHANNEL_NAME} -f org_update_in_envelope.pb --tls --cafile ${ORDERER_CA} --clientauth --certfile ${CORE_PEER_TLS_CERT_FILE} --keyfile ${CORE_PEER_TLS_KEY_FILE} \ No newline at end of file diff --git a/register_service/200.deploy_ registrar_service.yml b/register_service/200.deploy_ registrar_service.yml index 328fb86..9ad9c5a 100644 --- a/register_service/200.deploy_ registrar_service.yml +++ b/register_service/200.deploy_ registrar_service.yml @@ -53,9 +53,9 @@ dest: "/root/hlft-store/{{registrar.name}}/tls-{{admin.name}}/{{item[1]}}" remote_src: yes loop: - - ["cacerts/{{admin.tlsca}}-7054.pem", "ca.crt"] + - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] - ["signcerts/cert.pem", "server.crt"] - - ["keystore/{{key_filename.stdout}}", "server.key"] + - ["keystore/key.pem", "server.key"] - name: Stop the Registrar Service become: yes diff --git a/roles/hlf/cli/ca/files/cli.sh b/roles/hlf/cli/ca/files/cli.sh index 4df602b..ee34711 100644 --- a/roles/hlf/cli/ca/files/cli.sh +++ b/roles/hlf/cli/ca/files/cli.sh @@ -28,7 +28,7 @@ if (($IDX == 0)); then printf "${GREEN}Make $AGENT_HOST admin of itself${NC}\n" mkdir -p $HOST_HOME/$ADMIN_USER/msp/admincerts - cp $HOST_HOME/$ADMIN_USER/msp/signcerts/cert.pem $HOST_HOME/$ADMIN_USER/msp/admincerts/${ADMIN_USER}-cert.pem + cp $HOST_HOME/$ADMIN_USER/msp/signcerts/cert.pem $HOST_HOME/$ADMIN_USER/msp/admincerts/${ADMIN_USER}-cert.pem fi # Delay the registration and enrollment of agents, by few seconds so that the registration and enrollment of admins are done first. @@ -38,13 +38,13 @@ if [ $type == $tlsca ]; then # We make sure that we are pointed to the admin user, prior to registering agents printf "${GREEN}Register agent $AGENT_HOST of type $AGENT_TYPE at $FABRIC_CA_NAME${NC}\n" export FABRIC_CA_CLIENT_HOME=$HOST_HOME/$ADMIN_USER - fabric-ca-client register -d --id.name $AGENT_HOST --id.secret $AGENT_SECRET --id.type $AGENT_TYPE -u https://$FABRIC_CA_NAME:$FABRIC_CA_PORT + fabric-ca-client register -d --id.name $AGENT_HOST --id.secret $AGENT_SECRET --id.type $AGENT_TYPE -u https://$FABRIC_CA_NAME:$FABRIC_CA_PORT # Enroll Agent printf "${GREEN}Enroll agent $AGENT_HOST for $FABRIC_CA_NAME${NC}\n" export FABRIC_CA_CLIENT_MSPDIR=tls-msp export FABRIC_CA_CLIENT_HOME=$HOST_HOME/$AGENT_HOST - fabric-ca-client enroll -d -u https://$AGENT_HOST:$AGENT_SECRET@$FABRIC_CA_NAME:$FABRIC_CA_PORT --enrollment.profile tls --csr.hosts ${CSR_HOSTS} + fabric-ca-client enroll -d -u https://$AGENT_HOST:$AGENT_SECRET@$FABRIC_CA_NAME:$FABRIC_CA_PORT --csr.hosts ${CSR_HOSTS} --enrollment.profile tls filename=$(ls $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore | sort -n | head -1) mv $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore/$filename $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore/key.pem diff --git a/roles/hlf/cli/ca/tasks/main.yaml b/roles/hlf/cli/ca/tasks/main.yaml index 8aed584..f7ae0e0 100644 --- a/roles/hlf/cli/ca/tasks/main.yaml +++ b/roles/hlf/cli/ca/tasks/main.yaml @@ -24,7 +24,7 @@ - name: Build a list for all --csr.hosts vars: - csrhostslist: "{{ peerservices | map(attribute='name')| list + [ orderer.name ] + groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" + csrhostslist: "{{ caservices | map(attribute='name') | list + peerservices | map(attribute='name') | list + [ orderer.name ] + [ cli.name ] + ['localhost'] + groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" set_fact: csrhosts: "{{csrhostslist | join(',')}}" diff --git a/roles/hlf/cli/cli/tasks/main.yml b/roles/hlf/cli/cli/tasks/main.yml index 85fefbc..7168a24 100644 --- a/roles/hlf/cli/cli/tasks/main.yml +++ b/roles/hlf/cli/cli/tasks/main.yml @@ -25,20 +25,20 @@ force: yes # Create & Start service for CLI -- name: Fabric Service - {{ item.name }} +- name: Fabric Service - {{ cli.name }} become: yes docker_swarm_service: - name: "CLI" - hostname: "CLI" + name: "{{ cli.name }}" + hostname: "{{ cli.name }}" networks: - "{{swarm_network}}" image: "{{cli.image}}:{{cli.tag}}" command: > - bash -c "/root/CLI/CLI.sh;" - working_dir: /root/CLI + bash -c "/root/{{ cli.name }}/CLI.sh;" + working_dir: /root/{{ cli.name }} mounts: - source: "/root/hlft-store" - target: "/root/CLI" + target: "/root/{{ cli.name }}" type: bind env: - "GOPATH=/opt/gopath" diff --git a/roles/hlf/cli/orderer_prime/tasks/main.yaml b/roles/hlf/cli/orderer_prime/tasks/main.yaml index b944798..a00355a 100644 --- a/roles/hlf/cli/orderer_prime/tasks/main.yaml +++ b/roles/hlf/cli/orderer_prime/tasks/main.yaml @@ -81,13 +81,13 @@ # Copy tls certs - name: Copy TLS certs copy: - src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" + src: "/root/hlft-store/{{tlsca.name}}/{{item[0]}}" dest: "/root/hlft-store/{{orgca.name}}/{{orderer.name}}/msp/tls/{{item[1]}}" remote_src: yes loop: - - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] - - ["signcerts/cert.pem", "server.crt"] - - ["keystore/key.pem", "server.key"] + - ["tls-cert.pem", "ca.crt"] + - ["{{orderer.name}}/tls-msp/signcerts/cert.pem", "server.crt"] + - ["{{orderer.name}}/tls-msp/keystore/key.pem", "server.key"] # Create ORG MSP folder and subfolders - name: Clean org MSP-folder @@ -122,9 +122,9 @@ dest: "/root/hlft-store/{{org.name}}MSP/{{item[1]}}" remote_src: yes loop: - - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] + - ["{{tlsca.name}}/ca-cert.pem", "tlscacerts/{{tlsca.name}}-7054.pem"] + - ["{{orgca.name}}/ca-cert.pem", "cacerts/{{orgca.name}}-7054.pem"] + - ["{{orgca.name}}/{{admin_user}}/msp/signcerts/cert.pem", "admincerts/{{admin_user}}-cert.pem"] # Create & Start service for CLI diff --git a/roles/hlf/cli/peer/files/cli.sh b/roles/hlf/cli/peer/files/cli.sh index f250f10..eb8f13c 100644 --- a/roles/hlf/cli/peer/files/cli.sh +++ b/roles/hlf/cli/peer/files/cli.sh @@ -3,10 +3,10 @@ EXIT_CODE=0 if (($IDX == 0)); then CORE_PEER_MSPCONFIGPATH=/root/${AGENT_HOST}/msp # Create the application channel - CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel create -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel.tx -o ${ORDERER_HOST}:7050 --outputBlock /root/${AGENT_HOST}_cli/artifacts/appchannel.block --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --clientauth --certfile /root/${AGENT_HOST}/msp/tls/server.crt --keyfile /root/${AGENT_HOST}/msp/tls/server.key || EXIT_CODE=$? + CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel create -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel.tx -o ${ORDERER_HOST}:7050 --outputBlock /root/${AGENT_HOST}_cli/artifacts/appchannel.block --tls --cafile /root/${AGENT_HOST}/msp/tls/ca.crt --clientauth --certfile /root/${AGENT_HOST}/msp/tls/server.crt --keyfile /root/${AGENT_HOST}/msp/tls/server.key || EXIT_CODE=$? #Update the channel with anchor peers - CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel_anchor.tx --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --clientauth --certfile /root/${AGENT_HOST}/msp/tls/server.crt --keyfile /root/${AGENT_HOST}/msp/tls/server.key || EXIT_CODE=$? + CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_ROOTCERT_FILE CORE_PEER_MSPCONFIGPATH=$CORE_PEER_MSPCONFIGPATH peer channel update -o ${ORDERER_HOST}:7050 -c appchannel -f /root/${AGENT_HOST}_cli/artifacts/appchannel_anchor.tx --tls --cafile /root/${AGENT_HOST}/msp/tls/ca.crt --clientauth --certfile /root/${AGENT_HOST}/msp/tls/server.crt --keyfile /root/${AGENT_HOST}/msp/tls/server.key || EXIT_CODE=$? else # We we have the IDX 1 running, we wait for 5 secs first sleep 5s; diff --git a/roles/hlf/cli/tasks copy/main.yaml b/roles/hlf/cli/tasks copy/main.yaml deleted file mode 100644 index 134f2df..0000000 --- a/roles/hlf/cli/tasks copy/main.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# --- - -# HLF CA CLI Services -# Stop all CLI Services services -- name: Stop CLI Service - {{org.name}}_cli - become: yes - docker_swarm_service: - name: "{{org.name}}_cli" - state: absent - networks: - - "{{swarm_network}}" - - -- name: Clean the export directory if present - file: - path: "/root/hlft-store/{{org.name}}_export" - state: absent - -- name: Create an export directory to be used for sending the relevent information for adding this organization to the existing hlf blockchain consortium - file: - path: "/root/hlft-store/{{org.name}}_export" - state: directory - -# Generate the list of swarm managers to be used as Orderer Endpoints in configtx -- name: Get IP addresses as a list for all swarm manager nodes - vars: - _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" - __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" - set_fact: - swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" - -- name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips - set_fact: - swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" - - # Copy relevent config files to mount directories for the docker services -- name: Config templating configtx_newOrg.yaml - become: yes - template: - src: "configtx_newOrg.yaml.j2" - dest: "/root/hlft-store/{{org.name}}_export/configtx.yaml" - mode: 0660 - force: yes - -# Prep the TLS certs -- name: Create tls folder under /root/hlft-store/{{org.name}}_export/tls - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/tls" - state: directory - mode: '0755' - -# Copy tls certs -- name: Copy TLS certs - copy: - src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" - dest: "/root/hlft-store/{{org.name}}_export/tls/{{item[1]}}" - remote_src: yes - loop: - - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] - - ["signcerts/cert.pem", "server.crt"] - -- name: Create org MSP-folder - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/msp" - state: directory - mode: '0755' - -- name: Create subfolders folder under /root/hlft-store/{{org.name}}_export/msp - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/msp/{{item}}" - state: directory - mode: '0755' - loop: - - "tlscacerts" - - "admincerts" - - "cacerts" - - "users" - -- name: Copy certs in the msp subfolder - copy: - src: "/root/hlft-store/{{item[0]}}" - dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" - remote_src: yes - loop: - - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] - - -- name: Compress the export folder - archive: - path: "/root/hlft-store/{{org.name}}_export" - dest: "/tmp/{{org.name}}_export.tgz" - -- name: Fetch the exported folder to your local machine. Send it out to the organization that invited you to be part of the blockchain - fetch: - src: "/tmp/{{org.name}}_export.tgz" - dest: "/tmp/{{org.name}}_export.tgz" - -- name: Stop CLI Service - {{org.name}}_cli - become: yes - docker_swarm_service: - name: "{{org.name}}_cli" - state: absent - networks: - - "{{swarm_network}}" \ No newline at end of file diff --git a/roles/hlf/cli/tasks/main.yaml b/roles/hlf/cli/tasks/main.yaml deleted file mode 100644 index 134f2df..0000000 --- a/roles/hlf/cli/tasks/main.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# --- - -# HLF CA CLI Services -# Stop all CLI Services services -- name: Stop CLI Service - {{org.name}}_cli - become: yes - docker_swarm_service: - name: "{{org.name}}_cli" - state: absent - networks: - - "{{swarm_network}}" - - -- name: Clean the export directory if present - file: - path: "/root/hlft-store/{{org.name}}_export" - state: absent - -- name: Create an export directory to be used for sending the relevent information for adding this organization to the existing hlf blockchain consortium - file: - path: "/root/hlft-store/{{org.name}}_export" - state: directory - -# Generate the list of swarm managers to be used as Orderer Endpoints in configtx -- name: Get IP addresses as a list for all swarm manager nodes - vars: - _swarm_manager_ip_list: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list | join(':{{orderer.port}},') }}" - __swarm_manager_ip_list: "{{_swarm_manager_ip_list}}:{{orderer.port}}" - set_fact: - swarm_manager_ip_list: "{{ __swarm_manager_ip_list.split(',') }}" - -- name: Get IP addresses as a list for all swarm manager nodes to be used as anchor ips - set_fact: - swarm_manager_ip_list_anchor: "{{ groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" - - # Copy relevent config files to mount directories for the docker services -- name: Config templating configtx_newOrg.yaml - become: yes - template: - src: "configtx_newOrg.yaml.j2" - dest: "/root/hlft-store/{{org.name}}_export/configtx.yaml" - mode: 0660 - force: yes - -# Prep the TLS certs -- name: Create tls folder under /root/hlft-store/{{org.name}}_export/tls - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/tls" - state: directory - mode: '0755' - -# Copy tls certs -- name: Copy TLS certs - copy: - src: "/root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/{{item[0]}}" - dest: "/root/hlft-store/{{org.name}}_export/tls/{{item[1]}}" - remote_src: yes - loop: - - ["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"] - - ["signcerts/cert.pem", "server.crt"] - -- name: Create org MSP-folder - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/msp" - state: directory - mode: '0755' - -- name: Create subfolders folder under /root/hlft-store/{{org.name}}_export/msp - become: yes - file: - path: "/root/hlft-store/{{org.name}}_export/msp/{{item}}" - state: directory - mode: '0755' - loop: - - "tlscacerts" - - "admincerts" - - "cacerts" - - "users" - -- name: Copy certs in the msp subfolder - copy: - src: "/root/hlft-store/{{item[0]}}" - dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" - remote_src: yes - loop: - - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] - - -- name: Compress the export folder - archive: - path: "/root/hlft-store/{{org.name}}_export" - dest: "/tmp/{{org.name}}_export.tgz" - -- name: Fetch the exported folder to your local machine. Send it out to the organization that invited you to be part of the blockchain - fetch: - src: "/tmp/{{org.name}}_export.tgz" - dest: "/tmp/{{org.name}}_export.tgz" - -- name: Stop CLI Service - {{org.name}}_cli - become: yes - docker_swarm_service: - name: "{{org.name}}_cli" - state: absent - networks: - - "{{swarm_network}}" \ No newline at end of file diff --git a/roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml b/roles/hlf/newOrg/add_new_org_artifacts/tasks/main.yaml similarity index 100% rename from roles/hlf/cli/add_new_org_artifacts/tasks/main.yaml rename to roles/hlf/newOrg/add_new_org_artifacts/tasks/main.yaml diff --git a/roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml b/roles/hlf/newOrg/gen_new_org_artifacts/tasks/main.yaml similarity index 89% rename from roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml rename to roles/hlf/newOrg/gen_new_org_artifacts/tasks/main.yaml index c5107e3..e3c878f 100644 --- a/roles/hlf/cli/gen_new_org_artifacts/tasks/main.yaml +++ b/roles/hlf/newOrg/gen_new_org_artifacts/tasks/main.yaml @@ -73,9 +73,9 @@ dest: "/root/hlft-store/{{org.name}}_export/msp/{{item[1]}}" remote_src: yes loop: - - ["{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem", "tlscacerts/tls-{{tlsca.name}}-7054.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/admincerts/{{admin_user}}-cert.pem", "admincerts/{{admin_user}}-cert.pem"] - - ["{{orgca.name}}/{{orderer.name}}/msp/cacerts/{{orgca.name}}-7054.pem", "cacerts/{{orgca.name}}-7054.pem"] + - ["{{tlsca.name}}/ca-cert.pem", "tlscacerts/{{tlsca.name}}-7054.pem"] + - ["{{orgca.name}}/ca-cert.pem", "cacerts/{{orgca.name}}-7054.pem"] + - ["{{orgca.name}}/{{admin_user}}/msp/signcerts/cert.pem", "admincerts/{{admin_user}}-cert.pem"] - name: Compress the export folder diff --git a/roles/hlf/orderer/tasks/main.yml b/roles/hlf/orderer/tasks/main.yml index 2c47b43..52da090 100644 --- a/roles/hlf/orderer/tasks/main.yml +++ b/roles/hlf/orderer/tasks/main.yml @@ -9,6 +9,23 @@ networks: - "{{swarm_network}}" +- name: Clean the tlscacerts directory in MSP + file: + path: /root/hlft-store/{{orgca.name}}/{{orderer.name}}/msp/tlscacerts + state: absent + +- name: Create the tlscacerts directory in MSP + file: + path: /root/hlft-store/{{orgca.name}}/{{orderer.name}}/msp/tlscacerts + state: directory + +- name: Copy tlscacerts + copy: + src: /root/hlft-store/{{tlsca.name}}/{{orderer.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem + dest: /root/hlft-store/{{orgca.name}}/{{orderer.name}}/msp/tlscacerts/{{tlsca.name}}.{{org.name}}-cert.crt + remote_src: yes + + # Create & Start service orderer with RAFT enabled - name: Start the fabric orderer become: yes @@ -27,6 +44,10 @@ - source: "/root/hlft-store/{{orderer.name}}_cli/artifacts/genesis.block" target: "{{orderer.path}}/genesis.block" type: bind + # ROOT TLSCA + - source: "/root/hlft-store/{{tlsca.name}}/tls-cert.pem" + target: "{{orderer.path}}/tls-cert.pem" + type: bind publish: - published_port: "{{orderer.port}}" target_port: "7050" diff --git a/roles/hlf/peer/tasks/main.yml b/roles/hlf/peer/tasks/main.yml index 600717c..af0ce12 100644 --- a/roles/hlf/peer/tasks/main.yml +++ b/roles/hlf/peer/tasks/main.yml @@ -39,7 +39,25 @@ - [["tlscacerts/tls-{{tlsca.name}}-7054.pem", "ca.crt"], ["signcerts/cert.pem", "server.crt"], ["keystore/key.pem", "server.key"]] - + +- name: Clean the tlscacerts directory in MSP + file: + path: /root/hlft-store/{{orgca.name}}/{{item.name}}/map/tlscacerts + state: absent + loop: "{{peerservices}}" + +- name: Create the tlscacerts directory in MSP + file: + path: /root/hlft-store/{{orgca.name}}/{{item.name}}/msp/tlscacerts + state: directory + loop: "{{peerservices}}" + +- name: Copy tlscacerts + copy: + src: /root/hlft-store/{{tlsca.name}}/{{item.name}}/tls-msp/tlscacerts/tls-{{tlsca.name}}-7054.pem + dest: /root/hlft-store/{{orgca.name}}/{{item.name}}/msp/tlscacerts/{{tlsca.name}}.{{org.name}}-cert.crt + remote_src: yes + loop: "{{peerservices}}" # Create & Start services for Peers - name: Fabric Service - {{ item }} diff --git a/start_hlf_services.sh b/start_hlf_services.sh old mode 100644 new mode 100755 index 2bdc9e1..353916a --- a/start_hlf_services.sh +++ b/start_hlf_services.sh @@ -1,8 +1,8 @@ #!/bin/bash set -x #echo on -ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root; -ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root; -ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root; -ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root; -ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root; \ No newline at end of file +ansible-playbook -v 100.deploy_ca.yml --flush-cache -u root -i inventory/hosts_org1; +ansible-playbook -v 101.deploy_orderer.yml --flush-cache -u root -i inventory/hosts_org1; +ansible-playbook -v 102.deploy_peers.yml --flush-cache -u root -i inventory/hosts_org1; +ansible-playbook -v 103.deploy_cli.yml --flush-cache -u root -i inventory/hosts_org1; +#ansible-playbook -v 104.deploy_hlf_explorer.yml --flush-cache -u root; \ No newline at end of file diff --git a/test.yml b/test.yml index 3c5d9cd..2ffa40d 100644 --- a/test.yml +++ b/test.yml @@ -5,13 +5,11 @@ vars: Consenters: [] tasks: - # - name: Remove orphan CLIs - # become: yes - # docker_swarm_service: - # name: "{{item.name}}_cli" - # state: absent - # loop: "{{ peerservices + [orderer] + caservices }}" - - name: Remove orphan CLIs - debug: - msg: "{{item.name}}_cli" - loop: "{{ peerservices + [orderer] + caservices }}" \ No newline at end of file + - name: Build a list for all --csr.hosts + vars: + csrhostslist: "{{ caservices | map(attribute='name') | list + peerservices | map(attribute='name') | list + [ orderer.name ] + [ cli.name ] + ['localhost'] + groups['swarm_managers'] | map('extract', hostvars, ['ansible_host']) | list }}" + set_fact: + csrhosts: "{{csrhostslist | join(',')}}" + + - debug: + msg: "{{csrhosts}}" \ No newline at end of file From 4190c6c4513d47eb79fbeacbe338520eead00323 Mon Sep 17 00:00:00 2001 From: achak1987 Date: Sun, 23 Aug 2020 23:40:54 +0200 Subject: [PATCH 17/17] working on adding new org --- roles/hlf/cli/ca/files/cli.sh | 2 +- roles/hlf/cli/cli/files/CLI.sh | 2 +- roles/hlf/orderer/tasks/main.yml | 2 +- roles/hlf/peer/tasks/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/hlf/cli/ca/files/cli.sh b/roles/hlf/cli/ca/files/cli.sh index ee34711..46a05bb 100644 --- a/roles/hlf/cli/ca/files/cli.sh +++ b/roles/hlf/cli/ca/files/cli.sh @@ -44,7 +44,7 @@ if [ $type == $tlsca ]; then printf "${GREEN}Enroll agent $AGENT_HOST for $FABRIC_CA_NAME${NC}\n" export FABRIC_CA_CLIENT_MSPDIR=tls-msp export FABRIC_CA_CLIENT_HOME=$HOST_HOME/$AGENT_HOST - fabric-ca-client enroll -d -u https://$AGENT_HOST:$AGENT_SECRET@$FABRIC_CA_NAME:$FABRIC_CA_PORT --csr.hosts ${CSR_HOSTS} --enrollment.profile tls + fabric-ca-client enroll -d -u https://$AGENT_HOST:$AGENT_SECRET@$FABRIC_CA_NAME:$FABRIC_CA_PORT --enrollment.profile tls --csr.hosts ${CSR_HOSTS} filename=$(ls $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore | sort -n | head -1) mv $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore/$filename $FABRIC_CA_CLIENT_HOME/$FABRIC_CA_CLIENT_MSPDIR/keystore/key.pem diff --git a/roles/hlf/cli/cli/files/CLI.sh b/roles/hlf/cli/cli/files/CLI.sh index b960068..a1986d9 100644 --- a/roles/hlf/cli/cli/files/CLI.sh +++ b/roles/hlf/cli/cli/files/CLI.sh @@ -10,7 +10,7 @@ if [ $INSTALL_TEST_CHAINCODE == "yes" ]; then CORE_PEER_ADDRESS=${PEER_HOST}:7051 CORE_PEER_MSPCONFIGPATH=/root/CLI/${ORGCA_HOST}/${ADMIN_USER}/msp CORE_PEER_TLS_ROOTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/ca.crt - CORE_PEER_TLS_CLIENTAUTHREQUIRED=true + CORE_PEER_TLS_CLIENTAUTHREQUIRED=false CORE_PEER_TLS_CLIENTCERT_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.crt #fully qualified path of the client certificate CORE_PEER_TLS_CLIENTKEY_FILE=/root/CLI/${ORGCA_HOST}/${PEER_HOST}/msp/tls/server.key #fully qualified path of the client private key diff --git a/roles/hlf/orderer/tasks/main.yml b/roles/hlf/orderer/tasks/main.yml index 52da090..dfc3b54 100644 --- a/roles/hlf/orderer/tasks/main.yml +++ b/roles/hlf/orderer/tasks/main.yml @@ -66,7 +66,7 @@ - "ORDERER_GENERAL_TLS_PRIVATEKEY={{orderer.path}}/msp/tls/server.key" #fully qualified path of the file that contains the server private key - "ORDERER_GENERAL_TLS_CERTIFICATE={{orderer.path}}/msp/tls/server.crt" #fully qualified path of the file that contains the server certificate - "ORDERER_GENERAL_TLS_ROOTCAS=[{{orderer.path}}/msp/tls/ca.crt]" #fully qualified path of the file that contains the certificate chain of the CA that issued TLS server certificate - - "ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true" + - "ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=false" - "ORDERER_GENERAL_TLS_CLIENTROOTCAS=[{{orderer.path}}/msp/tls/ca.crt]" #fully qualified path of the file that contains the certificate chain of the CA that issued TLS server certificate - "ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE={{orderer.path}}/msp/tls/server.crt" - "ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY={{orderer.path}}/msp/tls/server.key" diff --git a/roles/hlf/peer/tasks/main.yml b/roles/hlf/peer/tasks/main.yml index af0ce12..5782e62 100644 --- a/roles/hlf/peer/tasks/main.yml +++ b/roles/hlf/peer/tasks/main.yml @@ -101,7 +101,7 @@ - "CORE_PEER_TLS_CERT_FILE={{item.path}}/msp/tls/server.crt" #fully qualified path of the server certificate - "CORE_PEER_TLS_KEY_FILE={{item.path}}/msp/tls/server.key" #fully qualified path of the server private key - "CORE_PEER_TLS_ROOTCERT_FILE={{item.path}}/msp/tls/ca.crt" #fully qualified path of the CA chain file - - "CORE_PEER_TLS_CLIENTAUTHREQUIRED=true" + - "CORE_PEER_TLS_CLIENTAUTHREQUIRED=false" - "CORE_PEER_TLS_CLIENTROOTCAS_FILES={{item.path}}/msp/tls/ca.crt" #fully qualified path of the CA chain file - "CORE_PEER_TLS_CLIENTCERT_FILE={{item.path}}/msp/tls/server.crt" #fully qualified path of the client certificate - "CORE_PEER_TLS_CLIENTKEY_FILE={{item.path}}/msp/tls/server.key" #fully qualified path of the client private key